Opportunities of Cross-Border Data Flow-DFFT for Development | IGF 2023 WS #224

9 Oct 2023 06:15h - 07:45h UTC

Event report

Main points from discussion:

  • Move from general notions of Data Free-Flow with Trust to operational applications, including clear definitions of open data and sharing of data
  • Centrality of Digital public infrastructure (DPI) as infrastructure for inclusive, open, effective use of data
  • Making the concept of data as  public good more operational and practical
  • Need to strengthen voices of developing countries in emerging global data governance framework
  • Mainstreaming of Data Free-Flow with Trust in development assistance projects and initiatives.
  • Need for a ‘fourth way’ for data governance (in addition to USA, EU, and China) that will use data as a strategic asset for socio-economic development

Table of contents

Disclaimer: This is not an official record of the IGF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the IGF's official website.

Knowledge Graph of Debate

Session report

Audience

The analysis delves into various aspects of cross-border data, open data, and data protection. Shilpa, a researcher at the University of Melbourne, sheds light on the complexities and challenges associated with cross-border data and open data. She highlights the importance of understanding India's experience with data privacy and protection laws. Specifically, Shilpa mentions the establishment of India's Data Protection Act as a result of a judgment on privacy standards. She also discusses the concerns surrounding India's Aadhaar identification system and its impact on data privacy.

One recurring concern throughout the analysis is the invasion of privacy and the potential negative impacts of data collection, particularly in relation to predictive advertising. It is noted that corporations often collect as much data as possible to sell products and services, raising concerns about privacy invasion and manipulation of consumer behavior for targeted marketing.

There is also skepticism about who truly benefits from the creation and sharing of data sets. This skepticism raises questions about the need for open data and the beneficiaries of such datasets. Shilpa explores the need for clearer definitions and distinctions between open data and the concept of Data-Free Flow with Trust (DFFT), underscoring the importance of differentiation.

The analysis further acknowledges the varying approaches to data flow regulations in different regions. It highlights the need for emerging economies to adopt a different approach to data flow regulations to address their specific needs. Furthermore, it mentions different versions of data flow regulations, such as the Data-Free Flow with Trust and CPBR proposed by the US, as well as the Chinese version of closing all data. These differing approaches reflect the need for data governance models that align with specific circumstances and development goals.

The risks associated with adopting a deductive global approach to global frameworks are emphasized. The analysis recognizes the tensions that arise from balancing data protection against the free flow of data. It raises concerns about the potential negative impacts of a one-size-fits-all approach to data regulations, underscoring the importance of considering specific country-level needs and circumstances.

Building trust is highlighted as a fundamental requirement for data governance in multilateral environments. Trust can be established through adherence to norms, standards, and law enforcement. Additionally, transparency in data processing is identified as crucial for building trust between data processors and data subjects. Without transparency, concerns about how data is used and processed may undermine public trust.

The analysis also acknowledges some specific cases related to data leaks and accountability. It suggests that Google should face consequences for data leaks and might be required to pay fines if it leaks user information. It raises concerns about private certification, particularly with large companies like Google. Doubts are expressed about the ability of small private certification agencies to effectively handle issues with such large companies, especially when governmental bodies, like the Federal Trade Commission (FTC), face difficulties in this regard.

In conclusion, the analysis emphasizes the complexities and challenges associated with cross-border data, open data, and data protection. It underscores the need for clear definitions and distinctions between different concepts, such as open data and DFFT, as well as varying approaches to data flow regulations. Building trust through transparency and accountability is seen as vital for effective data governance. The analysis also raises concerns about privacy invasion, the manipulation of consumer behavior through data collection, and the role of large companies in data certification and accountability. Overall, the analysis provides valuable insights into the complexities of the data landscape and highlights the importance of careful consideration of data-related policies and regulations.

Kathleen McGowan

The analysis highlights the importance of prioritising data sharing across borders to promote socio-economic development. Kathleen McGowan argues that data should be viewed as the ultimate stranded asset and emphasizes the need to harmonise data sharing within and across borders.

Trust is identified as a major challenge in leveraging the power of data. The analysis acknowledges that trust deficits around data can be obstructive and that trust divides are likely to persist due to current geopolitical realities.

