The rapid digitization of the marketplace has resulted in the omnipresence of data in commerce and an impetus toward sharing of data among countries. But controversy abounds. Discussions at global trade fora have made apparent the conflicting interests at stake. Some nations, such as the United States, Japan and Australia, want the free flow of data across borders to support e-commerce and the digital corporations headquartered in their countries. Others, such as India, South Africa and the European Union, have introduced domestic policies, for example, to develop their digital industries or protect their citizens’ privacy rights, that will restrict the flow of data across national boundaries.
The United Nations Conference on Trade and Development (UNCTAD) has urged states to reconsider extreme positions on cross-border data flows, as neither strict localization nor the unrestrained free flow of data is feasible in today’s world. The Group of Twenty (G20) has taken a commendable step toward finding a middle ground by recognizing concerns about cross-border data flows that are not specific to trade.
However, it is already clear that discussions of these concerns, particularly regarding privacy, should not be routed through trade fora and negotiations. A better forum is needed. But before exploring what form this forum can take, some background is helpful.
The flow of data, in particular, personal data, across national boundaries has historically been a contentious issue in trade negotiations. The concept of “data free flows with trust” is the latest addition to this debate. The concept emerged in response to the inadequacies in the mandate of free flow of data found in many free trade agreements (FTAs), owing to concerns around privacy, cybersecurity and intellectual property rights. Different countries and stakeholders are seeking to address these challenges so as to build trust in and enable the free flow of data across national boundaries.
Although “data free flows with trust” is a step back from uninhibited data flows, there continue to be lingering apprehensions about the concept.
The notion of data free flows with trust was championed by the G20 under Japan’s presidency in 2019 and has been gaining momentum since. The Osaka Leaders’ Declaration from 2019 explains that “by continuing to address these challenges [e.g., data privacy], we can further facilitate data free flow and strengthen consumer and business trust.” The Declaration suggests that “data free flow” with trust will “harness the opportunities of the digital economy” but must ensure respect for national and international legal frameworks. Consequently, a few leaders at the G20, including the United States and China, launched the “Osaka Track” — a process committed to international rulemaking on electronic commerce at the World Trade Organization (WTO) that also sought to promote intellectual property protection, informational privacy and cybersecurity. The G20 Bali Leaders’ Declaration from November 2022 renewed the G20 leaders’ commitment to the realization of data free flows with trust.
Although “data free flows with trust” is a step back from uninhibited data flows, there continue to be lingering apprehensions about the concept. The removal of barriers to the flow of data is opposed by some states, such as India, who argue that developing countries should be allowed to independently advance their digital policies without interference. Further, the idea of negotiating data privacy at trade fora raises red flags regarding the dilution of privacy standards in favour of facilitating trade.
Developing Countries’ Concerns about Cross-Border Data Flows
Four countries — India, Indonesia, Egypt and South Africa — did not sign the Osaka Declaration on Digital Economy that launched the Osaka Track. The boycott stemmed from two concerns: first, the absence of consensus-based decision making in plurilateral agreements, and second, the denial of policy space to develop indigenous digital industrialization policies. The minister of commerce and industry from India, Piyush Goyal, asserted that developing countries first need to cultivate their own understanding of data governance and develop domestic policies and regulations on the subject before participating in e-commerce negotiations at international trade fora.
For these countries, the concern with cross-border flow of data is not primarily about securing informational privacy and national security but about the risk of expropriation of the economic value of data. Consequently, data localization policies have been used by countries such as India to keep their data within their jurisdictions.
Certain developing countries have also challenged the introduction of e-commerce provisions at the WTO. During the 11th Ministerial Conference (MC11), held in 2017 in Buenos Aires, the African Group, consisting of 44 member states, including Kenya, Nigeria and Rwanda, submitted a draft ministerial decision on e-commerce that made note of the “uneven spread of global electronic commerce and risk of disruptive impacts.” The African Group also urged that issues beneficial to developing countries such as “mandatory disclosure of data; the disclosure of source codes; access to, and transfer of technology” be discussed at the WTO’s Ministerial Conference. Developing countries rely on policies for technology transfer and the disclosure of data and source code to access knowledge and digital technologies available in developed countries in exchange for market entry. In a sense, these policies are used by developing countries to catch up, by helping them grow local industries and encouraging domestic innovation.
