From June 28 to 29, Japanese Prime Minister Shinzo Abe will chair this year’s G20 summit in Osaka to discuss pressing global issues, from climate change, sustainable development, to WTO reform. The Summit is expected be historic, not only because of Japan’s first presidency, but also because of the country’s expected leadership role in putting together the consensus-based communique amid the intensifying U.S.-China trade tensions and protectionist sentiment in the U.S. government. Among the various themes, data governance is a focal point for Abe, who has pushed forward the concept of “the Data Free Flow with Trust (DFFT)” earlier this year at the World Economic Forum. For Abe, this concept attempts to bridge between the existing gaps in approaches taken by the United States, the European Union, and other emerging countries by facilitating cross-border data flows while addressing security, privacy, and data protection.
In this eighth issue of the Debating Japan newsletter series, the CSIS Japan Chair invited Mr. William Carter from CSIS and Mr. Arun Sukumar from Observer Research Foundation to discuss opportunities and challenges for Japan’s effort to lead on data governance at this year’s G20 summit and beyond.
Head, Cyber Security and Internet Governance Initiative, Observer Research Foundation
Mr. William A. Carter Deputy Director and Fellow, Technology Policy Program, CSIS
January 2019, Prime Minister Shinzo Abe of Japan called for the upcoming G20 summit in Osaka to “be thesummit that [starts] world-wide data governance.” The rise of the data economy has driven unprecedented growth and innovation in recent decades but is also generating new policy challenges for global leaders. Figuring out how to govern the complex data ecosystem, both enabling its potential and managing its risks, is becoming a top priority for global policymakers.
The potential of the emerging data economy lies in the ubiquitous data generated by the internet of things (IoT), smart cities, and online platforms that will drive smart applications and autonomous systems that overcome social issues, free humans from burdensome, rote tasks, and unlock new tools and capabilities. Realizing this vision requires balancing the need for data to flow freely between people and systems around the world with the need to address growing public distrust of how companies and governments use that data. Japan calls this balance “data free flow with trust” (DFFT).
Around the world, the proliferation of laws restricting the flow of data, particularly across national borders, is creating significant challenges for global businesses, inhibiting trade, and limiting access to productivity-enhancing digital services. The EU’s General Data Protection Regulation (GDPR), which places strict conditions on the flow of personally identifiable information outside of the European Union, has inspired a wave of similar data protection laws from Canada to Indonesia. The United States has led efforts to push back against these restrictions, arguing that restrictions on the flow of data stifle innovation and economic growth and create unnecessary and unfair impediments to global trade.
In light of these differences, Japan’s DFFT proposal is hard to argue with. In practice, however, it may be difficult to develop concrete policies and institutions that address the legitimate concerns of both sides.
For the United States, “trust” has become a watchword for efforts to combat the global dominance of U.S. technology platforms and to justify policies that facilitate the theft of intellectual property and illicit technology transfer. On the other hand, “free flow of data” has become a loaded term to the European Union and many other countries tied to U.S. efforts to shore up the global dominance of U.S. technology platforms and undermine the ability of other countries to exercise their sovereignty.
Japan could play a central role in bridging these divides and building trust between these competing factions. Japan brings credibility as a neutral party with close ties to the many different factions. It has a strong tradition of innovation, technical expertise, and support for multi-stakeholder governance but has not been implicated in the recent scandals around the collection and use of data. And Japan has an established track record of leadership in global technology governance particularly in the development of global norms around emerging technologies.
In artificial intelligence (AI) governance, for example, Japan has played a central role in the establishment of global norms through its “Society 5.0” initiative. Japan also launched one of the first major efforts to develop global AI governance norms at the G7 Information and Communication Technology Ministerial Meeting in April 2016. That effort helped to drive the development of the Organization for Economic Co-operation and Development (OECD) Principles on AI Governance released in May 2019. The OECD Principles, in turn, form the basis of the AI governance principles recommended by the G20 Ministerial Meeting on Trade and Digital Economy this month.
