Operationalizing data free flow with trust | IGF 2023 WS #197

Report

During a recent discussion on global data flow, stakeholders expressed concerns and perspectives on various aspects of the issue. Daichi, an operator of a local IXP in Japan, questioned the need for establishing a new authority to verify data flow and encryption.

This highlights the importance of ensuring transparency and accountability in data handling processes.

Javier Reed from Consumers International emphasized the significance of implementing a redress system in data free flows. This system would enable consumers to seek resolution if any issues arise.

It underlines the need for adequate safeguards and mechanisms to protect consumers’ rights and interests.

Jameson Olufi from Africa ICT Alliance highlighted the challenge of data access in the US, particularly regarding the General Data Protection Regulation (GDPR) and its impact on intellectual property.

This concern emphasizes the need to balance data protection regulations with facilitating access to data for innovation and economic growth.

Masanobu Kato, representing the private sector, emphasized the role of businesses in proposing solutions for data flow and the potential of trust services.

This emphasizes the importance of collaboration between stakeholders in developing effective strategies and frameworks for secure and reliable data flow.

An anonymous academic drew attention to the potential effects of data flow with trust schemes on geopolitical tensions.

This observation highlights the significance of considering the broader implications and risks associated with global data flow.

Shota Watanabe from a Japanese think tank raised the question of identifying the most suitable forum for operationalizing Data Free Flow with Trust (DFFT).

This highlights the need for careful consideration to avoid duplicating debates and ensure effective implementation of relevant policies and frameworks.

Lastly, Narayan from Nepal proposed the need for common regulations and collaborations to address privacy, security, and intellectual property issues in cross-border data flow.

This suggestion emphasizes the importance of international cooperation and the development of cohesive regulatory frameworks to address the complex challenges posed by data flow across borders.

In conclusion, the discussion on global data flow highlighted concerns and perspectives from various stakeholders.

These include the need for transparency, the importance of consumer redress systems, challenges of data access within regulatory frameworks, the role of businesses in proposing solutions, the potential impact on geopolitical tensions, identification of suitable forums for operationalization, and the necessity for common regulations and collaborations.

Report

The success of the Internet can be attributed to its effective governance, management of the Domain Name System (DNS), and the development of open standards. These factors have allowed for convenient global connectivity and data flows, making the Internet a powerful tool for communication and innovation.

The Internet is also designed to evolve and adapt over time, ensuring it remains relevant and efficient.

However, certain regulatory policies threaten the principles of accessibility and open architecture that underpin the Internet. Countries like South Korea, India, and Brazil are discussing imposing regulations that would require online services to pay network usage fees.

This could hinder the accessibility and openness of the Internet by creating barriers for smaller online services and limiting innovation.

Another threat to the Internet’s principles is the attempt to prevent the use of end-to-end encryption. Governments argue that this measure is necessary for security reasons, but it can compromise the privacy and security of users.

Encryption plays a crucial role in data security and must continue to be supported to protect users’ sensitive information.

To ensure that Internet policies are effective and consider the potential consequences, it is important to include impact assessments as part of the policy formulation process.

Impact assessments can help understand the outcomes and ramifications of specific policies and facilitate cross-border data flows. It is also important to preserve certain key policies, such as net neutrality, to maintain a fair and open Internet.

Discussing these important Internet issues in multiple forums is crucial.

While all forums may have some barriers to participation, having multiple avenues for discussion ensures a diverse range of perspectives are heard. The Internet Governance Forum (IGF) system, which includes national and regional IGFs culminating in the global IGF annually, is an example of a platform that can facilitate these critical discussions.

Approaching Internet challenges requires a “think globally, act locally” principle.

This principle, successfully employed in the environmental and security sectors, is essential when working within a global infrastructure and interacting with a global society. By considering the global context while taking local actions, we can address the challenges facing the Internet comprehensively and effectively.

In conclusion, the success of the Internet is attributed to factors such as effective governance, open standards, and convenient connectivity.