Creating value from data poses similar challenges for both developed and developing economies. No country or economic bloc has found the perfect balance for extracting value from data. The absence of a federal data protection law in the United States exemplifies the challenges faced by even highly developed economies in this regard.

The analysis also addresses the issue of data exploitation, particularly concerning data produced by individuals in developing countries. It argues that external entities often exploit this data without benefiting the local economy. Data localization, driven not only by national security concerns but also by a sense of data exploitation, is seen as a response to this problem.

Investing in the right governance models is crucial for establishing confidence in cross-border data flows. Current models of data trust and stewardship are considered limited, and data sharing should be the rule rather than the exception, with all stakeholders involved in decision-making processes.

Digital public infrastructure (DPI) and digital public goods (DPG) play a key role in data flow. DPI has gained prominence during India's G20 presidency, aiming to create highly inclusive tech stacks supporting public sector service delivery and private sector innovation. Digital public goods are open solutions designed for interoperability and privacy.

The generation of data from digital public infrastructure is viewed as instrumental in solving global problems. It offers the potential for more representative and inclusive data.

Strategic data management is seen as an area where emerging economies can benefit. The analysis suggests that these economies should consider data as a strategic asset and adopt an approach different from the laissez-faire model of the United States and the state-driven model.

Finally, the concept of the "fourth way" is proposed as an alternative approach to data governance, presenting an opportunity for countries to leverage data in a way that better serves their economy and society. Kathleen McGowan agrees with this approach, highlighting its potential advantages.

In conclusion, the analysis underscores the need to prioritize data sharing across borders for socio-economic development. It addresses challenges related to trust, creating value from data, and data exploitation. The importance of investment in governance models, as well as the role of digital public infrastructure and digital public goods, is highlighted. The concept of the "fourth way" offers an alternative to traditional data governance approaches. Overall, the analysis provides valuable insights into data management and its implications for global development.

ATSUSHI YAMANAKA

The importance of data exchange and digital technologies in healthcare services in developing countries was highlighted by John Philbert and ATSUSHI YAMANAKA. They emphasized the crucial role that data exchange and digital technologies play in improving health services and outcomes in these countries. The need for secure and safe data exchange to ensure confidentiality and privacy of patient information was stressed by ATSUSHI YAMANAKA.

ATSUSHI YAMANAKA also argued for the inclusion of the voice of developing countries in creating an international framework for data exchange. He believed that their unique experiences and perspectives can contribute to the development of inclusive and equitable policies that address the specific challenges faced by these countries.

The promotion of data ownership and a right-based approach to data transactions was emphasized. The Rwandan government was cited as an example, having established a data protection office under the National Cyber Security Authority to protect data while allowing flow and respecting privacy. This approach recognizes the importance of user-based control in data transactions.

The support of development partners was deemed crucial in creating a conducive environment for data transactions. ATSUSHI YAMANAKA highlighted the role that academia, private sectors, and civil societies can play in supporting the creation of such an environment. Learning from each other's experiences was identified as a valuable process.

Creating conducive mechanisms for free data flow requires a multi-stakeholder approach. The Internet Governance Forum (IGF) was cited as an example of a platform that encourages collaboration and dialogue among different actors to address challenges related to data flow.

Concerns were raised about data exploitation and data colonialism in developing countries. It was noted that developing countries often feel that their data is being exploited, and that information flow is skewed in favor of certain countries or organizations. This calls for addressing power imbalances and promoting a more equitable distribution of benefits from data transactions.

Bilateral organizations were urged to support the creation of an ecosystem that promotes trusted data flow. This emphasizes the need for cooperation and partnerships between countries and organizations to establish frameworks and mechanisms that ensure data is exchanged in a secure and trustworthy manner.

Government involvement was highlighted, emphasizing the importance of providing the right information and tools to government officials to ensure safe data transactions. Sharing of good practices and interactive dialogues with governments were also supported.

The transaction of data should not be solely driven by economic or social benefits, but should also consider global benefits. Certain types of data, such as climate and forest data, were highlighted as global public goods that can benefit society as a whole. A broader perspective beyond economic considerations is necessary for responsible and ethical data transactions.

