Evaluating the Future of Global Data Governance

Dihu Wu
Vol. 43 Associate Editor

As the world continues to grapple with the effects of COVID-19, the economic downturn caused by the global pandemic has been felt especially acutely in the developing world.[1] To make matters worse, the digital revolution threatens to leave behind many of the same countries which are still playing catchup due to inability to effectively deal with the pandemic.[2] In its Digital Economy Report 2021, the United Nations Conference on Trade and Development (UNCTAD) identified data-related imbalances as a major issue that will exacerbate many of the same inequalities laid bare by the COVID-19 pandemic.[3] Compared to high-income nations which are the primary drivers of digital innovation, developing countries face greater challenges in accessing data and risk having their data exploited without the means to utilize it themselves.[4] The value of open data to economic and social development cannot be understated; as digital networks become increasingly integrated into our daily lives, accessibility to data will be integral to solving complex problems and promoting growth.[5] However, to ensure that developing countries can be the beneficiaries of data-based economic and governance innovations, it is vital that the global community adopts a unified framework to regulate cross-border data flows.[6] The consequences of unequal access to future data flows have wide-ranging implications beyond just the hindrance to economic growth.[7] To tackle the complex issues caused by uneven global data governance, UNCTAD suggests a multinational approach that takes into account the full range of diverse interests present.[8] In creating responsible solutions that may serve as viable alternatives to the current patchwork of frameworks, it may be necessary to create a new international body.[9] To identify some of the challenges facing a new regime, and how the interests of different countries may contradict each other, this blog post examines the data regimes of the three nations with highest internet usage (China, India, and the United States), as well as the European Union’s General Data Protection Regulation (GDPR).[10] GDPR The GDPR is the result of the EU’s Data Protection Reform initiative.[11] After five years of discussion and drafting, the GDPR came into force in 2016 and became applicable law in 2018.[12] The impetus for the GDPR’s implementation came about primarily due to concerns about the lack of rules regulating the flow of data across borders, the ineffectiveness of current methods of protecting user data, as well as the difficulty of enforcing privacy laws in foreign jurisdictions.[13] In evaluating the GDPR’s effectiveness in achieving its goals of “[harmonizing] the protection of fundamental rights and freedoms of natural persons in respect of processing activities” and “[ensuring] the free flow of personal data between Member States,” reception has been mixed.[14] On the positive side, researchers have identified areas which will be positively impacted by the text of the GDPR, and increased investments in data privacy related to compliance with the new regulations actually helped produce significant business benefits in the United Kingdom.[15] However, other studies have also highlighted some of the difficulties that may come with adherence to the GDPR, particularly pointing to onerous compliance costs and the potential of disrupting transnational trade.[16] UNITED STATES The United States, which lacks an overarching Federal law on data regulation, has adopted a general approach which favors the interests of businesses.[17] In doing so, the free flow of data has been prioritized to strengthen companies’ competitive advantages.[18] Under the Obama and Trump Administrations, the government explicitly articulated its emphasis on privacy protection, the free flow of data across borders, and an interoperable internet.[19] In keeping with this focus, and in contrast with the GDPR and the laws of China and India, the United States imposes no restrictions on cross-border data flows.[20] Despite these differences, separate agreements like the EU-US Privacy Shield have ensured that American businesses remain compliant with EU regulations when doing business there.[21] Through the Global Data Alliance, made up of multinational companies advocating for open and safe data policy, the US government maintains a clear channel of dialogue with important stakeholders.[22] CHINA In contrast to the economically oriented data regulation approaches of Europe and the United States, China is most focused on preserving state security.[23] Passed in 2017, the Cybersecurity Law of China shares some similarities with the GDPR, but includes more restrictive provisions, and is enforced by the central government rather than an independent body.[24] Additionally, the law creates a cross-border asymmetry by imposing additional data localization rules on firms entering China, when Chinese firms entering other markets (like the EU) can operate without the same restrictions.[25] The wording of the Chinese law is also more vague than the GDPR, allowing the Chinese government significant latitude in enforcement, especially on issues of national security.[26] INDIA The Personal Data Protection Bill (PDP) proposed in 2019 is India’s first attempt at a cross-sector framework for data regulation.[27] Modeled in part on the GDPR, it is an example of how data regulation that is appropriate for one country may not be suitable for another.[28] The aforementioned costs associated with GDPR implementation may be bearable for a wealthy nation like the UK, but maybe overly burdensome for a developing country like India, with its low regulatory capacity.