WS #180 Protecting Internet data flows in trade policy initiatives

Summary

This discussion focused on protecting Internet data flows and addressing challenges in trade policy initiatives. Panelists explored how data localization laws and restrictions on cross-border data flows threaten the open, globally connected nature of the Internet. They highlighted concerns about how such policies can negatively impact privacy, free expression, and economic growth, particularly for small businesses and network operators in developing countries.

The speakers emphasized the need for evidence-based policymaking and standardized practices for data protection and security. They discussed tools like the Internet Society’s Impact Assessment Toolkit to help governments understand the consequences of their policies on Internet infrastructure. The importance of involving diverse stakeholders, including network operators, small businesses, and civil society, in policy discussions was stressed.

Panelists noted the challenges posed by the intersection of digital trade issues with national security concerns, which has led to increased restrictions. They called for greater collaboration between the digital and trade communities to address misconceptions about data flows and sovereignty. The discussion highlighted the need for more research on the economic impacts of data localization, especially in developing countries.

Participants agreed on the importance of raising awareness about how restrictions on data flows threaten the Internet’s existence. They suggested engaging with international development banks and national policymakers to promote informed decision-making. The discussion concluded by emphasizing the need for collaboration among all stakeholders to maintain free data flows and shape the future of the Internet and digital trade positively.

Keypoints

Major discussion points:

– The importance of protecting cross-border data flows and resisting data localization policies that threaten to fragment the internet

– The rise of digital sovereignty and data localization laws as threats to an open, globally connected internet

– The need for evidence-based policymaking and impact assessments to understand the effects of data flow restrictions

– The role of trade agreements in protecting cross-border data flows and the recent U.S. reversal on this issue

– The importance of including diverse stakeholders (e.g. small network operators, businesses) in discussions about data flows and trade policy

The overall purpose of the discussion was to examine threats to cross-border data flows, particularly in the context of trade policy, and explore ways to protect an open, globally connected internet while addressing privacy and security concerns.

The tone of the discussion was largely analytical and collaborative, with experts sharing insights from different perspectives (e.g. human rights, trade policy, internet governance). There was a sense of urgency about the threats to cross-border data flows, but also optimism about potential solutions through multi-stakeholder collaboration and evidence-based policymaking. The tone became slightly more concerned when discussing geopolitical tensions and national security issues near the end.

Speakers

– Nermine EL Saadany: Moderator, Regional Vice President at the Internet Society

– Natalie Campbell: Director and Senior Director, North America at the Internet Society

– Mahroz Khan: Cross-border Expansion Manager at the Digital Cooperation Organization (DCO)

– Jennifer Brody: Deputy Director of Policy and Advocacy for Technology and Democracy, Freedom House

– Sabhanaz Rashid Diya: CIGI Senior Fellow and founder of the Tech Global Institute

– Farzaneh Badiei: Founder, Digital Medusa

Additional speakers:

– (Audience member): Senior Project Manager at the Council of Europe

– Dana Kramer: Representing Canadian NRI (youth and national)

– Milton Mueller: Professor at Georgia Institute of Technology’s Internet Governance Project

Protecting Cross-Border Data Flows: Challenges and Solutions in Internet Governance

This discussion, moderated by Nermine EL Saadany of the Internet Society, brought together experts from various fields to explore the critical issue of protecting cross-border data flows in the face of emerging challenges, particularly in trade policy initiatives. The panel examined how data localisation laws and restrictions on cross-border data flows threaten the open, globally connected nature of the Internet, and discussed potential solutions to address these challenges.

Key Threats to Cross-Border Data Flows

The panellists unanimously agreed that data localisation laws pose a significant threat to the open Internet. Natalie Campbell from the Internet Society highlighted how these laws threaten global connectivity, while Jennifer Brody of Freedom House emphasised that such laws enable government surveillance and control. Sabhanaz Rashid Diya, a CIGI Senior Fellow, pointed out that the recent US reversal on cross-border data flow policy encourages data localisation, further exacerbating the problem.

Farzaneh Badiei, founder of Digital Medusa, drew attention to the impact of data localisation on small network operators and meaningful connectivity. This perspective was particularly valuable in highlighting how these policies affect not just large corporations, but also smaller players in the digital ecosystem.

The discussion also touched on the concerning trend of trade agreements no longer prioritising or including strong protections for cross-border data flows. Both Natalie Campbell and Mahroz Khan from the Digital Cooperation Organization expressed worry about this development, noting that it poses significant risks to the open Internet. Khan specifically mentioned ongoing discussions at the World Trade Organization (WTO) and the shift in the US position on cross-border data flows.

Impacts of Restricting Cross-Border Data Flows

The panellists explored various negative impacts of restricting cross-border data flows. Nermine EL Saadany emphasised how such restrictions fragment the Internet and hinder economic growth. Jennifer Brody highlighted that data localisation laws impede access to information and communication, raising serious human rights concerns. She also discussed Freedom House’s work on internet freedom and its relevance to this issue.

An audience member raised the possibility of tariffs on digital services being used as retaliation in trade disputes, adding another layer of complexity to the issue. Milton Mueller, a professor at Georgia Institute of Technology, brought attention to how national security concerns are increasingly being used to justify digital trade restrictions, particularly in the context of US-China geopolitical rivalry.

Approaches to Protect Cross-Border Data Flows

The discussion then shifted to potential solutions and approaches to protect cross-border data flows and maintain an open Internet. Natalie Campbell advocated for the use of the Internet Society’s Internet Impact Assessment Toolkit to evaluate policies affecting cross-border data flows. She provided specific examples of how this tool has been used to assess the impact of proposed legislation on Internet infrastructure in countries like Ecuador and Kenya.

Farzaneh Badiei suggested standardising data protection and security practices globally as an alternative to data localisation. This approach aims to address security concerns without resorting to harmful localisation policies. She also emphasised the importance of involving small network operators in these discussions.

Several speakers emphasised the need for more comprehensive research and evidence gathering. Mahrooz Khan called for gathering evidence on the economic impacts of data localisation, especially in developing countries. He also highlighted the work of the Digital Cooperation Organization (DCO) in developing digital trade policies and promoting cross-border data flows.

Sabhanaz Rashid Diya stressed the importance of involving diverse stakeholders, including small businesses, in policy discussions. Jennifer Brody proposed engaging international development banks on data protection issues, highlighting the need to incorporate data protection expertise in development projects.

Natalie Campbell emphasised the importance of raising awareness that data flows are crucial for the Internet to exist, suggesting outreach to national decision-makers on this issue. She mentioned the role of Internet Society chapters in raising awareness about internet threats at the local level.

An audience member brought up the Council of Europe’s Convention 108 and the Budapest Convention as potential models for international cooperation on data protection and cybercrime issues.

The moderator concluded by emphasising that collaboration among all stakeholders is key to maintaining free data flows and shaping the future of the Internet and digital trade positively. The discussion highlighted the need for continued dialogue, evidence-based policymaking, and more research on the economic and societal impacts of data localisation policies.

In summary, this discussion provided a comprehensive overview of the challenges facing cross-border data flows and the open Internet. It highlighted the complex interplay between technical, economic, legal, and human rights considerations in this domain, and proposed various approaches to address these challenges while preserving the fundamental openness and global connectivity of the Internet.

Nermine EL Saadany: Thank you, everyone. Please confirm that you hear me online. Okay. Yes, perfect. So good afternoon. It’s a pleasure to be here with you today. My name is Nermin El Saadani. I am the regional vice president at the Internet Society, and I will be moderating this very interesting session today about protecting Internet data flows and trade policy initiatives. I think the rapid globalization of the digital economy has transformed the way we conduct business and the way we communicate and innovate. As data becomes an increasingly valuable asset, it is imperative to ensure the free flow of cross-border data. However, there is a rise of protectionist measures and data localization policies that threaten and fragment the Internet and might hinder the economic growth. So in this session, we will be delving into the critical issue of protecting the Internet data flows in the context of trade policy initiatives. I have with me online and as well on-site a very distinguished panelist whom I cherish being with and among because of their expertise, and I think the session will be very, very interesting. And without further ado, I would like to introduce our first speaker online, Ms. Nathalie Campbell, the director and senior director, North America at the Internet Society. And allow me, Nathalie, to address the very first question in our session. Why removing, in your opinion, Internet protections for cross-border data flows against mandated data localization and electronic transmission threaten the Internet? You have the floor, Nathalie.

