“To harness the opportunities of the digital economy and support the trade of goods and services, data should be able to flow freely across borders with trust, including the trust of individuals and businesses,” opens the Data free flow with trust chapter of the Digital Trade Principles agreed by the G7 countries at the G7 Trade Track on 22 October 2021. We strongly support this sentiment and the clear call to action for governments to work together to “address unjustified obstacles to cross-border data flows, while continuing to address privacy, data protection, the protection of intellectual property rights, and security”.
The private sector has consistently advocated for globally interoperable policy frameworks that would reduce barriers to the free flow of data across national borders based on trust, ensuring that important policy objectives such as privacy and data protection continue to be addressed. Such flows are at the heart of the global economy and form the backbone of social empowerment and inclusive economic growth, along with the innovation that is so often the enabler of sustainable development.
Organisations of all sizes rely on cross-border data flows – to conduct their day-to-day business with customers and partners, innovate in their business and operations and compete more effectively, in sectors as diverse as agriculture, healthcare, manufacturing and banking, as well as the public sector. These flows make possible every aspect of today’s business – cloud services, customer relationship management, human resource management, remote work, workplace collaboration, and supply chain management. They also underpin distance learning, telemedicine, the fight against cybercrime and child abuse online, fraud monitoring and prevention, investigation of counterfeit products, and a broad range of other activities. Data flows enable small- and medium-sized enterprises – the engines of growth in most countries – to extend their market reach, access latest innovations and collaborate with other organisations to minimise economic and technical uncertainties.
The vital function of data flows has now been confirmed by the G7 countries, together with the essential importance of trust in the processing and transfer of both personal and non-personal data.
However, there is an increasing lack of trust, or confidence, due to concerns that important policy objectives – such as privacy, security, consumer and human rights protection, access to data or even industrial competitiveness – cannot be adequately achieved when data moves abroad. Failure to address this erosion of trust risks impeding data flows. Differences in the level of data protection and safeguards available led to the recent Court of Justice of the EU decision to invalidate the EU-US privacy shield.
Failing to adequately address the above objectives can thus result in increasingly fragmented national approaches to data governance and a growing number of restrictions that prohibit or significantly encumber cross-border data flows, and significantly curb the economic and societal benefits they enable.
Therefore, it is essential to secure adequate safeguards for the protection of personal and non-personal data and strive for consistency and interoperability across jurisdictions, to ensure the trust of citizens and businesses, no matter where their data are stored or processed.
With 60% of global GDP digitised by 2022, and growth in every industry driven by data flows and digital technology, disruptions in cross-border data flows will have broad reverberations that can lead to reduced potential GDP gains and adverse impact on the local/national digital ecosystems – at a time when economic recovery is top of agenda for every government.
The G7 Digital Trade Principles outline a number of measures to help harness the opportunities of the digital economy through data free flow with trust, including the trust of individuals, businesses and governments. We stand ready to provide evidence that can lead to impactful yet practical measures, to work with G7 governments and policymakers more broadly to support their adherence and encourage global support.
“Unjustified obstacles to cross-border data flows should be removed, while continuing to address privacy, data protection, the protection of intellectual property rights, or security,” notes the G7 statement. ICC’s Trade in the digital economy primer on global data flows released in 2016 expands on the same principles. Businesses are committed to the protection of personal data, including when it is transferred across borders. It is incumbent upon companies to directly and comprehensively implement their legal obligations to protect privacy and security of data, across the entire processing lifecycle or locations of processing. Governments should therefore assure that their policy and regulatory environments are up to date and reflect best practice regarding high levels of privacy and security protection. Lack of interoperability across the policy and regulatory environments can create needless administrative burdens and compliance inconsistencies across jurisdictions. Furthermore, as privacy is both subjective to the data subject and tied to the cultural and legal context of the jurisdiction, harmonisation can be difficult to achieve.
This is why there is a clear and urgent need to enhance cooperation on data governance, data protection and identifying opportunities to overcome differences, explore commonalities in regulatory approaches and promote interoperability. This work is not intended to diminish any jurisdiction’s protection or to aim for the lowest common denominator of privacy standards, but rather to find ways of avoiding duplicative compliance requirements and needless administrative burdens, while assuring adequate levels of protection.
“Achieving consensus on common principles for trusted government access to personal data held by the private sector will help to provide transparency and legal certainty,” states the G7 principles. Indeed, trust in international data flows is being eroded over concerns that government demands to access data may conflict with universal human rights and freedoms, including privacy rights, or cause concerns and conflicts with domestic laws when such access transcends borders. These increased concerns and reduced trust have led to uncertainty that may discourage individuals’, businesses’, and even governments’ participation in a global economy, with negative societal and economic impact. The lack of trust can lead to disruption in global data flows, including in business operations, products and services.
“We support the OECD’s work on developing these [common] principles, recognising the importance of legitimate access to protect citizens and safeguard national security,” the G7 principles continue. The lack of a consistent and harmonised approach towards government access to personal data continues to create uncertainty and a lack of transparency, which not only poses significant administrative burdens on businesses, but contributes to an erosion of trust in the use of digital technology, holding back the potential of the digital economy. Trust is strengthened when governments instead adopt robust and comprehensive commitments to protect the rights and freedoms of individuals, including the fundamental right to privacy, when personal data are subject to government access. Trust is further strengthened when governments work together directly to reduce barriers to cross-border data flows. This includes developing interoperable standards and agreements to address appropriate cross-border legal demands for data and recognising that public sector data should, in general, not be obtained from private sector actors. Principles and safeguards for government access to personal data held by the private sector are therefore urgently needed as an essential first step in addressing cross-border data flow with trust, providing a much-needed foundation that can lead to more scalable measures and global dialogues. In addition, cooperation between governments and stakeholders, including business and multilateral organisations, are needed to advocate for interoperable policy frameworks that would facilitate cross-border data flows, enabling data to be exchanged and used in a trusted manner, thereby aiming for high privacy standards.
Establishing trust and minimising disruptions in data flows are fundamental to reaping the benefits of digitalisation. We strongly support the efforts outlined by the G7 trade ministers and its reinforcement of the essential role of the OECD process. We stand ready to provide relevant input and evidence to assist with the evaluation of existing practices and timely development of policy guidance that can further trusted government access to data.
About the authors
Carolyn Nguyen is Director, Technology Policy, at Microsoft. Her work is focused on enhancing trust in digital and internet governance. She is a vice-chair of the ICC Digital Economy Commission and co-lead of its Data Governance working group.
Jakob Greiner is Head of EU Regulatory Affairs at Deutsche Telekom, and co-lead of the ICC Digital Economy Commission Data Governance working group.
Makoto Yokozawa is Director, Strategic and International Studies in Digital Economy and Senior Research Fellow at the Center for International Economic Collaboration (CFIEC) in Japan. He is the ICC Digital Economy Commission Regional Ambassador to Asia.
*Disclaimer: Opinions expressed in this article are those of the authors and may not reflect the official views of the International Chamber of Commerce.