Operationalizing data free flow with trust | IGF 2023 WS #197

Audience

During a recent discussion on global data flow, stakeholders expressed concerns and perspectives on various aspects of the issue. Daichi, an operator of a local IXP in Japan, questioned the need for establishing a new authority to verify data flow and encryption. This highlights the importance of ensuring transparency and accountability in data handling processes.

Javier Reed from Consumers International emphasized the significance of implementing a redress system in data free flows. This system would enable consumers to seek resolution if any issues arise. It underlines the need for adequate safeguards and mechanisms to protect consumers’ rights and interests.

Jameson Olufi from Africa ICT Alliance highlighted the challenge of data access in the US, particularly regarding the General Data Protection Regulation (GDPR) and its impact on intellectual property. This concern emphasizes the need to balance data protection regulations with facilitating access to data for innovation and economic growth.

Masanobu Kato, representing the private sector, emphasized the role of businesses in proposing solutions for data flow and the potential of trust services. This emphasizes the importance of collaboration between stakeholders in developing effective strategies and frameworks for secure and reliable data flow.

An anonymous academic drew attention to the potential effects of data flow with trust schemes on geopolitical tensions. This observation highlights the significance of considering the broader implications and risks associated with global data flow.

Shota Watanabe from a Japanese think tank raised the question of identifying the most suitable forum for operationalizing Data Free Flow with Trust (DFFT). This highlights the need for careful consideration to avoid duplicating debates and ensure effective implementation of relevant policies and frameworks.

Lastly, Narayan from Nepal proposed the need for common regulations and collaborations to address privacy, security, and intellectual property issues in cross-border data flow. This suggestion emphasizes the importance of international cooperation and the development of cohesive regulatory frameworks to address the complex challenges posed by data flow across borders.

In conclusion, the discussion on global data flow highlighted concerns and perspectives from various stakeholders. These include the need for transparency, the importance of consumer redress systems, challenges of data access within regulatory frameworks, the role of businesses in proposing solutions, the potential impact on geopolitical tensions, identification of suitable forums for operationalization, and the necessity for common regulations and collaborations.

Raúl Echeberría

In today’s data-driven society, our reliance on data is evident. Almost all aspects of our daily lives, such as health services, government services, marketplaces, and e-commerce, are heavily reliant on data. This emphasises the fact that we live in a society where data is the foundation of our services.

The free flow of data is crucial for ensuring that these services are accessible and beneficial to all individuals. In order to reduce inequalities and achieve the Sustainable Development Goals (SDGs), it is essential that there is unrestricted data flow. This means that policies and frameworks need to be established to facilitate and support the free flow of data.

While promoting data flow is important, it is equally important to protect the rights and privacy of individuals. Legal frameworks should be put in place to ensure the safe and secure transfer of data without impeding its flow. These frameworks should strike a balance between enabling data flow and safeguarding the privacy of individuals, creating an environment that encourages responsible data handling practices.

To ensure a secure flow of data, effective local, regional, and global policies need to be developed. These policies should address the challenges associated with data flow and establish standards for secure data transmission. It is vital that data flow is seen as the norm, rather than the exception. By implementing robust policies, we can foster an environment that promotes the free exchange of data and encourages innovation and digital development.

However, there are instances where restrictive policies hinder the free flow of data. These policies prevent individuals from benefiting from digital advancements and impede progress. Policymakers need to be aware of the consequences of such restrictions and strive to create an environment that fosters digital development for all.

In addition to policies that directly impact data flow, other factors can also contribute to internet fragmentation. Policies related to infrastructure, taxes, or content moderation, if not carefully implemented, can lead to fragmentation. A fragmented internet poses a significant barrier to the uninterrupted flow of data, affecting the functioning of digital services.

Addressing these challenges requires collaboration between policymakers and stakeholders. Working together, we can develop effective policies and frameworks that facilitate data flow while ensuring the protection of individual rights. The commitment and cooperation of all stakeholders, including governments, businesses, and civil society, are essential in promoting discussions and finding solutions that benefit everyone.

In summary, data flow is fundamental to our modern society, as it underpins almost all aspects of our lives. Establishing policies and frameworks that support the free flow of data, while protecting individual rights, is crucial. Collaboration and commitment from all stakeholders are key to overcoming challenges and creating an environment that promotes data flow and digital development for all.

David Pendle

The fear of government access to data is identified as a significant threat to the free flow of data with trust. Microsoft’s law enforcement national security team receives just over 50,000 requests from governments each year for user data, contributing to a growing mistrust. Fragmentation of the internet, driven by laws motivated by concerns over privacy, sovereignty, or access to data, deepens this lack of trust.

To address these concerns and foster trust in data flows, interoperable multilateral frameworks are deemed necessary. The Organisation for Economic Co-operation and Development (OECD) process, led by Japan, brings together 38 countries to establish shared principles for data access. These principles include considering legitimate aims, obtaining prior approval, and incorporating oversight and transparency. The United States is actively negotiating data access agreements, and many countries have signed the second additional protocol.

Recognising the importance of balancing privacy and security, technology providers play a critical role as guardrails to ensure that requests for customer data are lawful, compulsory, and align with fundamental rights. While responding to data requests for public safety reasons is necessary, safeguards must protect individual privacy and prevent unwarranted access by governments.

Transparency is essential in establishing accountability within the data ecosystem. Users should be notified when their data is requested, keeping them informed about access to their information. Providers must regularly update statistics to illustrate the actual requests they receive. Transparency reports, published every six months or more frequently, showcase actions taken and promote a higher level of accountability in data handling practices.

Providers should not be compelled to violate the laws of one country to comply with another. Conflicts of laws present a significant challenge, but legal provisions like the comedy challenge in the US allow companies to challenge demands conflicting with laws in other jurisdictions. Companies report these cross-border requests through transparency reports every six months, ensuring the public is aware of the circumstances and potential conflicts.

Establishing more multilateral agreements concerning data requests and privacy is crucial for effective data governance. While bilateral agreements have been pursued, relying solely on them would be lengthy and cumbersome. Implementing more multilateral agreements streamlines data governance, reduces barriers, and facilitates a smoother exchange of data.

Further broad participation and inclusion in discussions concerning data requests and privacy is necessary. The OECD has made efforts to bring diverse voices to the table, incorporating perspectives from privacy advocates, data regulators, law enforcement agencies, national security officials, civil society organizations, and businesses. This inclusivity ensures that various opinions and concerns are considered, guiding the development of comprehensive and balanced policies.

In summary, the fear of government access to data poses a threat to the free flow of data with trust. Microsoft’s statistics highlight the extent of government requests for user data, raising concerns around privacy and trust. To address these fears, interoperable multilateral frameworks, such as the OECD process and data access agreements, are essential. Balancing privacy and security is crucial, with technology providers acting as safeguards. Transparency and accountability are vital in building trust in the data ecosystem. Providers should not be forced to violate one country’s laws to comply with another’s. More multilateral agreements and broader participation are needed to effectively address data requests and privacy concerns.

Maarit Palovirta

The analysis examines various key insights concerning the movement of data in networks, privacy regulations, regulatory coherence, regulatory certainty, geopolitics, and the global market.

Firstly, it highlights that innovations such as virtualisation, cloudification, and 5G are influencing data traffic patterns, resulting in increased cross-border data movement. This suggests a shift in the way data is transported through networks operated by telecom companies. These advancements are seen as positive, as they enable more efficient and effective data exchange globally.

Moving on to privacy regulations, it is noted that the implementation of the General Data Protection Regulation (GDPR) has led to improved trust among citizens worldwide. The GDPR has not only provided a global model for privacy regulations, but it has also inspired other countries to adopt similar frameworks. The sentiment towards this development is positive, as it highlights the importance of maintaining and enhancing trust in the digital space. Furthermore, it emphasises that the internet will only continue to thrive as long as people perceive it to be trustworthy.

In terms of regulatory coherence, it is highlighted that a common basis is needed to promote simplified and harmonised regulations on a global scale. The analysis argues that the implementation of diverse policies across different regions can potentially lead to internet fragmentation, which poses risks to the seamless flow of information. Therefore, some level of interoperability between regulations is deemed necessary to address this challenge.

The significance of regulatory certainty is also addressed within the analysis. It points out that stability for businesses in the private sector is provided through agreements such as data free flow area agreements established by European policymakers with various countries. These agreements, which ensure the free flow of data, offer regulatory certainty to businesses. The sentiment towards this development is positive, as it recognises the importance of predictable and consistent regulatory frameworks for fostering innovation and growth within the private sector.

The analysis touches upon the impact of geopolitics on the telecommunications sector, highlighting that there is a delicate balance between promoting regional competitiveness and avoiding protectionism. Geopolitics is described as being the flavour of the day in several sectors, suggesting that political factors play a significant role in shaping the dynamics of the telecommunications industry. This observation is neutrally presented, indicating that further examination may be required to fully understand the implications of geopolitics in this context.

Furthermore, it is underlined that the global market is crucial for the majority of industries and private sector organisations. The analysis asserts that increasing third-party engagement for cross-border data traffic is essential for sustainable economic growth, aligning with the goal of achieving decent work and economic growth as outlined in Sustainable Development Goal 8.

Lastly, the importance of developing common principles and avoiding the duplication of regulations is emphasised. It is argued that existing regulations in Europe should serve as a foundation, rather than being replicated, in order to achieve regulatory efficiency and avoid unnecessary bureaucracy. This notion is positively viewed as it highlights the need for collaboration and streamlined approaches in regulatory frameworks.

In conclusion, the analysis sheds light on various aspects related to the movement of data, privacy regulations, regulatory coherence, regulatory certainty, geopolitics, and the global market. It underscores the positive impact of innovations such as virtualisation, cloudification, and 5G on data traffic patterns, as well as the positive effects of the GDPR on global privacy regulations. Furthermore, it stresses the necessity of regulatory coherence and simplification on a global scale to prevent internet fragmentation. The importance of regulatory certainty for businesses in the private sector is highlighted, along with the delicate balance between promoting regional competitiveness and avoiding protectionism. The analysis acknowledges the indispensable nature of the global market for most industries and private sector organisations, while also recognising the need for developing common principles and avoiding duplication of regulations.

Sheetal Kumar

The analysis covers various topics related to data governance and protection, providing valuable insights into the key issues and discussions surrounding these areas.