ATSUSHI YAMANAKA advocated for integrating the free flow of trusted data into discussions about digital public goods and infrastructure. Data, particularly data related to natural resources and threats to them, was considered a public good that promotes transparency and collective action to address environmental challenges.

In conclusion, the importance of data exchange and digital technologies in healthcare services and beyond was emphasized. The need for secure data exchange, the voice of developing countries, data ownership, and the involvement of development partners were highlighted. Conducive mechanisms for data flow require a multi-stakeholder approach. Concerns were raised about data exploitation and colonialism. Government involvement, sharing of good practices, and considering global benefits were stressed. The notion of data as a public good and responsible data transactions were emphasized.

Mayumi Miyata

Mayumi Miyata discusses the concept of Data Free Flow with Trust (DFFT) in the context of development, aiming to facilitate the safe and transparent participation of developing countries in the international data market. She emphasizes the need to integrate DFFT into development programs and policies to anticipate future cross-border data exchanges and maximize data utilization.

Miyata highlights the importance of providing developing countries with the necessary infrastructure and environment to participate in the data market. By incorporating DFFT into development programs, countries can create an environment that encourages their active involvement in the international data market, leading to data-driven socioeconomic development.

Additionally, Miyata emphasizes the significance of multilateral stakeholder involvement in creating mechanisms to promote the free flow of trusted data. She argues that this involvement is crucial for addressing imbalances in data exploitation and rectifying the skewed flow of data, which often leaves developing countries feeling exploited. According to Miyata, it is essential to address these imbalances to ensure that developing countries can capitalize on the potential of their own data.

Miyata also advocates for the establishment of global standards for data transactions that extend beyond economic and social benefits. She provides examples of legal barriers encountered in data sharing, such as restrictions on data-sharing during a COVID-19 telemedicine project involving 12 countries. Some countries, like Indonesia, have limitations on exporting data from their hospitals, while national security concerns can restrict the sharing of environmental data, such as forestry data. Miyata believes that global standards would help overcome these obstacles.

In conclusion, Miyata supports the development of frameworks or global agreements that facilitate data sharing and transactions for global benefit. She suggests that disassociating personal information from data can make projects more feasible, and highlights the advantages that a framework would have provided in their COVID-19 telemedicine project. Overall, Miyata believes that integrating DFFT into development agendas, involving multiple stakeholders, and establishing global standards can enable developing countries to safely participate in the international data market.

Jean Philbert Nsengimana

The analysis highlights the importance of striking a balance between openness and data protection in relation to cross-border data flow and digital data governance. It recognises that data has become a valuable resource, often referred to as the "new oil," which both state and non-state actors seek to exploit. Therefore, regulators and policymakers have a responsibility to safeguard the sovereignty, privacy, security, and digital rights of users while also promoting openness.

In the context of Africa, the analysis points out the potential benefits of cross-border data in bringing together the continent into a digital single market. Africa is currently in the process of creating the largest free trade area in the world, which could have significant economic and developmental implications. The report suggests that digital infrastructure, powered by wireless networks and satellites, can play a crucial role in connecting different parts of the continent. By transcending borders, this interconnectedness can foster collaboration and facilitate seamless data exchange.

Additionally, the analysis highlights the need to amplify and strengthen African voices in global digital data governance. It argues that although global platforms like the Internet Governance Forum (IGF) play a critical role in shaping digital data governance norms, it is important to adequately represent the perspectives and interests of African regulators and stakeholders. Strengthening African voices within the IGF can help ensure that decisions regarding digital data governance align with Africa's unique social, economic, and political circumstances.

In summary, the analysis underscores the significance of considering both openness and data protection in cross-border data flow and digital data governance. It highlights the potential benefits of cross-border data for Africa, particularly in terms of economic integration and digital connectivity. Furthermore, it emphasizes the importance of including and empowering African voices in global digital data governance forums. By doing so, a more inclusive and representative approach to digital data governance can be achieved, leading to fairer outcomes for all stakeholders involved.

Chrissy Martin Meier

During the discussion, the audience raised several important questions related to data localisation and its potential impact on fragmentation. The primary concern was how to achieve data localisation without exacerbating the issue of fragmentation further.