However, regulatory policies that threaten accessibility and open architecture, along with attempts to hinder encryption, present challenges to the Internet’s evolution. Impact assessments, multiple forums for discussion, and the “think globally, act locally” principle are important in addressing these issues and ensuring the Internet remains a powerful tool for communication, innovation, and collaboration.

Report

The fear of government access to data is identified as a significant threat to the free flow of data with trust. Microsoft’s law enforcement national security team receives just over 50,000 requests from governments each year for user data, contributing to a growing mistrust.

Fragmentation of the internet, driven by laws motivated by concerns over privacy, sovereignty, or access to data, deepens this lack of trust.

To address these concerns and foster trust in data flows, interoperable multilateral frameworks are deemed necessary.

The Organisation for Economic Co-operation and Development (OECD) process, led by Japan, brings together 38 countries to establish shared principles for data access. These principles include considering legitimate aims, obtaining prior approval, and incorporating oversight and transparency. The United States is actively negotiating data access agreements, and many countries have signed the second additional protocol.

Recognising the importance of balancing privacy and security, technology providers play a critical role as guardrails to ensure that requests for customer data are lawful, compulsory, and align with fundamental rights.

While responding to data requests for public safety reasons is necessary, safeguards must protect individual privacy and prevent unwarranted access by governments.

Transparency is essential in establishing accountability within the data ecosystem. Users should be notified when their data is requested, keeping them informed about access to their information.

Providers must regularly update statistics to illustrate the actual requests they receive. Transparency reports, published every six months or more frequently, showcase actions taken and promote a higher level of accountability in data handling practices.

Providers should not be compelled to violate the laws of one country to comply with another.

Conflicts of laws present a significant challenge, but legal provisions like the comedy challenge in the US allow companies to challenge demands conflicting with laws in other jurisdictions. Companies report these cross-border requests through transparency reports every six months, ensuring the public is aware of the circumstances and potential conflicts.

Establishing more multilateral agreements concerning data requests and privacy is crucial for effective data governance.

While bilateral agreements have been pursued, relying solely on them would be lengthy and cumbersome. Implementing more multilateral agreements streamlines data governance, reduces barriers, and facilitates a smoother exchange of data.

Further broad participation and inclusion in discussions concerning data requests and privacy is necessary.

The OECD has made efforts to bring diverse voices to the table, incorporating perspectives from privacy advocates, data regulators, law enforcement agencies, national security officials, civil society organizations, and businesses. This inclusivity ensures that various opinions and concerns are considered, guiding the development of comprehensive and balanced policies.

In summary, the fear of government access to data poses a threat to the free flow of data with trust.

Microsoft’s statistics highlight the extent of government requests for user data, raising concerns around privacy and trust. To address these fears, interoperable multilateral frameworks, such as the OECD process and data access agreements, are essential. Balancing privacy and security is crucial, with technology providers acting as safeguards.

Transparency and accountability are vital in building trust in the data ecosystem. Providers should not be forced to violate one country’s laws to comply with another’s. More multilateral agreements and broader participation are needed to effectively address data requests and privacy concerns.

Report

The analysis provides an in-depth examination of several important aspects related to data flows and their implications for competitiveness, innovation, trust, and security. One key finding is that over 90 percent of EU-based companies send their data to the United States.

While this may be beneficial for the US, it raises concerns regarding the potential impact on Europe’s competitiveness and innovation. The heavy reliance on data flows towards the US could potentially hinder Europe’s ability to leverage its own data for economic growth and technological advancement.

Furthermore, the analysis reveals that almost 70 percent of global internet traffic runs through the proprietary networks of just a few companies.

This finding highlights the need for greater balance and regulation within the internet ecosystem. With such concentration of data flow within a few companies, there is a risk of monopolistic control and potential limitations on innovation and competition. It becomes essential to ensure that data flows are more evenly distributed and that regulations are in place to prevent unfair practices.

