There are two main emerging data governance regimes for cross border data transfer on the global stage: the EU’s General Data Protection Regulation (GDPR) regime and the US-sponsored APEC Cross Border Privacy Rules (CBPR). Both have the same roots – the OECD’s guidelines on the protection of privacy and transborder flows of personal data – although the CPBR remains directly tied to the OECD’s free trade principle, while the GDPR reflects an evolution of the EU’s data privacy regime that enshrines individual data privacy as an assertive, fundamental right of EU citizens.
In January 2019, at the World Economic Forum, Japanese Prime Minister Abe espoused this new concept of Data Free Flow with Trust (DFFT)- aligned to CBPR. The WTO member countries that value rule-based digital economy should define and implement Global rules for data governance. Globally accepted data governance rules shall pave the way for DFFT - essential for successful cross-border e-commerce. (Cory, Atkinson, & Castro, 2019)
With US hegemony DFFT was already there. As the US used to control the Internet space, so is the data.
However, the trustee’s of DFFT themselves are in trouble. The US, that controlled the internet space, has seen the repercussions of data free flow in the form of negative impact on elections. Similarly, UK who initiated the Digital single market concept in the EU is facing one of the biggest crisis in history, i.e. Brexit. Brexit again shows a manipulated use of data on social media to influence public opinion negatively. The whole narrative of the nation has been changed and diverted, i.e. from developmental issues to Brexit issues. This is the level of harm data free flow can do.
Secondly, when we say DFFT which category of the data we are talking about. For sure, no country will allow government data to flow freely across the border. Thus, classifying the data like government data, business data, personal data is also a gigantic and complicated task.
Data broker like Oracle already has more than 30000 attributes of user’s data stored in their system. (Christl, 2017) How will policymakers segregate and ensure that this data is not misused?
Further, Cyber troop’s ability and numbers are increasing rapidly (Bradshaw & Howard, 2017). Access to Data will further strengthen the influence of cyber troops on individuals and public perception. This influence can be terrifying as this may lead to horrifying creation of data colonies and data slaves. Creation of Data slaves will threaten the principles of democracy. Any foreign country can destabilize internal peace and harmony of a country based on the negative or biased use of data intelligence through propaganda, trolls, search manipulation, and advertisements. (Tambini, 2018)
We have seen increasing cases of human rights violation because of a data privacy breach. E.g. Activities like derogatory remarks, trolls, personal data revelation have caused suicides, death, depression, and mental stress. There is a multifold increase in human problems like mental stress and anxiety because of seeing manipulated content such as crime videos, religious (anti-religious) trolls.
Democratic countries like India cannot afford this risk of misusage of the citizen's data that may not only harm them individually but also the whole country’s security and peace. (Tambini, 2018)
Because of the devastating cases of data manipulation, More countries are in favour of data localisation. There are a few bilateral agreements like between China and Russia (now-aggression treaty) related to data localisation (Cory, 2019). It is recommended that it should be extended to BRICS countries as South Africa also have a similar perception of the data location.
There are some other threats. E.g. China manipulates Pakistan's public opinion about India at a certain point or during some significant events. This can be due to political reasons, to divert the attention, or to control India-China's bilateral issues for its benefits. Moreover, China and Russia’s increasing closeness is a matter of concern for the whole world, including India. Russia is already facing the blame of manipulating US Presidential election to help Trump win the elections (Tambini, 2018). If China Russia or similar powers come together and use their cyber troops to push their propaganda in any other country, then this will initiate a cyberwar/ propaganda war, causing more destabilization in the world.
Data Localisation: Factual Analysis
Concerning bandwidth consumption, on average (2015-2021), 94% of data flow is within the data centre and only 6% from the data centre to other sources. (OECD, 2019a). Thus technically also it is better to have market data store locally as it is financially prudent as it may save bandwidth cost. Thus, this trend of a higher percentage of data flow within the Data centre boosts the idea of data localisation.
Concerning the market segment, on average (2015-2021), 69% of data flow is between consumers and only 31% between business (OECD, 2019a). A significant trend of increase (11%) in data flow in the consumer segment emphasises the importance of consumer data protection (OECD, 2019a). Thus, technically, it is better to store consumer data locally as it is convenient for local law enforcement. Thus, this trend of a higher percentage of data flow between consumers boosts the idea of data localisation.
Concerning the Data Centre type, on average (2015-2021), 88% are cloud data centres, and only 12% are traditional data centres (OECD, 2019a). A significant trend of increase (30%) in Cloud data centres emphasises the importance of virtualised data-storage infrastructure (OECD, 2019a). This trend shows that the industry has already discarded physical boundaries as a measure to design its data storage infrastructure. Thus, this, major trend strongly supports DFFT.
Overall, it seems that Industry and policymakers are not on the same page. While Industry is already in an advanced stage of DFFT (88% cloud data centres), policymakers started erecting virtual walls through various regulations (GDPR, CBPR). India’s Data protection bill should provide a mechanism to policymakers to safeguard government data (to protect individual data and human rights) by full-bodied law enforcement.
Political Economy of Data Localisation
Data is the new oil. Many countries, including India, supports Data localization- storing data within the country’s jurisdiction. The Law enforcement, geo-politics, individual data protection and human rights are the major factors that drive the demand for Data Localization. (Panday & Malcolm, 2018). The politics (e.g. Controlling public opinion) and economics (e.g. enforcing companies to invest locally on data centre and data processing) shape the data localization policies of a country.
As per a German survey, the tentative worth of an individual’s data is 140 Euro. On this basis and considering other local aspects, our research predicts the worth of India’s data is $2 trillion tentatively. Thus, India’s Data protection bill should safeguard and boost the political economy of data. In the era of Artificial Intelligence (AI), data has tremendous value. E.g. A cancer patient pays 40% -50% of his treatment cost by investing his treatment/health data in training a pharma company’s AI model.
The writer is the Pentland-Churchill fellow for Global Public Policy leadership at New York University (NYU) and University College London (UCL). This is a snippet of his research work at NYU and UCL.The author is also mentoring a President Awardee startup (Nanotechnology-based) and AI-Blockchain based startup (cross border investment platform)