One question that arose was regarding the role of the Institutional Arrangement for Partnership (IAP), spearheaded by Japan. Unfortunately, further details about the specific role of the IAP were not provided in the given context. However, it can be inferred that the IAP may have some relevance in addressing the challenges and complexities associated with data localisation and fragmentation.

Another question raised by the audience was related to the integration of the SWIFT system and the new financial transaction system spearheaded by the BRIC member nations. The specific details of how these two systems will fit into the broader framework of data localisation and fragmentation were not elaborated upon. However, it can be assumed that integrating these systems would require careful consideration and coordination to ensure that they align with the larger goals and objectives.

Additionally, the audience sought clarification on how country-led efforts to establish their own digital currencies, often referred to as Central Bank Digital Currencies (CBDCs), will fit into the picture. Unfortunately, the discussion did not provide specific insights into how CBDCs would be incorporated and their potential impact on data localisation and fragmentation.

It is clear from the audience's questions that there is a concern about balancing the need for data localisation with the potential risks of increasing fragmentation. Addressing this issue requires careful planning and collaboration among stakeholders to establish harmonised frameworks and standards. While the specific details and answers to the audience's questions were not fully addressed, the significance of these concerns was acknowledged during the discussion.

Tojima Hitoshi

Both speakers emphasize the significance of data flow with trust in achieving digital transformation and development goals. JICA, or the Japan International Cooperation Agency, has recognized the value of digital technologies in improving the efficiency and effectiveness of their cooperation program. This indicates their understanding of the potential benefits that can be derived from incorporating digital solutions into their operations. The Government of Japan, on the other hand, has been actively promoting the concept of data-free flow with trust (DFFT) since 2019. This demonstrates the government's commitment to facilitating the secure and unrestricted movement of data.

The notion that data is referred to as the new gold is echoed by both speakers. Data is recognized as a valuable asset that contributes to the progress of nations. By viewing data in this way, it becomes evident that its free and secure flow is vital for unlocking the full potential of digital transformation. Furthermore, the speakers highlight the need for trust in data flow. Trust ensures that data is handled with integrity, confidentiality, and accountability. It establishes a foundation on which digital transformation and development can flourish.

The speakers' positive sentiment towards data flow with trust reflects their belief in its transformative power. They argue that allowing data to flow freely, securely, and with trust will enable nations to fully leverage the benefits of digital transformation. With the overarching goal of helping partner countries achieve tangible development outcomes, JICA recognizes that data is instrumental in accelerating progress towards the Sustainable Development Goals (SDGs). This reiterates the importance of data in driving socio-economic development and highlights its role as a catalyst for achieving the SDGs.

In conclusion, both speakers advocate for data flow with trust as a critical prerequisite for digital transformation and development. JICA's adoption of digital technologies and the Government of Japan's promotion of data-free flow with trust demonstrate their commitment to harnessing the power of data in their efforts. By recognizing data as a valuable asset and emphasizing the need for trust, they provide a compelling argument for the free and secure movement of data. The speakers' positive sentiment underscores the significance of data in accelerating progress towards the SDGs and achieving tangible development outcomes. Overall, their insights shed light on the essential role that data flow with trust plays in unlocking the full potential of digital transformation and driving sustainable development.

Gordon Kalema

The importance of formulating a data ecosystem that prioritizes people's understanding and comfortability is emphasized in this collection of arguments. It is argued that a data ecosystem should be designed with a focus on ensuring that individuals have a clear understanding of how their data is being used and feel comfortable with its handling. This sentiment is supported by the observation that there has been a grey space in discussions around data where uncertainty existed.

Policies play a crucial role in creating a conducive data ecosystem. Rwanda's implementation of a data protection and privacy law two years ago is cited as an example of the importance of policies. It is noted that a grace period of two years was given for people to understand and adapt to the new regulations, and from October 15, a cut-off date will be implemented. This demonstrates the role of policies in shaping the data ecosystem and providing a framework for data protection.

Balancing regulations with people's comfort and understanding is deemed necessary. The argument is made that while regulations are important for safeguarding data, they should not hinder people's ability to comfortably navigate the data ecosystem. Transitioning from a regulatory focus to a people-centric approach is highlighted as a valuable lesson, with an emphasis on putting people first before policies.