Natalie Campbell: Thank you, Nermeen, and thank you, everyone, so much for joining us today. It’s really an honor to be here and to speak to you all about this really concerning issue. So at the Internet Society, you know, we’ve been paying attention to different threats to the Internet over the last several years. And, you know, we pay extra attention when we observe threats that would impede the Internet at the infrastructure level, but specifically in terms of what it needs to exist. Over the last several years, I think it’s no surprise to everyone here that there’s been increasing threats of fragmentation to the Internet, and often these come from governments who are trying to address different issues on the Internet, and doing so without considering what the Internet needs to exist in the first place. So the Internet Society and our mission for Internet for Everyone, we work as a resource with governments, and we help them understand the impact of different decisions on the Internet and how to mitigate harm with tools like our Internet Impact Assessment Toolkit. But today we’re here to talk about a newer challenge that is more difficult to tackle and to steer different actors in the right direction because of the secretive nature of these initiatives and the lack of transparency to different folks in this process. And that’s the threats emerging in trade initiatives to the Internet’s promise of global connectivity and specifically open data flows. So the Internet Society, we’re not a trade expert, but we started paying attention to this issue because it is an Internet threat that we spotted in 2023 when we started seeing talks about certain Internet protections that were being advanced in the World Trade Organization’s joint statement initiative on e-commerce. We started paying attention when certain protections for open data flows and pushing back on mandated localization, when that became deprioritized and ultimately there was a lack of consensus. on these protections that are crucial to the internet and its global connectivity, things that needs to exist in the first place. So this is why we started paying attention to this issue and why we’re so happy to have an opportunity to speak with everyone here today about it, because we believe that, open data flows are not just a nice to have, the internet needs these to exist. And the fact that these protections are no longer prioritized in trade initiatives, this is a worrying signal to countries around the world that very much rely on open data flows for digital trade to be successful in the first place. If we’re no longer thinking about the fact that these need to be prioritized as a protection, then that poses a risk to the internet because countries who are involved in these trade initiatives might otherwise not be prioritizing this when they’re thinking about their own different approaches to national regulation. And specifically we’re worried because as many countries around the world don’t have approaches to data governance, they might be looking towards restrictions to data flows or mandated data localization in the name of privacy and security, but we know that these are not actually helpful to both those goals and are actually very harmful to the internet’s infrastructure and what it needs to exist in the first place. So that’s kind of why we were hoping to help share these concerns with folks here today and to have a conversation with participants to not only share awareness about our concerns, but also to brainstorm what can be done to help steer countries in the right direction to protect things that are crucial to the internet and what can we do to support different actors to ensure that trade initiatives are also prioritizing protections for the internet, especially given the lack of visibility that folks have into these conversations. What can we do together? Thank you.

Nermine EL Saadany: Thank you so much, Nathalie, for setting the scene for our discussion and let me take from what you have said and maybe just take a minute to explain again to our audience because I see some new folks entered the room. Our session today will tackle protection of trade and the data flow and cross-border data and it will be divided into two parts. Part one will be the panel that we are having now, very distinguished panelists we are having online and on-site and then the second part we will have some robust kind of discussion where the experts will share some views as well and definitely in between we will listen to your views and maybe take some questions and answers. And from what Nathalie has said and maybe I would refer to my colleague on the left, Mr. Mahrooz Khan, cross-border expansion manager at the Digital Cooperation Organization, the DCO, and from your expertise, Mahrooz, the reaction of the countries on the threats and how they look at the threats that the trade can face and what is the impact on SMEs in specific.

Mahrooz Khan: Thank you so much and I really appreciate this opportunity to be here and I would like to congratulate the Internet Society for organizing this discussion and from where I’m coming from, I’m a trade and investment lawyer trained at WTO and then UN International Trade Center, so I’m coming from that dimension, but specifically here at the Digital Cooperation Organization I’m working on the nexus between the digital policies and the trade policies through various of its programs. The DCO is a new intergovernmental organization with 16 member states spanning across three different continents, so we have a good mix of member states from Europe, from Africa, as well as Asia. So I would like to actually start the premise that there is actually discontent between trade community and the digital community and it has been lagging for decades. When we talk about, as Ms. Nettly actually mentioned, that this new topic actually started coming to the conversation in the digital community in 2023. So actually, let me actually specifically lay out what actually happened in 2023. In 2023, United States stated its position that it will not support its argument and it will not enter into any legally binding agreement which guarantees cross-border data flows. And then it got into news because then it also had that catchy name, tariffs. So custom duty cross-border data flows, but in addition to that, there was a threat that custom duties would be applicable to the electronic transactions. And here, let me also bring you the background. This discussion has been happening in the trade community. Back in 1998, there was a committee formed on electronic transactions where the countries agreed that they will not impose any custom duties on electronic transactions. That was a temporary moratorium. It has been renewed again and again and recently, since the last four years, it has been extended on a bi-yearly basis, twice, during the ministerial conference of WTO. The committee at the WTO, there was no agreement on any other issue apart from the moratorium, so it did not produce anything. So what happened was, a group of countries, specifically 91 countries representing 90% of the global trade, started to negotiate on a plurilateral trade agreement where US, being this big supporter of open cross-border data flows, proposed its position that we need to have open cross-border data flows, the data localization requirements must be minimized, and then there must be a strong position on source code sharing. So later on, what happened? So the conversation started back in 2017, the country started negotiating. Then in 2023, United States stated its position, it is backing off, and then it got into news, and how it is going to impact the digital community. So where do we stand today? We do not have an internationally legally binding instrument at any stage which guarantees open cross-border data flows. This position was actually taken by US at the WTO. However, they have backed down. Amongst these 91 countries, nine of them dropped, including United States. So the latest agreement that we have amongst the 82 countries is that there must be facilitation of electronic commerce, and the language of the treaty is not much legally binding. And they have taken out cross-border data flows, the data localization requirement, and the source code. At the DCO, what we did, looking at these developments, we actually assessed where the countries stand today on these digital trade policies. And we actually collected regulations across 16 member states that actually accounts around 2,500 regulations. So in order to move towards the next direction, we need to know where we stand today. So we collected this assessment, and then we also did a survey with the business firms who are involved in digital trade, trying to understand their experience to actually connect the dots. Moving forward, we will be actually sharing a high-level trends analysis that shows the developments of digital trade. The importance of this discussion, we are connected with our moderators today through Zoom. That would mean additional imposition of taxes, but then how those taxes would have to be paid, the speakers connected in different jurisdictions, from Canada to UK and other jurisdictions, how that has to be implemented. So this topic actually creates more regulatory uncertainty. That also means Ms. Nermeen, who has actually come from Egypt, she’s able to call her family through WhatsApp. That means that won’t be possible, or that might not be possible. We do not know. And for the private sector, and here the major issue comes, the private sector, especially for the small, medium-sized enterprises, it will become a hurdle. We need open cross-border data flows that allow small businesses, and in the new digital economy, it allows small businesses to provide their goods as well as services and expand into different regions. The uncertainty on this issue would mean, and without any agreement between any countries, that would mean we are uncertain about the future. So there needs to be actually discussion. The original point that I mentioned, the discussion between trade community and the digital community, and the countries need to actually start monitoring the impact that it will have on their businesses, on their economy, and moving forward, any new shape that our economies can take. I’ll stop here.

Nermine EL Saadany: Thank you. Thank you so much, Mahmoud. It’s very insightful. And we will move to our next speaker online, Ms. Jennifer Brody, Deputy Director of Policy and Advocacy for Technology and Democracy, Freedom House. And I think, Jen, from your own experience, access to information and communication technologies nowadays has becoming an essential matter for more inclusive society and become more and more related to human rights. So if you can share from your experience, your thoughts about that, please. Jen?

