On the issue of data flows?
Data flows are important—you just won’t believe how mind-bogglingly important they are for trade today. When you order a book from an online retailer, download an app, or stream the latest episode of your favourite show, you are engaging in digital trade and benefiting from cross-border data flows.
However, like Arthur Dent and his friends journeying through the Universe, data travels in mysterious ways through the Internet. Files sent from one country to another are broken down into smaller ‘packets’, each taking different routes and crossing different networks and borders to reach their destination, where they are reassembled into the original file.
The ultimate origin and destination of data tends to be a technical matter. Firms often use servers located across different countries to improve access speed and reduce network traffic. This means that, sometimes, what seems to be a domestic flow of data is actually an international transfer, and vice versa. Moreover, with the adoption of cloud computing, data lives in many places at once, with different bits or copies stored in different countries simultaneously. This is why regulating cross-border data flows is complicated.
How bits and bytes translate into dollars and cents is also difficult to establish. The value of data comes from the information it carries and how it is used—not its volume. In this respect, data is not similar to a physical commodity like oil, as some have claimed. Although it is an essential input into modern economic and social activity, data—unlike oil—is not scarce; it can be copied and shared at virtually no cost. Like Douglas Adams’ work, data is not like anything else—it is sui generis.
On data regulation, and the growing use thereof?
There are many reasons why countries may wish to regulate data flows. One is to safeguard the privacy of individuals and their personal data. Today, the information trail left in our economic and social interactions is richer than ever. But what data is being collected—and how it is being used—is not always clear to consumers, especially when it moves between jurisdictions.
Countries may also restrict the flow of data, or require that it be stored on local (domestic) servers, in order to meet other regulatory objectives, such as access to information for auditing purposes. Governments may impose restrictions where information is deemed sensitive from a national security perspective. Some countries are also increasingly regulating data to support the growth of domestic digital sectors—effectively using it as a tool of digital industrial policy.
Not all data regulations are the same, and countries make different trade-offs reflecting their citizens’ priorities. At the risk of oversimplifying, four broad approaches are emerging. These are not mutually exclusive; different approaches can apply to different types of data, even within the same jurisdiction (e.g. health data may face stricter rules than product maintenance data).
·???????? The first type of approach to data regulation is?no regulation at all, often due to the absence of data protection. This is the case in many least-developed countries. But in this case, other countries may hesitate to transfer data there—limiting participation in digital trade.
·???????? The second category of approaches allows companies to export data but holding them liable if it is misused; referred to as?ex-post?accountability.?
·???????? The third type of approach requires an?ex-ante?adequacy decision that, transfers are only allowed once a country is deemed to provide adequate protection. Where no adequacy decision exists, firms may rely on tools like binding corporate rules, contractual clauses, or user consent.
·???????? The fourth and final type of approach is the most restrictive in terms of movement of data. It includes more ad-hoc or?case-by-case approaches, generally subject to review and sometimes discretionary approval by the relevant authorities.?
These regulations can directly affect the ability to trade digitised goods and services, and can also have broader trade consequences, such as when it affects data flows critical for the co-ordination of global value chains. The existing patchwork of rules can make it particularly difficult for small and micro businesses to participate in digital trade.
On the role of trade policy?
While the Internet was born global and opens new opportunities for businesses and individuals alike, it also presents policy challenges in a world of borders and diverging regulations. As countries regulate cross-border data flows, it will be increasingly important to consider the trade impacts—to ensure that privacy, security, intellectual property protection, and the benefits of digital trade are all effectively balanced.
The ultimate answer to life, the universe and cross-border data flows might therefore not be 42, as suggested in the original Hitchhiker's Guide to the Galaxy, but might lie in promoting greater interoperability. This will require regulators to develop a shared sense of international good practices in data governance, and to talk with each other and across policy silos to exchange information and ideas on how to tackle these complex issues together. In seeking greater interoperability among approaches, useful lessons can be drawn from the trading system’s experience in promoting open exchange in the context of regulatory differences. It will be important to ensure that approaches are as transparent, non-discriminatory and as least trade-restrictive (to achieve their objectives) as possible.
Greater dialogue between different policy communities and stakeholders, including business, academia and civil society will be key. Who knows, with a splash of Pan Galactic Gargle Blaster (to liven up discussions), agreement might arise; in which case, so long, and thanks for all the trade!
