Can trade policy enable “Data Free Flow with Trust?"
Published 11 December 2023
“Data Free Flow with Trust” (DFFT) is becoming a key concept in promoting global data governance in an era of intensifying geopolitics, emerging technologies and concentration of digital market power. How can trade policy promote DFFT, and what are the challenges?
“Data Free Flow with Trust” (DFFT) as a key concept for promoting global data governance
Currently, there are three principal approaches to data flow governance: the public interest / human-rights-centred (European) approach, the market-driven (US) approach and the state-centred (Chinese) approach. All this while intensifying geopolitics, emerging technologies and digital market concentration are changing the digital governance landscape. The US Government’s recent policy shift (Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, 30th October 2023) towards a more public-interest-driven approach to digital governance. In line with this, the US withdrew its support for certain proposals (non-discriminatory treatment, data flows, data localisation and source code) under the WTO’s Joint Initiative on E-Commerce saying that it needed to review its approach in order to enhance its public policy objectives. These reflect the institutional and technical challenges that trade policy faces.
It could be argued that to promote global data governance, we need a common norm that can be shared internationally. “Data Free Flow with Trust” is a policy concept introduced in 2019 by then- the Japanese Prime Minister, Shinzo Abe, and which has subsequently been discussed at high-level international diplomatic fora such as the G7 and G20.1
The concept of DFFT seems to be diffusing beyond G7 and G20. For example, the 18th UN Internet Governance Forum, in October 2023, focussed on the importance of DFFT with participants largely sharing the view that the human-rights-centred approach is a key norm for delivering DFFT. It would need to involve all stakeholders on an equal footing because fairness, inclusivity, transparency and effectiveness of the process is the way to ensure trust by all stakeholders.
While seemingly sensible and reasonable, it is hard to pin down what DFFT might mean in practice in a world where countries have different political systems, cultural and historical backgrounds and levels of economic development. While “Data Free Flow” is clearly important for economic growth and innovation, interpretations of “Trust” vary across countries and stakeholders. Thus, there are divergent views regarding the balance between “Data Free Flow” and governments’ interventions / regulations for ensuring “Trust” – both domestically and internationally.
DFFT’s bottom-up approach versus international trade rules top-down approach
From the institutional angle, trade policy does not seem well suited to implement DFFT, especially, building “Trust”. The digital and technology community which advocates the DFFT concept underlines the importance of the bottom-up and multi-stakeholder approach for its operationalisation. By contrast, international trade laws and trade rules typically take a top-down approach, and the process of trade negotiations is mostly government-centric, frequently leaning more heavily on consultations with the business community.
Hence, the digital trade policymaking process is not as transparent and inclusive as proponents of DFFT might wish. Institutionalising participation of civil society organisations, such as consumer organisations or digital rights organisations, in addition to the private sector and incorporating ideas from the broad public, especially from the users’ perspective is needed for trust, but difficult to achieve. In particular, given that the speed of business development from emerging technologies is so fast, civil society organisations are struggling to understand the adverse effects, such as human biases in AI and its potential harmful results. Governments, academia and market players need to work together to improve public understanding of digital trade and its potential economic and social impacts in order to build the foundations for the multi-stakeholder approach.
Asia-Pacific style digital trade rules and three areas of conflict
In terms of substance, assessing existing digital trade rules from the DFFT perspective is important. While the World Trade Organization (WTO) works on the Joint Initiative on E-Commerce, international rules in digital trade are also being shaped by Free Trade Agreements (FTAs) and digital economy agreements. These are led by the Asia Pacific countries (e.g. Australia, New Zealand, Japan, USA and Singapore) and the UK via agreements such as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), United States-Mexico-Canada Agreement (USMCA), UK-New Zealand FTA, the Digital Trade Partnership Agreement (DEPA) and the UK-Singapore Digital Economy Agreement.
These ‘Asia-Pacific’ style digital trade rules essentially reflect a market-driven approach based on the CPTPP. Although some recent agreements such as DEPA (Art. 8.2) recognise the importance of the “human-rights-centred” approach, these are largely best endeavour clauses, which are not very strong in practice.
There are three major challenges for DFFT in conventional trade policy. The first is about public policy space. The main objective and principle of trade law is the free movement of goods and services based on Most Favoured Nation (MFN) and non-discriminatory principles. Hence, WTO agreements treat measures to pursue public policy objectives such as public morals and human life or health as general exceptions (GATT Article XX and GATS Article XIV), as opposed to core provisions. WTO rules also require governments to make their domestic regulations not more burdensome than necessary to pursue legitimate objectives (e.g. GATS Article VI.4 and TBT Article 2.2). The existing Asia-Pacific style digital trade rules, which basically apply the WTO approach, may potentially limit governments’ regulatory capacity to promote “Trust”, except as exceptions.
Second, finding the balance between “Data Free Flow” and “Trust” is difficult both as a normative choice (what balance is desired), but also in terms of conflicting provisions in and across agreements. Existing digital trade rules tend to use strong language to prohibit measures that inhibit “Data Free Flow”, such as data localisation requirements and source code disclosure requirements. However, these potentially conflict with provisions on intellectual property, competition policy or national security, to name but a few prominent considerations all of which are concerned with “Trust” in different ways.
Third, the quality of regulations or alternative approaches at the domestic level matters for “Trust” but countries take different approaches. Digital trade rules take a flexible approach to reflect these differences. For example, data privacy provisions under existing digital trade agreements adopt a flexible approach by admitting different levels of data protection such as domestic personal data protection laws, sector-specific laws covering data privacy, and self-regulatory regimes (see CPTPP Art. 14.8.2 Footnote 6 for example) to promote free data flow. At the domestic level, many non-EU countries have introduced, or are considering introducing, GDPR-type data privacy laws, which provide a higher level of data privacy protection.2 Encouraging countries to adopt better domestic data protection regimes both in terms of legislation and enforcement is the key in practice. Digital trade rules could do more to enhance the best practice approach for improving “Trust”.
Digital governance is facing constant challenges from emerging technologies, concentration of digital market power and intensifying geopolitics. Understanding the potential risks and identifying the right policy approaches to mitigate such risks is required not only at the domestic level but also at the international level. The trade policy community should be well aware that digital governance requires more than trade policy considerations as it widely impacts society and individual rights.
To enhance “Trust” a close collaboration between the trade policy community and the digital and technology policy community at every level, including intergovernmental organisations, domestic policymakers, and academia, is necessary. Furthermore, the trade policy community should review its policymaking in order to incorporate the multistakeholder approach for digital trade rulemaking. The aforementioned “Institutional Arrangement for Partnership” could provide a forum to promote collaboration between the trade policy community, the digital and technology policy community and civil society.
- For example, G7 digital and technology ministers established a common understanding that to promote free data flow, strengthening ‘Trust’ from consumers and business by ensuring privacy, data protection, intellectual property rights, and security was necessary, and set out a roadmap to deliver tangible progress (2021). In order to operationalise DFFT, the G7 ministers agreed to establish an institutional framework with a permanent secretariat, which is called the “Institutional Arrangement for Partnership” (2023).
- Australia, Brazil, Canada, China, Egypt, India, Israel, Japan, NZ, Nigeria, South Africa, South Korea, Switzerland, Thailand, Türkiye and the USA (at the state level) have an EU-style data privacy law. The UK has the UK GDPR.