One of the main points highlighted is the importance of a human rights-based approach to data. The analysis emphasizes that frameworks underpinned by human rights principles provide clarity and protection. It also mentions that data protection legislation embodies many required principles. It is argued that cross-border data sharing agreements should reflect human rights standards. This supports the conclusion that a human rights-based approach is crucial for ethical and responsible data governance.

Another important point made in the analysis is the need for inclusive and diverse participation in data governance. It is argued that more digital rights, civil society, and consumer groups should be involved in decision-making processes related to data governance. The analysis suggests that the role of civil society should be reflected in operationalizing frameworks such as the data free flow with trust framework. This highlights the importance of considering a wide range of perspectives and voices in shaping data governance practices.

The analysis also raises concerns about the trend of data localization. It states that reasons and effects of data localization can vary but highlights a World Economic Forum paper that shows data localization does not necessarily help grow the local economy. It further explains that data localization can lead to surveillance and harm rights within a country. This raises the need to carefully consider the implications of data localization and seek alternative approaches that balance security and privacy concerns.

Equitable access to data and the necessary infrastructure are also identified as crucial factors in data governance. The analysis highlights that while data itself is not valuable without interpretation and analysis, there is a lack of equitable access to data and the ability to use it in certain parts of the world. Investment is seen as needed to make use of data in sectors such as health. This highlights the importance of ensuring equal opportunities for access to data and the necessary resources to leverage its potential.

In terms of data security, the analysis emphasizes the importance of technical and legal measures. Encryption is highlighted as an integral part of a security infrastructure for data, whether it is data in transit or data being stored. This underscores the need for robust security measures to protect sensitive data and mitigate the risks of unauthorized access or breaches.

Noteworthy observations from the analysis include the need for thorough assessments of proposed measures before implementation. It is argued that such assessments are crucial to ensure that the measures achieve their intended effect and do not inadvertently increase insecurity. This highlights the importance of evidence-based decision-making and avoiding hasty actions that may have unintended consequences.

The analysis also emphasizes the significance of open and engaged discussions involving a wide range of stakeholders. It suggests that discussions related to e-commerce, trade, data flows, and data protection are not widely accessible or understood. Therefore, openness and engagement from diverse stakeholders are seen as essential in shaping effective and inclusive policies and frameworks.

Overall, the analysis provides a comprehensive overview of the key issues and considerations in data governance and protection. It highlights the importance of a human rights-based approach, inclusive participation, equitable access, robust security measures, and thorough assessments of proposed measures. These insights can inform policymakers, organizations, and individuals in making informed decisions and driving responsible data governance practices.

Carl Gahnberg

The success of the Internet can be attributed to its effective governance, management of the Domain Name System (DNS), and the development of open standards. These factors have allowed for convenient global connectivity and data flows, making the Internet a powerful tool for communication and innovation. The Internet is also designed to evolve and adapt over time, ensuring it remains relevant and efficient.

However, certain regulatory policies threaten the principles of accessibility and open architecture that underpin the Internet. Countries like South Korea, India, and Brazil are discussing imposing regulations that would require online services to pay network usage fees. This could hinder the accessibility and openness of the Internet by creating barriers for smaller online services and limiting innovation.

Another threat to the Internet’s principles is the attempt to prevent the use of end-to-end encryption. Governments argue that this measure is necessary for security reasons, but it can compromise the privacy and security of users. Encryption plays a crucial role in data security and must continue to be supported to protect users’ sensitive information.

To ensure that Internet policies are effective and consider the potential consequences, it is important to include impact assessments as part of the policy formulation process. Impact assessments can help understand the outcomes and ramifications of specific policies and facilitate cross-border data flows. It is also important to preserve certain key policies, such as net neutrality, to maintain a fair and open Internet.

Discussing these important Internet issues in multiple forums is crucial. While all forums may have some barriers to participation, having multiple avenues for discussion ensures a diverse range of perspectives are heard. The Internet Governance Forum (IGF) system, which includes national and regional IGFs culminating in the global IGF annually, is an example of a platform that can facilitate these critical discussions.

Approaching Internet challenges requires a “think globally, act locally” principle. This principle, successfully employed in the environmental and security sectors, is essential when working within a global infrastructure and interacting with a global society. By considering the global context while taking local actions, we can address the challenges facing the Internet comprehensively and effectively.

In conclusion, the success of the Internet is attributed to factors such as effective governance, open standards, and convenient connectivity. However, regulatory policies that threaten accessibility and open architecture, along with attempts to hinder encryption, present challenges to the Internet’s evolution. Impact assessments, multiple forums for discussion, and the “think globally, act locally” principle are important in addressing these issues and ensuring the Internet remains a powerful tool for communication, innovation, and collaboration.

Nwakanma Nnenna

Data flows are essential for economic growth and human development as they are closely tied to human mobility and revenue generation. The value of data is derived when it is moved, processed, and utilized effectively. This positive relationship between data flows and economic growth and human development underscores the importance of data in driving progress in various sectors.

Data plays a critical role in achieving the Sustainable Development Goals (SDGs), particularly in sectors such as agriculture, health, and education, especially in developing countries. Data serves as the foundation for the SDGs, acting as both a product and a catalyst for positive change. An example of this is the International Digital Health and AI Research (IDA) initiative, which demonstrates the significance of cross-border data flows in advancing health research and ensuring quality healthcare services globally.

The successful operationalization of data flows relies on establishing trust, which should not be limited to government involvement alone. Building trust within the data ecosystem requires collaboration and collective efforts involving multiple stakeholders. Therefore, the operationalization of data flows should go beyond governmental boundaries and incorporate diverse entities, fostering trust and promoting effective data management practices.

The governance of internet and free data flows has been criticized for its US and EU-centric approach. It is important to note that the US and EU represent only a small portion of the world’s population, while Asia and Africa are projected to shape the future. Therefore, there is a need for more inclusive and globally representative decision-making in this sphere. Mindfulness is also necessary, as focusing solely on EU-US perspectives does not constitute a holistic and comprehensive approach to internet governance and the free flow of data.

Conversations about data governance should occur in various settings, including normative and legal frameworks. These discussions should address aspects such as data governance and regulations, and establish effective frameworks to guide data practices. Holding conversations in multiple venues, considering both normative and legal dimensions, is vital to ensuring comprehensive and inclusive data governance.

Decisions on data governance should be made under the umbrella of the United Nations (UN), as suggested by Nnenna. Such an approach would facilitate global cooperation and hold stakeholders accountable for their actions. It is important to avoid restricting the conversation to the Organization for Economic Cooperation and Development (OECD) and instead create a more inclusive and representative forum, such as the UN, to address global data governance.

In conclusion, data flows are crucial for economic growth and human development. The achievement of SDGs in sectors like agriculture, health, and education heavily relies on effective data management and flow. Trust, collaboration, and inclusivity should underpin the operationalization and governance of data flows. Additionally, conversations about data governance should take place in multiple settings, and decision-making on data governance should be conducted under the auspices of the UN to ensure global accountability and representation.

Timea Suto

The analysis highlights a growing mistrust in cross-border data transfers, which has resulted in the implementation of restrictive policies such as data protectionism and data localization. These policies have led to internet fragmentation, where data flows are hindered or restricted, impacting global connectivity and the free flow of information. Concerns around national security, privacy, and economic safety have sparked this mistrust among nations.

However, there are calls for the development of horizontal, interoperable, and technologically neutral policy frameworks that can unlock the benefits of data. Such policies would aim to reinforce trust in cross-border data flows, enabling data to flow freely across borders while addressing legitimate concerns. By promoting interoperability and neutrality, these frameworks can boost innovation, competitiveness, and economic growth by facilitating the exchange and collaboration of data across different regions and sectors.

One significant move against internet fragmentation is the concept of Data-Free Flows with Trust, which was coined by Japan. This concept was introduced a few years ago at the G20 summit and has gained attention as a potential solution to address the challenges of cross-border data flows. Efforts are underway, such as the establishment of the Institutional Arrangement for Partnership by the G7, to operationalize this concept and promote trust in data flows.

The analysis also draws an analogy between data flow and human mobility. It highlights the importance of data flow, similar to the movement of people, in generating revenue, driving economic growth, and fostering development. Data is deemed necessary in critical areas such as health, education, and agriculture, supporting advancements in fields like AI research and digital health. The parallel between data flow and human mobility underscores the significance of data in promoting economic and social progress.

Furthermore, trust for data flow is seen as a product of dialogue and cooperation among stakeholders, akin to the aviation business where various entities such as governments, airline operators, and law enforcement work together to ensure a secure and efficient system. Building trust in data flow requires collaborative efforts and an understanding of the responsibilities and roles of different actors.

While recognizing the importance of data flow for development, the analysis also highlights the need to consider policy measures and thinking around data in a holistic fashion. This ecosystem view is essential to avoid inadvertent consequences that may arise from one-dimensional or fragmented policies. Taking into account the various dimensions and interconnectedness of data governance can lead to more effective and balanced approaches.

In conclusion, the analysis emphasized the challenges posed by growing mistrust in cross-border data transfers. However, it also highlighted potential solutions such as developing technologically neutral policy frameworks, promoting the Data-Free Flows with Trust concept, and recognizing the importance of data flow for development. By fostering trust, cooperation, and a holistic approach to policy-making, nations can unlock the full potential of data and promote global connectivity, innovation, and sustainable growth.

Jakob Greiner

The analysis provides an in-depth examination of several important aspects related to data flows and their implications for competitiveness, innovation, trust, and security. One key finding is that over 90 percent of EU-based companies send their data to the United States. While this may be beneficial for the US, it raises concerns regarding the potential impact on Europe’s competitiveness and innovation. The heavy reliance on data flows towards the US could potentially hinder Europe’s ability to leverage its own data for economic growth and technological advancement.

Furthermore, the analysis reveals that almost 70 percent of global internet traffic runs through the proprietary networks of just a few companies. This finding highlights the need for greater balance and regulation within the internet ecosystem. With such concentration of data flow within a few companies, there is a risk of monopolistic control and potential limitations on innovation and competition. It becomes essential to ensure that data flows are more evenly distributed and that regulations are in place to prevent unfair practices.

