The West’s plan to keep global data flows alive

U.S. President Joe Biden and European Commission President Ursula von der Leyen just secured a political agreement to keep data flowing between the European Union and the United States.

But with EU and U.S. negotiators still hammering out details on the new transatlantic data pact — and legal challenges expected once the deal is completed — policymakers are already scrambling to shore up the free flow of data across the Western world.

The Organization for Economic Cooperation and Development, a Paris-based group of mostly rich countries, may have an answer.

In lengthy talks dating back to late 2020, policymakers from the EU, U.S., United Kingdom and other like-minded nations are edging closer to creating an international pact under the OECD’s mandate that would set the ground rules for how national security agencies access people’s information — all while upholding high privacy standards to avoid overreach by national spies.

Tensions over what legal checks there should be for national security purposes have resurfaced in negotiations, according to eight people directly involved in the talks who spoke to POLITICO on the condition of anonymity because they were not authorized to speak publicly about the closed-door talks.

On one side stand the so-called Five Eyes countries — the U.S., the U.K., Canada, Australia and New Zealand — that want such a deal to focus solely on national security and law enforcement concerns. On the other are those within the EU who say that to really restore trust in data flows, any OECD-led agreement should encompass all types of government access to people’s information, including for purposes like tracking tax avoidance, added the individuals, who include officials, company executives and legal experts.

But as negotiators ramp up talks to draft a potential pact via the OECD over the coming months, officials, privacy experts and others stress that the need to revamp how data is moved between countries is more important than ever as the global economy becomes increasingly reliant on digital trade. And the recent political agreement between the EU and U.S. highlights how Brussels, whose privacy rules are now the de facto global standard, wields almost complete control over which countries can access its citizens’ data anywhere in the Western world.

“It’s not sustainable,” said J. Trevor Hughes, head of the International Association of Privacy Professionals, an industry group. “Now, we have these massive structures with interlacing data transfer agreements that are largely politically driven at this point.”