The UK and Japan lead G20 nations in terms of ease of cross-border data flows, but some of the 20 countries aren’t showing enough progress in this crucial digital economy area.
Those are among the conclusions of the third edition of Data Beyond Borders and the Cross-Border Data Flows Index (CBDFI), commissioned by Salesforce to examine G20 economies’ openness towards cross-border data flows, and the extent to which this affects their overall competitiveness.
Why does this matter so much? Cross-border e-commerce has seen a 45-fold increase over the past decade, with the data transfer relationship between the US and the European Union alone worth about $7.1 trillion a year. The report argues that:
This suggests a direct and positive relationship between more open and seamless movement of data across borders and the likelihood of a country being able to offer opportunities to its people, communities, and businesses in the context of an increasingly digitised global economy.
But while the UK and Japan, followed by Australia, Singapore and the US, get good rankings in the study, others are less impressive. Seven G20 economies score below average, these being Brazil, Saudi Arabia, India, Turkey, South Africa, China and Russia. The report warns:
If not properly addressed, this pronounced divide may be amplified over time, ultimately impacting the potential benefits of fostering more open digital economies.
The report makes a number of recommendations to build on progress made to date. These are:
- Developing global standards by harmonizing privacy laws and aligning on principles for government access to data in the cloud.
- Expanding digital economy agreements, such as free trade agreements, to include cross-border data provisions.
- Making trusted data sharing frameworks the default.
- Accelerating the digitization of businesses and government services.
- Clearly defining data sovereignty to ensure it is global and interoperable, along with standards to manage it.
Too much diversity of regulatory regimes just puts barriers in the way of free data flow. But is a regulatory framework that reaches consensus across 20 different countries really feasible? As diginomica has noted before, the great thing about a standard is that you have so many to choose from! The reality is that whatever the photo opps purport to show at G20 gatherings, the reality is more akin to 20 cats in a bag trying to claw their way to the top.
A lot of this 'diversity' of approach is down to national cultures and attitudes to data management principles, of course. The EU has always had a stricter mindset when it comes to data policies than the US, for example, with GDPR being the most obvious example. The Biden administration may be making more positive noises around the idea of a Federal level data regime in the US, but in practical terms, that’s a long way off - and basically off the table should a Trump-led GOP triumph next November. State-level data policy seems likely to remain the norm, with all the friction that that implies.
That said, even within the EU, attitudes vary. Germany has always been the toughest advocate of data sovereignty principles, while at the other end of the scale, Ireland, with all its lucrative inward investment, has been accused of being too lackadaisical when it comes to enforcing the EU’s data regulations, most recently seen when the Irish Data Protection Commission was forced by its continental peers to slap a €1.2 billion fine on Meta.
That said, the striking down of not one, but two transatlantic data transfer frameworks - Safe Harbor, then its ridiculously garbled successor, Privacy Shield - both resulted from rulings in Europe’s highest court, not Washington. Will it be third time lucky on that front? The US and the EU agreed in March 2022 on a proposed new mechanism to safely transfer EU citizens' personal data, with the European Commission finalizing the deal today.
For its part, the US had stated it considers it’s meet its commitments to the EU-US Data Privacy Framework, according to Secretary of Commerce Gina Raimondo, who said earlier this month:
Today, the United States has fulfilled its commitments for implementing the EU-U.S. Data Privacy Framework (EU-US DPF) announced by President Joe Biden and European Commission President Ursula von der Leyen in March 2022. This represents the culmination of months of significant collaboration between the United States and the EU and reflects our shared commitment to facilitating data flows between our respective jurisdictions while protecting individual rights and personal data.
Inevitably there are voices in Europe that don’t agree with that assessment, most notably European Commission Vice President Věra Jourová, who last month was calling for tougher US rules to allow EU citizens to mount legal challenges against federal data collection of their data.
But formal agreement has been reached. Building data flow consensus into trade agreements is crucial and, as has been shown, entirely possible when political dogma isn’t allowed to get in the way, as the EU-Japan Economic Partnership Agreement proved back in 2018. The EU-New Zealand free trade deal signed over the past weekend also contains a dedicated chapter on digital trade, with a section focusing on cross-border data flows.
Meanwhile, it’s interesting to note that Brexit Britain outranks all of its former EU partners in this report, particularly given the current political administration’s stated policy of seeking to water down data protection regulations. It took a long time during the Brexit negotiations to reach a stage whereby a formal data adequacy agreement was struck between the UK and the bloc. That runs out next year and Brussels has made no secret of the idea that it’s not going to be renewed automatically if the UK diverges from the EU data regime. It may yet be interesting to see the British ranking in next year’s report.