Calls mounted this week for global co-operation on cross-border data flows, with a landmark report from the UN arguing that a new international framework is “urgently needed”. The UN contends that the current rules are exacerbating economic inequality within and between countries, while cloud company Salesforce argued that growing ‘data sovereignty’ policies endanger the global recovery from coronavirus. But between the competing objectives of the global powers, and the commercial might of the tech giants, it is doubtful whether international consensus on how and when data can be shared across borders is achievable.

Cross-border data flows

“The current regulatory landscape is patchy… with strong influences from the major economic powers,” the UN says. (Photo by Stephen Barnes / iStock Photo)

Published yesterday, the UN Conference on Trade and Development (UNCTAD)’s Digital Economy Report 2021 argues that an uncoordinated and competitive approach to data governance is driving global inequality. “Value capture from data… is increasingly in the hands of a few global digital platforms,” it says. This leads to inequalities both within and between national economies. “Firms in many developing countries may find themselves in subordinate positions, with data and their associated value capture being concentrated in a few global digital platforms and other multinational enterprises that control the data.”

Agreeing how data can be shared and used across borders would maximise its potential value to the world, the UN says. “Policies should aim to ensure that the creation of value from data, both private and social, is maximised and fairly distributed in society, nationally and internationally, while avoiding the potential risks that may be involved.”

Currently, though, global data governance policy is shaped by competing interests within societies and between the global powers. In the US, data governance is left largely to the public sector; in China, data is governed in the interests of the state, while the EU is focused on the rights of individuals, the UN report says. As a result, “the current regulatory landscape is patchy, reflecting starkly different approaches adopted by different countries, with strong influences from the major economic powers. An international framework is urgently needed to address this situation.”

Forging global rules for cross-border data flows would prevent inequalities from being amplified and increase trust in the digital economy, among other benefits. Areas that require global coordination include establishing shared definitions of data and its related concepts, and the terms by which data can be shared across borders, the UN says. It also calls for improved measurement of cross-border data flows, and recognition of the social value of data.

But how should this global co-operation be achieved? The report notes that there are already some forums for global co-operation on data flows. Some of these are technical, such as the Internet governance bodies, while others are political. But a previous UN investigation discovered “a great deal of dissatisfaction with existing digital co-operation arrangements,” which often have competing objectives and lack tangible outcomes.

One approach would be to expand the remit of existing UN bodies, but these “already have their hands full, and… are being pulled in too many directions”, the report says. Another suggestion is to establish a new institution, comparable to the G20’s Financial Stability Authority, although the issues relating to cross-border flows are broader than stability and extend beyond the G20, the report says.

The report notes that like-minded powers are forming alliances, such as the Trade and Technology Council between the EU and the US. Unsurprisingly, the UN believes that “looking for a global consensus in the context of the United Nations would be a better option, preferably with a new international coordinating body”.

How rules on cross-border data flows impact businesses

Cloud giant Salesforce also made a call for international co-operation on cross-border data flows this week, following the publication of its latest Cross-Border Data Flows Index. The Index found that the UK’s regulatory regime is the second-most conducive to cross-border data flows among the G20 countries, with Japan taking the top spot. The UK’s score reflects international agreements including the EU-UK Trade and Co-operation Agreement, signed earlier this year, and 2019’s Bilateral Data Access Agreement with the US.

Elsewhere in the G20, however, "data-related policies and regulations... are increasing in restrictiveness", according to Salesforce's report on the index. "China has implemented the most stringent data transfer restrictions, and India is also expected to pass legislation that could restrict data flows," it says.

The fracturing of global rules on data transfers has a chilling impact on digital innovation, says Stéphanie Finck, VP of government affairs for EMEA at Salesforce. "Individual nations’ restrictions on data flows are resulting in waning clarity and this is causing organisations to become hesitant about transferring data internationally, and eventually hesitant about adopting technology," Finck says. "This is having a knock-on effect when it comes to economies and organisations being able to sustain a positive level of growth."

The rise in data sovereignty measures therefore jeopardises the G20's economic recovery from coronavirus, Salesforce argues, pointing to a WTO estimate that global trade will increase 34% by 2030 thanks to the use of digital technology.

The Salesforce report notes that there has been some progress in negotiations around cross-border data flows since the previous version of the index was published in 2019. This includes the creation of the Joint Statement Initiative (JSI) on Electronic Commerce, among members of the WTO. But it nevertheless calls for further co-operation, including convergence of privacy laws and "expand[ing] bilateral and multilateral agreements to further facilitate data".

Is global co-operation on cross-border data flows possible?

Professor Diane Coyle, co-director of Cambridge University's Bennett Institute for Public Policy, participated in workshops that informed the UN report and her work on the value of data is cited throughout. She is not surprised that the UN is calling attention to the issue of cross-border data flows. "I think everybody understands that using data effectively is important to future economic growth and prosperity," she says. "There are big imbalances because the big tech companies are largely American and Chinese. So for small countries around the world, not just low-income countries, there are some quite difficult decisions to be made about how to make this new asset work for social good."

Cross-border data flows are important because the data centres that house much of the world's data are concentrated in just a few, typically rich countries, Coyle explains. "For small, low-income countries, particularly those in hot places where data centres don't work well, if data is going to be used for the benefit of people locally, there will be cross-border data flows."

Data localisation policies, meanwhile, could be especially harmful for developing countries. "The instinct of many governments, including in Europe and China, is to say that that data generated locally can only be held in data centres locally. If you are a low-income sub-Saharan African country, [that will] mean that the data generated locally won't be used as effectively as it might... if companies and small businesses could access [international] data centre capabilities."

Global co-operation on data governance is possible, Coyle believes, but is likely to be limited. "You can certainly imagine some [international] agreements about things like technical standards and metadata," she says. But legislation will be set on a national level and it's hard to see how the US, China and the EU – and the tech giants themselves – might find a more far-reaching agreement, Coyle says. "These are really powerful companies, [and] confronting them is quite politically brave."

Data by itself isn't useful. It's how you combine it in different ways to get information that you can use to do things better.
Prof. Diane Coyle, Bennett Institute for Public Policy

Another hurdle is that today's legal regimes treat data as though it is property that can be 'owned', Coyle says. "This is not a good way to think about data because its [value] is relational. Data by itself isn't useful. It's how you combine it in different ways to get information that you can use to do things better." Instead, Coyle argues that data should be viewed as a public good, "like clean air"

This is contrary to all the dominant models of data governance, Coyle notes, including Europe's. "I have debated [this] with European lawyers who were involved in creating GDPR. They argue that, from a legal perspective, [GDPR] doesn't stop individuals consenting to have their data used in ways that combine it with others... for the public good. And while that's formally true, there's growing evidence that it has inhibited start-ups." She adds that the EU's notion of consent as the basis for sharing data is "formally accurate, but not very helpful" as most people don't read the terms and conditions of the sites they use.