Whose Rules? The Quest for Digital Standards

Prime Minister Shinzo Abe of Japan made news at the World Economic Forum in Davos last month when he announced Japan’s aspiration to make the G20 summit in Osaka a launch pad for “world-wide data governance.” This is not the first time in recent memory that Japan has taken a leadership role on an issue of keen economic importance. Most notably, the Trans-Pacific Partnership (TPP) lives on as the Comprehensive and Progressive Agreement on Trans-Pacific Partnership (CPTPP), thanks in large part to Japan’s efforts to keep the trading bloc together after President Trump announced U.S. withdrawal from the TPP. But it’s in the area of data and digital governance that Japan’s efforts will perhaps be most consequential for future economic growth.

Data has famously been called “the new oil” in the global economy. A 2016 report by the McKinsey Global Institute estimated that global data flows contributed $2.8 trillion in value to the global economy back in 2014, while cross-border data flows and digital trade continue to be key drivers of global trade and economic growth. Japan’s focus on data and digital governance is therefore consistent with its recent efforts to support global growth, deepen global trade linkages, and advance regional and global standards.

Data governance refers to the rules directing the collection, processing, storage, and use of data. The proliferation of smart devices and the emergence of a data-driven Internet of Things portends an exponential growth in digital data. At the same time, recent reporting on overly aggressive commercial practices of personal data collection, as well as the separate topic of illegal data breaches, have elevated public awareness and interest in the laws and policies that govern the treatment of data, and personal data in particular. Finally, a growing appreciation of data’s central role in driving innovation and future technological and economic leadership is generating concern in many capitals that different data and digital governance standards and regimes will convey a competitive (dis)advantage to certain countries.

Bringing these various threads together—the inevitable explosion of digital data; the need to protect an individual’s right to privacy; and the appreciation that data has economic value and conveys economic advantage—is precisely why Japan’s initiative is both timely and likely to face significant challenges.

Among the specific policy issues being debated under the heading of data and digital governance are questions regarding where data is stored; under what circumstances can cross-border data flows be restricted; under what circumstances can governments and law enforcement have access to data; and what rights do individuals have when it comes to authorizing the collection, use, and monetization of data. Some of these questions are addressed in existing laws and trade agreements. In particular, recently negotiated trade agreements have included chapters on “Electronic Commerce” (CPTPP and the EU-Japan Economic Partnership Agreement) and “Digital Trade” (United States-Mexico-Canada Agreement, (USMCA)).

Parties to all three agreements recognize the economic growth and opportunities provided by digital trade, and all three agreements include provisions covering software source code, data localization, and consumer protection, among other items. While there is considerable overlap in digital governance chapters of each agreement, the agreements are far from uniform. For instance, the language in the CPTPP concerning data flows (“Cross-Border Transfer of Information by Electronic Means”) and data localization (“Location of Computing Facilities”) provides for certain exceptions that are not part of the USMCA.

More significantly, the EU-Japan Agreement commits only to “reassess” the need for inclusion of provisions on the free flow of data into the agreement within three years; while the closely related issue of privacy, which is addressed in the CPTPP and the USMCA under “Personal Information Protection” is absent from the EU-Japan Agreement. In particular, the EU views privacy as an individual right as well as a social value and therefore not subject to negotiation in the context of trade agreements, although it does allow for determining the “adequacy” of trading partners’ privacy frameworks. In contrast, the USMCA explicitly recognizes APEC’s Cross-Border Privacy Rules (CBPR) as “a valid mechanism” to facilitate data flows while protecting personal information, while the CPTPP avoids endorsing any specific mechanism. Japan, as a party to both the CPTPP and the EU-Japan Agreement, is in a unique position to identify mechanisms to bridge commitments in various agreements. The debate over privacy policy, which has gained considerable steam in the United States in recent months, is one significant example of how divergent data governance frameworks could place commercial ties and economic cooperation at risk.

In addition, none of the agreements mentioned cover data and digital policies in some of the world’s largest economies and leading actors in the global digital economy. China, India and other large emerging markets largely remain outside the scope of international agreements on digital trade. In some instances, these countries are actively adopting domestic policies that go in the opposite direction of such agreements, for instance in the area of data localization. Where the CPTPP and the USMCA establish restrictions on data localization requirements, India introduced a bill last year that would mandate the storage of personal data in India and potentially threaten the right to privacy. China’s data localization requirement broadly extends to “important data” and all “critical information infrastructure.”

Failing to establish global standards sets the stage for fragmentation in data and digital governance, with negative consequences for global growth and economic outcomes. This is precisely the reason that Prime Minister Abe is right to frame the issue in an international context, and to aspire to place data and digital governance issues following the Osaka G20 summit “under the roof of the WTO [World Trade Organization].” With China recently joining the WTO plurilateral working group on e-commerce, its members now account for over 90 percent of global trade. At the same time, we should not underestimate the challenges, which regrettably have stood in the way of WTO leadership on data and digital issues to date. For now, the debate over whose digital rules will prevail is likely to occur in multiple arenas.

Stephanie Segal is senior fellow and deputy director of the Simon Chair at the Center for Strategic and International Studies in Washington, D.C.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2019 by the Center for Strategic and International Studies. All rights reserved.

Stephanie Segal

Stephanie Segal

Former Senior Fellow, Economics Program