As Digital Trade Expands, Data Governance Fragments

Our current regulatory frameworks are inadequate.

February 9, 2023
A 3D-printed WhatsApp logo and keyboard buttons are displayed on a computer motherboard. (Dado Ruvic/REUTERS)

Information and data have always moved across borders, although the speed and volume of such flows have increased dramatically over the past 10 to 15 years. Yet the regulation of digital trade has not kept pace. Global actors have demonstrated a very limited capacity to agree on global rules.

The truth is that our current fragmented governance frameworks are inadequate. A fundamental reassessment, one that goes beyond inserting chapters in trade agreements, is needed. Too often, data agreements focus on property rights, while paying too little attention to human rights and the complex nature of data itself. This gap in regulatory attention has bolstered the power of large firms, often to the detriment of the individuals providing the data on which those firms depend.

Against this background, on December 6, 2022, the Centre for the Study of Democratic Institutions and the Konwakai Chair in Japanese Research at the University of British Columbia brought together five international scholars working on data regulation to evaluate the current state of digital governance: Susan Ariel Aaronson (George Washington University, United States), Henry Gao (Singapore Management University, Singapore), Stephanie Honey (Honey Consulting, New Zealand), Masahiro Kawai (University of Tokyo, Japan), and Kyung Sin Park (Korea University Law School, South Korea). During the panel discussion, these experts highlighted that global data governance was in a precarious state. When asked to rate the current level of its effectiveness on a scale of 1 to 10, the panellists provided an average score of just 3.7.

Currently, limited agreements at the World Trade Organization and some provisions in trade agreements have enabled cross-border digital flows (with some major exceptions to that flow due to the Great Firewall in China, and full or partial restrictions in Iran, India, Russia, Kazakhstan and other states) and guaranteed a moratorium on digital customs duties. However, these agreements and provisions do not deal with the existence of large data pools controlled by large platforms, nor do they provide unified protection of individual privacy and human rights.

A further issue is fragmentation. Recently, some advances in digital governance have been made within larger regional trade agreements or economic partnership agreements. While such agreements can be helpful, they contribute to a patchwork of regional, national and international arrangements with no unifying organization or set of universal principles. Stephanie Honey noted that half of all free trade agreements (FTAs) in effect today have digital or e-commerce provisions, and 380 of them have full chapters. But she also pointed out that this effort represents “much energy without much coherence.”

Other promising proposals have trouble garnering sufficient government support swiftly. Masahiro Kawai emphasized the “Data Free Flow with Trust” (DFFT) concept developed under Japanese leadership at the 2019 Group of Twenty leaders’ meeting in Osaka. This draft proposal aimed at combining the protection of free flow with the protection of privacy and trust globally. Three countries refused to join at that time: India, Indonesia and South Africa. In a 2021 piece, panellist Susan Ariel Aaronson proposed a series of actions to operationalize the DFFT concept, and in April 2022, Group of Seven digital and technology ministers released a “Roadmap for Cooperation on Data Free Flow with Trust.” It remains to be seen if the concept will actually be implemented in international agreements, and how.

Meanwhile, other agreements incorporate data, but somewhat haphazardly. The Comprehensive and Progressive Agreement for Trans-Pacific Partnership, an FTA between Canada and 10 other countries in the Asia-Pacific region, has some of the most advanced provisions guaranteeing data free flow and basic data protections (including for women), although it does not address the creation of large oligopolistic data pools. The Regional Comprehensive Economic Partnership, an FTA between the 10 member states of the Association of Southeast Asian Nations, connects developed and developing economies and involves China. It embeds basic principles of free flow, but without adjudication mechanisms, and contains no ability to address Chinese obstruction to data flows.

The US-led Indo-Pacific Economic Framework for Prosperity initiative has a large digital standards component that promises more data security and protection, albeit within a closed group of allies and like-minded countries. For example, Indonesia is a negotiating party, while India is currently sitting out the digital trade track.

We are still far from any more global efforts. Even preliminary convergence on national laws about data protection and privacy between the United States and the European Union is difficult to achieve.

The Digital Economy Partnership Agreement, developed by small open economies in the Indo-Pacific, is an innovative instrument for trade policy that can act as a platform for open data governance. Some experts, including panellist Honey, believe that it holds much promise in developing new governance mechanisms in a fluid and rapidly evolving way.

The upshot is that we are still far from any more global efforts. Even preliminary convergence on national laws about data protection and privacy between the United States and the European Union is difficult to achieve. Instead, Aaronson advocated for the establishment of a new international organization that could provide proper incentives to, and pay, global firms to share data.

Overall, the panellists urged that technical discussions of data flows, data governance and rules for digital trade be contextualized within fundamental concerns about the nature of data and the role of human rights. These concerns equally require attention and governance.

The discussion on effective digital governance requires a fundamental rethink of the nature of data. As emphasized by panellist Kyung Sin Park, data embeds fundamental human freedoms and human information. It is closely linked to human rights. Data is much more than an economic asset used in training artificial intelligence (AI) algorithms. As highlighted by Aaronson, data is both a public good and a commercial asset, and so must be regulated in a novel way. At the same time, countries continue to frame data as a “sovereign asset,” and aim to achieve economies of scale. This approach, paired with conventional understandings of trade, does not recognize data’s dual identity, or its nature as a global public good.

Because different democracies (let alone autocracies) hold divergent perspectives on the nature of digital data, how they seek to regulate data access also diverges. As noted by Henry Gao, for example, the Canada-United States-Mexico Agreement embeds one key innovation: individuals’ right to unhindered access to data. Aaronson argued that rather than have companies owning large pools of data, devising effective data sharing with guaranteed anonymization and data protectionism is the pathway to developing AI applications that serve the public good. This is especially the case as further tech innovation reduces the significance of large quantities of data, and as systems grow to require less data or be able to use synthetic forms of data as input. Basing trade agreements around fundamental values and human rights may help to ameliorate some of the present concerns about data governance.

In sum, global data governance is fragmented and inadequate, given the dual nature of data as both a fundamental human good and a commercial good. Many economic frameworks and partnerships try to address small slices of the issue. But only very few people and companies, or even governments, can keep up with that many agreements and efforts. The fragmented outcome favours large firms that can track and lobby around such agreements while maintaining their large concentration of proprietary data pools for commercial advancement and AI training. Ultimately, it is citizens who lose out — in their privacy, their human rights and their share of any potential benefits.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

About the Authors

Panthea Pourmalek an independent researcher focusing on digital governance, gender and cybersecurity. 

Heidi Tworek is a CIGI senior fellow and an expert on platform governance, the history of media technologies, and health communications. She is a Canada Research Chair, associate professor of history and public policy, and director of the Centre for the Study of Democratic Institutions at the University of British Columbia, Vancouver campus.

Yves Tiberghien is a professor of political science at the University of British Columbia and a visiting professor at the Taipei School of Economic and Political Science in Taiwan.