Solving the Missing Puzzle in Data Governance

Solving the Missing Puzzle in Data Governance

By Sarthak Luthra, 7 June 2019

‘Isms’ are self-contained hypothesis generators. For example, could we really understand what Data Protectionism is without an understanding of what data protection means? 

Tackling the 21st era of protectionism is gaining more importance, and the policy makers, globally are attempting to strike a fine balance between regulation and technology. While some are allowing technology to evolve ahead of the imposing regulation, others are creating a protectionist perception by imposing restrictions on cross-border data flows.

In the former league countries such as Japan, Singapore and the Philippines have shown acceptance to promoting cross-border data flows. However, in the ASEAN region, which is observing an exponential growth in the e-commerce sector and unicorns, countries such as Vietnam and Indonesia are widely touted for their data localization requirements. Beyond ASEAN, India is also looking at imposing data localization requirements across different policies in the making – the Data Protection Bill and the E-commerce Law.

It is evident that governments across the globe are concerned about data stored overseas, to which they have less oversight and limited enforcement to access. The missing puzzle to this data governance school of thought is that not all data is sensitive – some personal information related to national security must be protected – categories of which could be some categories of personal and non-personal, and anonymous data that can be excessively used across varied sectors, including medical records in the healthcare for cross-border healthcare services (medical tourism), real time data sharing in cross-border manufacturing and production process, among others.

As part of global efforts, the G20 summit scheduled to be hosted in Japan on 28–29 June 2019 in Osaka, can be a stepping stone to fill the missing puzzle. The Abe’s proposal to create a Data Free Flow with Trust is one such regime that bundles data flows with trade. For example, if Vietnam removes the blanket data localization requirements, SMEs and entrepreneurs operating in the rest of the world are more likely to trade with Vietnam and expand in the country without worrying about storing their data in Vietnam or opening mini-data centres, which comes with its own opex and capex. Relatedly, companies already operating their subsidiaries in a data protectionist country, will not be able to transfer data from their overseas subsidiaries, long-term implications of which could not only be a trade war but a data war, i.e., paying a tax on transferring the data from an overseas subsidiary

Amidst the trade war between China and the U.S., the thought of factories and manufacturing firms looking to shift their bases to the other countries including Indonesia and Vietnam, could experience pre-mature obstacles if strong data protectionist regime prevails. Protecting personal data and security are a key components of any data protection regime, but regulations that go beyond could throw the baby out with the bathwater.

So far it is observed that regulatory developments have been reactive, whereas technology developments are relatively more proactive in nature. To address this gap, one of the fundamental elements that needs attention is the implementation and the timeline of a implementing a regulation. Not to mention, the concept of trust needs to be defined clearly, when it comes to data flows.

The recently published paper on Principles and Policies for “Data Free Flow With Trust” by ITIF, effectively elaborates some of the key Call to Action items:

  • Rather than tell firms where they can store or process data, policymakers should hold firms accountable for managing data they collect, regardless of where they store or process it.
  • Countries should revise the inefficient processes and outdated legal agreements that govern law enforcement requests for access to data stored in another country’s jurisdiction.
  • Countries should develop the legal and administrative frameworks (with respective checks and balances) that allow Internet service providers to block data flows that involve the illegal distribution and use of unlicensed content.
  • Countries should support and not undermine encryption’s role in securing data flows and digital technologies.

Wrap up!

A shared approach that ensures data is protected irrespective of the location, helps people and companies maximize the socio-economic benefits, promotes innovation, and avoids prescriptive regulation, should be the foundation of rethinking to integrate in a global digital value chain.

 

Image Source: https://digital-luxembourg.public.lu/initiatives/free-flow-data-regulation

Posted in

Related Articles

What’s Next for AI Governance in ASEAN?

ASEAN is a remarkably diverse region. With over 655 million individuals and 11 official languages across ten states, AI is expected to have a significant impact on every facet of life in ASEAN. AI is already changing how we think about safety, governance, and public discourse, among many other aspects of our social, political, and […]

Vietnam- Embracing Innovation: The Role of FinTech, RegTech, and SupTech in Modern Finance  

In recent years, the Vietnamese financial sector has experienced a wave of innovation driven by FinTech (financial technology), RegTech (regulatory technology), and SupTech (supervisory technology). These technologies promise to enhance the efficiency, transparency, and accessibility of financial services while supporting regulatory compliance and improving oversight. However, to ensure that these developments remain beneficial for customers […]

Southeast Asia’s New Frontier: Welcoming the World’s Digital Nomads

By Mark Chan  Now that we are a few years past the height of the pandemic, the concept of digital nomads is no longer novel. The shift to remote work has reshaped how many people choose to live and travel, which has led to lasting change even as workplace norms continue to evolve. Digital nomads […]