Cross-border data flows underpin today’s economic and social interactions. They help us connect with friends and family across different countries; they support research to address global challenges (as was the case during the pandemic); they help to coordinate production along global supply chains; and they allow firms, notably smaller ones, and individuals to access global markets. In sum, cross-border data flows have become the lifeblood of modern day social and economic activities.
However, as more and more data crosses borders, concerns about privacy protection, digital security, national security, regulatory reach, competition, trade and industrial policy have arisen. This has led to a growing adoption of regulations which condition the movement of data across borders or, in some cases, measures that mandate that data is stored or processed in specific locations (also known as data localization).
The resulting patchwork of rules and regulations is making it difficult not only to effectively enforce public policy goals such as privacy and data protection across different jurisdictions, but also for firms to operate across markets, affecting their ability to internationalize and benefit from operating on a global scale. The challenge for governments is to promote regulatory approaches that enable the movement of data while, at the same time, ensuring that, when data crosses a border, it receives the desired protection, safeguard or oversight.
The notion of trust is at the center of this debate. It is increasingly clear that the benefits of digitalization depend strongly on the degree of trust in the digital environment that underpins emerging economic and social transactions. Individuals will not engage with businesses they do not trust and businesses will struggle to reap the benefits of scale unless they can operate with trust globally. The concept of “data free flow with trust,” championed by Japan under the G20 “Osaka Track,” encapsulates the policy impetus to find a balanced solution to these challenges.
Discussions to find more interoperable approaches to DFFT have been ongoing for a number of years across a range of fora (whether the G20 or G7 as well as the Asia-Pacific Economic Corporation and World Trade Organization). The Organisation for Economic Co-operation and Development has been at the forefront of these discussions, promoting an evidence-based policy dialogue by helping map different approaches to cross-border data flows and their commonalities. The work has shown that there is no single mechanism to enable trusted data flows. Governments pursue different or even multiple and complementary approaches.
Some prefer to approach the issue using unilateral mechanisms which include public adequacy decisions, model contract clauses or the use of the accountability principle. Others pursue intergovernmental arrangements such as the OECD Privacy Guidelines, the Council of Europe Convention 108+ or APEC’s Cross-border privacy Rules. Others approach this through their trade agreements, including binding provisions that enable data (personal and non-personal) to flow while maintaining exceptions for meeting legitimate public policy objectives (such as national security or privacy and data protection).
Although the emerging policy landscape appears to be fragmented, there are areas of overlap on which to build upon. First, a range of commonalities between and within instruments emerge. One particularly important element is that the dual goal of safeguarding data and enabling its flow which is a key element across all approaches. There is also growing evidence of convergence. That is, the direction of travel is increasingly similar, whether in the language used in trade agreements or in the principles that underpin domestic privacy and personal data protection which increasingly overlap. Last, there is a high degree of complementarity between the existing instruments which are increasingly cross-reference each other.
An international architecture which seeks to find ways to combine the benefits of data flows without compromising on also ensuring that legitimate public policy objectives can be achieved is emerging. This was recognized in the G20 Rome Declaration where leaders agreed to “continue to further common understanding and to work towards identifying commonalities, complementarities and elements of convergence between existing regulatory approaches and instruments enabling data to flow with trust, in order to foster future interoperability.”
In order to continue ensuring that dialogue on these issues remains evidence-based, the OECD will carry on undertaking analysis in this area. More evidence on the economic impact of different approaches to cross-border data flows will facilitate international cooperation and dialogue on more predictable and transparent combinations of data flows and “trust.” These should enable governments, firms and consumers to benefit from continued growth, wellbeing and inclusion.
You can contribute to this effort by providing information about your business activities through this targeted OECD-WTO Business Questionnaire (open through June 14). Your responses will help policymakers better understand the emerging challenges that firms such as yours face.
Photo by Elena Mozhvilo on Unsplash
If you want to comment on this post, you need to login.