Data flows, trade and international cooperation

Event report

In this session moderated by Mr Kian Cassehgari (Legal and Policy Analyst, World Trade Organization [WTO]) the speakers discussed how free cross-border data flows and different data privacy policies around the world affect international trade, Internet architecture, and health data.

Mr Richard Syers (Principal Policy Officer, Information Commissioner’s Office [ICO]), on behalf of the Global Privacy Assembly (GSA), addressed the first topic of global privacy protection and introduced the GSA which is a forum for data protection and privacy authorities aiming to advance global privacy in the digital age and build capacity for the assembly and its memberss. Syers addressed the question of global frameworks and standards of data privacy and pointed out that there are strong commonalities between individual data privacy frameworks. Speaking of systemic benefits of data protection to the digital economy, Syers mentioned enhancing consumer choices and preventing harms, providing opportunities for competitive advantage for organisations, and being a driver for innovation. He further stressed that trust is key to a vibrant digital economy, and that data protection laws are vital building blocks for enabling trust in a sustainable and fair digital economy. Speaking about the work of the GSA, Syers highlighted the importance of  the International Enforcement Working Group of DPAs’ work which led to two concrete enforcement operations, one of them being against Clearview AI. 

Speaking of the relationship between data policies and the global Internet architecture, Mr Carl Gahnberg (Senior Policy Advisor at Internet Society [ISOC]) introduced ISOC’s Internet Impact Assessment Toolkit. In evaluating the impact of policies on the Internet, first the critical features of the Internet which need to be preserved has to be identified. Gahnberg listed these features as the accessible infrastructure with common protocols, common identifier systems, general purpose networks, layered architecture of interoperable reusable building blocks, and decentralised management and distribution ratings. Illustrating the example of forced data localisation (government requirements that control the storage and flow of data in certain jurisdictions), Gahnberg pointed out the impact such policies have on Internet architecture, underlining that the Internet looks at interconnection partners and imposing geographical boundaries cause us to lose the benefits of interconnectedness.

Ms Jade Nester (Director, Consumer Policy at Global System for Mobile Communications [GSMA]) presented mobile industry views on cross-border data flows. She pointed out that the basis for the discussion on cross-border data flows needs to start with privacy and accountability as a basis for facilitating trust. Speaking of GSMA’s work in this area, Nester mentioned, among others, a benchmark tool for policymakers, Smart Data Privacy Laws, that analyses different regulatory environments. She pointed out that cross-border data flows are important to the mobile industry because there is increased demand for cross-border goods and services, and because new technologies are dependent on these data flows. Regarding the specific regional frameworks, Nester spoke of mapping privacy principles between different countries, specifically mentioning the ASEAN Privacy framework and the regulatory pilot space for cross border data flows, as well as analysing Middle East and Africa data privacy regulations and telecommunication laws. These mappings aimed to set up principles for facilitating cross-border data flows.

Specifically addressing data flows in the health sector, Mr Sean Manion (Neuroscientist and Chief Scientific Officer at ConsenSys Health) stated that health data is most valuable and the most heavily regulated data. He pointed out a paradigm shift in sharing knowledge without actual data transfers and flows through derived data. Leaving derived data in local repositories and allowing global access would lead to improved health treatments and benefits, without regulatory restrictions. Manion pointed out that such in-depth-privacy would allow compliance with different data protection regulations; and that combining decentralised AI and blockchain can solve many issues related to access and data protection concerns.

The speakers also addressed questions of the relationship between data protection regimes and unfair competition practices, technical solutions to access limited data assets stored locally, the importance of choice and putting the decisions about access to data into the hands of individuals, and the need for non-personal data protection. The session concluded with speakers agreeing that cross-border data flows are anchored in a strictly territorial perspective and considering data as a traditional good needs to change.