[29] Despite drawing from the GDPR, the PDP has been designed in a way that strengthens state power while potentially diluting existing safeguards against government surveillance: critical terms like “harm” and “critical personal data” are vaguely defined, there is a lack of transparency in the regulatory process and no consultation with independent members, and no general administrative framework that properly accounts for the interests of stakeholders.[30] Failing to build a model that properly accounts for the interests of citizens is especially dangerous for a rising digital market like India, increasing the potential that the data of its 1.38 billion inhabitants is exploited by businesses from more wealthy countries: Amazon is expected to have a 35% market share in Indian e-commerce by 2023, and domestic competitors like Flipkart are largely owned by foreign companies from more developed countries (like the United States and China).[31] CONCLUSION In creating comprehensive cross-border data regulation that can properly account for the full spectrum of diverse interests across the world, the global community must remain wary of the immense dangers that could result from proceeding with a fractured regime.[32] Recent trade tensions between China and the United States on issues including disputes on data governance, the Russian Federation’s efforts to distance itself from the global network, and the Indian banning of Chinese apps offer a glimpse of the economic damage and regulatory insecurity that could result from an inability to create consensus on this issue.[33] Since the current data landscape is largely shaped by the United States, China, and the EU, each of which have created data ecosystems largely separate from each other, countries outside of these “data realms” could be left without a regulatory voice, forced to choose from three divergent options.[34] As seen in the example of India, the application of unsuitable data policy in developing countries could bring high costs for privacy and security, hinder opportunities for domestic businesses to efficiently make use of cross-border data flows, and impede innovation.[35] To avoid these pitfalls, it is imperative that the global community makes greater efforts to find common ground on creating a global data framework that maximizes security and economic benefits through more equitable distribution of gains from data flow.[36] Any solutions will need to be highly flexible, taking into account the sometimes contradictory policy goals of individual countries like the United States and China.[37] The UNCTAD Digital Economy Report 2021 suggests that the first steps might be taken with strong involvement from the United Nations and potentially the creation of new international bodies.[38] While current approaches to negotiating a new path forward have taken place through a number of different bodies, more coordination is needed to move away from the current fragmented regime.[39] In creating a new framework, inspiration might be found from current international data partnerships, which serve as evidence that countries with differing economic conditions and political interests can find common ground when it comes to data governance.[40] Continued use of major platforms like the G20 and OECD is also critical to raise awareness of data issues within the context of other high-level international discussions.[41] While the future of global data governance is still unclear amid a rapidly evolving technological and geopolitical landscape, a failure to find some level of consensus will only serve to speed up the widening economic gaps between wealthy and developing countries.[42]

[1] Meagan Dooley & Homi Kharas, Long-run Impacts of COVID-19 on Extreme Poverty, Brookings (Jun. 2, 2021), https://www.brookings.edu/blog/future-development/2021/06/02/long-run-impacts-of-covid-19-on-extreme-poverty; see also The Global Economy: on Track for Strong but Uneven Growth as COVID-19 Still Weighs, World Bank  (Jun. 8, 2021), https://www.worldbank.org/en/news/feature/2021/06/08/the-global-economy-on-track-for-strong-but-uneven-growth-as-covid-19-still-weighs (explaining that sub-Saharan Africa experienced first economic recession in 25 years; Latin America and Caribbean experienced worst contraction in the region’s history; 220M jobs were erased in 2020, with losses especially high in Latin America and Caribbean, Southern Europe, and Southeast Asia); see also COVID-19: Looming Crisis in Developing Countries Threatens to Devastate Economies and Ramp up Inequality, United Nations Dev. Programme (Mar. 30, 2020), https://www.undp.org/press-releases/covid-19-looming-crisis-developing-countries-threatens-devastate-economies-and-ramp (explaining that developing countries will lose at least $220B in income and an additional 207M people could be pushed into poverty by 2030, due to the long-term impacts of the pandemic). [2] See COVID-19 Brief: Impact on the Economies of Low-Income Countries, U.S. Glob. Leadership Coal. (Aug. 12, 2021), https://www.usglc.org/coronavirus/economies-of-developing-countries/; see also Inequalities Threaten Wider Divide as Digital Economy Data Flows Surge, United Nations Conf. on Trade & Dev. (Sep. 29, 2021), https://unctad.org/news/inequalities-threaten-wider-divide-digital-economy-data-flows-surge (explaining that the pandemic increased internet traffic, with global internet bandwidth rising 35% in 2020). [3] Inequalities Threaten Wider Divide as Digital Economy Data Flows Surge, supra note 2. [4] See id. (explaining that only 20% of people in least developed countries (LDC) use the internet and they face low download speeds with higher prices). [5] See Stefaan G. Verlhurst & Andrew Young, Open Data in Developing Economies 11 (2017) (identifying the