DATA PROTECTION, CYBERSECURITY AND INTERNATIONAL ARBITRATION: CAN THEY RECONCILE?

Abstract

For the past few years, international arbitration has been on an upward surge. It has grown exponentially, becoming a preferred forum of dispute settlement. Simultaneously, data protection and cybersecurity have been at the fore of discussion globally, with the enactment of the General Data Protection Regulation [“GDPR”] in the European Union [“EU”], the right to privacy being declared a fundamental right in India, and jurisdictions like India modelling their law on the GDPR. The time has come for the intersection of both these fields to be considered seriously. The International Council for Commercial Arbitration [“ICCA”] and the International Bar Association [“IBA”] have formed a task force to investigate the question of data protection in international arbitration, and a Cybersecurity Protocol has been released by the ICCA in conjunction with the New York City Bar Association [“NYC Bar”] and International Institute for Conflict Prevention and Resolution [“CPR”]. These positive developments show the way forward for arbitration and data protection. In this paper, the authors analyse these developments, assess the status of data protection and information security in arbitration, and provide some suggestions about the way forward.