In Episode 21 of our In:Confidence podcast, we were joined by Vivienne Artz OBE, a data strategy and privacy policy expert who advises organizations on how to get the most out of their data while maintaining the highest standards of privacy. 

Vivienne gave us her insights into the current challenges of international data transfer and outlined her hopes for a borderless future. In this article, we’ve captured the key points Vivienne shared, but you can listen to the full conversation here.

Navigating the post-Schrems II world

Transferring data across borders is essential to enable governments and businesses to operate, foster innovation and learning, and enable families and friends to stay connected.

However, the introduction of transfer impact assessments (TIAs) after the Schrems II judgment has made international data transfer far more complex. While organizations must understand where their data is flowing and have proper data governance in place, it’s very difficult to accurately assess the risk of transferring data to another jurisdiction.

Even large organizations with huge compliance departments struggle to keep up with the demands of completing manual TIAs. Vivienne questioned whether the enormous amount of paperwork created just demonstrates technical compliance without delivering the desired privacy outcomes.

“It’s not about the process; it’s about the outcome,” Vivienne explained. “Privacy and data protection are hugely important, but we need to think—are we protecting the process or the people?”

There’s certainly cause for optimism for the future, however. Vivienne gave the example of the Organisation for Economic Co-operation and Development (OECD) publishing principles for government access to personal data. “They’ve been transparent about why governments access data, and the basis on which they access it, and setting out the rules they should follow to access data in a fair and trusted way,” she said. “It’s the first time governments have come together to talk about the issue between themselves. That’s an enormous step in the right direction.”

Focus on outcomes, not structures

Ultimately, privacy legislation and regulations exist to achieve a specific outcome: keeping personal data protected and private. But too many organizations try to tick every box in a rigid structure without thinking about the outcome they want to achieve.

The Information Commissioner’s Office in the UK is setting a great example for moving away from the box-ticking approach to data privacy with its accountability framework. The framework provides a pragmatic way to think about data risks, how to address them, and how to demonstrate that you’re addressing them.

Vivienne explained that while some see this as removing the structures they rely on, in reality, it’s empowering data leaders to focus on outcomes and take responsibility for delivering them.

“The rules, the guidance, the tools—they’ll all help you,” she told us. “But actually, at the end of the day, it has to come down to your own decision and taking responsibility: how to be fair, how to be proportionate, and how to be responsible.”

Technology will enable a borderless future

Privacy-enhancing technology has a key role to play in helping organizations navigate the legal challenges of transferring data across borders. Most countries now have privacy laws, but the abundance of legislation has also created a lot of complexity. Technology gives us an opportunity to transcend that legal complexity and unlock the value of data while maintaining privacy.

For Vivienne, one of the key strengths of technology is that it can be legally neutral, allowing organizations to overcome the challenges of international data transfer in creative ways.

“Technology can help with security. It can help with confidentiality. It can help with access to data. And it can do so without having to directly align with specific words in a legal text,” she explained. “If the outcome is the right one, then you can transcend those jurisdictional and legal boundaries with a solution that gives you the result you’re looking for.” 

Listen to the full conversation

We’ve only touched on a few of Vivienne’s insights here, so be sure to catch up with the In:Confidence episode to get more advice and fresh perspectives on the future of international data transfer.

Data Privacy Data transfer