Jennifer Brody: Sure, my pleasure. And thank you so much for having me here today. It’s a real honor and a pleasure. First off, just to share, if you’re not familiar, Freedom House, we are the oldest human rights and democracy nonprofit in the United States, founded in 1941. We produce the report that many of you may be familiar with called Freedom on the Net. It surveys essentially the state of internet freedom in over 70 countries around the world, working with local country analysts. At Freedom House, we first engaged in this topic after the US government, the USTR, reversed its longstanding cross-border data flows policy in the World Trade Organization talks in October, 2023, that the panelists who spoke before me alluded to. Like ISOC, we are not digital trade experts. Instead, for Freedom House, we are human rights experts. So I will be speaking specifically to the human rights impacts of these policy reversals. So first, I want to touch on data localization laws, which is a result of reversing or helps encourage… Sorry, I’m on my first cup of coffee. So reversing a longstanding cross-border data flows policy helps encourage data localization laws. So what are these data localization laws? They place personal data firmly within reach of governments, creating unique risks for people’s privacy, free expression, access to information, and other fundamental freedoms. These implications are especially problematic in authoritarian contexts where there exists weak rule of law. So to zoom in and provide one example, if we’re looking at Rwanda, in Rwanda, the government mandated that companies store data… locally, which left personal data easily accessible in an environment in which authorities have embedded agents in telecommunications companies and use data from private messages to prosecute defenders. And now to zoom out, Rwanda’s approach is quite similar to China’s authoritarian approach to data governance. And I will underscore Rwanda is not an outlier. Governments around the world are seeking to repress dissent by surveilling their people’s digital communications. In fact, over 78% of the world’s internet users live in countries where simply expressing political, social, and religious viewpoints leads to legal repercussions. And I can say we expect this problem to only be exacerbated with the forthcoming UN Cybercrime Treaty. Happy to discuss that more later. So now just a few notes on how this policy reversal of cross-border data flows impacts internet fragmentation or leads to it rather. So first just some background. We know that at multilateral forums, the Chinese government has been working alongside like-minded governments to divide the global internet into state-run enclaves that can be more easily monitored, censored, and controlled. Unsurprisingly, Chinese officials view the World Trade Organization as yet another forum to assert their approach. In negotiations over electronic commerce rules, the Chinese delegation has, for example, advocated for the need to consider internet sovereignty as a legitimate public policy objective. From Freedom House’s perspective, we’re based in Washington, DC, where I’m coming to you from earlier this morning. It is deeply concerning that the United States, once a leader of the interoperable free and global internet, is arguably inching towards China’s internet sovereignty. And this is happening at a time when the world needs the United States to stand up for a free, open and global internet now more than ever before. Indeed, Freedom House’s Freedom on the Net report that I mentioned earlier, found in its most recent edition that came out just a few months ago, the report found that internet freedom declined for the 14th year in a row. So we’re really facing dire circumstances. On a fragmented internet, people have limited access to information from foreign sources, which is especially critical in closed spaces. And just to provide a concrete example, Wikipedia, the free encyclopedia that we all know and love, and is run by the nonprofit Wikimedia, they cannot afford to comply with data localization laws, because they require setting up expensive data collection and storage facilities. So if Wikipedia can’t operate, people, their right to information is essentially undermined because they cannot access this resource. Also, on a fragmented internet, people may struggle to connect with loved ones abroad, and may face barriers to organizing online with communities around the world. For example, in Uzbekistan, due to Skype and Twitter’s non-compliance with the data localization law, authoritaries temporarily blocked these and other popular platforms, and this severely limited people’s ability to communicate and access information. And I will stop there. Thank you.

Nermine EL Saadany: Thank you so much, Jen, and thank you so much for accepting our invitation while it’s very early at your end. We much appreciate it. I would refer now to my panelists on my right, Subhanaz Rashid Daya, CIGI Senior Fellow and the founder of the Tech Global Institute. We have been listening, Daya, a lot about data localization and how this can impact free trade and cross-border data and so on, and I would like to listen to your views on that regard, please. Thank you.

Sabhanaz Rashid Diya: Thank you, Ramin, and it’s very good to be here with a number of experts, both on-site and online. So I am Subhanaz Rashid Daya, and I’m a Senior Fellow at the Center for International Governance Innovation, which is a think tank out of Canada, as well as I am part of the Tech Global Institute, and we primarily work with global majority countries around technology policy issues. And I think I just wanted to build on what my last speaker said around data localization laws kind of cropping up across the world, particularly in authoritarian regimes and the challenges around it. But I think if you can kind of take a step back and really start kind of questioning or interrogating how this really came about beyond some of the trade agreements, in the sense that I think there’s been a perpetual conflation of concepts such as sovereignty and cross-border data flows and kind of treating it as a binary framework in terms of, you know, if there’s data flows happening, then a country’s sovereignty is being questioned. Similarly, there’s also a conflation of ideas between cybersecurity and cross-border data flows. sense that, you know, if a country wants to have a more cyber resilient ecosystem, then they’re better off having local localized data centers or local data storage mandates in order to be able to protect their people in a more meaningful way. And I think these sort of frameworks and we oftentimes, you know, don’t want to kind of indulge too much in analogies, but these sort of binary frameworks have really fueled a lot of frustrations and misconceptions and interpretations among governments around the world, where they are more and more inclined towards data localization mandates. And we’re seeing increasingly these sort of laws being cropping up around the world, but particularly in global majority countries, which already have resource constraints and many of these countries where there’s very serious concerns around speech, privacy and people’s civil rights. If I could just build on that a bit more further, I think, you know, and I think Farzana is gonna talk a little more about the role of civil society in terms of how we’ve been divided since 2017, building on what Mehrot said in terms of what kind of that looks like. But, you know, civil society in the global majority really understand that the intent behind it is kind of what Jen has alluded to in terms of that law enforcement wants increasingly access to personal data to be able to control population and to be able to, you know, infringe upon their speech rights. And with the expansion of transnational private sector, that need has become even more, even greater. And they feel that there’s a very strong, and they feel the only way to kind of access the data is by having these mandated local data storage provisions. I think the other way we have seen it also come up is, you know, oftentimes there’s also frustrations among law enforcement domestically in terms of how they, in terms of, you know, just genuine crimes and the very complex process they have to go through with, you know, with MLATs and other kinds of data sharing agreements with other countries. And that complex process has really also made it difficult for them to access user data. So there’s a number of other sort of, I would say, equities at play, both political and national security equities at play that have led to this proliferation of data localization laws across the world. Some of this is, some of these are genuine challenges and some of these are more political challenges or there’s a need to control. But I think it is important to be able to place the expansion of data localization mandates within this political context in order to better understand why it’s happening in the first place. In other areas, we’ve seen it really kind of come up is within bilateral and multilateral funding instruments. And we’ve seen areas where, for example, there is a need to push towards more increased cybersecurity measures. And many countries interpret that as local data storage measures because the way they can ensure cybersecurity in their minds is by having local data storage measures. And so we have seen this come up in many of the debt conditionalities from the World Bank and the IMF groups. We have seen it come up in some of the bilateral aid functions as well in terms of where we see a lot of push toward a lot of conflation between cybersecurity and localization mandates, particularly in the global majority. I can also, I think if you have a second round to where we’re gonna talk about where we see opportunities with the multilateral instruments as well. But I just wanna give a bit more background in terms of where we are seeing it coming up, why it’s coming up on the various equities that has led to this happening. And of course, with the US kind of backing down on their position on cross-border data flows, it has, I would say, exacerbated these tensions even more because now in the absence of an internationally legally binding agreement around cross-border data flows and the various existing and new challenges around technology, data transfer, cybersecurity and online safety, we’re left in a limbo where civil society and communities with a global majority are stuck with these multilateral localization laws that have made it extremely difficult for them to express themselves, protect their privacies and exercise their civic rights. Thank you.

