Consumer data rights from Japan to the world | PART 1 | IGF 2023

Report

Review and Edit: Check for grammatical errors, incorrect sentence formation, typos, or missing details, and make necessary corrections. Ensure UK spelling and grammar are being used in the text, and correct it if not. The expanded summary should mirror the main analysis text as closely as possible.

Ideally, include as many long-tail keywords in the summary as fitting, without compromising the summary’s quality.

Report

Launched in 2011, the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) system was set up to oversee data governance and privacy. However, it exhibits limited efficacy, supported by the fact that only 9 out of the 21 member economies choose to participate to date.

The certification process for CBPR consists of several phases, beginning with a self-assessment stage, proceeding to an assessment by the accountability agent, followed by a recommendation phase, and culminating in the awarding of the certification.

Nonetheless, the CBPR system has drawn substantial criticism.

A prime concern is its inherent tie to the privacy framework established by the Organisation for Economic Cooperation and Development (OECD) in the 1980s – a framework now considered outdated by many. This correlation gives rise to uncertainties about the system’s aptitude to adapt to the fast-evolving digital landscape.

Additionally, the high costs associated with obtaining a CBPR certification – a sum ranging from $15,000 to $40,000 – serve as a deterrent for smaller or less financially well-off organisations to participate.

Further complicating matters, civil society’s inadequate representation in CBPR dialogues and decision-making processes results in a governance approach that is largely market-driven.

This flaw could result in the overlooking of broader societal interests and concerns.

In 2022, the more encompassing Global CBPR Forum was introduced. This entity has a wider operational remit compared to the APEC CBPR, leading to speculation that it may render the traditional APEC CBPR system obsolete.

If the Global CBPR Forum indeed offers more thoroughgoing and effective data privacy solutions, it may precipitate a significant shift in the data privacy and governance landscape.

However, further research and observation are necessary to verify this potential outcome.

In summary, the APEC CBPR system – although launched with laudable intentions – appears to be encumbered by several key shortcomings, including high costs, limited adoption, linkage to an outmoded privacy framework and underplaying of civil society.

Emerging platforms like the Global CBPR Forum might provide alternatives and potential enhancements in the future.

Report

Javier Ruiz Diaz, a respected Senior Advisor working on Digital Rights for Consumers International, is actively encouraging collaboration around data governance within the culturally rich and diverse Asia-Pacific region. Consumers International is a global coalition comprising a collective of 200 member organisations that span an impressive 100 nations.

This influential group elicits a positive sentiment in its vision of fostering metaphorical harmony in the approach to regional data governance.

Diaz acknowledges the potential of the Asia-Pacific region; its unique position as a cradle of technological innovation and a hub for emergent consumer and digital rights organisations will enable it to contribute priceless ideas and proposals.

This untapped capacity has spurred the need for discourse and collaboration within data governance. Accordingly, Diaz is observed fervently advocating for the greater inclusion of this region in global dialogues on data governance, assured of its meaningful potential contribution to the dialogue.

Simultaneously, Diaz is organising a proactive follow-up intervention.

This initiative seeks to bridge the gap between consumer and digital rights organisations and policymakers, creating a unified approach to further discussions about data governance in light of rising concerns about consumer rights in the digital era. This collaborative approach aligns harmoniously with the guiding principles that map to the Sustainable Development Goals (SDG 16: Peace, Justice, and Strong Institutions), and mirrors a commitment to establish a robust regulatory framework in digital policymaking efforts.

In summary, the evolving narrative underscores Diaz’s pivotal role in creating innovative partnerships in data governance.

It highlights a resonance with SDG 16, advocating for just practices in regulatory landscapes, further solidifying his commitment to peace, justice, and strong institutions. Moreover, his initiatives in synchronising collaborations with SDG 9: Industry, Innovation, and Infrastructure bear testament to his dedication in advocating innovative solutions that pave the way for sustainable infrastructural development.

Report

In this comprehensive analysis of global data governance models, three predominant approaches are identified, each exemplified by a unique geopolitical entity – the European Union (EU), the United States (US), and China. The EU, focusing on a human-centric methodology, places emphasis on the protection of human rights, fair competition, and effective moderation of platform content.

Conversely, the US’s philosophy favours a less intrusive government role and is predominantly market-led. Lastly, China’s state-driven model seeks to establish technological dominance, promote data sovereignty, and exercises robust government surveillance.

When examined from an International Trade perspective, trade agreements frequently prioritise the unobstructed flow of data across borders.

This dedication to free data movement presents a significant challenge when attempting to harmonise with critical aspects such as data privacy, fair competition, and intellectual property rights: elements potentially compromised by free data flow agreements.

It’s equally noteworthy to observe the stark disparity in domestic data governance policies among countries aligned within the same trade agreement.

This nuance is evident among signatories of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), where countries like the UK demonstrate superior regulations, responsibility towards use policies, engagement with stakeholders and adherence to international norms, in stark contrast to other signatories such as Chile, Malaysia, Peru, and Mexico.

The pursuit of promoting free data flow with trust is a formidable challenge.

