International Data Transfers
Our data privacy solution provides legal analysis and practical guidance when dealing with international data transfers
How it works
Rulefinder Data Privacy's coverage includes:
- Requirements and obligations that apply to generic data transfers and international transfers of personal data
- An international transfer compliance rating for transfers to 140+ destinations
- General (i.e. domestic, non-international) data sharing requirements for that particular transfer
- Specific analysis of the international transfer mechanisms which must be in place
- An integrated global adequacy decision framework
- Built-in Schrems II considerations, underpinned by our separate Schrems II Toolkit and assessments of relevant local laws in different jurisdictions
All as part of an annual subscription.
Key scenarios
Across all of our jurisdictions, our team of experienced data privacy lawyers (alongside our leading local counsel) have assessed – in detail – the exact requirements and obligations that apply to:
(i) generic data transfers (such as sharing personal data with another business in the same jurisdiction); and
(ii) international transfers of personal data.
This includes addressing questions such as:
- Is consent required to transfer personal data?
- Is a contract required to transfer personal data?
- Can the transferor be held liable for what happens to the data that it has shared?
- Does the jurisdiction have a data localisation requirement?
- What are the specific restrictions on international data transfers out of that jurisdiction?
- What (if any) recipient jurisdictions benefit from the reduced compliance obligations that come with an "adequacy decision"?
- Are there specific rules for data transfers that involve the sale of data, sharing data with a cloud services provider, or disclosure to a foreign authority (e.g. a regulator, law enforcement body, etc.)?
Practical example
You are transferring personal data from Australia to Taiwan and need to understand the general transfer restrictions and obligations that must be dealt with, in practice, before approving the transfer.
- How complex is it to transfer personal data out of Australia?
- Is there an adequacy decision in place between Australia and Taiwan?
- Do we need the consent of individuals whose data we are transferring?
- What international data transfer mechanisms can we rely on?
Our International Data Transfer App enables users to quickly view requirements for international personal data transfers to more than 140 destinations, by simply selecting the "Origin" and "Destination" of the transfer. The app sets out specific legal requirements for data transfers, sourced from leading local counsel across the globe.
The Data Transfer App enables you, at a glance, to digest a broad range of information associated with your particular transfer. For example, you will see from the screenshot below that a transfer of personal data from Australia to Taiwan has been given a compliance rating of manageable, meaning whilst the transfer can occur, there are a number of complicated practical considerations that must also be kept in mind (as detailed under the Data transfer requirements and International transfer mechanism sections of the screenshot below).
Screenshot showing requirements when transferring data from Australia to Taiwan. Extracted from Rulefinder Data Privacy.