As the number of online users has increased globally, governments throughout the world have enacted a large number of inconsistent privacy and security laws.

This highly complex global legal framework is creating regulatory problems for companies. Approximately 50 countries have some form of data-protection laws.

Many of these laws conflict with those of other countries, or they require specific security measures. Other countries have no privacy laws at all.

The absence of consistent or uniform standards for privacy and security obstructs the flow of information among countries, a problem we refer to as transborder data flows.

The European Union (EU), for one, has taken steps to overcome this problem. In 1998 the European Community Commission (ECC) issued guidelines to all of its member countries regarding the rights of individuals to access information about themselves.

The EU data-protection laws are stricter than U.S. laws and therefore could create problems for U.S.-based multinational corporations, which could face lawsuits for privacy violations.

The transfer of data into and out of a nation without the knowledge of either the authorities or the individuals involved raises a number of privacy issues. Whose laws have jurisdiction when records are stored in a different country for reprocessing or retransmission purposes?

For example, if data are transmitted by a Polish company through a U.S. satellite to a British corporation, which country’s privacy laws control the data, and at what points in the transmission? Questions like these will become more complicated and frequent as time goes on.

Governments must make an effort to develop laws and standards to cope with rapidly changing information technologies in order to solve some of these privacy issues.

The United States and the EU share the goal of privacy protection for their citizens, but the United States takes a different approach. To bridge the different privacy approaches, the U.S. Department of Commerce, in consultation with the EU, developed a “safe harbor” framework to regulate the way that U.S. companies export and handle the personal data of European citizens.