Is Data Protectionism Restricting Transborder Data Flows in Global Business Environment? - A Malaysian Insight -

Abstract

Transborder data flows is digitally encoded units of information in which the transfer, storage, or processing takes place in more than one country using physical transportation by magnetic media, such as tapes, disks, or transmitted electronically over a terrestrial line, submarine cable, satellite link or the internet. These transmission of data by these modes usually involve some form of data processing or is accessible in another different country. It is quite common to process data of customers, suppliers and employees outside the country in today’s robust business environment. Nevertheless, data protection laws are making such processing of data difficult, if not impossible. Many laws have emerged in trade agreements such as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the US-Mexico- Canada Agreement (USMACA) and in Europe, the OECD Privacy Guidelines, Convention 108 of the Council of Europe or the APEC-Cross Border Privacy Regulations System essentially to restrict transborder data flows. Malaysian Personal Data Protection 2010 is one of them. Amongst other reason why countries imposes laws to restrict transborder data flows are to safeguard the privacy of individuals and their personal data, to meet other regulatory objectives such as access to information for audit purposes and to protect information deemed to be sensitive from a national security viewpoint. Multinationals rely heavily on cross data flows for their day-to-day operations and they use data from their affiliates around the world for a large number of internal, or back office, tasks and even routine decisions. Cross border data transfers have also enabled the creation of many business types around the world. The writing of this article adopts a qualitative methods by referring to the available statutory laws and decided cases particularly in Malaysia with reference to the position in the European Union and other international documents laid down by Asia-Pacific Economic Cooperation (APEC) and Organisation for Economic Co-operation and Development (OECD). Thus, the objectives of this paper are to identify the issues relating to transborder data flows particularly by the business entities, to ascertain the relevant laws used to govern the issues and how to balance the legal requirements and the needs of data sharing for business purposes.