following pathways: creating economic opportunity, helping to solve complex public problems, improving governance, and empowering the decision-making capacity of citizens). [6] United Nations Conf. on Trade & Dev., Digital Economy Report 2021 8 (2021). [7] See generally Talia B. Gillis & Jann L. Spiess, Big Data and Discrimination, 86 U. Chi. L. Rev. 459 (2019) (talking about how current anti-discrimination laws focus on human decision-making contexts, but do not account for situations in which data might be used by algorithms to discriminate); see also Niva Elkin-Koren & Michal S. Gal, The Chilling Effect of Governance-by-Data on Data Markets, 86 U. Chi. L. Rev. 403 (2019) (describing how the sharing of data for law enforcement purposes can lead to infringements of civil liberties). [8] United Nations Conf. on Trade & Dev., supra note 6, at 192. [9] Id. [10] Joseph Johnson, Number of Internet Users in Selected Countries in 2021, Statista (Sept. 29, 2021), https://www.statista.com/statistics/271411/number-of-internet-users-in-selected-countries. [11] Mira Burri & Rahel Schär, The Reform of the EU Data Protection Framework: Outlining Key Changes and Assessing Their Fitness for a Data-Driven Economy, 6 J. Info. Pol’y 479, 480 (2016). [12] Id. [13] Id. at 480–81; see also id. at 499 (explaining that researchers identified a number of problems with pre-GDPR data regulation frameworks, including opaque policies, overly centralized decision-making processes, and differences in regulatory policies creating significant barriers to trade). [14] Id. at 489, 502. [15] Id. at 490; Cisco, Maximizing the Value of Your Data Privacy Investments 7–8 (2019). [16] Anirudh Burman, Will India’s Proposed Data Protection Law Protect Privacy and Promote Growth? 17 (Carnegie Endowment for Int. Peace, Working Paper, 2020) (describing an annual cost of 220 million GBP in the first year and a total net cost of 2.1 billion GBP in the first fourteen years) and Burri & Schär, supra note 11, at 502 (explaining that EU services exports to the US could decrease by 6.7% due to loss of competitiveness, and could cause an overall negative impact on the EU GDP ranging from 0.8% to 1.3%). [17] Brigitte Dekker & Maaike Okano-Hejimans, Europe’s Digital Decade? 1 (2020). [18] Id. at 7. [19] Cong. Rsch. Serv., R45584, Data Flows, Online Privacy, and Trade Policy 16 (2020). [20] Dekker & Okano-Hejimans, supra note 17, at 36. [21] Id. at 11. [22] Cong. Rsch. Serv, supra note 19, at 20. [23] Dekker & Okano-Hejimans, supra note 17, at 1. [24] Brigitte Dekker et al., Unpacking China’s Digital Silk Road 11 (2020). [25] Id. at 12. [26] Id. [27] Burman, supra note 16, at 1. [28] Id. at 16. [29] See id. at 26 (explaining that in developing countries like India and Brazil, onerous compliance costs could reduce domestic investment by up to 1.4%). [30] Id. at 21, 27. [31] Digbijay Mishra, India all Set to Account for 4% of Amazon’s Total Sales by 2023: Report, Times of India (Aug. 29, 2019), https://timesofindia.indiatimes.com/business/india-business/amazon-india-gross-sales-to-hit-32bn-in-4-yrs-report/articleshow/70883574.cms#:~:text=Amazon%20India%20is%20expected%20to,at%20the%20end%20of%202018; Dekker, supra note 24, at 20. [32] United Nations Conf. on Trade & Dev., supra note 6, at 114. [33] Id. at 115. [34] Susan Ariel Aaronson & Patrick Leblond, Another Digital Divide: The Rise of Data Realms and its Implications for the WTO, 21 J. Int’l Econ. L. 245, 247 (2018). [35] United Nations Conf. on Trade & Dev., supra note 6, at 116. [36] Id. at 191. [37] Id. at 192. [38] Id. at 192–93. [39] See Cong. Rsch. Serv, supra note 19, at 24 (The report suggests looking to bodies like the OECD and APEC for best practice standards regarding data regulation). [40] See China Applies to Join Digital Economy Partnership Agreement, Reuters (Oct. 31, 2021), https://www.reuters.com/world/china/china-applies-join-digital-economy-partnership-agreement-2021-11-01; China Applies to Join Digital Economy Pact, Confirming Xi Jinping’s G20 Speech, South China Morning Post (Nov. 1, 2021), https://www.scmp.com/economy/china-economy/article/3154405/china-applies-join-digital-economy-pact-confirming-xi (detailing China’s application to the Digital Economy Partnership Agreement, which is currently made up of Chile, New Zealand, and Singapore, and may feature Canada in the future). [41] See Towards a Multilateral Consensus on Data Governance, G20 Insights (Dec. 10, 2020), https://www.g20-insights.org/policy_briefs/towards-a-multilateral-consensus-on-data-governance (describing Japan’s introduction of the ‘Data Free Flow with Trust’ concept, which advocates for international rules which enable free movement of data across borders); see also Advancing Data Governance in the G7, Ctr. for Strategic & Int’l Studs. (Feb. 2, 2021), https://www.csis.org/analysis/advancing-data-governance-g7 (highlighting how major conferences such as the G7 and G20, and international organizations like OECD can make incremental advances in data governance initiatives). [42] United Nations Conf. on Trade & Dev., supra note 6, at 192 (“In the unknown territory of the rapidly evolving data-driven digital economy, many questions remain open. The answers must be found through a global, multidisciplinary and multi-stakeholder policy debate. There is a need to reframe and broaden the international policy debate on this matter, to take into account economic as well as non-economic dimensions of data. The increased interconnection and interdependence challenges in the global data economy require a move away from the silo approach towards a holistic coordinated global approach. This may need to involve innovative ways of global governance, as the old ones may not be well suited to respond to the new context.”).