There are manifold reasons economies are reviewing their data policy. These include considerations related to privacy and data protection, national security, regulatory control or audit, digital security, and also new forms of digital industrial policy (Casalini, López González and Nemoto, 2021[26]). While there are legitimate reasons for the diversity in regulations across economies, the regulatory landscape that underpins cross-border data flows and data localisation is becoming increasingly complex.
The emerging patchwork of approaches risks undermining the policy objectives they were intended to serve. The patchwork makes it difficult not only to effectively enforce public policy goals such as privacy and data protection when data crosses international borders, but also for firms to operate across markets, affecting their ability to internationalise and benefit from operating on a global scale. The challenge for governments is thus to promote regulatory approaches that enable the movement of data while, at the same time, ensuring that, when data crosses a border, it receives the desired protection, safeguard or oversight.
In the context of data flow measures, the analysis generates four main findings.
Cross-border data flows are the lifeblood of the global economy. Data autarky, where all economies restrict their data flows (full fragmentation), would lead to global GDP losses of 4.5% and reductions in exports of 8.5%.
The absence of data flow regulation is also associated with negative economic outcomes. Indeed, if all economies moved towards an absence of regulation for data flows, trade costs would fall, but so too would trust. Overall, global GDP would fall by nearly 1% and global exports by just over 2%. The impacts would be largest for high-income economies which could see their GDP fall by over 2%.
Regimes that combine open data flows with safeguards (Categories 1 and 2) balance the trade costs associated with data regulation with the trust benefits of data safeguards. Indeed, if such approaches were adopted by all economies, global exports would grow by 3.6% and global GDP by 1.77%. Benefits would be highest for low and lower-middle income economies, which could see their GDP rise by over 4%.
The economic costs of fragmentation of data flow regimes along geoeconomic blocs would also be sizeable (more than 1% real GDP loss).
Overall, the analysis suggests that global solutions to data flow issues that combine open regimes with safeguards are likely to deliver better economic outcomes.
For data localisation measures, the following messages emerge.
Removing existing data localisation measures would deliver small but positive impacts. Exports would rise by 0.26% and GDP by 0.18%. Gains are, however, potentially large for low-income economies which could see their GDP rise by over 1%, given more restrictive existing regimes.
Moving to data storage requirements without flow prohibition is associated with relatively small economic costs. The global GDP loss is projected to be smaller than 0.1%. That said, low-income economies are projected to see strong increases in GDP from moving to this less restrictive form of data localisation.
Horizontal storage and flow prohibitions are nearly nine times more costly than more targeted policies in areas that are typically regulated (financial, telecommunications, and ICT services).
When combined with flow prohibitions the costs of data storage requirements are much larger and similar to restrictive data flow measures.
Data flow and data localisation policies also interact with each other. At the extreme, a requirement that all data be stored domestically is equivalent to a prohibition to transfer data. That said, along the continuum of measures, the impact between these varies markedly. A local storage requirement that does not have a flow prohibition has an effect on data management costs arising from having to keep copies of data using potentially more expensive data storage solutions. By contrast, conditional flow regimes require greater costs associated with ensuring that data remains protected. These include legal costs associated with understanding privacy and data protection frameworks abroad as well as costs associated with drafting and managing contracts, binding corporate rules, or signing up to certification schemes that ensure that privacy and data protection is enforced when data is transferred. This is, however, associated with benefits in the form of greater trust arising from the fact that transferred data is being protected against privacy violations. For the case of data localisation measures, trust benefits are not identified. This is partly because the location of the data does not necessarily have an impact on whether data is or is not safeguarded (see also Del Giovane, López González and Ferencz (2023[8]).
Overall, this work aims at weighing different considerations in the context of discussions about balancing data flows with safeguards. Overall, the analysis shows that data policies matter for our globalised economy. It underscores the dangers of unnecessarily restrictive policies and suggests that balanced and global approaches to data regulation work best.
As noted in IMF et al. (2023[37]), an important digital divide between developed and developing countries remains. Future work can investigate the implications of different data governance policies and how these might contribute to or attenuate this digital divide.