The importance of trust and security in data flows is underscored throughout the analysis. It is argued that no data flow should occur if trust and security are compromised. The European Union (EU) has developed a stringent regulatory framework to protect the data of citizens, public bodies, and companies. Additionally, the Europe-U.S. agreement aims to establish an equal level of data protection, striking a balance between security concerns and the free flow of data. These efforts are crucial for building a foundation of trust and maintaining the integrity of data flows.

However, while emphasizing the importance of the principle of free flow of data, it is cautioned that this principle should not undermine security and trust. There is evidence to suggest that an increasing number of companies and individuals are seeking to localize their data and impose restrictions due to security concerns. This shift towards localized data and restrictions is driven by the need to safeguard sensitive information and mitigate risks associated with the access and storage of data outside Europe. This trend presents a challenge as it has the potential to impede the free flow of data and hinder global collaboration. Striking the right balance between the free flow of data and security becomes imperative in this context.

Another significant point highlighted in the analysis is the need for global alignment in data flows. To ensure trust and security, it is advocated that there should be a common approach adopted by nations to regulate data flows. This aligns with the broader objective of the Sustainable Development Goals (SDGs), particularly SDG 9 (Industry, Innovation, and Infrastructure) and SDG 17 (Partnerships for the Goals), which emphasize the importance of global cooperation and partnerships.

Moreover, the analysis reveals a conflict between different laws, making it challenging for cloud providers to adhere to regulations across borders. This emphasizes the importance of establishing global data flows that provide assurance of data accessibility while respecting and adhering to legal requirements. It is essential to find a balance that allows for seamless data flow while addressing concerns related to privacy, security, and compliance.

The analysis also stresses the significance of legal certainty for both consumers and enterprises. Ensuring clarity and harmonization of laws across nations is essential to foster an environment of trust and confidence. Legal certainty provides the necessary framework within which businesses can operate, and consumers can trust that their data is being handled appropriately.

Finally, the analysis recognizes the importance of supporting local companies in becoming global players. When local enterprises have the opportunity to expand globally, it can lead to economic growth and job creation. Incentivizing local companies to place their data on a global scale can contribute to their competitiveness and allow them to tap into new markets and opportunities.

In conclusion, the analysis presents a comprehensive overview of the various facets of data flows, their impact on competitiveness, innovation, trust, and security. It emphasizes the need for balance, regulation, and global alignment to ensure that data flows are both efficient and secure. Building trust and maintaining legal certainty are crucial aspects in this process. Ultimately, by striking the right balance and fostering international cooperation, data flows can be harnessed to unlock economic growth, promote innovation, and achieve the Sustainable Development Goals.

Timea Suto:
No chamber of commerce convened Yes, we’re getting at the end of the day here, Jakob. We don’t see you on the screen, but I can hear you. Now I see myself. Can you see me now? Ah, there you are. Perfect. Hello. Hi. Hello, Jakob. Hi, Nina. Hi, Carl. Good morning. Oh, sorry, afternoon. Good afternoon, evening, morning, everyone. It’s so great to have the IGF vibe again and have everyone here with us. We’re going to give it one more minute to see if anybody else still wants to walk to the door and everybody find their seats. And then we’re going to jump right through it. All right. I think we are ready here in the room in Japan. Glad to have all our online speakers with us as well. So, hi, everyone. My name is Timo Schutter. I am Global Digital Policy Lead at the International Chamber of Commerce. Welcome to the session number 197, Operationalizing Data-Free Flows with Trust, that the International Chamber of Commerce convened at this IGF. It is a topic that we’ve heard a lot about already in the past day and today and a lot more in the past years, especially amid the global health, financial and geopolitical crisis that we’ve been living through. We’ve seen how these pose risks to the very functioning of a rules-based, multilateral system and acting policy frameworks that enable the open, interconnected, and interoperable. interoperable nature of the internet has really proved essential, and we’ve talked a lot about that in the past years. Trusted global data flows are really the engine that moves the internet, that moves innovation, competitiveness, growth, and they are a powerful catalyst of socioeconomic empowerment. However, despite this agreement that we have around their usefulness and potential, we see a growing trend of mistrust in cross-border data transfers, and due to many various concerns such as national security, privacy, or economic safety, and the fear that these very important goals could be compromised if data transcends borders. And this increasingly fuels restrictive policies and measures like digital protectionism, data mercantilism, data localization, and others, which really deepen internet fragmentation, segregation, segregating information that underpins a broad range of socioeconomic activities and undermining cybersecurity protection, for example. Unilateral policies such as this exacerbate existing divides and may result in a patchwork of conflicting regulations, discouraging individuals, businesses, governments participation in a global economy. What the International Chamber of Commerce has called for repeatedly is horizontal, interoperable, and technologically neutral policy frameworks that are really able to unlock the benefits of data while respecting fundamental human rights, including the right to privacy and protecting public safety. This, in our opinion, would reinforce trust in cross-border data flows, boost additive innovation, and tap into that socioeconomic potential, the benefits that data has to offer. So there have been notable developments that progress such frameworks that go against the grain of this fragmentation of the data policy space, and there’s one of them that is the most quoted these days, with no coincidence that we are here in Japan, is the data-free flows with trust concept that Japan coined a couple of years ago at the G20 summit. Other elements that move towards this direction of enabling policy frameworks are the OECD’s Declaration on Government Access to Personal Data, held by the private sector entities, and work also in the G7 now to operationalize the FFD with the establishment of the Institutional Arrangement for Partnership. So there’s a lot of work ongoing to try and set frameworks for data governance. What we’re trying to do today with the panel here and online is to try and make sense of some of these, try and think about why we are talking of data first, secondly why we are talking about data flows, what are the potential here, what are some of the risks, and see how we move forward to truly operationalize this concept of data-free flows with trust. So with me today, online and here on the panel, I have a panel of experts that have dedicated a lot of time and thought to this topic. So without any further ado, let me introduce them real quickly and then we’ll start the conversation. So first we have with us online Ms. Nena Nakoma, board member of International Digital Health and AI Research Collaborative. Then sitting to my right, Ms. Sheetal Kumar, head of Global Engagement and Advocacy at Global Partners Digital. To my far left, Mr. Raul Echibiria, Executive Director, Latin American Internet Association. Online with us, Mr. Carl Gamberg, Director of Policy Development and Research at the Internet Society. To my far right, Mr. Dave Bundle, Assistant General Counsel, Law Enforcement and National Security at Microsoft. To my left here, Ms. Marit Paloverta, Senior Director of Auditory Affairs at the European Telecommunications Network Operators Association. And online with us as well, we have Mr. Jakob Greiner, Vice President for European Affairs at Deutsche Telekom. Thank you so much, Jakob. So to start off our conversation, I’m going to turn to first to four of our speakers and ask them to think about what are the commitments that we’ve had on cross-border data flows and how are we looking into some of these risks and fragmentations that threaten those commitments that we’ve had for maintaining data flows. What I’d like our speakers really to talk a little bit about is sharing their views, what steps have been taken so far to operationalize cross-border data flows and what are some of the necessary principles to enable this. We have a lot to go through, so without further ado, I’m going to turn first to Nnenna to discuss the importance of data flows and their implications in the development context.

Nwakanma Nnenna:
Hello, everyone. Thanks, Tamir, for having me. So I love to use illustrations. They make things come alive for us. So for those of you who traveled, you are in Kyoto. And when we’re talking about data flows, it is not very different from traveling. So you book a flight, you get to the airport. you go through security, you hop on the plane, you trust that you will arrive at your destination, which most of you have. And it is in the arrival of everyone that we can have this and other sessions. And we enrich ourselves for the whole week and we each go back to the airport, take our flights, go home and continue the work. So my visual illustration of data flows is actually the same as human flow. So flows follow flows and data flows is not very different from human flow or what we call human mobility. Now, why is this very important to me sitting in Abidjan in West Africa today? The one thing that is important to me is that there is revenue involved. There is money to be made. And this is like Timia said in her opening speech, it is about growth, it’s about growing economies, it’s about growing people, growing countries, growing continents. And as an African, this is very, very important to me. So data flows for me is first of all, a human development issue. The other point is in the SDGs, we all recall that when we were fighting for these, we said data was at the basis of the SDG, data was a product, data was a driver and all of that. So we cannot reach our development goals without data. That one is a principle that the whole world has accepted. And while we are working on these principles, that is where our session today comes in, how do we operationalize this? I come from IDA, the International Digital Health and AI Research. And everyone knows that AI is built on data. And if we don’t have… data we cannot function, whether it’s in its research. Now, applying this to health is really very important to me. We have the principles of data anonymization, I do agree. So, as IDER, our whole raison d’être is built on cross-border data flows. And I want to submit that in many developing countries, we actually need data in agriculture, we need data in education, we need data especially in health. And if data doesn’t flow, it’s like people don’t come. So, for me, data flows are very important in critical areas of development. Now, operationalizing it is why we are here. The principles, the understanding. So, I’m speaking to people who are travelers, and I want to come back to my initial illustration. We all know that International Air Travel Association exists. It is not run by government alone. There is someone here from law enforcement, there is someone here from the network operators. Network operators like airline operators, right? And then there is this guy who will check you in, who is just the national security person, right? And there’s the other one who will stamp your passport when you arrive, make sure everything is in order. It’s a whole ecosystem out there. And that is why it is important that we agree. It is not a government-only issue. And that is my biggest submission today, Tamir. I know that some governments have challenges with the internet and how it is built and how it runs. And I want to bring them back to the point that you should not be afraid. We can build trust together. Despite the fact that governments alone do not run aircraft, the aviation business still grows. Governments still get their taxes, people like me still get my miles, and you all get your photos with the pilots and all of that, and we all come to Kyoto, enrich ourselves, and go home and keep enriching ourselves. So here are my submissions. I know my minutes are few, but please let’s understand that flows follow flow, that data flows are like human mobility, we can call it data mobility, and that this is revenue creation. It is in moving, it is in confronting, it is in being used that data gets value, and this movement, this free flow of data, having it in a trusted environment is of use to every single one of us, that it is even more critical for people like me in developing countries, for someone like me in digital health, for someone like me in AI research. Thank you very much for having me. I’m glad that I can participate online, and I’m happy that I can contribute to the flows. Thank you. Thank you,

Timea Suto:
Nana. This was very inspiring, and thank you for bringing it down to very clear comparisons. I think sometimes when we talk about data flows, it’s become so esoteric, and you really made that relatable. So thank you for that, and thank you for sharing the perspective also from your home country and your own experience that sometimes is so missed in some of these conversations. And thirdly, thank you for making it clear that trust is based in dialogue and cooperation. I think we take good note of that. Shita, Nana mentioned getting back to the basics and make sure that operationalizing data flows really reiterates some of the principles that we’re all committed to. What are your views on that, and what are those commitments, the baseline principles that you think we should all make to uphold data flows?

