It's getting harder to move data abroad. Here's why it matters and what we can do

People look at data on their mobiles as background with crowd of people walking is projected in this illustration picture taken on May 30, 2018. REUTERS/Kacper Pempel/Illustration - RC15B316BD00

A new World Economic Forum report explains how countries can collaborate on cross-border data governance. Image: REUTERS/Kacper Pempel

Kimberley Botwright
Head, Sustainable Trade, World Economic Forum
Nivedita Sen
Initiatives Lead, Institutional Governance, World Economic Forum

Between emails, messages, sensors, machines, platforms, purchase transactions and so on, we are generating data at a furious pace. In 2018, 2.5 quintillion bytes of data was created every day.

Data-driven business models are accelerating, becoming critical to everything from manufacturing to services, some of which involve cross-border exchange. According to McKinsey, the cross-border bandwidth in use grew 148 times between 2005-2017, a proxy for the surge of information on the move.

Data flows also enable scientific advances, such as through the aggregation of anonymized health datasets for research, or to gather accurate data to benchmark progress on the United Nations Sustainable Development Goals (SDGs). Integrated technology – for instance, 5G and mesh networks or facial recognition and DNA barcoding of fish – helps translate biological and socio-economic knowledge sources in the environment into data that can be used for conservation action or law enforcement against illegal fishing, as just two examples.

Have you read?

As data use and movement rises, governments and citizens have taken interest. The Organisation for Economic Cooperation and Development (OECD) documents an increase in the cumulative number of data regulations, from around 50 worldwide in the early 2000s to just under 250 in 2019. The overall level of data restrictiveness as measured by the European Centre for International Political Economic (ECIPE)’s Data Restrictiveness Index has doubled in the past decade.

Cumulative number of restrictions on cross-border data flows (1960-2017)
Restrictions on cross-border data have steadily increased from 1960-2017. Image: ECIPE

Restrictions on the movement of data abroad are on the rise, though the specific nature varies. Governments typically impose restrictions on data movement to achieve security, privacy, financial system management, law enforcement or intellectual property protection objectives. These are important and legitimate concerns in the digital economy.

But it’s not always clear how and to what extent data restriction regimes contribute to policy aims. Sometimes, they may even adversely affect the very data they seek to protect. For instance, a regulation on local data storage enforced on the grounds of increasing cybersecurity could do the opposite by creating multiple and sometimes insecure access points.

Conversations on data flows are also taking place alongside important debates on digital taxation, competition and fierce rivalry in the technology space – though wires can get crossed on what’s the best policy tool for specific challenges. A shift towards a world with limited data flows could slow or change the evolution of current business models and social opportunities.

To avoid that scenario, during its G20 presidency in 2019, Japan spearheaded the Osaka Declaration on the Digital Economy, where leaders of 45 economies affirmed the importance of international talks on data governance. Going forward, the Osaka Track will work to build consensus on best practices for allowing data to flow abroad, while not compromising other policy goals.

A newly released World Economic Forum paper highlights a few steps countries could take at home to collaborate on this cross-border challenge:

  • Conduct a technical analysis of a restrictive regulation to check whether it’s necessary and proportionate to the goal.
  • Estimate the economic costs of compliance, and whether it’s feasible for small and medium enterprises to bear the burden of such costs of doing business.
  • Be transparent. Clearly communicate about data regimes through publicly available information, advance notice of changes and clarifications on sanctions and enforcement mechanisms.
  • Aim for intergovernmental collaboration on related regulatory issues such as consumer protection, privacy, cyber-security, etc.
  • Put in place data transfer mechanisms – tools companies can use to comply with domestic rules even as data is transferred abroad and prevents overly restrictive approaches

International collaboration on data can take various forms, and some trade rules are already relevant. For example, the World Trade Organization (WTO) General Agreement on Trade in Services (GATS) applies to services trade that can be digitally delivered, but countries’ commitments and the scope of applicability vary.

Several countries have negotiated free trade agreements with specific rules marrying data flow pledges and data localization bans, with an emphasis on personal information protection. The rules come with exceptions for other over-riding policies.

Since the exceptions are quite wide-ranging, future trade deals may need to add regulatory cooperation to mitigate the need to use exceptions in the first place. In other words, if a policymaker has confidence an objective will be achieved even as it moves abroad, there is less reason to restrict.

For example, trade policy could encourage countries to use international standards as benchmarks for domestic approaches, such as the International Standards Organization (ISO)/International Electrotechnical Commission (IEC) 27000 set of cyber and information security standards. On privacy, regional groups such as the OECD and the Asia-Pacific Cooperation Forum (APEC) have set guidelines, though domestic implementation still results in a lot of divergence.

Data transfer mechanisms can bridge this divergence. Existing examples include the EU-US Privacy Shield or the APEC Cross-Border Privacy Rules. These systems have advantages and limitations. Not least, more thinking is needed on how to adapt them for developing countries with less advanced data governance structures, as well as to facilitate small business compliance. ASEAN economies are working on a data transfer mechanism to include certifications for data compliance across the region.

Discover

How is the Forum tackling global cybersecurity challenges?

Determining the appropriate balance between permitting data to cross borders with other policy goals is not easy. However, it’s high time stakeholders engage in dialogue on the subject. We may not need to reinvent the wheel – existing tools and frameworks have laid the groundwork. Regulatory innovation and multi-stakeholder collaboration can help determine a workable path forward to keep the internet open.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Internet Governance

Share:
The Big Picture
Explore and monitor how Internet Governance is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum