Data Access and Compliance in Global Operations

Global providers of satellite broadband services potentially face an increasingly complex compliance burden as a result of a rapidly-developing data policy environment. Fueled by robust initiatives for law enforcements’ more ready access to data; convergence of telecom and Internet service in regulatory terms; developments in Lawful Intercept (LI), privacy, and data localization policies; increased infrastructure; and legal requirements, threaten service providers that manage customer data. The jurisdiction where data is held is key, and more countries are requiring this access.

Lawful Intercept

Through LI requirements, governments seek to ensure data access rights within jurisdictions where operators might not otherwise choose to land traffic. Where such obligations are not in place or other data is sought, international agreements such as Mutual Legal Assistance Treaties (MLATs) enable countries to request information on users whose data is held in jurisdictions where they cannot serve warrants directly. However, governments often find MLATs are not a satisfactory solution due to slow timelines and the fact they were not initially designed to cover the sophisticated communications networks of today.

At the same time, as more countries seek ways to force the establishment of LI facilities locally to allow them legal access — threatening spiraling costs for global operators — there has been some recognition that the incompatibility of national legal regimes needs to be mitigated through closer collaboration on law enforcement matters related to Internet data.

The Council of Europe’s (COE) Convention on Cybercrime of 2001 (or Budapest Convention) addresses international harmonization in law enforcement activity relating to Internet and cybercrime as well as human rights. Despite the possible appearance that the Convention might achieve multilateral harmonization of transnational data rules, the COE’s Cybercrime Convention Committee established in December 2014 that domestic law enforcement principles still apply: if data is accessed, it must be done legally in whatever jurisdiction it is held.

The Committee notes that law enforcement agencies “may be able to procure data transnationally by other methods such as mutual legal assistance or procedures for emergency situations.” In the context of MLAT reform, however, the COE’s “Octopus Conference” in June 2014 noted that there can be a conflict between law enforcement requirements and data protection requirements.

Any reform to MLAT procedures can be expected to be addressed more rapidly through bilateral negotiation than through multilateral treaty negotiations. In January 2015 the United States allocated $24 million to MLAT reform, to review foreign training, shorten response time to meet requests, and implement improved tracking systems. Some governments have insisted on local LI requirements because MLATs were too inefficient to deliver requested data in a timely way. If the scope of reform were sufficient, MLATs could ultimately encompass a host of issues that global Internet and telecom service providers currently struggle to address with international law enforcement authorities. This will likely require substantive changes to reflect new technologies.

Data Protection and Privacy; Data Localization

In addition to these developments, data protection and privacy requirements are receiving considerable attention, most notably in Europe where a proposed EU Data Protection Regulation would harmonize disparate requirements in member states. At least one provision is in conflict with U.S. law and, according to provisions present in some drafts, member states could use exceptions to restrict transfers to third countries despite approved transfer mechanisms such as US-EU Safe Harbor, which allows companies to transfer personal data from the EU to the U.S. The proposed regulation could include fines for non-compliance of up to 5 percent of global revenue.

Nina Beebe is director for emerging markets at Access Partnership in London. She assists satellite service integrators, operators and others in securing market access and licenses on a global basis.