The importance of trust and security in data flows is underscored throughout the analysis.

It is argued that no data flow should occur if trust and security are compromised. The European Union (EU) has developed a stringent regulatory framework to protect the data of citizens, public bodies, and companies. Additionally, the Europe-U.S. agreement aims to establish an equal level of data protection, striking a balance between security concerns and the free flow of data.

These efforts are crucial for building a foundation of trust and maintaining the integrity of data flows.

However, while emphasizing the importance of the principle of free flow of data, it is cautioned that this principle should not undermine security and trust.

There is evidence to suggest that an increasing number of companies and individuals are seeking to localize their data and impose restrictions due to security concerns. This shift towards localized data and restrictions is driven by the need to safeguard sensitive information and mitigate risks associated with the access and storage of data outside Europe.

This trend presents a challenge as it has the potential to impede the free flow of data and hinder global collaboration. Striking the right balance between the free flow of data and security becomes imperative in this context.

Another significant point highlighted in the analysis is the need for global alignment in data flows.

To ensure trust and security, it is advocated that there should be a common approach adopted by nations to regulate data flows. This aligns with the broader objective of the Sustainable Development Goals (SDGs), particularly SDG 9 (Industry, Innovation, and Infrastructure) and SDG 17 (Partnerships for the Goals), which emphasize the importance of global cooperation and partnerships.

Moreover, the analysis reveals a conflict between different laws, making it challenging for cloud providers to adhere to regulations across borders.

This emphasizes the importance of establishing global data flows that provide assurance of data accessibility while respecting and adhering to legal requirements. It is essential to find a balance that allows for seamless data flow while addressing concerns related to privacy, security, and compliance.

The analysis also stresses the significance of legal certainty for both consumers and enterprises.

Ensuring clarity and harmonization of laws across nations is essential to foster an environment of trust and confidence. Legal certainty provides the necessary framework within which businesses can operate, and consumers can trust that their data is being handled appropriately.

Finally, the analysis recognizes the importance of supporting local companies in becoming global players.

When local enterprises have the opportunity to expand globally, it can lead to economic growth and job creation. Incentivizing local companies to place their data on a global scale can contribute to their competitiveness and allow them to tap into new markets and opportunities.

In conclusion, the analysis presents a comprehensive overview of the various facets of data flows, their impact on competitiveness, innovation, trust, and security.

It emphasizes the need for balance, regulation, and global alignment to ensure that data flows are both efficient and secure. Building trust and maintaining legal certainty are crucial aspects in this process. Ultimately, by striking the right balance and fostering international cooperation, data flows can be harnessed to unlock economic growth, promote innovation, and achieve the Sustainable Development Goals.

Report

The analysis examines various key insights concerning the movement of data in networks, privacy regulations, regulatory coherence, regulatory certainty, geopolitics, and the global market.

Firstly, it highlights that innovations such as virtualisation, cloudification, and 5G are influencing data traffic patterns, resulting in increased cross-border data movement.

This suggests a shift in the way data is transported through networks operated by telecom companies. These advancements are seen as positive, as they enable more efficient and effective data exchange globally.

Moving on to privacy regulations, it is noted that the implementation of the General Data Protection Regulation (GDPR) has led to improved trust among citizens worldwide.

The GDPR has not only provided a global model for privacy regulations, but it has also inspired other countries to adopt similar frameworks. The sentiment towards this development is positive, as it highlights the importance of maintaining and enhancing trust in the digital space.

Furthermore, it emphasises that the internet will only continue to thrive as long as people perceive it to be trustworthy.

In terms of regulatory coherence, it is highlighted that a common basis is needed to promote simplified and harmonised regulations on a global scale.

The analysis argues that the implementation of diverse policies across different regions can potentially lead to internet fragmentation, which poses risks to the seamless flow of information. Therefore, some level of interoperability between regulations is deemed necessary to address this challenge.

The significance of regulatory certainty is also addressed within the analysis.