At a meeting on the sidelines of the MC11, the Indian ambassador to the WTO, J. S. Deepak, asserted that to successfully conduct e-commerce, states need access to data. Consequently, Deepak urged that current discussion over the free flow of data at the WTO be put on hold. Many countries in the Global South had yet to formulate domestic digital industrial policies. Should trade negotiations go ahead, they would effectively pre-empt such policies’ development. These countries might then never have a chance to devise their own policies locally and democratically.
In light of existing inequalities in digital industrialization caused by the winner-take-all nature of the business, and the tendency of digital monopolists to hoard data, interventionist policies, such as some kind of data localization, may be necessary.
Data Protection in Multilateral FTAs
There are conflicting opinions about whether trade fora are the right arenas in which to discuss data privacy. Some point out that trade and privacy have historically been discussed in conjunction. For instance, the Organisation for Economic Co-operation and Development’s Guidelines on the Protection of Privacy and Transborder Data Flows of Personal Data, which hail back to 1980, sought to protect personal data and ensure its free flow globally. Currently, besides the WTO, multilateral FTAs such as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership and the Canada-United States-Mexico Agreement also feature provisions relating to data privacy and obligations to ensure the free flow of data across borders.
Others, however, have argued that discussing privacy-related issues at trade fora may result in lowering the standard of data protection. There are multiple reasons as to why this may happen.
First, trade negotiations are not meant to protect human rights but rather to lower barriers to trade. Measures that detract from the goal of cross-border data flows, including localization requirements, are typically labelled as protectionist and consequently garner disapproval in global trade fora.
Second, privacy in trade talks tends to be grouped with other issues, and so raising objections on the basis of privacy would mean holding up discussions on various fronts. Consequently, states with higher thresholds for privacy may be forced to compromise.
Third, trade negotiations typically involve trade-offs over different issues, ranging from tariffs to safety standards. Subjecting data privacy to such negotiations risks turning a complex issue into a bargaining chip.
And finally, because private corporations are granted privileged access to multilateral trade negotiations that public interest organizations are not given, the possibility is high that lax privacy standards that benefit private actors will be adopted.
Moving Forward: The Need for a Global Dialogue on Privacy
For some time now, proposals to ensure the free flow of data have been in discussion at global trade fora. Some plurilateral trade negotiations have even successfully incorporated provisions to that effect in their agreements. These discussions have not been without their challenges.
For one, as we have seen, developing countries like India want to prioritize their economic growth and development by accessing the data collected from their jurisdictions by foreign entities. As a consequence, data localization policies have been instituted. Another important challenge is the protection of privacy rights in data. The transactional nature of trade fora does not lend itself well to resolving human rights concerns such as privacy.
It is important that any international agreement on data governance accounts for the unequal nature of the digital economy; the economic and non-economic aspects of data; and the protection of civil-political, socio-economic and collective rights pertaining to data.
Privacy scholars and activists seem to agree that some kind of global agreement on data governance and privacy is needed.
An existing organization could be assigned the task, or a new institution could be created for the purpose. For example, the Global Privacy Assembly, whose members consist of privacy officials from across the world, is well-suited to develop key principles and a framework for the protection of data privacy.
However, data privacy is not the only issue that needs to be considered. It is important that any international agreement on data governance accounts for the unequal nature of the digital economy; the economic and non-economic aspects of data; and the protection of civil-political, socio-economic and collective rights pertaining to data.
UNCTAD has recommended the creation of a coordinating institution within the United Nations that is “focused on, and with the skills for, assessing and developing comprehensive global digital and data governance.”
As digital trade creates inexorable pressure for freer flows of data, we must begin the work toward building this coordinating institution and realizing its goals at the earliest opportunity.