The potential for developing countries to be part of and even lead the data economy is mentioned. It is noted that data understanding and the data ecosystem are still uncertain areas in which everyone is learning. This suggests that developing countries have the opportunity to actively participate in and shape the data economy, potentially taking on leadership roles.

The significance of creating granular procedures and policies that can be easily understood by consumers is underscored. The example of Gordon's country, where data protection and privacy laws were enacted two years ago, highlights the need for policies that are accessible to the general public. It is implied that simply having a legal instrument is not enough, and that policies must be designed with consumers' understanding in mind.

The intentional structuring of organizations and dedication of resources to drive data discussions are emphasized as important factors. The establishment of a data protection office under the National Cyber Security Authority is cited as an example of intentionally structuring an organization to train people and facilitate discussions on data protection and privacy. This highlights the importance of organizational commitment and resource allocation in advancing data-related initiatives.

The role of data protectors is presented in a new light. It is argued that their duty extends beyond protecting data to also facilitating the flow of data and ensuring privacy. The perspective that data protectors should be conservative and solely focused on data protection is challenged, and a broader understanding of their role is encouraged.

Driving the digital conversation is seen as dependent on patience, awareness, and people's ownership of the process. It is suggested that creating a culture of understanding, where people realize the importance of data in powering AI tools and digital innovations, is crucial. This implies that active engagement and participation from individuals are key factors in driving meaningful discussions around data and its applications.

To build a strong and sustainable data ecosystem, leveraging support from countries and international organizations is deemed essential. The argument is made that common protocols, tools, processes, and frameworks or policies should be put in place through collaboration with external entities. This suggests the need for partnership and cooperation at a global level to establish cohesive and effective data management practices.

The private sector is portrayed as having an important role in supporting emerging economies in terms of tools, processes, and policies. The argument calls on the private sector to contribute to the development and advancement of data-related initiatives in emerging economies, potentially by providing resources and expertise.

Promoting more innovations and championing transformative digital tools that are paired with useful data is posited as a way to increase understanding and appreciation of data's value. It is suggested that when people can see the practical applications of data through innovative tools, they are more likely to grasp its significance. Therefore, a deliberate focus on encouraging and promoting innovative solutions is advocated.

Rwanda is portrayed as open to being a data champion. The country's willingness to embrace and advocate for data-related initiatives is highlighted, suggesting a commitment to playing an active role in shaping the data ecosystem on a global scale.

The significance of the youth in the digital industry is emphasized. With over 70% of the population in Rwanda being below the age of 35, it is argued that young people are not only users and consumers of digital technologies but also bring disruption to the industry. This highlights the potential of youth involvement in driving digital innovation and growth.

Transparency in data sharing may be hampered if institutions are not comfortable sharing low-quality data. It is suggested that lack of transparency might be due to institutions trying to hide something harmful. This observation highlights the potential challenges in achieving full transparency in data practices and the importance of ensuring data quality.

Emphasizing data quality is suggested as a means to promote transparency and openness. It is argued that by focusing on data quality, institutions may feel more comfortable in sharing data, resulting in increased transparency. This further underscores the interplay between data quality and transparency in the data ecosystem.

In conclusion, this collection of arguments highlights the importance of formulating a data ecosystem that prioritizes people's understanding and comfortability. Policies, balancing regulations with people's understanding, the role of developing countries, granular procedures and policies, intentional organizational structuring, data protectors, driving the digital conversation, leveraging support from countries and the private sector, promoting innovations, and youth involvement are all key considerations in shaping an effective and sustainable data ecosystem. Additionally, the challenges of transparency, data quality, and the role of Rwanda as a potential data champion are also addressed.

Jean-Jacques Sahel

The analysis explores various aspects of cross-border data flows, privacy, and security in the digital economy. It emphasises the need to balance data flows with trust and privacy. Data flows are integral to our daily activities, both economic and personal. However, it is crucial to address the trust deficit between users and companies. To achieve this, public policy frameworks must embrace the free flow of data and avoid threats related to data localisation.

