Understanding Interconnected Local and Global Data Flows

FILTER
February 23, 2021
Rob van Eijk
Managing Director for Europe
About Rob
Blogs by Rob
Gabriela Zanfir-Fortuna
Vice President for Global Privacy
About Gabriela
Blogs by Gabriela

International data flows have been top of mind in the past year for digital rights advocates, companies and regulators, particularly international transfers following the Schrems II judgment of the Court of Justice of the EU from last July. As data protection authorities assess how to use technical safeguards and contractual measures to support data flows while ensuring the protection of rights and freedoms of individuals, it’s essential to understand the interconnectedness that exists today in a highly digitized environment and globalized relationships, so that guidance can be most effective.

Here, we explore the issue of the complexity of international data flows in two distinct contexts that affect daily lives of people regardless of where they live, especially during a pandemic that has moved most of daily lives remote: (I) how they shop (retail) and (II) how they engage with education services (education technology, or EdTech). We provide an infographic for each with notes to better understand the actors and the complexities of data flows between them, while having an understanding that the systems being used and the actors involved are very often established within different jurisdictions.

Click here to download the 4-page (PDF) Infographic.

Map Retail 2x

I. Understanding Retail Data Flows

The first infographic presents a highly simplified visual for a retailer. Data flows are complex for even small and medium size organizations, with partners and vendors commonly located in multiple jurisdictions. A retailer is likely to use a number of different cloud-based service providers to support consumer transactions. Many of these service providers may only be located in a single jurisdiction and be geographically dispersed. These service providers often use other service providers, and are themselves geographically distributed and interconnected.

One of the essential services provided to a retailer is payment processing which will involve:

  • An individual makes an online purchase with a credit card at a merchant via its online shop.
  • Authentication checking before a payment is authorized. 
  • Authorization is the process shown with the transaction data that ultimately is presented to the cardholder bank and they either approve or decline (authorize) the transaction initiated by the cardholder. 
  • Authentication is the process whereby the issuer requests certain information from the cardholder to have a higher assurance that they are in fact who they say they are. 
  • Payment of the bill by the cardholder’s bank.
  • Facilitating the routing of the payment authorizations and the transaction, clearing, and settlement of funds between banks.
  • Settlement of a transaction through a network that includes the merchant’s bank, the cardholder’s bank, and the payment network, i.e., credit card companies.
  • Monitoring network, database, application, and other critical services from a Network Operations Center (NOC) in a centralized location.
  • Global fraud detection and cybersecurity monitoring which consolidate both domestic and cross-border fraud data to identify patterns of fraud and to create and improve global fraud models.

Click here to download the 4-page (PDF) Infographic.

Map Edtech 2x

II. Understanding EdTech Data Flows

The second infographic presents a highly simplified visual of the data flows for education technology for schools and universities. Cloud based services support a wide range of programs used by teachers, students and administrators in this sector.

Schools and universities increasingly rely on EdTech applications to help educate their students. This includes online classroom/video call collaboration tools, applications to inform parents and students about important developments, learning management systems and learning content providers. Most of these providers rely on a global network of subsidiaries to support, maintain and secure their product 24/7 as well as on other service providers that deliver hosting and other specialist services. While applications and personal data of students are often hosted regionally, these subsidiaries and vendors will require access to the data for the delivery of the service.

Universities and schools will also often rely on (cloud-based) vendors to fulfill their tasks. For example:

  • Messaging and communications tools to stay in contact with their students, parents and the wider community as well as promoting their activities.
  • Specialist applications for conducting and facilitating research with international collaborators.
  • Online collaboration tools, e.g., video conferencing, to collaborate with other schools and universities.

For further information or to provide comments or suggestions, please contact Dr. Rob van Eijk ([email protected]) or Dr. Gabriela Zanfir-Fortuna ([email protected]).

The full list of FPF’s infographics can be accessed on the FPF website at fpf.org/publication-type/infographic/.

To learn more about FPF in Europe, please visit fpf.org/eu.

Published: Last Updated: June 20, 2023
Tags: ,

Explore

Issues

authors

dates

Posts by Rob and Gabriela

ai,related,law,concept,shown,by,robot,hand,using,lawyer
How Data Protection Authorities are De Facto Regulating Generative AI
Read More
digital,service,act,concept:,lock,on,computer,keyboard,and,europe
EU’s Digital Services Act Just Became Applicable: Outlining Ten Key Areas of Interplay with the GDPR
Read More
india,flag,isolated,on,the,blue,sky,with,clipping,path.
The Digital Personal Data Protection Act of India, Explained
Read More
View More