Nermine EL Saadany: Thank you so much, Daya. And I’m sure that we will have some questions from the floor to continue our discussion as well. But let me refer to last but not least, our online panelist Farzana Badia, PhD founder, Digital Medusa. And Farzana, you will speak with, I will reflect on the digital sovereignty and we will continue with the three threats on technical community and the ability of countries to develop data governance policies. Farzana.

Farzaneh Badiei: Thank you, Nani. And thank you for for the invitation. Just for those who don’t know, I’m. I have been working on internet related issues and governance and infrastructure for over for over a decade, and I started Digital Medusa to protect and defend the internet. It’s very similar to Internet Society’s mission. But I think we need multiple organizations to actually do that in such a junction. So one of the. So this kind of like advocacy against free trade and digital free trade. We saw that happening in like around. So it started happening around 2014 when there was this TPP trade trade negotiations were going on. And there were several civil society organizations and individual scholars that believe that free trade, a digital free trade. It actually hampers that digital sovereignty and privacy of people because nation states cannot cannot come up with their own data protection laws and also labor. There were a few labor unions that that believe that because of this digital free trade agreement, the labor rights were not being protected, especially in the global south. And like the conversation was ongoing and since. Well, digital trade. like free trade and digital trade has been like a sub topic of conversation for 20 years, as Mahrooz also mentioned, more than 20 years, 25 years. So, but one of the, but as Trump got elected in 2017, he wanted to renegotiate NAFTA and kind of created this chaos that everybody got worried that we might actually lose this protection for cross-border data flow. And one of the things that was very interesting was that so we gathered together, civil society gathered together to, like we issued statements on how cross-border data flow is very important for protecting human rights, but also defending and protecting the global cross-border data flow. And so for a few years, we, it was okay, but then there was this urge of digital sovereignty brewing among many nation states. And they believe that they can assert their sovereignty by localizing data and usually going after or going against the principles that made the internet happen, which is like global cross-border data flow with no discrimination. And so, and to our surprise, in 2022, we saw another surge of advocates that, that advocated, that told USTR in its consultations that free trade agreements, especially when it comes to digital issues and like big tech, it’s always like there’s also this search towards like attacking big tech for good reasons. But here, I will explain why we went the wrong path. But there were, so they advocated for not having digital free trade clauses in different trade agreements because of the labor rights, because they believe that data protection cannot happen if there are these free agreements. And also there was also a copyright issue that they thought that these advocates thought that the free trade agreement can actually take away, like they wanted stronger intellectual property, which is very much like has been hampering cross-border data flow and fair use for a long time. So anyway, we saw this and they successfully in a way managed to convince USTR to backpedal the clause that is very important for cross-border data flow. And the reasons that I think that the reason for being successful was first of all, this urge that they wanted to fight with big tech and that they did not understand the implications of this work on internet infrastructure. structure and global connectivity, that you are not only hampering big tech’s operation, you’re also hampering the operation of the network operator, that small network operator, that needs to rely on foreign services to provide connectivity. Also, there was this misconception that data protection laws cannot happen if you have a free trade clause, which is, I don’t know why this misconception keeps happening. I don’t want to deny it, but I haven’t seen enough evidence about it. And also, of course, the talk about digital sovereignty and all the nation states want to, one way or another, to assert their digital sovereignty. And most of the time, that is not to protect their citizen, but it’s to protect their power and control. And now we are in this mess. So I think that, so I’m going to discuss, yes, sorry, by USTR, I mean US trade representative. And so in the next segment, I’m going to discuss a little bit how, on a granular level, not having free trade agreements that facilitate cross-border data flow can actually have an impact on network operators, which we have kind of overlooked because the focus has been always on how to get big tech to be more accountable. And we have not looked at what sort of effect our advocacy will have on these network operators. Thank you.

Nermine EL Saadany: Thank you so much, Farzana. And here comes the time where we open the floor for discussion. I have with me as well my colleague, John Morris, online to help with the chat. questions that we received and as well Israel Moses here in on the ground to help with the session with the panelists or I mean the questions from the floor. So, John, do we have any questions over the chat, please?

John Morris: We don’t yet, but please, for the folks online, please post your questions and we’ll come to you.

Nermine EL Saadany: And I encourage as well. Yes, please.

Audience: Hello, I hope you can hear me. My name is Mark Taylor. I’m a senior project manager at the Council of Europe. I work for the Secretariat of Convention 108 and Convention 108 plus, which is the Council of Europe’s data protection convention. It’s based on human rights, democracy, rule of law. And it’s the oldest convention in this field and now is updated some time ago. One of the important aspects of it is that it does have the principle of free cross-border data flows as part of it. And I see here now twice, I think I’ve heard it, states struggling to come up with their own laws. We’re here to help with these kinds of things. And now, if people agree with the Council of Europe’s approach, of course, I mean, if they don’t, then that’s their deal. But there are two conventions I can think of that are relevant here. The Budapest Convention, which is a convention against cybercrime, global convention, anyone can join it, and Convention 108. Perhaps the panelists have some thoughts on this, because it is also part of a kind of a regional fragmentation. I had a lightning talk on Sunday about standardizing definitions in data transfers. I think it’s one of the ways of getting there, because increased data flow actually, logically, at least in my mind, reduce the need for data localization. If there are agreements for law enforcement, et cetera, to access data across borders, then there’s no need for them to shut themselves off from the rest of the world. That’s all. Thank you.

Nermine EL Saadany: Thank you so much for your question. Daya, maybe you can reflect, if you’d like.

Sabhanaz Rashid Diya: I’ll have to reflect very briefly on that, unless my speakers online would also like to chime in. I think I completely agree in terms of the Convention 08 and the Budapest Convention, providing very useful frameworks for that. But I think, to your point about why are not more nation-states approaching for help, I think there is a fundamental, a couple of underlying, I would say, values misalignment. But more important than that, I think there’s also political misalignment, in terms of, especially within the global south. I think Farzana very eloquently explained the history of the genesis of it, and particularly within global south communities, global south governments, and this urge to fight big tech. But I think there’s also an urge to fight Westphalia, and there’s an urge to fight global north hegemony. And I think in many ways, even if the Budapest Convention is there, it is universal, anybody can join it. I think those kinds of political tensions, geopolitical strifes, have led to countries less willing to approach those for help, and rather go for their own data localization provisions, even if they’re imperfect. And yes, countries do struggle to come up with a data protection regime that makes sense. And I think you really got to the crux of it, in terms of really having standardization of definitions, standardization of transfer clauses, what enables a transfer versus what does not enable a transfer, what are the conditions for access to data, and how do we really build a comprehensive human rights framework, and due diligence across the transfer pipeline, and across the data sharing pipeline. But I think there continues to be those kinds of sort of values, misalignment, political misalignment, that leads to it. And I think that’s also the reason why we see the UN Cybercrime Convention Treaty also come up, because of the fundamental values misalignment in that space. But yeah, happy to kind of take this offline, but those are some of my initial comments.

Nermine EL Saadany: Thank you so much, Daya, thank you. Anyone else from our panelists would like to reflect on that before we refer to the second speaker, our second question? I think you need to open the mic. Hello?

Mahrooz Khan: Yes. Great. Thank you so much for actually mentioning those conventions. I’m well aware of the Budapest Convention, not the other. So you see, there needs to be this technical exchange of information that needs to happen there. Specifically, and there are actually regional approaches, but when it goes to international legislation, so the health and security development congress said, for example, today I think that there’s a possibility that imperatives will have to be changed because they’ve been so ambiguous. So I would like to hear from each side, so indirus and infection screening of the epidemic will be determined. There needs to be a technical exchange kind of approach that will go ahead now and be considered in the next level. So we need that kind of. So for any decision to be made, we need the evidence. And I think the most important, what I want to say is that for policymakers, they need to make informed decisions. And I think we jump directly, the negotiators jump directly towards legalizing their understanding. And I think we miss the steps of learning what would be the impact. And I think many developed countries do it, but not developing countries, so then they are uncertain. Okay, what would be the impact if I enter into international legally binding contract? Why it’s happening at WTO? That goes against, again, why the reason the WTO was able to be created, the original idea from 1947 did not crystallize until 1996, but because of injection of intellectual property policy area into this space. And why that space? Because that provides a legally enforceable mechanism. It provides that platform. That’s why it has been negotiated. And just to reference what US position was original for cross-border data flows, the data flows, no party shall prohibit or restrict cross-border transfer of information, including personal information by electronic means, if this is for trade. So I think we need to move towards informed policy decisions, and we need to learn on these fronts.