Sheetal Kumar:
Thank you, and thanks for having me. Okay, great. Thank you, Tamea. It’s good to be here and to talk about a topic that is embedded in so many of the discussions that we’re having at the Internet Governance Forum. I wanted to highlight two points which I think are cross-cutting and important when it comes to principles. One is the importance of a human rights-based approach, and the second is the need to address trends such as data localization and the types of measures that you mentioned earlier, sovereignty, etc., that lead to or that stem from mistrust and that also affect a human rights-based approach. And then finally, I wanted to touch upon one point which I think we aren’t seeing reflected enough perhaps in principles, which is about equitable access. to data. So on the first point, of course, we do need to recognize that there is a difference between personal data and non-personal data. And I know that fellow panelists will speak to some of that. But either way, frameworks that are underpinned by human rights principles will create and enable clarity and protection of data that is so critical for trust. And that’s why I think data protection legislation embodies, of course, a lot of the principles that we require that need to be implemented effectively when it comes to personal data. And for that reason, all cross-border data sharing agreements should reflect and must reflect human rights standards. But on this point, I think one of the areas that perhaps we’re not seeing enough engagement with different stakeholders is on the topics of data governance, particularly in some parts of the world where perhaps these discussions are more difficult to access, expensive to engage with. And I just wanted to note that colleagues from Consumers International, and I know some of them are here, held the Day Zero event yesterday where they were addressing some of these discussions and reflecting the need for more digital rights and civil society and consumer groups to be involved in discussions relating to data governance more generally. And that also is important to look at the full process. So while the framework that you’ve mentioned, data free flow with trust, considers legal mechanisms, it’s important to also consider what happens after data flows when it’s stored, the whole lifecycle, and how consumers can ensure that their rights are respected throughout that lifecycle. And you mentioned the Institutional Arrangement for Partnership, which is looking to operationalize the framework. That’s an example of where I think it’s very important to reflect the role of civil society in that. And there’s a nice infographic on the website that you can access, and there are different stakeholders illustrated there. But civil society, I think, still needs to be reflected in that. It is missing at the moment. Data localization, I mean, this is something that in the data free flow with trust framework is recognized to be a barrier, of course, to data flows. And it stems from various different well, different reasons are given for data localization, but as it shows, the World Economic Forum paper on the framework shows that whatever the reasons that are provided for requiring, forcing data localizations, or forcing data to be stored in servers in country, it doesn’t have the effects that is supposedly intended, which is growing the local economy. It actually has detrimental effects to the local economy, and in fact, can lead to surveillance and the harming of rights in country as well. So finally, I know I’m running out of time. I just wanted to point to the, I think Nena maybe made a mention of this, the importance of recognizing that data, and this might sound controversial, maybe I should start it with this, data in and of itself, data’s not valuable in and of itself. You need to make it valuable, you need to interpret it, analyze it, and do something with it for it to have value, and that requires broader infrastructure, so it requires, of course, technical knowledge and capacities, broader physical infrastructures and knowledge infrastructures, and that is not always the case, and so you need to invest in that, and in some parts of the world, there isn’t equitable access to data, and an ability for civil society and researchers to make use of data for health, for reasons, and in other industries and sectors as well, so that needs to be addressed. So let me stop there, and I’m happy to pick up some of those points later.

Timea Suto:
Thanks so much, Sheetal. It was a lot that you managed to pack in the small amounts of minutes that we’ve allotted you, but thank you for bringing it full circle, making sure that we know why we want to talk about data, and really what creates the value of data, linking it back into what is its potential, but also reminding us that we need to commit to making this work, and making data usable, and making sure that it respects all kinds of expectations that we have to it, and that includes really having everyone around the table. Thank you for that. So now with these reminders of what is the value of data, and what are the commitments that we need to have in place to make use of that value, I want to turn to my next two panelists and talk a little bit about the risks that we face. If we don’t do that, if we don’t make these commitments. So Raul, Nena has mentioned some of the developmental risks here that we are facing, but what is your perspective sitting at the helm of ALAI, and some of the risks that we might have from an economic or governance perspective if we don’t make these commitments?

Raúl Echeberría:
Good afternoon, thank you very much. Thank you for the invitation to speak at this panel with so distinguished colleagues. I was thinking on the, I like the analogy of Nena, with the aviation system, and I was thinking that I have suffered a few flight cancellations in the last few months, so maybe that could be the equivalent to internet shutdowns. But I think that many people speak about, that speak, say that we are living in a economic, database economy, and I think that is not totally true. It’s not completely true. We are living in a database society, not everything is based on data, as Sheetal and Nena said before. And all the, every public and private services that people access to are based on data, and I’m speaking about health services, government services, but also marketplaces, and e-commerce, and everything. But sometimes we think that data is only a problem that has to be, has relation with internet platforms or marketplaces, but data is everywhere. So that’s the reason why we need the data to flow freely, and that, to enable that those services are available for everybody and create benefits for everybody in the world. Obviously, there are rights to be protected, and so I agree with Sheetal about the human rights approach. This is very important, and this is why we need legal frameworks to. to ensure that the data transfer and data flow is secure, but create the conditions for that safe data flow, but not the contrary. That’s the objective of the public policy. That should be the objective of the, not to block the data flow, but to create the safe conditions, the appropriate environment for ensuring that the data is being available in the way that is needed, but protecting the rights of the people. The free data flow should be the norm, not the exception. To ensure that secure data flow, the secure flow of data is important to have a good, we need to have good local policies, but also interoperable and regional and global approaches. What we are witnesses is that there are different kind of policies that imposes restriction to the flow of data, and so creating restriction for people to be benefited with a digital development. Sometimes are very specific policies like data protection policies that when we discuss, that is very common that there is some, that people misinterpret, policy makers misinterpret what is an international data transfer, for example, and that some people think that is like a box with the data that I’m sending through DHL to somebody else, and so we need to block this kind of transfer, except that there are agreements and consent from the people, but for example, think as when we are coming to Japan, and we are trying to book a hotel from my country, I book a hotel in Japan through a platform that is incorporated in a country in Europe, but it’s using a payment platform that is based in the United States, and so the data is flowing through the companies and that are based in different jurisdictions, but it’s always a part of the same contract of services, so it’s difficult sometimes to explain to policy makers this concept, and so based on good faith, but trying to protect the rights of the people,

Timea Suto:
but so sometimes,

Raúl Echeberría:
policies impose a restriction to data flow and we are dealing in this at this moment we are dealing with this exactly with this case in at least three countries in Latin America but sometimes it’s other kind of policies that that has nothing to do with apparently with data transfer but policies that deal with the infrastructure level or even taxes or content moderation but or a law proposes that that include the possibility to block applications in some conditions and so that’s creating a very fragmented internet and it’s clear that a fragmented internet is the perfect scenario to block the data flow because it’s impossible to do it’s like to cross a river without a bridge or without a boat that’s it so the yeah I think that’s the one of the problems that we have to work or one of the challenges if we have to work much more with the with the with policymakers and to trying to get to achieve a better understanding of those concepts that are flow fragmentation but we have also to work with among all stakeholders not only with governments and we need two more points we need the models to evaluate and to analyze the the impact of proposals policy proposals data flow and fragmentation and I think that’s the last one is we need a strong commitment Sunday among all stakeholders to not promote policies from each stakeholder group or to not promote policies that potentially could lead to to fragmentation just because this is aligned with the interests of one specific group so that I think it’s those three points are what I leave to for people to suffer feeding the discussion thank you thanks so much role and thank you for noting that very

Timea Suto:
complex policy space and really what we have to take away from it is to look at policy measures and our and our thinking around data but also other matters that my impact data in a holistic fashion in an ecosystem view to make sure that we hear from everyone and we don’t inadvertently have consequences when we don’t intend to have them. Still on this topic of trying to figure out some of the risks that we are seeing around fragmenting the policy, technical governance, economic space around data, I’m turning to Carl online to share a couple of his thoughts on what are the technical risks in fragmenting the policy space around data governance.