It points out that stability for businesses in the private sector is provided through agreements such as data free flow area agreements established by European policymakers with various countries. These agreements, which ensure the free flow of data, offer regulatory certainty to businesses.

The sentiment towards this development is positive, as it recognises the importance of predictable and consistent regulatory frameworks for fostering innovation and growth within the private sector.

The analysis touches upon the impact of geopolitics on the telecommunications sector, highlighting that there is a delicate balance between promoting regional competitiveness and avoiding protectionism.

Geopolitics is described as being the flavour of the day in several sectors, suggesting that political factors play a significant role in shaping the dynamics of the telecommunications industry. This observation is neutrally presented, indicating that further examination may be required to fully understand the implications of geopolitics in this context.

Furthermore, it is underlined that the global market is crucial for the majority of industries and private sector organisations.

The analysis asserts that increasing third-party engagement for cross-border data traffic is essential for sustainable economic growth, aligning with the goal of achieving decent work and economic growth as outlined in Sustainable Development Goal 8.

Lastly, the importance of developing common principles and avoiding the duplication of regulations is emphasised.

It is argued that existing regulations in Europe should serve as a foundation, rather than being replicated, in order to achieve regulatory efficiency and avoid unnecessary bureaucracy. This notion is positively viewed as it highlights the need for collaboration and streamlined approaches in regulatory frameworks.

In conclusion, the analysis sheds light on various aspects related to the movement of data, privacy regulations, regulatory coherence, regulatory certainty, geopolitics, and the global market.

It underscores the positive impact of innovations such as virtualisation, cloudification, and 5G on data traffic patterns, as well as the positive effects of the GDPR on global privacy regulations. Furthermore, it stresses the necessity of regulatory coherence and simplification on a global scale to prevent internet fragmentation.

The importance of regulatory certainty for businesses in the private sector is highlighted, along with the delicate balance between promoting regional competitiveness and avoiding protectionism. The analysis acknowledges the indispensable nature of the global market for most industries and private sector organisations, while also recognising the need for developing common principles and avoiding duplication of regulations.

Report

Data flows are essential for economic growth and human development as they are closely tied to human mobility and revenue generation. The value of data is derived when it is moved, processed, and utilized effectively. This positive relationship between data flows and economic growth and human development underscores the importance of data in driving progress in various sectors.

Data plays a critical role in achieving the Sustainable Development Goals (SDGs), particularly in sectors such as agriculture, health, and education, especially in developing countries.

Data serves as the foundation for the SDGs, acting as both a product and a catalyst for positive change. An example of this is the International Digital Health and AI Research (IDA) initiative, which demonstrates the significance of cross-border data flows in advancing health research and ensuring quality healthcare services globally.

The successful operationalization of data flows relies on establishing trust, which should not be limited to government involvement alone.

Building trust within the data ecosystem requires collaboration and collective efforts involving multiple stakeholders. Therefore, the operationalization of data flows should go beyond governmental boundaries and incorporate diverse entities, fostering trust and promoting effective data management practices.

The governance of internet and free data flows has been criticized for its US and EU-centric approach.

It is important to note that the US and EU represent only a small portion of the world’s population, while Asia and Africa are projected to shape the future. Therefore, there is a need for more inclusive and globally representative decision-making in this sphere.

Mindfulness is also necessary, as focusing solely on EU-US perspectives does not constitute a holistic and comprehensive approach to internet governance and the free flow of data.

Conversations about data governance should occur in various settings, including normative and legal frameworks.

These discussions should address aspects such as data governance and regulations, and establish effective frameworks to guide data practices. Holding conversations in multiple venues, considering both normative and legal dimensions, is vital to ensuring comprehensive and inclusive data governance.

Decisions on data governance should be made under the umbrella of the United Nations (UN), as suggested by Nnenna.

Such an approach would facilitate global cooperation and hold stakeholders accountable for their actions. It is important to avoid restricting the conversation to the Organization for Economic Cooperation and Development (OECD) and instead create a more inclusive and representative forum, such as the UN, to address global data governance.