Nermine EL Saadany: Thank you so much. I think we have a question here.

Audience: Yes, please. My name is Dana Kramer, representing my NRI, both youth and national for Canada. I was wondering about, like, there are a lot of tariff threats right now that are occurring out of the United States, and we don’t know whether or not these threats will materialize. And I’m from Canada, so we’re quite sensitive to it at the moment. And I was curious about, does the panel think that we might see increased threats for tariffs on digital services, for instance, as a mechanism to fight back against some of these US-imposed tariffs, because they do have so many technology companies that have global reach? Or would that be a misalignment of understanding some of your arguments today? Thank you.

Natalie Campbell: Thank you so much. Nathalie, do you have a reflection on that? Go ahead. Sure. Thanks. Hi, Dana. I’m also from Canada, and I’ve also been paying attention to those suggestions recently about tariffs. I do think that the suggestion of imposing tariffs is one thing when we’re talking about bringing commodities from one country to another. The fact that that has translated to the idea of electronic transmissions is really problematic because the internet has no borders. So that’s where my concerns would be. And we have seen these conversations happening, as Meraz mentioned, at the World Trade Organization. The fact that some countries would like to see tariffs on electronic transmissions, that would be a source of revenue for some of these countries. I think that’s how they’re looking at it. And so I do think it is important, as we raise awareness about these threats, that that is something that is highlighted. Cross-border data flows, that’s not a commodity. The internet’s not a commodity. We can’t regulate the internet like a commodity. Open data flows and electronic transmissions, these are needed for the internet to exist in the first place. And the minute that you put any kind of barrier to access, whether it’s a tariff or a regulation restricting what we can share online and what moves across borders, that becomes a problem for the internet. That becomes a problem for all of us here relying on the internet to be able to connect with one another. And essentially what it’s doing, it’s placing national borders online and making the internet not seamless, making it complex. So I do think that’s a really good question and underlines the importance of hopefully some of the solutions that we can brainstorm in the next portion. of this event on how can we get that message across, how can we help governments and folks involved in trade initiatives, how can we help them understand that we can’t be considering these things if we want the internet, which digital trade needs to be successful in the first place, we want that to continue to exist.

Nermine EL Saadany: Thank you so much, Nathalie. And I think if we don’t have further questions from the floor, either online or on site, maybe we can start our second part, because this will be another interesting segment of our discussion today, as we will be tackling the very important questions, how can we help? How can we collaborate with our different hats to stop trade policy changes that can hinder the internet? In this part, I would actually pose a question, and I will refer to my panelists to reflect on that questions with their own hats and their own expertise. So our first question in that sense will be, how can we steer countries towards data governance approaches that address privacy security concerns while protecting the open globally connected, secure, and trustworthy internet? And if I can put you, Jennifer, to be our first reflector on that, Jen?

Jennifer Brody: Yes, happy to jump in. Thank you for the question. So yes, we know that, as has been discussed, to protect cybersecurity, right, to enhance data sovereignty, as folks like to call it, data localization laws are often implemented. You know, often, not always, sometimes arguably, right, with good intentions, but if we don’t have strong laws in place, like comprehensive data protection laws that are human rights centric. More often than not, they result in, you know, extremely harmful surveillance that undermines many, many human rights. And I’ll just, just on this topic, I wanted to share, there’s an academic scholar, Anupam Chander. He wrote an excellent piece called Data Nationalism that essentially debunks the arguments that, you know, data localization helps enhance cybersecurity and protect citizens. I just dropped that article there if anyone is interested. So anyway, I would love to, you know, hear, hear from folks in the room. How do we encourage companies or countries around the world, rather than, you know, localizing data, pursuing alternative mechanisms, you know, to allegedly protect their people? Right at Freedom House, we’re very strong advocates of comprehensive data protection laws. So I would love to kind of open it up to the floor to see, to see what folks think. And then before I do that, I’ll also share one other Freedom House resource. I wanted to develop something shorter and pithier for this. We didn’t have the bandwidth at the organization, but just another great resource for this group. My colleague some years ago, before I started at Freedom House, actually wrote a fantastic report called User Privacy or Cyber Sovereignty. So, essentially unpacking many data localization laws around the world and talk and walking through their impacts on human rights from the freedom of expression, right to assembly, association, assembly, which could also serve as a good resource and local advocacy. So I will stop there.

Nermine EL Saadany: Thanks a million, Jen. And I’m not sure if you’d like to maybe interact. So if you have any reflections on what Jen has already mentioned, we can pause and take some questions. And if not, maybe we can continue to our next reflection on my question and then we can. go back to you and hear your views as well. So maybe Farzana, you can reflect on the question if I may ask you. Yes, go ahead.

Farzaneh Badiei: Oh, sorry. So is this like about my prompt? Yes, it is. Yeah, all right, great. So I just, I don’t want to blabber on, so I just want to say like the wording that the framework. So one of the things that I see is being the problem and this is why we’re not agreeing on a lot of things among ourselves and in policymaking is that we have not really nailed down all the impact, adverse impact of blocking cross-border data flow. I mean, we have worked on it, but we have to show how that network operator that lives in a small island and uses the infrastructure, the data infrastructure that is not on that island, how data operation can be affected and how it hampers the meaningful connectivity for their users. And when I was talking to different network operators, especially people from those operators from those islands told me that this could raise an important risk for their operations. So I think that also there’s another example of, this is a trade barrier, but when we say that, when we kind of like do not liberate cross-border data flow, Then we’re talking about restrictions on data flow for DNS, like Domain Name System Resolvers, which is one of the critical parts of the Internet. Today, all of us have used DNS resolvers to connect. These trade barriers, they could also create some ambiguity of whether, can I provide my DNS resolver services to other nations and other people, and then people in countries that need access to DNS resolvers that operate stable and functional, then they might not be able to use it. I think that these case studies should be brought up more, and we need to really assess the impact. Internet Society has a really great Internet impact assessment tool that we can use and measure the impact of these trade agreements that do not facilitate cross-border data flow anymore, on access to the Internet and global cross-border data flow. This is my suggestion because I don’t really care whether we protect the Internet by trade agreements or anything else. What we care about is to keep the Internet global and interconnected, and facilitate data flow. Trade agreements, until now, have been the critical mechanism that facilitated this. So it is not that we are protecting, we are being like free trade advocates. And so it’s just that it’s one of the main tools that have allowed us to bring the internet to everyone. So if they have other solutions, if there are other solutions, then I’m all ears. But also we need to address concerns that we kept talking about, like data protection. I think Council of Europe suggestion is very relevant. We need to standardize our practices, our security practices, our privacy practices globally so that communities don’t feel left behind and just go against cross-border data flow to solve their issues. So I just wanted to put that out there. I think that these are like some of the suggestions that I’ve been thinking about. I think we need more interaction with network operators, especially from the global South with people who provide critical infrastructure and see how we can also address the concerns that are raised by the labor unions and others that how we can actually solve those problems without affecting cross-border data flow.

Nermine EL Saadany: Thank you so much, Deir. That’s much appreciated. And Natalia, I think it might be within the context that you shed some light on the toolkit and maybe you can give us some examples as well about how this works.