Carl Gahnberg:
Thank you very much. And first of all, thank you very much for the invitation to this panel. I regret I won’t be able to be there on site, but I’m really looking forward to the conversation here and also to follow the rest of the discussions this week. I think kind of a useful starting point to think about data flows and conversely the risks of technical fragmentation is to kind of recognize that when we talk about the Internet and why it’s been so successful, it doesn’t only come down to kind of specific technologies that you might hear about, it doesn’t only come down to technologies like packet switching or even the Internet protocol, it really also includes how you make use of those technologies, how you puzzle them together, how you operate them, how you allow them to evolve and so forth. So, you know, one of the reasons why we’re talking about Internet governance, for instance, and the importance around the management of DNS or IP addressing or the value of open standards development is that they’re not just sort of quote unquote nice to have, they’re really kind of intrinsic to this model of networking that we have in the Internet and what’s made it so successful. So that’s also why at the Internet Society, we tend to talk about the Internet exactly like that. We talk about it as a way of doing networking, that is, it’s a model of how you do networking. And seen from this perspective, the Internet has some networking features that in themselves kind of contribute to this operationalization of cross-border data flows and they’re inherently linked to principles. So from a technical point of view, these principles help ensure that you have a infrastructure that is extremely accessible, that it’s extremely efficient in terms of expanding connectivity and by extension data flows, both within and across borders. So for example, a very kind of simple principle in the Internet, but that is extremely efficient is that, let’s say that you’re a new network that would like to join the Internet, then all you really need to do is to negotiate a interconnection with one other network that is part of the global Internet. And that allows your network to also be part of the global Internet. So it’s kind of this magical feature that you only really need one interconnection to one network and suddenly you have connectivity, global connectivity to everywhere in the world and by extension data flows all across the world. So that’s really important principle in the Internet that sort of help operationalize global data flows. But another important piece of this is that, you know, the Internet is built to evolve. It’s it’s really good at adapting and evolving over time. And this really comes down to this principle about using open standards and having an open architecture in the Internet because you can kind of upgrade the Internet over time. You can take bits and pieces of the Internet and you can improve them without having to tear down the whole thing and build it up again. No, you can sort of upgrade bits and pieces of the Internet along the way as you see the need evolve. And we’ve actually seen this this important principle play a big role in ensuring cross-border data flows with trust specifically. And this relates to what happened about a decade ago when I’m sure people are familiar with the Snowden revelations and the the revelations that brought awareness to systemic surveillance of Internet communications. And as some might remember, this provoked like a very strong reaction from the Internet community in all parts of the Internet community, of course, but including amongst governments that wanted to restrict data flows across borders. So, for instance, there were some governments at the time that even wanted to prevent traffic from traversing networks in the United States and to interfere with a routing system to prevent these cross-border data flows. Now, of course, this also provoked a reaction in the Internet’s technical community that that to great efforts of strengthening the Internet and to prevent these types of attacks on the Internet and the ITF even adopted some new guidance in its its standards development processes where pervasive monitoring of this kind that was revealed in the Snowden revelations is to be understood as a technical attack towards the Internet and that the ITF community should try to mitigate those types of risks in the design of protocols. So this was kind of enabled through this open architecture because the community could upgrade existing technologies by adding security, notably in the form of encryption, to ensure that you could have a greater greater trust in data flows and notably cross-border data flows. Now the reason why I’m sort of bringing up these two cases and links to these principles is that we’re seeing threats to the Internet right now which are, they could result in Internet fragmentation they’re targeting precisely these two principles that I just mentioned, the Internet accessibility and the ability to facilitate these cross border data flows, but also the ability to secure data flows through encryption. So on the one hand, for instance, we see extremely worrying trend in countries like South Korea and you and India and Brazil, where there are policy discussions about imposing regulations that would require online services to pay large telecom operators so called network usage fee. So this would affect be a new form of termination fee that would be imposed on the network. And not only with this of course violate net neutrality the principle of net neutrality. It would also sort of undo the fantastic progress that we’ve seen in many of these countries over the past decade in terms of promoting safeguards for the free flow of data through net neutrality rules, but importantly it also kind of violates this important principle about the Internet about the reach ability and accessibility of the network and for those who haven’t seen it I would really recommend the Internet architectural board actually wrote a contribution to the EU’s consultation on this topic, highlighting exactly this and how these types of regulations could violate these principles around accessibility and cause Internet fragmentation. But we’re also seeing, of course, on the other hand, this threat towards securing data in transit so we see a very worrying trend where governments are now trying to prevent the use of end to end encryption, for instance, so the very technology that kind of helped enabled continued cross border data flows in the wake of the Snowden revelations is suddenly under threat and at risk of being outlawed in some jurisdictions so it’s not, it’s not hard to see how this would impact cross border data flows where the that enabled continued flow of data in the wake of a harsh attack on the trust of the network, namely through surveillance, how the prohibiting of such use of a technology and the prohibiting of an open architecture, in fact, would in turn translate into limiting cross-border data flows. So I think when we’re talking about policy frameworks for the future, we also must recognize that there are existing ones that we should also highlight and that are important to preserve like net neutrality, for instance, but also that there are principles in the internet around this open architecture that are extremely valuable to also have recognized. So that’s why we at the Internet Society also advocate for this idea of doing impact assessments kind of to what Roel mentioned, where you would take a look at the internet, kind of what you would do in the environmental space, but you do the same for the internet and you think through what are the consequences of some of these policies and what policies are actually helpful in terms of facilitating cross-border data flows. But I’ll stop there and I’ll hope we can discuss more of this later on. Thanks so much Karl and thank you for taking us down to the basics of the internet

Timea Suto:
itself and the technical functioning of the internet and reminding us that we need to take this ecosystem view in which all stakeholders or sectors of industry and really all actors, policymakers and all of us around this room need to think about what is it that we’re trying to achieve, protect and how we’re working around those not to create consequences that none of us were intending to do. So to make the bridge really between now, we’ve talked a lot about the value, the risks, what is it that we do to make this workable and bridge the conversation from here into actually operationalizing the FFD. Let’s talk a little bit about these elements of trust that you’ve all sort of kind of referred to already, what is it that we need to have in place to mitigate some of these risks and how we move forward really to have those trustworthy environment that enables the data flow. So to start first on this, I’m going to turn to some of our industry speakers. Dave, how do you see this from the Microsoft perspective and what are some of these causes and drivers of risks that we need to think about

David Pendle:
as we aim to build trust? Thanks Tamim. So I sit on Microsoft’s law enforcement national security team which is the team at Microsoft that receives just over 50,000 requests from governments each year from around the world seeking data pertaining to well over 100,000 users. And this work, the handling third-party government requests for data, it is often at the center of this trust discussion as we’ve already seen a bit. And technology providers, for better or worse, are often at this the center or the crossroads of this debate between security and privacy generally. And we do play a public safety role, I think, an important one. Governments need to obtain certain data under appropriate circumstances to investigate serious crimes. I think most folks agree with that. We also play, I think, also another important role as kind of a fundamental guardrail to ensure that requests for customer data are lawful, compulsory, and are consistent with fundamental rights including the right to privacy. But this balance between privacy and security is often in tension and I think that’s what often leads to a lot of mistrust. And to be blunt, really the fear of government access to data has emerged as a pretty significant threat to data free flow with trust. And the reactions to that mistrust ultimately threaten the foundation of the internet itself. I mean, the World Wide Web now is governed by a web of often conflicting and increasingly restrictive laws. Whether these laws are motivated by legitimate privacy concerns or legitimate sovereignty concerns or competition concerns, or a desire, as was mentioned before, to kind of maintain access to data in a country, either through data localization or attacks on encryption, the rules that govern lawful access to data around the world are increasingly resulting in a more fragmented internet. And that presents some pretty significant risks, many of which have already been discussed quite thoroughly on the panel and at IGF and across the world. The loss of connectivity and leaving people in regions and countries behind and out of the digital transformation is probably the most significant one. The undermining of the global digital economy and the trillions of dollars in trade that’s at risk, also very significant. Some risks of fragmentation are probably less discussed. The risk to public safety, most serious crimes have some connection to the internet. And governments, generally, if they are rights-abiding and rule-of-law governments, there’s a legitimate need to seek certain data under appropriate circumstances to kind of counter serious crime. In cybersecurity, that was mentioned. I think, Tamayo, you mentioned that at the outset. It’s not often discussed, but the fragmentation of the internet is essentially putting blinders on to certain portions of the internet that cybersecurity professionals who are trying to detect and counter sophisticated cyber attackers aren’t going to be able to see what’s happening. And in fact, at Microsoft, I think it’s over now. 40 trillion signals a day through kind of a global threat landscape are analyzed every single day trying to detect the cyber threats and tell our customers and users. if they’ve been compromised and prevent that compromise from happening. Again, when you put those blinders on, it has pretty significant impact on cybersecurity. But in my view, this perceived tension between privacy and security, which is at the heart of this mistrust, is in many ways, in important ways, exists more in theory than in reality. And I say that because when governments sit down to discuss these issues related to lawful access, and these are tough issues, but when they sit down to actually talk about what they do, they tend to agree. And they tend to agree on some of the basic rules of the road. And the OECD process, I think, just proved that. So the OECD process, which Japan was a major driver of, bringing together 38 countries in a pursuit of data free flow with trust. 38 countries sat down, and they brought in their privacy experts and their national security and law enforcement experts. They talked about what they do. And they came up with multiple principles from legitimate aims. These authorities can be used in pursuit of legitimate aims. It cannot be used to suppress dissent or go after people because of their race or religion or other protected statuses. Prior approval, oversight, transparency, redress. The governments tend to kind of follow rights respecting governments tend to follow the same principles when seeking access to data. And this could be a blueprint for promoting the free flow of data generally. We ultimately need more than shared principles. We need binding agreements. And there has been some progress in the last year on those as well. Data access agreements, the US has been negotiating several with different countries, including one in negotiation right now with the EU, along with the EU-US data privacy framework, also important. Last year’s signing of the second additional protocol by over a dozen countries was a kind of a significant step forward. But looking ahead, we still need a lot more. It’s clear we need interoperable multilateral frameworks that reflect kind of the nuances of this debate and frameworks really that recognize, again, the legitimate need for governments to access data, at least certain types of data for public safety. I don’t just work on policy at Microsoft. I’m in the compliance business as well. And just since sitting here, I’ve received emails and alerts that there have been emergency requests coming into our team. We have a team that staffs those 24 hours a day. Every day of the year, there is a legitimate public safety need to respond to these kinds of requests when they’re appropriate. And significantly, the need for broader inclusivity, because a lot of those agreements I talked about are essentially transatlantic agreements, and that leaves much of the world out of the picture. So that’s one big area of need. And a framework that kind of reflects that trust is earned. For data to flow freely, there must be adherence, again, to rights-protective standards and the rule of law. And that is really at the core here, because if you’re not respecting the human rights of all of the users, then that framework is woefully inadequate. So much has been accomplished, especially over the last year, but much more remains to be done.

Timea Suto:
Thank you so much for that reminder and setting out some of the goals that we should be striving to. You’ve talked a lot about, we’ve all talked a lot about data. Haven’t really made a distinction between data that is personal, data that is non-personal. There are obviously very different risks attached to either or the other, and then neither of those are really monoliths in themselves. So there’s a lot of nuance to unpack here. We won’t endeavor to do all of this in this panel, but I will ask the next two panelists to focus on some of the different elements of this. So, Marit, I’m turning to you next. As we’re talking about the trust that we need, what is it that we need to attach, what elements of trust that we need to attach to global data flows when we talk about privacy protection and protection of personal data? Okay, so thank you, Teme.