As a response, some advocate for more grassroots, multi-stakeholder engagements. Currently, data protection is often viewed as an impediment to market access within the framework of trade agreements. This varying interpretation of ‘Free Data Flow with Trust’ underlines the complexity and vast scope of challenges confronting global data governance.

In essence, these disparate understandings demonstrate the significant hurdles on the path of responsible and efficient global data governance.

Report

The Indo-Pacific Economic Framework for Prosperity (IPATH), a confidential agreement involving 14 nations and governed by the U.S., has drawn much attention due to its significant implications for digital trade, data privacy, and data protection.

IPATH is projected to conclude by November 2023 and has a critical commitment to enforceable cross-data flows.

This key aspect has instigated apprehension, as it is perceived as a significant barrier to enhanced data privacy and security. Critics suggest that these enforced requirements could disrupt protective measures for cross-border data transfers, undermining privacy protections; therefore, posing substantial barriers to data privacy and security.

This could lead to data being transferred to countries that lack stringent data protection measures.

A contentious aspect of IPATH is the forced non-disclosure of source code and algorithm details. Critics argue this might lead to algorithmic discrimination whilst undermining transparency and accountability.

Such restrictions could impede independent verification of how software functions, profoundly impacting the trajectory of AI regulation at regional and national levels.

NAN, a participant in the IPATH negotiations, has expressed its opposition to the initiative. NAN highlights the potential for U.S.

control over data flow and transparency in AI and coding, deemed detrimental to Southeast Asian and South Asian countries’ interests. The inclusion of U.S.-Mexico-Canada Agreement (USMCA)-like provisions within IPATH, according to NAN, could limit regulatory options and subject data to the lower-standard data protection norms in the U.S.

In conclusion, although IPATH is promoted as a means to boost prosperity in the Indo-Pacific region, its potential consequences in terms of data privacy, protection, and digital rights have elicited considerable anxiety and resistance.

Use of UK English verified; no grammatical errors, typos or omissions detected.

Report

The Digital Economy Partnership Agreement (DIPA), a ground-breaking trade agreement, has sparked considerable debate due to a range of features it encompasses. It has been noted that DIPA ostensibly mirrors the provisions of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) with respect to cross-border data transfers.

Effectively, the DIPA rules that oversee cross-border data flows mirror those of the CPTPP provision for cross-border information transfers. This alignment is evident in the DIPA’s provisions concerning data flow regulation, as stipulated in Article 4.3, which confirms the parties’ commitments that were embodied in prior agreements.

Another pivotal element in DIPA discussions is its pronounced alignment with the United States’ data governance model.

The provisions of DIPA exhibit significant conformity to the approach the United States advocated during the Trans-Pacific Partnership (TPP) negotiations, which formed the basis of the CPTPP agreement. The potential implication of this alignment is that broad acceptance or replication of these terms could effectively result in a de facto standardisation under the American data governance model, according to some critiques.

In spite of its status as an innovative instrument among Free Trade Agreements (FTAs), DIPA has garnered critique for its apparent lack of progress in terms of cross-border data flows.

Critiques propound that DIPA fails to carve out a new path in this sphere as it doesn’t lay down minimum standards for personal information protection, instead advancing interoperability via the adoption of voluntary self-regulatory approaches.

Further, due to its reflection of older agreements, the accord could create significant challenges for countries not part of the CPTPP.

Consequently, these nations may find complying with DIPA’s terms particularly challenging.

In conclusion, despite its original intentions, DIPA has provoked contention due to its firm affirmation of past agreements, lack of novelty in terms of cross-border data flows, and echoing of the US data governance model.

The concerns raised offer valuable insights into the possible implications of broad acceptance or replication of DIPA’s terms, underscoring the necessity for further discussion and careful evaluation.

Report

Paula Martins leads the Association for Progressive Communications (APC), a global networked organisation with 103 members in 74 countries. APC primarily focuses on social, environmental, and gender justice while interweaving technology and data governance. Besides its primary members, APC also partners with environmental and gender organisations that tackle digital issues, positioning data as crucial to a spectrum of operations.

The advocacy and implementation of appropriate policies are central to APC’s work across various regions, thus making data pivotal to their actions.

APC has an expansive reach, made evident by their 24 affiliates in Asia, underlining their impressive global presence.

APC has formed a strategic alliance with Consumers International. This collaboration aims to broaden an understanding of data governance within their sphere of operation.

The central objective of the partnership is to enhance information sharing regarding progress in regional data governance and to foster an environment that encourages networking among partners. This joint venture seeks to identify and act upon opportunities that would further their comprehension of data landscapes and contribute directly to targeted Sustainable Development Goals (SDGs).

Their SDG focus includes Gender Equality (SDG 5), Industry, Innovation and Infrastructure (SDG 9), Peace, Justice and Strong Institutions (SDG 16), and Partnerships for the Goals (SDG 17).

By aligning their work to these specific development goals, APC is poised to make a significant impact in the fields of technology and data management, coupled with a commitment to essential sectors like gender and environmental justice. This positive action towards digital rights and data governance, combined with their capability for collaboration, characterises the current landscape in which APC operates.