Natalie Campbell: Sure, thank you, Nermeen. So I mentioned it before, but one of the ways that the Internet Society works with governments to help them understand how to support the Internet and mitigate harm of unintended consequences when they’re going about regulation is we help them use our Internet Impact Assessment Toolkit, which Farzana just mentioned. And what this does is it helps governments understand what the – and anyone who uses the toolkit – understand what the Internet needs to exist in the first place. It lays out a framework of not only what do we need to think about when we want to make sure that we’re protecting the Internet’s foundation, things like data flows that are critical to it existing in the first place, but also what should we think through when we’re developing policy to ensure that we’re working towards an Internet that is open, globally connected, secure, and trustworthy. So we make ourselves available to work with governments who want advice on whether they’re headed in a direction that supports the Internet and to think through the different aspects of the framework, which has helped us mitigate a lot of negative impact to the Internet proactively in many countries around the world. But the value of this toolkit is that when we mentioned before about governments thinking about things like mandated localization or data flow restrictions, they’re often – they have a mindset for privacy and security. What our toolkit does, it helps countries understand how that’s a myth. And I can give a really concrete example. I recently had the opportunity to travel to Oman for this very reason, doing a workshop about our toolkit with some government departments there. I was a little bit surprised when I arrived, you know, in trying to get to the hotel and curious about why a – like Uber wasn’t in a country. And I came to understand that the transportation department has data localization laws, meaning that personal information has to be stored within a country of Oman. But at the same time, there’s another rule in a country that any service or person in a country needs a license to use things like encryption, which we know is a foundation of security online into protecting our data and keeping it private and secure. So I thought to myself, well, this is a really interesting example of how countries who might be thinking about things like mandated data localization as privacy and security enhancing is actually a myth because if I’m a company such as Uber, am I really going to want to expand my services in a country where I can’t use encryption to secure any kind of personal data at all that has to be stored within a country? And the risks of not only exposing personal data to whoever might want access, not just the government, but with encryption, anyone who wants access could get access. That was a very clear, I guess, a way to help folks locally understand how often when we’re talking about these issues in the name of privacy and security, it’s actually counterintuitive and not helping us get closer to that direction at all. So that’s the value of tools like our toolkit, and one way that I think that is useful to think about when we’re talking about how do we steer countries in a direction that supports the internet. If trade initiatives were to also think about how to make use of these tools, I think it could also be a valuable way to. help folks understand how do we go about initiatives and even just the value of the internet to digital trade in the first place. Thank you. Thank you so much

Nermine EL Saadany: dear. Mahrooz, can you reflect and can we take the last comment from your side on that question so that can we move to the other one. Definitely. Thank you so much

Mahrooz Khan: again and I totally agree with the references made by the earlier speaker Ms. Farzana and Ms. Natalie. So we need to know where we stand before we make our decision. I would state that again. First on the regulatory side and secondly we need to talk, the governments need to talk to the businesses how it is going to impact them. The fact that we are importing any goods, importing any services, there is a reason for that because it is better service, it is better good, it has a price competitive advantage. So once we put tariffs or new regulatory barriers to external goods and services, it also impacts our own consumers and looking at the impact of the previous US tariffs threat had on their own development of industry. We have create great example there. What happened with the steel industry? Has it developed? Is it good for the local consumers? Not. And one of the earlier questions made by is are the new tariff threats real? They are very real. They are not just used in the debate of the digital economy, they are used for other purposes as well. For example, tariffs threat posed by the United States when the European Union announced its digital services taxation in the earlier Trump term, and so moving back from tariff threats to actually what can be done. So the governments need to actually do their regulatory assessment, they need to talk to the business in an organized way, and here the role of international organization. Societies need to help the governments, specifically because of the reasons, because I find bureaucrats do not have that much benefit in doing more work than what they are actually mandated to do. The next step would be, so a country needs to look internally, talk to their private sector in an organized way, where it can be actually monitored. For a given sector, this policy position will have this impact. For another sector, this will be the impact. And then move towards actually cooperation amongst other countries, because a country on its own is not sufficient. As Ms. Netanyahu actually gave the example of Oman, I had a similar experience there two weeks ago. And another example was shared about Rwanda, the data localization in Rwanda. And there we have another project on how we can actually increase investments in the digital space of Rwanda. And there, from the evidence we found, well, they have to loosen out their data localization requirement. And what we know right now is actually the government, after having seen the evidence, they need to attract investors. They need to attract big tech for the betterment of their economy. So now they’re rethinking, okay, how can we actually adjust those rules? So with better informed policymaking decision and with the help of international organizations and the society, we can actually move towards that transition.

Nermine EL Saadany: Thank you so much, Mahmoud. If we have any reflections as well from the floor, that would be the time that we can maybe open the floor for some discussions and reflections. Online, Maurice, do we have any? No questions have come up online. Okay, so maybe we can move to our second prompt or the second question. And I can pose the question here as, how can the participants actually work on these issues in their own countries or organizations? So, Leah, maybe you can start.

Sabhanaz Rashid Diya: Definitely. Thank you. I think many of the strategies were alluded to by my previous speakers, but I think one of the things that, and I think it’s also quite central to the IGF, but generally even in. in this particular conversation is the role of having diverse voices in this conversation, right? So Farzana talked about small network operators within the global majority. If I look around the room or even outside, there aren’t as many network operators even present here, but we’re having these conversations here. And even in the WTO and many of the negotiations, we don’t see that voice or that perspective. Similarly, small business owners, small business enterprises, who again rely on open cross-border data flows to be able to conduct the business, they’re also not represented. So I think there is a very serious role in which we have to think about the decision-making around whether we want to support cross-border data flow or not, what is the localization mandate, the stakeholders, whether it’s consumers, whether it’s network operators, whether it is small business owners, whether it’s civil society, whether it’s a technical community. I think these stakeholders are often missing from these conversations and it becomes very much limited or very narrowly focused. I think the other thing that I think Amaros alluded to was this debate between the digital community and the trade community, but I would actually expand the debates even within the digital community and even within the trade communities around these various issues, but also again, the broader connectivity community has also been kind of excluded from any of this. I think, again, given the interconnectedness that we live in, there’s a real, I would say there’s a real need in terms of, one, involving not just more diverse stakeholders within national boundaries, but also internationally having other stakeholders in place and kind of engaging them because so much of the technologies are interconnected, so much of the trades are about sort of the cross-border piece. And I think there’s new challenges and new dichotomies at play that mandate a much broader conversation. So that’s one. I think the second is in terms of where we see how sort of participants here can contribute. I think Farzana kind of, and I also have with Mehros sort of got into it in the sense that we really have to be very clear about exactly what we’re asking for and what the clear messagings are. And whether if, and you know, because there’s so many different kinds of equities at play and because there are so many different kinds of messaging around it, I think that makes the conversation even more challenging to navigate. So really asking, you know, what specific aspects of trade, what specific aspects of interconnect, what specific aspects of cross-border data flows, how do we want it, what the impacts are. And I think there’s some really important work that has been done by researchers in the past that really talks about some of the impact, but really crystallizing what the asks are and what the impact is, is really, really important to move this conversation forward because otherwise it becomes either too heavily focused on trade or too heavily focused on internet sovereignty, or digital sovereignty. And I think that does a disservice to, I think both sides of the aisle. And the last piece I was gonna say is just reference from some research. I think Nigel Corey, I remember when we were looking into the data localization mandates in Vietnam and Pakistan and some of it in Bangladesh, which is my country, you know, a lot of the work that was done at the time we were looking, we were trying to find research that would help us understand what really is the impact of data localization and what really is the impact of that on businesses and on network operators. And, you know, lo and behold, there really wasn’t any research available at the time for global majority countries. Nobody could crystallize the exact GDP impact, the exact trade impact, the exact sort of purchasing power impact that these kinds of agreements and these kinds of moves would have. And we had to end up commissioning that kind of research to come up. So in the absence of data and research that actually can inform policy decisions, we, again, we go back into. these binary dichotomies, binary debates, these values misalignment without any concrete data to actually back any of the policy decisions. So I think there’s a real necessity for evidence in this space. It is a longstanding debate, but the way the debate has evolved recently is very much on, I would say, perceptions and misconceptions versus actual hard data pointing in very specific directions. And I think there’s a very important contribution from participants here, but also across the various communities that I’ve mentioned in terms of driving that data collection and evidence gathering to inform decisions. Thank you so much.