Moreover, the analysis advocates for open, interoperable, and standards-based regulatory models for data management. Progressive data transfer solutions have emerged in countries like Singapore, Brazil, and Japan, including certifications, consent for adequacy agreements, and interoperable privacy laws. The global cross-border privacy rules (CBPR) system is highlighted as a trusted mechanism for facilitating data flows between jurisdictions.

The inclusion of voices from developing countries in ongoing discussions about global frameworks for cross-border data transfers is also emphasised. Interoperable standards and certification systems can be applied globally, and the right voices are essential to ensure the global applicability of these frameworks.

The analysis acknowledges the role of companies like Google in providing access to information, especially in developing countries. Google sees itself as an information company that enables people worldwide to access relevant information. The internet has revolutionised access to information, and Google's tools and products have played a significant role in facilitating this accessibility.

The importance of businesses, particularly small and medium-sized ones, understanding and integrating privacy practices for trusted data flows is highlighted. Certification requirements and good practice standards for data privacy exist, and businesses can adhere to them. Google has invested in funding advisors to help businesses understand these requirements and implement them. Embedding privacy practices directly into products through privacy by design principles is also deemed possible.

Privacy and security are considered crucial in handling data. Google's experience and understanding of good practices in privacy and security are cited to underscore the need to incorporate privacy and security in both product creation and transactions.

The analysis emphasises the need to raise awareness and understanding of privacy and security principles among users and the business community. It is argued that this awareness reinforces trust and ensures the adoption of good privacy and security practices.

Regarding data localisation, the analysis suggests that the decision should be based on the nature of the data and its potential use. Examples, such as health data during the COVID-19 pandemic, demonstrate cases where data localisation may be necessary for the benefits it brings. However, the analysis does not explicitly endorse or reject data localisation in general.

A strategic approach to handling data, rather than a purely regulatory approach, is advocated. It is suggested that this approach should consider empowering regions, strengthening local economies, reinforcing local content creation, and other factors relevant to the specific goals and needs of each region.

Transparency is encouraged in terms of privacy and security. While acknowledging the existence of cultural differences, the analysis believes that a baseline level of good practices in privacy can be universally achieved. Reference is made to ISO-type security standards as a precedent for globally accepted standards.

Cooperation is deemed necessary for addressing the challenges related to cross-border data flows. The analysis highlights the difficulty of swiftly achieving a full global solution but suggests starting by creating connections between certain countries and gradually expanding from there.

Lastly, the analysis rejects the idea of having separate privacy and security standards for developed and developing countries. It argues that such separate standards would perpetuate disparities and hinder the goal of reducing inequalities.

In conclusion, the analysis emphasises the need for a balanced approach to cross-border data flows, incorporating trust, privacy, and security. It promotes open, interoperable, and standards-based regulatory models, the inclusion of voices from developing countries, and access to information. The significance of businesses understanding and integrating privacy practices, as well as raising awareness and understanding of privacy and security principles among users and the business community, is also highlighted. The analysis advocates for a strategic approach to data handling, transparency, and cooperation while rejecting separate standards for developed and developing countries.

Speakers

C

Chrissy Martin Meier

Speech speed

162 words per minute

Speech length

131 words

Speech time

48 secs

Click for more

G

Gordon Kalema

Speech speed

150 words per minute

Speech length

2151 words

Speech time

860 secs

Click for more

J

Jean Philbert Nsengimana

Speech speed

131 words per minute

Speech length

549 words

Speech time

252 secs

Click for more

T

Tojima Hitoshi

Speech speed

120 words per minute

Speech length

456 words

Speech time

229 secs

Click for more

AY

ATSUSHI YAMANAKA

Speech speed

157 words per minute

Speech length

3433 words

Speech time

1308 secs

Click for more

A

Audience

Speech speed

182 words per minute

Speech length

1902 words

Speech time

628 secs

Click for more

JS

Jean-Jacques Sahel

Speech speed

188 words per minute

Speech length

3432 words

Speech time

1098 secs

Click for more

KM

Kathleen McGowan

Speech speed

152 words per minute

Speech length

2055 words

Speech time

812 secs

Click for more

MM

Mayumi Miyata

Speech speed

143 words per minute

Speech length

1228 words

Speech time

514 secs

Click for more