That said, Japanese leadership will require more than sloganeering and the articulation of high- level principles in groups like the G20. To effectively lead the development of global data governance, Japan should tie “Society 5.0” and DFFT to concrete policies that address the concerns of all parties.
It will take years of work to integrate high-level data governance principles into international treaties, trade agreements, and international institutions and to ensure that they are enforced fairly, consistently, and firmly. To be successful, Japan should drive deep reforms to the international system that allow countries to exercise their sovereignty without placing undue and harmful restrictions on data. To make data governanceprincipleswork,Japanshouldalsopushfor foundational reforms to everything from cross-border lawenforcementmechanismstoe-commercetaxesand online contentlaws.
The United States and European Union will continue to push for their competing visions of international data governance, and as countries like China develop their own alternatives that increasingly diverge from their GDPR roots, the tides of global data governance will continue to shift. Japan is not a big enough generator or consumer of global data to dominate the discussion, but by serving as a neutral arbiter, Japan can help bridge the trust gap between key stakeholders and establish a cohesive global approach.
Mr. Arun Mohan Sukumar Head, Cyber Security and Internet Governance Initiative, Observer Research Foundation
Japan, with its legacy of frontier innovation in technology, is an ideal candidate to lead global conversations on data governance. To craft a truly inclusive regime on data governance, it would need to demonstrate political will and norm entrepreneurship. Under Prime Minister Shinzo Abe’s leadership, Tokyo has shown commendable drive to confront, and even offer to mediate, the most intractable political crises. However, the case at hand is not solely driven by political initiative. Much would depend on Japan’s capacity to empathize and engage with the “next digital billion”— that figure of the global population slated to come online within the next decade.
Can Japan share a strategic vision for the acquisition and use of data by governments and businesses alike: one that generates value for domestic economies while responding to the privacy of users and security of digital networks?
Articulating such a vision may be a tall order for Japan because the demographic, social, and behavioral makeup of its digital economy is radically different from that of most emerging markets. Japan, with an aging population, consistently high levels of education, and a largely homogenous society (ethnically, culturally, and linguistically), is not comparable to developing countries whose youth “bulge” and social cleavages will influence how domestic digital policies are articulated. In other words, Japan’s unvarnished success as a digital economy may not be replicated elsewhere in the world, and this could be a big obstacle to its assuming a leadership role in data governance.
Still, this has not discouraged Japan, which intends to use its rotating presidency of the G20 as a bully pulpit to affect a multilateral data governance regime. Abe has advocated the “data free flow with trust” (DFFT) system, which he argues is “an approach thatattempts to allow the free flow of data under rules uponwhich all can rely.” At the G20 meeting in Osaka this week, Japan will launch the “Osaka track” of negotiations to flesh out rules that could ensure the unfettered flow of data while promoting the integrity of digital ecosystems.
The problem, however, with the DFFT proposal is that it is fundamentally misaligned with political tendencies that have swept both the developed and developing worlds. The proposal to promote the “free flow” of digital information first appeared in the Trans- Pacific Partnership championed by U.S. President Barack Obama but found no takers in the Trump administration. Removing barriers to data flows may be in U.S. economic interests given that the primary beneficiaries of such a proposal are big technology companies based in Silicon Valley. But Washington, D.C. is unlikely to agree to any international arrangement that formalizes the monitoring or supervision of these companies. The “trust” component of Abe’s proposal will require safeguards on tech giants to ensure they respect users’ privacy, are accountable to national legislatures, or limit the data collected from their digital platforms. More importantly, to enforce “trust”, such rules would also have to bear the force of sanctions against these companies in the event of their violation or non-compliance. This would be anathema to the U.S. government, which has opposed even the G20 Finance Ministers’ proposal to tax technology companies in jurisdictions where they maintain a “significant economic presence”.