Maarit Palovirta:
I’ll try and respond to the exact angles that you’re asking, but thankfully, we also have Jakob after myself who can maybe then compliment. So maybe I’ll just frame a little bit from the telecoms operators’ point of view, because indeed, we heard a lot of things already, and many of the buzzwords were already mentioned. But if you think about data traffic, of course, I mean, all this data traffic is really underpinned by the networks, and who runs the networks? Well, it is the telecom operators. So of course, for the companies that we at Aetna represent, this is really the bread and butter of our everyday work. And there’s a lot of innovation happening at the moment, a lot of things changing in the way of data traffic patterns, et cetera. So there’s a lot of talk about virtualization, cloudification, 5G, and all of this is great, but what it means that the way that data is moving in the networks is changing, and also the fact that now data is being stored not so much in the center, but more on the edge which means that the linkage between the device and the edge computing, that is also becoming different. And then, of course, with all of this, we also need to look at the cross-border collaboration aspect as data, of course, needs to move globally. So in order to provide telecom services at a global level, operators need collaboration. with vendors, with partners, with different kinds of providers and in fact with this virtualization the role of these third-party providers just increases. And then if you add on top of that I think it was Nenna who mentioned AI, IOT, that are these new technologies that are really powered by TROs data so then we are really looking at more and more traffic and also then more and more kind of cross-country traffic. So then moving to the policy framing and especially the privacy issues. So in the past years and I guess the European Union in a way was a Kickstarter here because the GDPR happened I think it was 2018 and well for better or worse you may argue we don’t want to be judging here but well this new framework provided stability in Europe but it also then made somehow a global model if you like for a regulatory framing for privacy issues. And of course there are different variations but there was a kind of a wave of other regulatory procedures and processes elsewhere in the world in Africa, South America, Asia etc. And while you may say whatever you like about the privacy regulations I think that one thing is clear is that these new regulatory developments actually have improved trust and confidence among citizens and we should also keep in mind that of course the internet is only used for as long as people feel that it’s trustworthy. So we are trying to find a balance between on one hand innovation and the economic activity but also then with privacy and it needs to be a balanced approach and this has been traditionally of course a European point of view but we also think that that could be interesting to other parts of the world. And then you know if you now think about the regulatory discussions that are happening well very much here in Japan as well but elsewhere in the world in parallel on artificial intelligence and data governance there is in our view also need to establish common basis to promote some kind of regulatory coherence and simplification on a kind of global scale. So I think it’s maybe not realistic to say that we will have exactly the same thing everywhere but that there is some level of interoperability between regulations so that we actually have a kind of functional regulatory framing for private sector parties as well and for businesses. On the internet fragmentation there was already a lot of talk I mean you know just maybe to say and to link back to these policies that well you if you look at it only from that point of view you can of course say that there’s a risk for fragmentation with these policies if everybody you know implements a different type of policy. But then we should keep in mind as I already mentioned that these policies also often have a positive impact on the internet for example increasing trust. So we should be a little bit you know mitigated the way we look at these issues because they often have two facets. Of course I mean going into Carl’s comments on open standards I mean I think many people and most people agree and us included I mean this is the starting point for an open internet and there is no need or you know it would be risky to start meddling with that. Then we can look at commercial practices which is often debated as well and net neutrality came up I mean again Europe I mean it’s one of the few places where we do have a regulation on the open internet which ensures free flow of traffic and this has been the case quite a long time now and well now we hear that the US is again starting the discussion on that same topic as well. So there can be also business practices I guess we talk sometimes about walled gardens you know this type of environments that also could then cause fragmentation on the either connectivity side but also on the on the content side. So then looking at the you know way forward and Timea you mentioned at the beginning some some keywords and I have to be boring but only to agree in that we also believe that you know the the kind of good balance and whereby we promote innovation and including things like global digital commerce. However then we also kind of keep the rights and values in the background is best achieved through a regulatory framework that is horizontal so not sector specific flexible, interoperable and also technologically neutral. And as already as well said so we need to also then see how we can promote cooperation and broadening of the jurisdictional horizons in order to make sure that the interoperability then factor is well somehow well clearer and also practical. And from a European perspective of course so just to go back to David’s comments as well so the European policymakers have started agreeing making loads of data kind of data free flow area agreements between several countries, not only the US, but also Japan and South Korea. And from private sector’s perspective, this is really great because it provides regulatory certainty. And we would also then encourage our policymakers in Europe to expand these agreements and make sure that they also then come to the other parts of the world, such as Asia, Latin America and Africa. So I’ll stop there, thank you.

Timea Suto:
Thanks so much, Marit. And yes, I don’t want to repeat your points because we agreed on a lot of things. And time is also short. But I will turn to our last panelist for this segment. And we’re staying in Europe, we’re actually moving to Europe because we’re gonna have Jakob join us online. If you’d like to build on what Marit said and what Dave as well, on building these elements of trust. And maybe if I can ask you to focus a little bit on non-personal data transfer sharing and the flow of non-personal data and what are the elements of trust that we need to attach to that. But of course, feel free to, as Marit set you up, to add to whatever points that she said earlier. Okay, thank you, Tamir.

Jakob Greiner:
I hope you all can see and hear me and the internet is working well. I really liked how Nena set the stage with her airplane flight routes introduction. And I’d like to come back to that maybe occasionally in my next five minutes. Just to say, first off, I think this whole panel shows that we all agree that data flows are super important to tackle some of the most pressing challenges today, be it environmental, economic, health, safety, but also economic challenges. I think Nena said money needs to be made and is being made with data flows. I fully agree. The question that I would like to raise, being also an operator that is very much European-centered, but also has a global footprint and being present in the U.S., is the money or is the data flow fair distributed today in our internet ecosystem? And to start talking about data flows, I think first we need to take a look also at the internet. internet ecosystem of today. The free flow of data has for long been the very essence of the internet, but I would also say it’s safe to say that over the past years this architecture and our view has also changed quite fundamentally and these changes have also an impact on the way data is being used and transferred. What do I mean by that? And I give you an example of the U.S. where we are present on both sides of the Atlantic. When you look at today where global internet traffic runs, then it’s almost 70 percent running through the proprietary networks of a few companies. These companies have actually gradually expanded their own private infrastructures, their terrestrial networks, their backbones. You could basically more or less say they are like a private airport while telecom operators are the public airport. And the difference is that the public airport is subject to a lot of rules and regulation while the private airport doesn’t have the same regulation, although we are all basically huge airports connecting the world. And this is a disbalance that I think needs to be taken into account when looking how data flows are today globally flowing. Second, when it comes to the distribution of global data flows, and again here taking the EU-U.S. example, we are our largest partner when it comes to data flows, but the distribution is unfortunately rather one-sided. So, it somehow seems the planes from Europe are starting flying across the U.S., but they’re somehow not coming back. Over 90 percent of EU-based companies send data to the U.S., and that is great for the U.S., but it’s not so great for the competitiveness and innovation that is happening in Europe. I’m just describing a status quo. I’m not saying where the flaws are, but that’s a fact that I think needs to be taken into account when we’re talking about data flows being an economic driver. We just see it’s rather one-sided than reciprocal. And then I would like to come to what Timia asked me to answer, which is the notion of trust. Of course, coming from Europe, trust and security is essential, and there should not be any data flow if trust and security are undermined. We have seen that Europe has, over the past years, developed quite a dense regulatory framework to ensure that citizens, public bodies, but of course also companies can rely on the protection of their data. And what started with the GDPR and the protection of personal data is more and more moving now also towards safeguards for sensitive non-personal data, trade secrets, intellectual property, such as by the recently adopted EU Data Act. And we welcome that because trust for companies is not only perceived to lie within personal data, but of course also non-personal data. A good example where you could clearly see that there’s globally, I think, a need to balance legitimate security concerns with the free flow of data is the recent, what is it now, the fourth attempt to have a stable US-EU privacy framework agreement so that companies can exchange data based on an equal level of data protection. I think that’s something very welcome from the perspective also of a European company, but I think now it is very important that the implementation of this framework shows its teeth, that, for example, the restrictions to the access of data by security and intelligence agencies on the US side is now really happening based on these agreements. And by that I think we can see that there is a balance reachable between legitimate security concerns, but at the same time also the free flow of data. And then let me move lastly to the area of cloud, because I think Margit said it before, the whole internet, the whole economic activity globally is moving more in a virtualization, cloudification atmosphere. And if we’re looking at the cloud policy that is happening at the moment in Europe, some might say, well, as David said, this could lead to fragmentation. This is, you know, rather almost protectionist what’s happening because data flows are being restricted. There is localization happening, but it’s happening for a cause where we believe this is actually not against the free flow of data principle. It actually provides the security and trust that is needed. So data flows are happening. What do I mean with that? If you look today at the concerns of European businesses, almost 70% of cloud users consider that access to their data from outside of Europe is a risk. And that’s why they are not putting their data enough in the clouds of cloud providers. And that is not again because of personal data only, but also because of industrial non-personal data. And so in our view, it’s only consequent and right that data flows here are restricted and localized. That is what the EU Data Act has been aiming for. And that is also right now what the current discussion around cloud certification security scheme is aiming towards. So by that increasing trust, increasing security, and by that in the end, ultimately leading to more global data flows, not less. So again, I think it’s not about, you know, nations like the European Union trying to somehow take a step in the different direction, but it basically follows the need for more trust and security when flows are happening. So to sum it up, I think it’s vital that we on a global level have a common approach to data flows, but building trust requires addressing an uneven distribution of data flows as it is granted. It also means the changed nature of the internet architecture needs to be taken into account and also the need to ensure that effective protection of data, be it personal or non-personal data, is happening where it is stored and where it is processed. And by that I think we all aim for the same goal, enabling data flows with trust. Thank you very much.

Timea Suto:
Thanks so much, Jakob, and thanks for bringing the points really full circle and in pointing out that fragmentation can happen from very different aspects, but also if we don’t step up our game and set policies that enable trust and policies that enable to enable secure, trusted data flows, then we are going to end up in a situation where we have a patchwork of regulations that actually go against the purpose of why we wanted them in place in the first place, which is to enable digitalization, to enable data flows that drives the development of our societies, of our economies, of our personal developments that we all strive for. I have gone a bit over time than what we planned for this first part of the panel, and we did want to give some time for the audience to ask questions. I received two questions online, and I’m sure there’s some in the room. So while those of you who might want to have a question, put your hands up or start lining up at the microphone. I’m going to ask the panel the two questions that we received online. One is about security, and one of our question askers is asking how we can ensure a state-of-the-art security to protect user data, and the other question is really around safety, trust, security as well as how can we make sure that we don’t end up with one specific group or actor or stakeholder taking control of data, and what are some of the checks and balances that we can have around that? So as people in the room think about if they want to ask a question, I’m going to see if one of our panelists might want to respond to some of these questions around security. Sheetal.

