Data free flow with trust (DFFT): Paths towards free and trusted data flows

Turning the Data Free Flow with Trust vision into policy action

In his landmark speech at the World Economic Forum Annual Meeting 2019 in Davos‑Klosters, Japan’s Prime Minister Shinzo Abe invited leaders to build an international order for Data Free Flow with Trust (DFFT). Leaders at the Annual Meeting 2020 provided multistakeholder input to the Osaka Track – a collective term for global governance processes needed to realize the DFFT vision and unleash the benefits from cross‑border data flows. The World Economic Forum is heeding the call through dialogue involving leading experts, businesses and stakeholders to turn a landmark speech into a governance architecture.

The world’s economies are increasingly data driven as they move towards “Society 5.0”. International trade, industrial production and societal functions depend on efficient access to data, while the costs of data restrictions are also increasing. The future of manufacturing with smart and connected industries, as well as the use of data to tackle challenges such as pandemics and ageing societies, highlights the importance of open and trusted data flows for our societies.

The Osaka Track and global data governance do not rely on a single forum for cooperation but depend on international trade, laws and regulation, technology and other areas of governance, involving binding and non‑binding rules applicable to governments, businesses or users on multilateral, regional, plurilateral or bilateral levels. This White Paper looks at best practices and examples of international cooperation to achieve open data flows, even in situations where there are few similarities between two legal systems. Nonetheless, a fundamental gap exists on the free flow of non‑personal information due to diverging definitions, regulatory approaches (especially on metadata and mixed data sets) and emerging digital protectionism.

Participants in the Forum’s dialogue process highlight several recommendations for further advancing the Osaka Track to implement DFFT, including:

– Governments should adopt good privacy and security protections that empower users to individually control rights to their personal information in accordance with international guidelines and standards. Governments should also ensure the availability of multiple mechanisms and derogations for the cross‑border transfer of personal data on a non‑discriminatory basis for “like” conditions.

– Businesses should support increased consumer trust by proactively establishing it with clients and users by, for example, providing information on data treatment and enhancing transparency.

– Governments should cooperate to develop efficient and innovative mechanisms for issuing and responding to cross‑border requests for digital information for law enforcement purposes. Government access to data should also only be pursued where it is legitimate.

– Stakeholders should support and stress the importance of global, market‑led, voluntary and consensus‑based standards developed by multistakeholder forums involving non‑governmental actors, and acknowledge these efforts at intergovernmental forums like those of the Organisation for Economic Co‑operation and Development (OECD).

– Interested jurisdictions could initiate public‑private dialogue on how to bridge the gaps in definitions and typologies on personal and non‑personal data, metadata and sectoral laws.

– Governments should negotiate trade agreements (including at the ongoing Joint Statement Initiative (JSI) negotiations at the World Trade Organization) that include robust obligations in respect of data, while ensuring sufficient discretion to regulate in the public interest, and provisions that facilitate data flows across borders. They should also prohibit requirements to localize the storage and processing of data or to disclose source code, algorithms or encryption keys or other proprietary information relating to cryptography, and prohibit the imposition of tariffs or customs duties on electronic transmissions.

– These commitments should be accompanied by tailored exceptions for legitimate measures that are consistent with existing multilateral rules. All JSI signatories should have multiple transfer mechanisms for personal information reasonably available on a non‑discriminatory basis, consistent with the provision of the General Agreement on Trade in Services (GATS), for “like” conditions.

– Many data flow restrictions manifest as forced joint ventures (through foreign equity caps); transfer, and thereby disclosure, of underlying technology, source code, etc.; or a requirement to obtain licences for establishing data centres, undertaking data collection or providing cloud and e‑commerce services. More recently, there are plans to restrict the use of algorithms and data applications developed abroad. Market access negotiations should address such disproportionate restrictions.

– Developed economies, international organizations and the business community should provide technical assistance and other capacity‑building tools to enable developing economies to pursue high‑standard data governance policies and practices.

– Governments and large industry actors should forge public‑private partnerships to advise micro, small and medium enterprises (MSMEs) on using digital technologies to drive growth and competitiveness and the ability to reach new markets.