On the other hand, emerging markets like India will oppose the DFFT because they have concluded that foreign technology companies have generated little or no significant value to their economies despite harvesting the data of millions of citizens. These states will see data localization as a blunt policy instrument to compel tech companies to store and share their data with national peers. Furthermore, their law enforcement agencies (LEA) have long complained about the lack of responsive and agile channels in digital platforms to share data for the purposes of crime investigation and prosecution. The DFFT would further limit the agency of LEAs to elicit data from platforms.
In short, Japan’s attempts to propose a rules- based architecture for data governance will face opposition from advanced economies that prefer mercantilism to the normative design (and inevitable concessions) of international trade as well as developing countries that have grown suspicious of the liberal international order’s economic utility. This current impasse has nothing to do with Japan—which to its credit has tried to breathe life into multilateral initiatives like the Regional Comprehensive Economic Partnership even in the absence of U.S. support—but fortheaforesaidreasons,Abe’sDFFTproposalmaynot be able to break newground.
The claim that Japan’s digital economy bears little resemblance to the rest of the developing world, and hence limits the effectiveness of its norm entrepreneurship, needs further elaboration. For long, Tokyo has been content to create an inward-looking digital economy, attracting scant foreign investment in its technology sector. Further, Japan, which once produced electronic products for the world, has not beenabletorecreateitsexportorientationincodingor software design. It has also not been an active participant (in comparison to China or South Korea for example)inthedevelopmentoftechnicalstandardsfor digital technologies beyond legacy areas. Therefore, Japan may not be able to understand the needs of markets that are radically diverse and who use the internet for very different purposes than Western consumers. For instance, Japan may have high mobile connectivity, but would it know how to design a “mobile-first” internet in countries where handheld devices, and not desktops or laptops, are the gateway to the web for a whole generation of citizens? Would it also be proficient in designing “digital public goods”— 21st century platforms developed by government to resolve 20th century problems of governance such as identification and access toservices?
Ironically, Japan’s successes in creating brick- and-mortar civic infrastructure may prove a handicap to developing such digital solutions at scale. That said, it has shown interest in working with countries like India to design such platforms for the rest of the world. The extent to which Japan can forge effective partnerships with developing digital economies to develop wholly new digital technologies for the next billion will be the bellwether indicator of its global efforts on data governance.
About the Authors
WILLIAM A. CARTER is deputy director of the Technology Policy Program at CSIS. His research focuses on international cyber and technology policy issues, including artificial intelligence, surveillance and privacy, data localization, cyber conflict and deterrence, financial sector cybersecurity, and law enforcement and technology, including encryption. He has spoken at events and conferences around the world and participated in Track 2 dialogues on cyber and technology policy issues with China, Russia, and Australia. Before joining CSIS, he worked in the Goldman Sachs Investment Strategy Group, where he performed research and analysis on geopolitics and the macro economy and produced reports and presentations on international affairs and current events and their impact on markets. He previously worked at the Council on Foreign Relations and at Caxton Associates, a New York hedge fund. He graduated from New York University with a B.A. in economics.
ARUN SUKUMAR leads the Cyber Initiative at the Observer Research Foundation. He is a PhD candidate at the Fletcher School of Law and Diplomacy, Tufts University, and a Junior Fellow at Fletcher’s Centre for International Law and Governance. Arun was a member of the multi- stakeholder group set up by India’s National Security Advisor in 2017 to recommend policy and strategy for the promotion and negotiation of cyber norms. Arun served as an independent legal expert in 2016 to the United Nations Group of Governmental Experts (UNGGE), and to the UN First Committee on disarmament and international security in 2017. He is a member of the World Economic Forum’s Global Future Council on the Digital Economy and Society.
In the first half of 2019, Arun served as an advisor to the re-election campaign of Shashi Tharoor, incumbent Member of Parliament for Thiruvananthapuram, and Chairman, India’s Parliamentary Standing Committee on External Affairs. During this period, he was on unpaid sabbatical from ORF.
Yuka Koshino is a research associate with the Japan Chair at the Center for Strategic and International Studies, where she focuses on projects involving U.S.-Japan relations and security in the Indo-Pacific region.