Sheetal Kumar:
Okay, I was just saying, I think Carl made a good point earlier about security and how both technical and legal measures are required to ensure that data is kept securely. One of the technical measures is encryption, and whether it’s data in transit or data being stored, it is really an integral part of a security infrastructure for data, and what we are seeing, I think that you spoke to, Carl, and others here, is a misalignment sometimes, unfortunately, of different attempts to address different issues that are actually quite connected or because they’re not aligned with a human rights-based approach

Timea Suto:
end up doing more harm than good,

Sheetal Kumar:
and one of the ways to address that is to definitely ensure that engaging. with all stakeholders and using tools like internet impact assessments or human rights impact assessments to assess whether proposed measures are actually going to achieve the intended effect or not and what other options there are to proportionally and actually do what is intended instead of perhaps with the aim of providing more safety in the end you actually create more insecure technology. So that I think was a key point that was shared earlier and I hope responds to the question. On the second question of preventing biases and

Nwakanma Nnenna:
prejudices, I think that globally we have this, I don’t know, I’m trying to use a word that is contained, a diplomatic word. We kind of beat our chest, we have this orthoglorification of saying once the EU framework and the US framework agree then the whole world agrees. I think that is not correct. The US is 300 million, the EU is about 450, that’s 750 million out of 8 billion, that’s less than 10% and I do not think that we should follow in this very particular way, we should follow the way we do international travel. Having London, Paris and New York be the hub of our lives, I think that we should fight against. The future of the world is in Asia, the future of the world is in Africa, humans are the people who create data and I think that my own plea to ICC is that as we go ahead, we need to be mindful of the fact that EU-US does not mean global. That’s just my point today. We’ve been doing it in travel, we’ve been doing it with visas, we’ve been doing it in many other flows, we should ensure that internet and free data flows should not be an EU-US issue. Thank you. Thanks Nnena.

Timea Suto:
And I think we have a good testimony into the globality that if you would see the people who are lining up here to ask questions from the panel, I hope that they will bring in some of the diversity of points of view that you’re asking. So I’m going to ask all of you to put your questions up. I hope you will be brief and then I will ask the panel to try and address them collectively. So

Audience:
I’ll start here then I go there and then we go back and forth. Please. Okay so I’m Daichi. I’m operator of the local IXP in Japan. So I have I would like to ask an opinion about authority to verify the data flow or data itself is trustful or not. So if there is a possibility to establish new authority to verify the data flow or encryption is correct or not. So I would like to confirm this. Thank you. Gentleman over here. Yes hi I’m Javier Reed from Consumers International and I think that Shital was mentioning some of the results from our meeting yesterday with several consumer groups in the region and elsewhere. I think that the question that was raised was about what happens not just when how we send the data but what happens afterwards and I think for consumer trusts in the trust in the DFFT one of the things that we are finding is that consumers want to know that they can actually get redress if anything goes wrong. That it’s not like a fire and forget you know which is what we see unfortunately in many situations when we look at data free flows. So I was wondering how do you see this redress working and when we talk about operationalizing how can we operationalize the redress in a way that generates consumer trust. Thank you so much for that. Jameson. Okay thank you very much. Great panel. My name is Jameson Olufi Africa ICT Alliance. We have a comment and a question. The first comment is regard to the influence of GDPR regard to data flow and as Ndena said you know data flow is not just about GDPR or EU and USA. But what we are seeing now is that the whole world is following the first step of EU in that regard. But we need data flow for business and from business. So we need data flow or interoperability and then some form of of course control. It’s very necessary. But here you should set the lead if they want it to be free flow indeed. The number the question that is to Pedro. See I want to ask you how do you cope with accessing data that data is in the U.S. now based on GDPR is closed. Okay and how do you access it concerning your need for intellectual property protection and attacks and what have you. Thank you. Thank you. Please. Thank you. Masanobu Kato from Japan representing a private sector. And well since we are you know talking from the private sector ICC point of view, I’m just wondering if you have any ideas from business side to have a good solution on this. We talked about some commercial solutions which may not be working right now, and encryption is another technological question which have some issues, for instance, for neutralities and so on. But in Japan, I heard in some debate recently that a trust service can be a solution, maybe a local solution or could increase more localisation, but there is some thinking of this kind where you can, you know, commercial sector or business sector can make an actual proposal. Are there any such activities or initiatives at the ICC or you have some ideas about this? That’s my question. Thank you. Thank you very much. Please, madam. Hi. Hello. I’m an academic. I have a question regarding telecommunication systems. So a few years ago, the deployment of 5G technology led to a global crisis, and then we saw some submarine cables being rerouted or some submarine cable projects being cancelled. And then recently we saw that certain countries would not authorise satellite broadband services by styling, for example, because it’s a US company. So my question is, do you see the data flow with trust schemes also de-intensifying these geopolitical tensions regarding the global telecommunications infrastructure? Thank you. Thank you for that. Hello. Sorry, we’re just alternating microphones, so we’re going to go here first and then I’ll turn to you. Please. Okay, thank you. Good afternoon. My name is Shota Watanabe. I’m working for a Japanese think tank. And my question is, which forum would be better for operationalising DFFT? Because there are so many forums discussing DFFT. For example, Prime Minister Abe mentioned World Trade Organization when he started DFFT and then we have a lot of other organizations such as OECD which deal with like government access declaration and recent establishing the Japanese government is now plan to establishing IAP as a new forum. So what kind of forum would be better and how can we avoid the duplication of the debates among these forums? Thank you. Thank you so much. Please, sir. Hi everyone. This is Narayan from Nepal. So when we talk about cross-border flow of data, it’s very difficult to have some homogeneous regulation and we have to think about some common standard and principles. In this context, so do you think that like our title, we should have some single free institution or forum, as you said, which should work on this common privacy, security and intellectual property sort of things? And if not, how the countries, developing countries and economies like US, EU and Japan should collaborate and work with the developing and LDC countries? This is my question. Thank you so much. Thank you for everyone for asking your questions. It’s really great to see that in this huge room, all the input of our panel was not lost and it’s really interaction. It’s really strange looking at such a big room, but I’m glad that you’re all here with us and engaged in the conversation.

Timea Suto:
So we’ve heard about six, seven questions here regarding how do we make sure that trust is enabled with the right authority and clarity and who can access it and who can’t. Questions around redressing, having redress mechanisms for any violations of rights. Questions on how do companies cope. with such a fragmented environment, especially when they are required to provide that data for public safety reasons. Questions on how do we find commercial solutions? Can we find commercial solutions on these challenges? Is there geopolitical tension that risks to be heightened? Is there a way to, which is the best forum to address some of these questions? And how do we include LLDCs in some of these conversations? So as I’m going to ask my panelists to share their final remarks from this conversation, I’m going to extend the one minute that we gave you to two minutes and try and pick your question or pick some of the questions that were asked and then perhaps leave us with a lesson that you think we should learn from today’s conversation and the global state of play around data governance. I’m going to go on in the order that you all have spoken because some of you have been silent since you first spoken. So I’m going to turn to Nnenna first, if you want to pick one or two of these questions and share your last remarks. Thank you, Tymia.

Nwakanma Nnenna:
And thanks everyone for your rich contributions. I would love to speak to the duplication of forum and where we should be having these conversations. Conversations are a great thing. Normative conversations are great, but legally constraining conversations are more important. So my answer to that question would be, let’s have conversations in multiple places. Let’s have normative certain conversations at global level. But when it comes to decisions, let’s make them firm so we can hold stakeholders responsible and that rather that this will be done at a global level. most preferably under the UN umbrella, because we’ve seen things. I’m speaking as an African, speaking from West Africa at this time. I don’t think OECD should be the place to hold conversations that will be of global constraining value. So I’d rather that the WTO, the UN, and its related agencies be the places where we make these decisions, even while we have conversations. I think that is why we come to the IGF. That will be my submission. Conversations must continue at global level, at regional level, private partnerships, national levels. Let’s have these conversations. Even within civil society, we have human rights issues that we can reflect on, think tanks, but then when it comes to global decisions, let’s make them at UN level. Thank you.

Timea Suto:
And have a great evening. Thank you so much, and enjoy the rest of your day. Thank you for being here with us. Sheetal, your takeaways, and maybe some responses to questions we’ve been asked. Thank you. Just to respond to the point about where to have discussions.

Sheetal Kumar:
I think as Nana said, they are being had in various places, but not everyone can access them, and not everyone understands or is engaging with the different ways that these conversations intersect, whether they’re around e-commerce, trade, and data flows, or data protection, and the standards that protect data, the technical standards. So there does need to be much more, I think, openness and engagement from a wider range of stakeholders in these spaces, not necessarily the creation of new forums. And what I would say as well is in relation to whether it’s protecting personal data or non-personal data, which as we heard earlier, both obviously require strong levels of protection. What we would like, I think what we need to see, and what we have in some cases, is legal frameworks that provide for that. We need to see them implemented, and to respond to the point about remedy, we need to see what is provided for, the rights that are provided for, for example, in legal frameworks around remedy actually implemented. And a leveling up, but leveling higher, I think, to higher human rights standards, or to human rights standards across the board, and that will allow for the trust, which we’ve been discussing, to manifest. because if we have those high standards across the board, across jurisdictions, that will support the trust and enable free flow. And then finally, to that point that I made earlier about the importance of ensuring that we have the broader infrastructures in place for people to make use of data for more equitable access, which is particularly important as we’re talking about artificial intelligence and harnessing that. Fundamentally, that’s about data processing, right? So the ability to do that requires a wide range of capacities, and I think we need to pay attention to that as well. Thank you.

Timea Suto:
Thank you so much, Sheetal. Raul. Thank you very much.

