Watch a brief overview of international data law, including the General Data Protection Regulation (GDPR), which specifies how the data of European users should be handled.
- [Instructor] The internet and World Wide Web connect just about every part of the globe. Information moves through hardware to make that happen, from servers and literally billions of devices on land, to undersea cables, to satellites orbiting 20,000 miles in space. Whether you know it or not, your information traverses this landscape every day. And while information moves freely across borders, different laws may apply, depending on where an individual resides or where the data is stored.
From its inception in the early 1990s, World Wide Web relied on a voluntary approach to things like setting standards and protocols, so that users worldwide could connect. For example, the International Telecommunications Union, or ITU, is a UN agency with 193 member states that coordinates issues such as global use of the radio spectrum. Beginning with the Budapest Convention on Cybercrime in 2001, more than 50 countries began working together to coordinate law enforcement, so they could share information about crimes that took place or were enabled online.
Another key collaboration is the nonprofit ICANN, or Internet Corporation for Assigned Names and Numbers. ICANN works a bit like a white pages for the internet. It assigns countries their unique internet suffix, and also manages the process of creating top-level domains such as .com, .edu, or .eu. To maintain a high level of security for the so-called domain name system, or DNS, as well as transparency with its thousands of members and partners worldwide, ICANN actually conducts a regular convening at numerous locations around the world, where new encryption keys are updated and shared.
The US gave up its formal control over the DNS in 2016, and the authority for this vital aspect of information security now rests with the international community through ICANN. Currently, one of the biggest issues internationally is that of data privacy. And here, the European Union plays an increasingly important role. Privacy law gets pretty complex pretty quickly, so here's a few key things you should know. In general, the EU has stricter standards than the US for how companies must treat and protect personally-identifiable information.
The new EU-wide privacy regime known as the GDPR, or General Data Protection Regulation, will start being enforced in 2018. It requires American companies that collect or store PII on any citizens of an EU country to adhere to the GDPR privacy standards. Companies can face harsh penalties for violating GDPR standards, and this applies as well to other entities including universities, foundations, nonprofits, and non-governmental organizations.
If you have questions or concerns, you should first check with your organization's privacy office or general counsel. And I'm sharing more useful links on the course page here.