In conclusion, data flows are crucial for economic growth and human development.

The achievement of SDGs in sectors like agriculture, health, and education heavily relies on effective data management and flow. Trust, collaboration, and inclusivity should underpin the operationalization and governance of data flows. Additionally, conversations about data governance should take place in multiple settings, and decision-making on data governance should be conducted under the auspices of the UN to ensure global accountability and representation.

Report

In today’s data-driven society, our reliance on data is evident. Almost all aspects of our daily lives, such as health services, government services, marketplaces, and e-commerce, are heavily reliant on data. This emphasises the fact that we live in a society where data is the foundation of our services.

The free flow of data is crucial for ensuring that these services are accessible and beneficial to all individuals.

In order to reduce inequalities and achieve the Sustainable Development Goals (SDGs), it is essential that there is unrestricted data flow. This means that policies and frameworks need to be established to facilitate and support the free flow of data.

While promoting data flow is important, it is equally important to protect the rights and privacy of individuals.

Legal frameworks should be put in place to ensure the safe and secure transfer of data without impeding its flow. These frameworks should strike a balance between enabling data flow and safeguarding the privacy of individuals, creating an environment that encourages responsible data handling practices.

To ensure a secure flow of data, effective local, regional, and global policies need to be developed.

These policies should address the challenges associated with data flow and establish standards for secure data transmission. It is vital that data flow is seen as the norm, rather than the exception. By implementing robust policies, we can foster an environment that promotes the free exchange of data and encourages innovation and digital development.

However, there are instances where restrictive policies hinder the free flow of data.

These policies prevent individuals from benefiting from digital advancements and impede progress. Policymakers need to be aware of the consequences of such restrictions and strive to create an environment that fosters digital development for all.

In addition to policies that directly impact data flow, other factors can also contribute to internet fragmentation.

Policies related to infrastructure, taxes, or content moderation, if not carefully implemented, can lead to fragmentation. A fragmented internet poses a significant barrier to the uninterrupted flow of data, affecting the functioning of digital services.

Addressing these challenges requires collaboration between policymakers and stakeholders.

Working together, we can develop effective policies and frameworks that facilitate data flow while ensuring the protection of individual rights. The commitment and cooperation of all stakeholders, including governments, businesses, and civil society, are essential in promoting discussions and finding solutions that benefit everyone.

In summary, data flow is fundamental to our modern society, as it underpins almost all aspects of our lives.

Establishing policies and frameworks that support the free flow of data, while protecting individual rights, is crucial. Collaboration and commitment from all stakeholders are key to overcoming challenges and creating an environment that promotes data flow and digital development for all.

Report

The analysis covers various topics related to data governance and protection, providing valuable insights into the key issues and discussions surrounding these areas.

One of the main points highlighted is the importance of a human rights-based approach to data.

The analysis emphasizes that frameworks underpinned by human rights principles provide clarity and protection. It also mentions that data protection legislation embodies many required principles. It is argued that cross-border data sharing agreements should reflect human rights standards. This supports the conclusion that a human rights-based approach is crucial for ethical and responsible data governance.

Another important point made in the analysis is the need for inclusive and diverse participation in data governance.

It is argued that more digital rights, civil society, and consumer groups should be involved in decision-making processes related to data governance. The analysis suggests that the role of civil society should be reflected in operationalizing frameworks such as the data free flow with trust framework.

This highlights the importance of considering a wide range of perspectives and voices in shaping data governance practices.

The analysis also raises concerns about the trend of data localization. It states that reasons and effects of data localization can vary but highlights a World Economic Forum paper that shows data localization does not necessarily help grow the local economy.

It further explains that data localization can lead to surveillance and harm rights within a country. This raises the need to carefully consider the implications of data localization and seek alternative approaches that balance security and privacy concerns.

Equitable access to data and the necessary infrastructure are also identified as crucial factors in data governance.

The analysis highlights that while data itself is not valuable without interpretation and analysis, there is a lack of equitable access to data and the ability to use it in certain parts of the world. Investment is seen as needed to make use of data in sectors such as health.

This highlights the importance of ensuring equal opportunities for access to data and the necessary resources to leverage its potential.

In terms of data security, the analysis emphasizes the importance of technical and legal measures. Encryption is highlighted as an integral part of a security infrastructure for data, whether it is data in transit or data being stored.

This underscores the need for robust security measures to protect sensitive data and mitigate the risks of unauthorized access or breaches.

Noteworthy observations from the analysis include the need for thorough assessments of proposed measures before implementation. It is argued that such assessments are crucial to ensure that the measures achieve their intended effect and do not inadvertently increase insecurity.

This highlights the importance of evidence-based decision-making and avoiding hasty actions that may have unintended consequences.

The analysis also emphasizes the significance of open and engaged discussions involving a wide range of stakeholders. It suggests that discussions related to e-commerce, trade, data flows, and data protection are not widely accessible or understood.

Therefore, openness and engagement from diverse stakeholders are seen as essential in shaping effective and inclusive policies and frameworks.

Overall, the analysis provides a comprehensive overview of the key issues and considerations in data governance and protection. It highlights the importance of a human rights-based approach, inclusive participation, equitable access, robust security measures, and thorough assessments of proposed measures.

These insights can inform policymakers, organizations, and individuals in making informed decisions and driving responsible data governance practices.

Report

The analysis highlights a growing mistrust in cross-border data transfers, which has resulted in the implementation of restrictive policies such as data protectionism and data localization. These policies have led to internet fragmentation, where data flows are hindered or restricted, impacting global connectivity and the free flow of information.

Concerns around national security, privacy, and economic safety have sparked this mistrust among nations.

However, there are calls for the development of horizontal, interoperable, and technologically neutral policy frameworks that can unlock the benefits of data. Such policies would aim to reinforce trust in cross-border data flows, enabling data to flow freely across borders while addressing legitimate concerns.

By promoting interoperability and neutrality, these frameworks can boost innovation, competitiveness, and economic growth by facilitating the exchange and collaboration of data across different regions and sectors.

One significant move against internet fragmentation is the concept of Data-Free Flows with Trust, which was coined by Japan.

This concept was introduced a few years ago at the G20 summit and has gained attention as a potential solution to address the challenges of cross-border data flows. Efforts are underway, such as the establishment of the Institutional Arrangement for Partnership by the G7, to operationalize this concept and promote trust in data flows.

The analysis also draws an analogy between data flow and human mobility.

It highlights the importance of data flow, similar to the movement of people, in generating revenue, driving economic growth, and fostering development. Data is deemed necessary in critical areas such as health, education, and agriculture, supporting advancements in fields like AI research and digital health.

The parallel between data flow and human mobility underscores the significance of data in promoting economic and social progress.

Furthermore, trust for data flow is seen as a product of dialogue and cooperation among stakeholders, akin to the aviation business where various entities such as governments, airline operators, and law enforcement work together to ensure a secure and efficient system.

Building trust in data flow requires collaborative efforts and an understanding of the responsibilities and roles of different actors.

While recognizing the importance of data flow for development, the analysis also highlights the need to consider policy measures and thinking around data in a holistic fashion.

This ecosystem view is essential to avoid inadvertent consequences that may arise from one-dimensional or fragmented policies. Taking into account the various dimensions and interconnectedness of data governance can lead to more effective and balanced approaches.

In conclusion, the analysis emphasized the challenges posed by growing mistrust in cross-border data transfers.

However, it also highlighted potential solutions such as developing technologically neutral policy frameworks, promoting the Data-Free Flows with Trust concept, and recognizing the importance of data flow for development. By fostering trust, cooperation, and a holistic approach to policy-making, nations can unlock the full potential of data and promote global connectivity, innovation, and sustainable growth.