First post in the Mapping Global Data Governance project of CMDS.
One of today’s most surprising paradoxes is that although experts for a long time have been labeling global economy as data-driven economy and manifesting data as its most valuable resource, it is hard to find any global regulatory regime governing it. As data streams flow across borders and data protection is a global issue, by default regulation of data was supposed to be dealt with at international level.
However, we have to yet to see a global data governance system, managed by inter-governmental and multi-stakeholder bodies. Instead, the absence of such a regulatory regime creates a void that is increasingly being occupied by the world’s major powers that are trying to unilaterally promote and push their own data governance models on the global stage. As such, there is a lack of a global consensus on norms, rules and principles that should govern different types of data and their cross-border flow. What we see is a network of overlapping and conflicting data governance rules and norms as championed by the U.S., EU, China and smaller international and regional bodies.
At international level, data can be considered both as assets that themselves can be exchanged and as means of production through which exchange of services and organization of global value chains take place. Cross-border flow of data is considered to be part of digital trade, defined by Aaronson and Leblond as “digitally-enabled transactions in trade in goods and services that can be either digitally or physically delivered.”
Data protection and privacy is the most salient issue related to cross-border data flow. With the advance and sophistication of technologies and, consequently, of digital trade, countries expected the World Trade Organization (WTO) to take the lead in governing global data flows. However, WTO never lived up to these expectations and a limited amount of rules that it had for the data realm were considered by many experts to be outdated and unclear.
In this existing international institutional vacuum, the US, the EU and China took on the role to define global rules for cross-border data flows based on their own interests and on their understanding of the matter. The U.S. allows limitless flow of data, giving corporations a de factocontrol in handling data, the EU wants its citizens to have the right to control and access data flows and China keep the control over data entirely in the hands of the government.
THE US MODEL
While it is easy to define global data governance as rules, norms and principles that govern different types of data and their cross-border flow, it is not as easy to define what data itself means. These rules are taking a global character via innovative digital trade provisions in as championed by the US and the EU in their international trade deals. The content of these rules, however, show a clear difference in defining data between the U.S. and EU. This difference is deeply embedded into the two national contexts, preventing the creation of a single global data regime.
As seen from the US’ perspective, data is a form of capital, that can be shared and used to make a profit. It would be too obvious to point out to capitalist origins of such understanding, not to mention the strong influence of tech giants as Google, Facebook, Amazon and others on this perspective. Similar to other forms of capital, the American model of data governance is based on allowing limitless free flow of data across borders with the goal of reducing regulation of data as much as possible.
THE EUROPEAN VIEW
From the point of the EU, data is a fundamental right of individuals who should have the ability to access and control it. Such understanding, rooted in the embedded liberalism of European countries, is at the core of the EU’s General Data Protection Regulation (GDPR). Rather than focusing on free flow of data, the EU’s data governance model is based on strong principles of data protection and privacy. These two are fundamental for the EU’s willingness to talk about free cross-border data flows.
As it can be seen, while the US is concerned about cross-border flow of data and economic benefits associated with it, the EU worries about the consequences of such a free flow of data on the rights of people to access and protect data. It is not that the U.S. never talks about privacy and data protection, and the EU does not care about free flow of data. Both address both concepts equally, but it is the emphasis that they put on various aspects that differentiate their global data governance models.
These differences are clearly seen in five international trade agreements (two signed by the U.S. and two signed by the EU) that for the first time in history included provisions on digital trade, directly related to cross-border data flow and privacy issues:
- Comprehensive and Progressive Agreement on Trans-Pacific Partnership (CPTPP)
- United States-Mexico-Canada Agreement (USMCA)
- US-Japan Digital Trade Agreement
- Canada–European Union Comprehensive Economic and Trade Agreement (CETA)
- EU-Japan Economic Partnership Agreement (JEEPA)
Although it left TPP negotiations (which later became CPTPP), the U.S. heavily invested into including its vision of data governance into the agreement, with provisions on borderless data flows and ban on data localization. After TPP, the US further pushed the same model onto USMCA and the US-Japan Digital Trade Agreement. Although privacy and data protection are not left out of attention, they are still given substantially less significance and almost have secondary roles. For example, limiting the free flow of data is allowed only if the government has a valid public policy concern.
In contrast, in the EU-led CETA and JEEPA, the liberalization of international data flows is heavily contingent on adherence of parties to the EU’s data protection and privacy standards as put forward by the GDPR. In comparison to U.S.-led international trade agreements, where data protection plays a supplementary role, in the EU-led agreements, it is a mandatory prerequisite for any kind of free data market. As such, Japan and Canada had to adhere to the EU’s GPDR standards before the EU has agreed on digital trade provisions. As the U.S. was hesitant to allow the EU’s privacy standards to affect their businesses, provisions on digital trade were not included in the latest US-EU agreement.
Although the US and the EU’ disagreements dominate recent discussion on the state of global data governance, these are not the only actors on the scene. Aside from China, although receiving much less media attention, the Asia-Pacific Economic Cooperation (APEC) and Organization for Economic Cooperation and Development (OECD) have been promoting for a long time their own models of how global data regime should look like. Such organizations further contribute to the fragmentation of global data governance models.
To what extent the multitude of international data rules overlap or contradict each other and what is the effect of this interaction on the creation of a global data regime is one of the many questions that the Mapping Global Data Governance project aims to investigate.
Adil Nussipov is a researcher working on a project aiming to map the global data governance and to identify the design of the global data governance architecture. He also works on the Media Influence Matrix project at the Center for Media, Data and Society and acts as Global Governance Editor at E-International Relations.
In the next series of posts, Nussipov will have a deeper look at other data governance models.
 Aaronson, Susan and Patrick Leblond. 2018. “Another Digital Divide: The Rise of Data Realms and Its Implications for the WTO.” Journal of International Economic Law 0: 1 – 28.