Hitchhiker's Guide to Cross-Border Data Flows
DON'T PANIC! The hitchhiker's guide to cross-border data flows
3 June 2019 | by Javier Lopez Gonzalez
Drawing on the useful advice of Douglas Adams, the “Hitchhicker’s Guide to Cross-Border Data Flows” is designed to be an indispensable companion to all those who are keen to make sense of trade in an infinitely complex and confusing digital era. Though it cannot hope to be useful or informative on all matters, it has the words “DON’T PANIC” inscribed in large friendly letters in the title, reassuring trade policy makers across the universe that everything is going to be OK.
On the issue of data flows
Data flows are important, you just won’t believe how mind-bogglingly important they are for trade today. When you order a book from an online retailer, when you download an app, or when you stream the latest episode of your favourite show – you are engaging in digital trade and benefitting from cross-border data flows.
However, like Arthur Dent and his friends journeying through the Universe, data travels in mysterious ways through the Internet. Files sent from one country to another are broken down into smaller ‘packets’, each taking different routes and crossing different networks and countries to reach their destination, where they are reassembled into the original file.
The ultimate origin and destination of data tends to be a technical matter. Firms often use servers located across different countries to improve access speed and reduce network traffic. This means that, sometimes, what seems to be a domestic flow of data is actually an international transfer, and vice-versa. Moreover, with the adoption of cloud computing, data lives in many places at once with different bits of data or copies of the data stored in different countries simultaneously. This is why regulating data flows is complicated.
How bits and bytes translate into dollars and cents is also difficult to establish. The value of data comes from the information it carries and how it is used, not its volume. In this respect, data is certainly not similar to a physical commodity like oil, as some have claimed. Although it is an essential input into modern economic and social activities, data – unlike oil – is not scarce; it can be copied and shared at virtually no cost. Like Douglas Adams’ work, data is not like anything else, it is sui generis.
On data regulation, and the growing use thereof
There are many reasons why countries may wish to regulate data flows. One is to safeguard the privacy of individuals and their personal data. Today, the information trail left in our economic and social interactions is richer than ever before. But what information is being gathered, and what use is being made of it, is not always clear to consumers, especially when data moves between juristictions. Countries may also restrict the flow of data, or require that it be stored on local (domestic) servers, in order to meet other regulatory objectives, such as access to information for auditing purposes. Governments may also impose restrictions on data flows where information is deemed to be sensitive from a national security perspective. However, some countries are also increasingly regulating data with a view to helping develop domestic capacity in digitally-intensive sectors, as a form of digital industrial policy.
Not all data regulation are the same, and different countries make different trade-offs reflecting their citizens’ concerns. However, at the risk of oversimplifying, four broad approaches are emerging. These are not mutually exclusive; different approaches can apply to different types of data, even within the same jurisdiction (health data, for instance, might be subject to more stringent approaches than data related to product maintenance).
- The first type of approach to data regulation is no regulation at all, usually because there is no data protection. This is the case in many least-developed countries. The problem is that the absence of regulation can affect the willingness of others to send data to these countries, affecting their ability to benefit from digital trade.
- The second category of approaches allows companies to export data, but makes them liable if that data is misused; referred to as ex-post accountability.
- The third type of approach requires an ex-ante adequacy decision ensuring that countries meet specific conditions before data can be safely transferred. Where an adequacy determination has not yet been made, firms can move data under options like binding corporate rules, contractual clauses and consent.
- The fourth and final type of approach is the most restrictive in terms of movement of data. It includes more ad-hoc or case-by-case approaches, generally subject to review and sometimes discretionary approval by the relevant authorities.
These regulations can directly affect the ability to trade digitised goods and services, and can also have broader trade consequences, such as when it affects data flows critical for the co-ordination of global value chains. Even just the patchwork of different regulations that currently exists can make it harder for small and micro businesses to benefit from digital trade.
On the role of trade policy
While the Internet was born global, and offers new opportunities for individuals and firms of all sizes, it also raises considerable challenges for policy in a world where borders and regulatory differences between countries remain. As governments regulate cross-border data flows, it will be increasingly important that the trade impacts are also considered, to ensure that privacy, security, protection of intellectual property and the benefits of digital trade, are all comprehensively understood, considered, and balanced.
The ultimate answer to life, the universe and cross-border data flows might therefore not be 42, as suggested in the original Hitchhikers Guide to the Galaxy, but might lie in promoting greater interoperability. This will require regulators to develop a shared sense of international good practices in data governance, and to talk with each other and across policy silos to exchange information and ideas on how to tackle these complex issues together. In seeking greater interoperability among approaches useful lessons can be drawn from the trading system’s experience in promoting open exchange in the context of regulatory difference. It will be important to ensure that approaches are as transparent, non-discriminatory and as least trade-restrictive (to achieve their objectives) as possible.
Greater dialogue between different policy communities and stakeholders, including business, academia and civil society will be key. Who knows, with a splash of Pan Galactic Gargle Blaster (to liven up discussions), agreement might arise; in which case, so long, and thanks for all the trade!
Related research
Digital trade
The digital transformation has reduced the costs of engaging in international trade, facilitated the co-ordination of global value chains (GVCs), helped diffuse ideas and technologies, and connected a greater number of businesses and consumers globally.
Trade and Cross-Border Data Flows
This paper develops an indicative taxonomy of domestic approaches to cross-border data flow regulation and local storage requirements; it then surveys international instruments that address the question of international data transfers. The paper then examines the issues that data flow restrictions might raise for consumers and businesses.