Data localization and barriers to cross-border data flows

Event report

[Read more session reports from WSIS Forum 2017]

Mr Richard Samans (Member, World Economic Forum Managing Board) moderated the discussion, and presented the panel by saying they could potentially construct a policy framework that is not only multistakeholder, but also a  multidisciplinary avenue of inquiry and consultation, with trade experts and stakeholders.

Mr William J Drake (International Fellow & Lecturer, University of Zurich) presented a preliminary version of his upcoming report, which follows up on a paper on Internet fragmentation. There is a growth of diverse measures, with different specific requirements, applications, and motivations. Cross-border data flow barriers are also varied, ranging from restrictions on transfer of personally identifiable information (PII) to censorship and digital protectionism. Drake argued that there is a need for a parallel track of analysis and dialogue as the trade and Internet governance (IG) environments and processes are different. While some companies see any data flow-limiting measures as protectionist, Drake proposes a general presumption of open flows of information, and against the forced data localisation for non-privacy issues. He sees nuance as necessary, since certain areas like national security and finance, among others, will lean towards localisation. On openness and transparency, Drake pushed back on the notion that trade negotiations should be fully transparent, as their sensitivity may require some secrecy. 

Ms Fiona Alexander (Associate Administrator, Office of International Affairs, National Telecommunication and Information Administration, US Department of Commerce) brought up the longevity of this issue in IG circles, dating back to at least the 2000s. However, she believes that looking at the trade community for tools with ‘more teeth’ is useful. Explaining that the IG community is interested in being part of the process as well as the outcome, Alexander explained the importance of the equal participation of stakeholders in IG, and pushed for finding a set of shared values with the trade communities, highlighting differences such as closed room meetings on commercial rather than national security issues. 

Ms Chinmayi Arun (Research Director, Centre for Communication Governance, National Law University, New Delhi) positioned herself as bringing a different global perspective, talking about how the government is usually the initiator of data localisation discussions, on issues of national security and law enforcement, out of frustration with current tools for obtaining information, which companies also do sometimes. Thus, data localisation has certain angles, like security, that are substantial, and a cost benefit analysis would be appropriate. Arun was skeptical that embedding global values such as privacy into regional trade agreements would not get pushed back, and instead suggested local norms. 

Ms Mira Burri (Senior Lecturer and Managing Director for Internationalisation, Faculty of Law, the University of Lucerne) highlighted the nuance and evolution of measures of this kind, from censorship to data localisation. Burri, arguing from a European perspective, called for drawing a clear line on issues like data protection as a fundamental right and its distinction from protectionism. Further, she brought in the distinction at the level of the data itself, to ask what is and is not personal data, and exceptions for big data companies. 

Ms Lee Tuthill (Counsellor, Trade in Services, WTO) clarified the trade language used. Underlining the transparency aspect of the WTO, she noted differences between agreements, as the service agreement leaves way for exceptions, such as privacy. These exceptions, according to Tuthill, could signal if the practises are protectionist. Certain tests, such as necessity, not being arbitrary, or not being discriminatory, can show the difference between what is said versus what is done. Tuthill argued that best practices are useful, but should be built over time. 

Mr Torbjorn Fredriksson (Head, ICT Analysis Section, The United Nations Conference on Trade and Development) explained the need for clarity of rules and their application, and an impact assessment. While the laws may have been put in place for good reason, there is a need to understand whether they are doing what they are supposed or simply hurting businesses. Further, Fredriksson pointed to data privacy abuses by both governments and companies as one of the reasons for lack of user trust in the Internet, and to a need for data protection laws in developing countries.

Mr Ricardo Meléndez-Ortiz (Chief Executive Officer, The International Centre for Trade and Sustainable Development) talked about the learning process that needs to happen as the IG and trade communities converge on this issue. The need for good dialogue at the national level, to bring in non-state actors and proper organisations that understand the substantive differences and develops models, is crucial. 

The audience’s comments tackled the issue from the perspective of human rights, secrecy in trade, and the growing complexity of the Internet ecosystem, also proposing solutions such as dealing with issues layer by layer rather than country by country. 

by David Morar