Raúl Echeberría:
I think that’s the, in his intervention, Jacob brought some new issues to the discussion that probably we deserve an entire session to deal with. So I will just refrain to a few comments, but I was going to say exactly what Nena said before about the fact that the war is much more than United States and Europe. And I understand that in some cases, the players, the holders could feel that there are unequal relations, but the history is plenty, and is still, unfortunately, plenty of unequal relationships between countries and regions. And coming from Latin America, I think that’s our relation with, the history of our relation with Europe is plenty of those cases. And while some people could think that there is no protectionism in some measures that are being discussed or promoted in Europe, being seen from outside of Europe, they look protectionist. And this is exactly what I say before when I say that we have to be careful that in good faith, when some stakeholders try to promote policies that, in their views, are good for fixing market failures or problems, we have to be very careful with the consequence that those policies could bring to the whole internet, not only for one country or one region. So we need a strong commitment among stakeholders that we will defend and work together for a not fermented internet. I agree very much. much with what Mario said before about that the good policies bring certainty, more security and trust, and I agree very much with that. But the problem that we face is that not all the policies are good, and not all the proposals are good. In regions like Latin America, where we deal with many different jurisdictions, more than 30 countries in Latin America and the Caribbean together, and so every country promoting their own different policies, we have to be very careful because the risk of those policies creating chaos or negative impacts instead of certainty is very big. Coming back to the European thing, one thing that we live in in Latin America is that there is a huge tend to copy and paste policies from Europe, policies that could be good for Europe. I’m not arguing against that, not necessarily are good for Latin America, and I guess that same happens with Africa, but with Africa I don’t want to make an opinion on that. So we need more work among all stakeholders, try, as I said before, to promote the discussions about the concepts of fermentation, the importance of data flow, and need to make the policymakers understand what is at risk in the policy development that somebody they are not aware of. Thank you.

Timea Suto:
Thank you, Raul. Just mindful of the time, we have about eight to ten minutes for the rest of the speakers, so I do encourage you to try and be short with your answers. We’ve had a lot of engagement from the floor and that is always good, but we need to manage the time as well. Karl, over to you for some last considerations. Thank you.

Carl Gahnberg:
I’ll try to keep it short, but I wanted to address something that I think addressed some of the questions that we received from the participants, or I think helped address some of those questions, and that goes to really highlighting the importance of encryption and continued support for use of encryption, because a lot of the questions that I heard about, for instance, data localization, or the physical infrastructure, or restrictions on interconnecting physical infrastructure, a lot of those challenges you can kind of resolve by allowing data to be encrypted, because it takes the locality or the importance of locality out of the equation. So for instance, I’m sitting in Switzerland, if my data is here in Switzerland unencrypted, then it’s much safer on the other part of the world other side of the world if it’s encrypted on that other side of the world so locality and and sort of safety is not one to one when it comes to data but it’s rather making sure that you have the technical means to secure the data like encryption that is so important and that also allows us to have this global network if we can actually secure the cross border data flows. The other thing I wanted to address was the question around which for to talk about this. And I think to Nina’s point, the to ensuring kind of inclusiveness in these discussions are really important I think in that regard, it’s important to consider that all of the four that we can think of have some form of barriers to participation. And I think it’s important to actually allow these discussions to happen in multiple for us. And I’m not too worried about duplication of discussions, as long as there is a path to a shared discussion and I think the IGF system is actually quite good in that regard. When you look at it in terms of national and regional IGFs that then is met with a crescendo of the global IGF every year so I could, I could see the IGF structure coupled with other for us being actually very useful vehicles for for facilitating participation. Then finally we had a question around sort of principles in in thinking about this globally and I think there’s, there is a principle that I know been used in both the environmental space and I know it’s used security, which is that you And I think that’s a really good model for us as we’re thinking about addressing these challenges that you should always be a global perspective in what you’re doing because the thing that you’re working with is a global infrastructure is a global society that we’re trying to interact with. So to think globally while you’re doing these things locally is extremely important. Thank you.

Timea Suto:
Thank you, Carl. Dave.

David Pendle:
Thank you. I’ll try to be brief. I know addressing at least the one question that was addressed to me, how does a provider kind of operate and comply in this like web of conflicts of laws I think is a really important question and one of our kind of like fundamental principles is that we should not be forced to violate one country’s laws in order to comply with another’s. That’s just a really critical point and there’s obviously a lot of concern about U.S. laws in our world and I understand that. One thing that’s fortunate about U.S. law is that it does account for the ability to challenge a demand where it conflicts, where there’s a true conflict within another country’s laws. It’s called a comedy challenge, not the kind that makes you laugh, but ends in I-T-Y. And we do report every six months on all of the cross-border requests that we get. That’s something we include in our transparency reports and I think that transparency generally is kind of the path toward accountability across the board and ensuring that users are notified when their data is requested, ensuring that everyone understands what authorities can and cannot do, and ultimately either the government or provider community putting up statistics every six months or more often to kind of show what is actually happening can dispel a lot of concerns and myths. Really quickly on the appropriate forum, certainly we need broader participation. The OECD did get some things right and then they brought a lot of people to the table that haven’t sat at that table before together, including privacy voices and data regulators, DPAs, and law enforcement, national security folks, with some input from civil society and business. I think we need more input. We also need more multilateral agreements generally because if you start counting up how long these bilateral agreements take, it will take years to cover all of the countries in the world unless we start going more multilaterally. So that’s one of the, I think it’s time for the governments to kind of start rolling up their sleeves and get to work on that.

Timea Suto:
Thanks, Dave. Mai?

Maarit Palovirta:
Yes, so maybe I’ll comment on the question on the geopolitics. I mean, it appears that geopolitics is the flavor of the day a bit everywhere, not only the telecommunications sector. We may talk about electronic vehicles or other things. There is a little bit of this at the moment in the world. What I would like to emphasize, though, is that from our perspective as a private sector, well, association representing the private sector, it is a very thin line between promoting the competitiveness of a certain region and being outright protectionists. So I think that it’s a very fine line to walk. And for like any industry or any private sector organization in this, well, in this globe today, most of us do need a global market for some purpose. And I was in the beginning making comments about the increasing third-party engagement for cross-border data traffic, for example, with the new developments in the telecom industry. So I think that that’s good to keep in mind. Maybe just quickly on the institutional framing, it’s good to have discussions. It’s good to see how we can develop these common principles. And here I’m not trying to push for any European model, but there are then regions such as Europe who already have regulations in place on many of these things, who are first movers, whether it’s good or bad. So it’s also then very important from our perspective not to duplicate or create something that’s bad. will be then another layer on top of it. But if it’s principles, if it’s things like that, we, I think, can fully endorse that. Thank you.

Timea Suto:
Thank you, Marit. Jakob.

Jakob Greiner:
Yeah, I very much like what Karl said, think globally, but act locally. I think that that is the vision for, you know, for every local company in all our nations. But if you want to incentivize these local companies to place their data, for example, in a cloud, as I said before, share it, let it flow globally, then you need to give these companies also assurances that data cannot be accessed. And David highlighted it. I think there are conflicts between different laws at the moment that make it very difficult for cloud providers to really adhere to one or the other, but in the end, they need to. And so the solution at the moment that some nations are going is to say, well, let’s find frameworks that, for highest sensitive data, prevent data access. And if that means that only a local cloud provider should be the main company dealing with the data, then that is the solution that at the moment is working. I think coming back to Raul’s point, of course, me, I’m very much looking at the EU-US focus, but you’re fully right. And that goes in the question of global fora. These rules should, if possible, be harmonized as much as possible. And there should be fora where governments get together and really outline what they are doing. Because rules on foreign ownership, data localization, I talked a lot about Europe. These rules exist in the US as well, and I’m sure they exist also in other nations. So I think coming together, making kind of a mapping and best practices of what is happening on the legislative side across nations, not only in the EU-US, should be the way ahead. Because in the end, ultimately, both consumers and enterprises and companies like such as myself want legal certainty. I think that’s the most important. And if we get that by harmonizing these rules globally, then we can also enable global data flows

Timea Suto:
and not only local data flows. Thank you so much. And thanks really for being here. We finished almost on time. All that’s left for me is to summarize, which I won’t do because we ran out of time. No, really. Just to note on the account of last words, some of the things, we were talking about how we operationalize this concept of data-free flows with trust. And I think we drew out quite a few good lessons here that are worth mentioning, even if it’s just telegraphically and without really any effort here to be comprehensive. The value of partnerships you’ve highlighted, the value of having all stakeholders at the table, which includes making sure that forums are open for stakeholder participation and for that global inclusiveness that we all talk about when we talk about data. It also needs to happen at the policymaking level. When we are talking about technology and how technology can actually help in some of these issues, thinking about encryption and thinking about transparency, thinking about interoperability, both at the technological level, but also the levels of policies. When we think about what are good regulations, what are good policy principles upon which we start acting, you’ve all mentioned, again, thinking interoperably, having a risk-based approach, creating safe spaces for dialogue and for sharing best practices. And then when we talk about the role of business, I think it was very clear not to put business at the middle around some of these ping-pong of jurisdictional, legal policies. policy conversations, but really make sure that business is at the table, that all stakeholders are at the table, and we think holistically and in a multi-stakeholder fashion about the normative principle-based conversations, but then make sure that those trickle down at the local level into clear implementation, into clear capacity building. So that’s what I really captured, and it’s really a telegraphic summary. There’s a lot more that we can say about this. There’s a lot of resources that we put onto the website of this session, including some of the ICC papers, but also a number of the papers and reference material that speakers have mentioned today. I do encourage you to take a look. We’re still here until the end of the forum, so come to the ICC basis booth and find us, and we can share some of that with you as well. So I wish you all a good rest of your debates, and a huge thanks to my panelists, both online and here on the panel. Thank you, and have a great rest of your day. Thank you. Thank you. Yes? Well, are you around still? Yes. Pretending I can and nothing? Not ICANN, not yet. Not IJF only, but all the rest of things, yes. I will see you around. Yes, sure. How about at least in person? I do, I do. Can I ask you a question? Yeah. Well, I guess yes, in person. Have we not? Are you not a IGF student? It’s been like years, yeah, but I think we’ve met. I will, since you’re here, I just wanted to see if you wanted to find time to grab a coffee or something. Yeah. Do you use WhatsApp or Signal? Both. Oh, that’s great. Yeah. Do you know what it is? 650, sorry, just my phone number? Yes. Yes, US is one, yeah, sorry. Yeah, yeah, okay. 650-441-0365. You just message me. I don’t know if that’s. I’ll give you a call. No, it definitely turns into a call. I know. Hopefully I’ve got that right. I have to update it for things that came up today that are going on tomorrow, so that’s why I’m hesitant to say the exact time. I wanted to make sure that I connected and that way we can message each other. I thought it was an awesome panel. Oh, thank you. Yeah, it was good to have this. Yeah. and and and and and and and and and and and and and and and and and and and and and and and and and and and