Trustworthy data flows – what’s at stake and what is needed?

9 Dec 2021 13:00h - 14:30h

Session page

Event report

The importance of cross-border data flows cannot be overstated as the data economy is the economy now, stated Ms Gallia Daor (Policy Analyst, Organisation of Economic Cooperation and Development (OECD)).

Cross-border data flow helps to grow the economy. Data transfers are estimated to contribute around US$2.8 trillion to the global GDP which is expected to grow to US$11 trillion by 2025. Ms Lee Tuthill (World Trade Organisation (WTO)) shared that the benefits of data flow include huge cost savings that affect the bottom line of companies and sectors, greater efficiency, and a lower entry barrier for businesses that were not global. Mr Lawrence McDonald (Privacy Policy Manager, Meta) added that the free flow of data is critical for access to information, privacy, freedom of expression and opinion, and that it enables communities to safeguard those rights and hold violators accountable. Global data flow helps cybersecurity, shared Mr Norman Barbosa (General Manager and Associate General Counsel, Lawful Access and Telecom, Microsoft). He cited how Microsoft, by analysing global data flows, has been able to look at correlated threats across the world, and provide notifications to customers and governments around the world about potential threats and system compromise by malicious actors.

Concern was expressed that, presently, a lot of regulations on data localisation undermine privacy, security, economic opportunity, have serious human-rights implications, and bring a risk of the balkanisation of the internet, stated McDonald. Tuthill added that digital nationalism can come out as protectionist and antitrade, and that it has the potential to hurt everybody in the global economy, including all traders. She added that for small economies and small companies, the digitalisation and use of data can have a huge impact.

Mr Joseph Whitlock (Director, Policy, BSA) stated that the ability to transfer data in a secured and responsible way across transnational IT networks is critical. There are nations and regions having bilateral negotiations regarding cross-border data flow (e.g. the UK and Singapore agreement on digital economy, the US and UK data transfer initiatives, etc.) due to the growth of data nationalism around the world, and that there is a view that all data generated in a particular country must remain within that country.

Referring to the General Data Protection Regulation (GDPR) and cross-border data flow, Barbosa stated that while the GDPR is a valuable addition to the global regulatory scheme, it oversimplifies the challenges of cross-border data flow. Its adequacy overview looks at data flow in a bilateral fashion. However, these are multilateral issues as there is no such thing as a bilateral internet connection. Mr Michael De Santis (Senior Policy Advisor, Innovation, Science and Economic Development, Government of Canada) pointed to the degree of complexity of compliance posed by the GDPR for some smaller firms. Compared to the GDPR on cross-border data-sharing rules, he said that the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada is less formal and more flexible, and makes growth easier for firms.

There is a need to dwell on what data is and how it is being measured for creating the right policies, stated Daor. She added that projects of the OECD are looking to improve the understanding of data, and the use of data to drive growth and well-being in different sectors. In addition, the OECD is working on having a more nuanced understanding of data, to measure the value of data, and to support governments in developing countries to draft or revise their data-governance policies and strategies.

There is a need to balance interests: the preservation and safeguarding of secure and responsible data transfers, and the governments’ right to regulate. There is also a need to look at different solutions for different layers of data, stated Tuthill.

As there is a trust deficit related to the security and privacy of information in digital networks, data-privacy frameworks should operate interoperability between jurisdictions so that data can continue to flow. A good framework should ensure responsibility, security, and trust in data transfers.

To promote the shared cross-border flow suggestions, we need: governments to focus on standardisation strategies for data governance within the country; to encourage international collaboration for the interoperability of standards; informed multistakeholder engagement; cross-disciplinary dialogue on the topic; multilateral discussions and cooperation; and to avoid a siloed approach. The need for regulatory innovation and allowing more regulatory sandbox approaches were advocated.

Further, there is a necessity to deliberate and raise capacity not just around what we need to do in policy, but also how the internet works, how data flows work, what are the benefits that we all enjoy from cross-border data flow, how the internet is set up at different layers, and what is at stake if we lose what was discussed.

By Amrita Choudhury

Session in numbers and graphs

Most frequent noun chunksMost frequent names and entitiesWordcloudProminent verbs with adverbs

Automated summary

Diplo’s AI Lab experiments with automated summaries generated from the IGF sessions. They will complement our traditional reporting. Please let us know if you would like to learn more about this experiment at ai@diplomacy.edu. The automated summary of this session can be found at this link.