Nermine EL Saadany: Thank you. Maybe I can refer to you again, Mahmoud, for quick reflections and as well maybe final comments, and then we will move to the other panelists as well as we are wrapping our session.

Mahrooz Khan: Hello. Yes. Great. Thank you so much again, and I would actually quickly sum up because I have actually talked a lot in this conversation today. So again, I was actually, this is what is the next way forward, actually collecting the right evidence. And just to share, you shared another example, and okay, what is digital trade? The data on this does not exist. WTO, World Bank, IMF, they have collated together, and right now they are assessing the methodologies. So a lot of work needs to be done there in that dimension to actually really see what is the impact of this. And secondly, what is the main agenda? What should be the main agenda of like all these different spheres? I would say sustainable development, and there we cannot just have free trade agenda. We cannot just have, just for the sake of open internet. Open internet is good for the society. It is good for the consumers. It is good for the producers. It provides economic opportunities, but on the other hand, we also have to be careful about environment. We have to be actually thinking holistically. And I would say a lot of work needs to be done at the evidence level, and here the role of technical agencies is to actually prepare those kind of tools, those kind of actually methods that could actually help the governments. For example, as you mentioned, Internet Society’s toolkit that I think could be a really good tool. And then the main agenda with the final destination for sustainable economic development. I don’t think I have anything else to add here. Thank you. Thank you so much.

Nermine EL Saadany: May I go back to our online panelists and maybe Farzana, you would like to reflect on as well, maybe final comments from your side, please?

Farzaneh Badiei: Yeah. So actually, Professor Muller just told me that he’s in the room. And in 2017 at Internet Governance Project at Georgia Tech, we started working on digital free trade issues. And we also came up with a special issue on digital trade. And we wanted to raise awareness about the importance of the issue. But at the time, nobody, like we couldn’t believe that the U.S. government would back Penzl from the cross-border data. But we did raise concerns because as I mentioned, there were like renegotiations of free trade agreements. And so all I’m saying is that we need to see what has been done in the past, what sort of academic work has been done in the past, what sort of advocacy has been done in the past and gather those documents and work that has been done, especially in academia and civil society organizations. And so not to start anew, but also see what sort of new issues have raised so that we can tackle them. But as I said, we are here to raise awareness and we are here to defend and protect the free global internet. And if like, well, one of the main ways to do that was to have the free trade, free digital trade clause, in these free trade agreements. And we have to, in our advocacy, while we have to address the concerns of data protection and security, we should also think about alternatives to free trade agreements and see what else can facilitate cross-border data flow. Because unfortunately, the enemies of the internet are multiplying year by year from the states to businesses that they want digital sovereignty, they want to fight with the big tech at the cost of free and open internet. And I think that a lot of it is because they don’t understand the implications of having a restricted internet that is not connected globally. And we can learn lessons from countries that actually block their citizens from the global internet and raise awareness. Thank you.

Nermine EL Saadany: Thank you so much, Farzana. Jen, final remarks from your side as well, please.

Jennifer Brody: Yeah, thank you. Just quickly, I just want to pick up on something that Diya mentioned regarding the importance of the international development banks in these conversations, right? The World Bank, the regional development banks, like the Inter-American Development Bank. We’re thinking about advocacy. We were chatting about how these actors are incredibly important to include in these conversations. And when evaluating, for example, helping a country build a national database, from what I understand, they’re lacking data protection experts, folks who… how to center human rights and in cybersecurity policies, etc. So just to flag for kind of the global community working on these issues, that’s a target that I’m quite interested in engaging, and I think there’s a lot of potential there. Thanks, Jen. Natalie?

Natalie Campbell: Thank you. I want to highlight a point that Dia made earlier that I think is extremely important. We’re talking about digital trade initiatives, but this isn’t a digital trade problem per se. We’re talking about an existential threat to the internet. And I think that reminding people, and when we are raising awareness about this issue, that we have to lead with that. And it might be difficult or even impossible for some of our audiences and different stakeholders to engage in trade initiatives. But what we can do is raise awareness with our own national decision makers who are part of these conversations. Luckily, organizations like the Internet Society has over 110 chapters around the world who are helping to expand our reach in raising awareness about this existential threat to the internet. They are a voice for the internet, both of policymakers, but also in terms of helping to gather other local partners and stakeholders who can make our collective voice louder. Our chapters are already using things like our Internet Impact Assessment Toolkit to help decision makers avoid harm to the internet on national policy, including on data governance legislation. But what we need to do, I think, is to be talking to more folks who are involved in these trade initiatives and helping them to understand as well that we’re not just worried about an aspect of digital trade here, we’re worried about an existential threat to the internet. folks understand how the Internet works and why data flows aren’t just a nice to have, they are crucial if we want an Internet. I think that’s going to be increasingly important going forward and something that we can all do and you know work throughout our own various audiences and organizations to help make sure that we’re all working together to protect the Internet. Thank you so much

Nermine EL Saadany: Nathalie. I would ask the floor if there is any reflections before we close. Would you like to say anything Dr. Muller?

Milton Muller: Hello everybody, I’m Milton Muller. I’m at the Georgia Institute of Technology’s Internet Governance Project and former colleague of Farzana in both ICANN and IGP. I think the point that I haven’t heard that probably needs to be brought to your attention is the the intersection of these trade issues with national security. For about 80% of the time national security is an excuse for restricting trade but in the context of geopolitical rivalry between the US and China it has become a very powerful excuse. I don’t know when you have a president that imposes tariffs on Japanese and the Canadians and refuses to allow a buyout of US steel by the Japanese on the grounds of national security. You have to wonder if he’s thinking about the Japanese and Canadians as enemies or what. But in the digital economy the situation is extremely dire. Every form of digital service, digital product application is now perceived as a national security threat. So it’s not just data flows, it’s the battery storage systems, the electric vehicles because they can see things and they might be sending data back to China. Of course we have the TikTok ban but we have cables and telecom service licenses being taken away from people who had them because they are Chinese companies. So the political environment around digital trade has been completely blown up by the national security issue and that means you’re dealing with slightly different dialogue and a different set

Nermine EL Saadany: of constituencies. Thank you so much Dr. Mueller and thank you for being here. I think our time is out and I would like to thank all the panelists and the audience for the valuable contribution. I think collaboration is the key. This is my take, collaboration among all stakeholders so that we can maintain the data flow freely and to maintain or to shape the future of the of the internet and the trade in the best possible way. Thank you so much and looking forward to meet you again online and off-site. Thank you. You

Agreement Points

Data localization laws threaten the open internet

Natalie Campbell

Jennifer Brody

Sabhanaz Rashid Diya

Farzaneh Badiei

Data localization laws threaten global connectivity

Data localization laws enable government surveillance and control

Data localization laws impede access to information and communication

Data localization hampers small network operators and meaningful connectivity

Multiple speakers agreed that data localization laws pose significant threats to the open, globally connected internet by enabling government control, impeding access to information, and hampering network operations.

Lack of protection for cross-border data flows in trade agreements

Natalie Campbell

Mahroz Khan

Trade policy changes are deprioritizing protections for open data flows

Lack of consensus on data flow protections in trade agreements is concerning

Speakers highlighted the concerning trend of trade agreements no longer prioritizing or including strong protections for cross-border data flows, which poses risks to the open internet.

Similar Viewpoints

These speakers emphasized the need for more comprehensive research, evidence gathering, and diverse stakeholder involvement to inform policy decisions on data flows and localization.

Sabhanaz Rashid Diya

Mahroz Khan

Jennifer Brody

Gather evidence on economic impacts of data localization

Engage international development banks on data protection issues

Involve diverse stakeholders like small businesses in policy discussions

Unexpected Consensus

Importance of standardizing global data protection practices

Farzaneh Badiei

Jennifer Brody

Standardize data protection and security practices globally

Engage international development banks on data protection issues

Despite coming from different perspectives, both speakers highlighted the need for global standardization of data protection practices, which is unexpected given the usual emphasis on national sovereignty in data governance discussions.

Overall Assessment

Summary

The speakers generally agreed on the threats posed by data localization laws to the open internet, the concerning lack of protections for cross-border data flows in trade agreements, and the need for more research and diverse stakeholder involvement in policy-making.

Consensus level

There was a high level of consensus among the speakers on the main issues, particularly on the threats to the open internet. This strong agreement suggests a unified concern in the internet governance community about current trends in data localization and trade policies, implying a potential for coordinated advocacy efforts to protect cross-border data flows.

Different Viewpoints

Role of trade agreements in protecting cross-border data flows

Natalie Campbell

Farzaneh Badiei

Trade policy changes are deprioritizing protections for open data flows

Trade agreements, until now, have been the critical mechanism that facilitated this

While Campbell expresses concern about trade policy changes deprioritizing protections for open data flows, Badiei emphasizes that trade agreements have historically been crucial in facilitating cross-border data flows.

Unexpected Differences

Approach to addressing data localization concerns

Farzaneh Badiei

Natalie Campbell

Standardize data protection and security practices globally

Use Internet Impact Assessment Toolkit to evaluate policies

While both speakers aim to address data localization concerns, their proposed approaches differ unexpectedly. Badiei suggests global standardization of practices, while Campbell advocates for using a specific toolkit to evaluate policies.

Overall Assessment

summary

The main areas of disagreement revolve around the role of trade agreements, the specific impacts of data localization, and the best approaches to address these issues.

difference_level

The level of disagreement among the speakers is moderate. While there is a general consensus on the importance of cross-border data flows and the risks of data localization, speakers differ in their emphasis on specific aspects and proposed solutions. These differences reflect the complexity of the issue and the need for a multifaceted approach to addressing cross-border data flow challenges.

Partial Agreements

All speakers agree that data localization laws are problematic, but they focus on different aspects: Brody emphasizes human rights concerns, Diya highlights the impact of US policy reversal, and Badiei focuses on the effects on small network operators.

Jennifer Brody

Sabhanaz Rashid Diya

Farzaneh Badiei

Data localization laws enable government surveillance and control

US reversal on cross-border data flow policy encourages data localization

Data localization hampers small network operators and meaningful connectivity

Similar Viewpoints

These speakers emphasized the need for more comprehensive research, evidence gathering, and diverse stakeholder involvement to inform policy decisions on data flows and localization.

Sabhanaz Rashid Diya

Mahroz Khan

Jennifer Brody

Gather evidence on economic impacts of data localization

Engage international development banks on data protection issues

Involve diverse stakeholders like small businesses in policy discussions

Key Takeaways

Data localization laws and restrictions on cross-border data flows pose a significant threat to the open, globally connected internet

Trade policy changes deprioritizing protections for open data flows are concerning for internet governance

Data localization often enables government surveillance and control rather than enhancing privacy and security

Restricting cross-border data flows can hinder economic growth, especially for small businesses and network operators

There is a need for more diverse stakeholder involvement and evidence-based policymaking on digital trade issues

Resolutions and Action Items

Use tools like the Internet Impact Assessment Toolkit to evaluate policies affecting cross-border data flows

Raise awareness with national decision makers about the importance of cross-border data flows for the internet

Gather more evidence on the economic impacts of data localization, especially in developing countries

Engage international development banks on incorporating data protection expertise in their projects

Unresolved Issues

How to balance national security concerns with maintaining open cross-border data flows

How to address privacy and security concerns without resorting to data localization

How to effectively involve diverse stakeholders like small businesses in trade policy discussions

How to create standardized global practices for data protection and security

Suggested Compromises

Focus on standardizing data protection and security practices globally rather than localizing data

Consider alternative mechanisms to data localization for addressing privacy and security concerns

Involve both digital and trade communities in policy discussions to bridge divides

We started paying attention when certain protections for open data flows and pushing back on mandated localization, when that became deprioritized and ultimately there was a lack of consensus on these protections that are crucial to the internet and its global connectivity, things that needs to exist in the first place.

speaker

Natalie Campbell

reason

This comment highlights a critical shift in trade policy that threatens the fundamental architecture of the internet. It frames the issue as an existential threat to global connectivity.

impact

This set the tone for the discussion by emphasizing the high stakes and urgency of the issue. It led to further exploration of the political and economic factors driving this policy shift.

Data localization laws place personal data firmly within reach of governments, creating unique risks for people’s privacy, free expression, access to information, and other fundamental freedoms. These implications are especially problematic in authoritarian contexts where there exists weak rule of law.

speaker

Jennifer Brody

reason

This comment connects trade policy to human rights concerns, broadening the scope of the discussion beyond economic considerations.

impact

It shifted the conversation to consider the societal impacts of data localization laws, particularly in authoritarian contexts. This led to further discussion of the tension between national sovereignty claims and human rights.

There’s been a perpetual conflation of concepts such as sovereignty and cross-border data flows and kind of treating it as a binary framework in terms of, you know, if there’s data flows happening, then a country’s sovereignty is being questioned. Similarly, there’s also a conflation of ideas between cybersecurity and cross-border data flows.

speaker

Sabhanaz Rashid Diya

reason

This comment insightfully unpacks some of the conceptual confusions driving restrictive data policies. It challenges simplistic narratives about data sovereignty and security.

impact

This comment deepened the analysis by highlighting the need for more nuanced understanding of these concepts. It led to discussion of how to address legitimate security concerns without resorting to harmful data localization policies.

The intersection of these trade issues with national security. For about 80% of the time national security is an excuse for restricting trade but in the context of geopolitical rivalry between the US and China it has become a very powerful excuse.

speaker

Milton Mueller

reason

This comment introduces the critical dimension of national security concerns driving trade restrictions, particularly in the context of US-China rivalry.

impact

Though coming late in the discussion, this comment shifted focus to the geopolitical drivers of trade policy, adding another layer of complexity to the analysis. It highlighted how national security concerns are reshaping the digital economy landscape.

Overall Assessment

These key comments shaped the discussion by progressively expanding its scope from technical internet architecture concerns to human rights implications, conceptual clarifications about data sovereignty, and finally to geopolitical dimensions. They moved the conversation beyond surface-level trade policy issues to explore deeper societal, political, and security implications of data flow restrictions. This multifaceted approach highlighted the complexity of the challenge and the need for nuanced, collaborative solutions that balance various stakeholder concerns.

How can we standardize data protection and security practices globally to address concerns without restricting cross-border data flows?

speaker

Farzaneh Badiei

explanation

This is important to help communities feel included and prevent them from opposing cross-border data flows as a solution to their issues.

What is the specific impact of data localization mandates on businesses and network operators in global majority countries?

speaker

Sabhanaz Rashid Diya

explanation

There is a lack of research on the exact GDP, trade, and purchasing power impacts of data localization in these countries, which is needed to inform policy decisions.

How can we involve more diverse stakeholders, such as small network operators and small business owners, in discussions about cross-border data flows and trade policies?

speaker

Sabhanaz Rashid Diya

explanation

These voices are often missing from policy discussions but are crucial for understanding the real-world impacts of data flow restrictions.

What alternatives to free trade agreements can facilitate cross-border data flows?

speaker

Farzaneh Badiei

explanation

With challenges to traditional free trade agreements, it’s important to explore other mechanisms to protect open data flows.

How can we engage international development banks like the World Bank in conversations about data protection and human rights-centered cybersecurity policies?

speaker

Jennifer Brody

explanation

These institutions play a significant role in shaping policies in developing countries but may lack expertise in data protection and human rights considerations.

How does the intersection of national security concerns with digital trade issues impact cross-border data flows and internet governance?

speaker

Milton Mueller

explanation

The increasing use of national security as a justification for trade restrictions in the digital economy is changing the political landscape around these issues.