Solving the Missing Puzzle in Data Governance

Solving the Missing Puzzle in Data Governance

By Sarthak Luthra, 7 June 2019

‘Isms’ are self-contained hypothesis generators. For example, could we really understand what Data Protectionism is without an understanding of what data protection means? 

Tackling the 21st era of protectionism is gaining more importance, and the policy makers, globally are attempting to strike a fine balance between regulation and technology. While some are allowing technology to evolve ahead of the imposing regulation, others are creating a protectionist perception by imposing restrictions on cross-border data flows.

In the former league countries such as Japan, Singapore and the Philippines have shown acceptance to promoting cross-border data flows. However, in the ASEAN region, which is observing an exponential growth in the e-commerce sector and unicorns, countries such as Vietnam and Indonesia are widely touted for their data localization requirements. Beyond ASEAN, India is also looking at imposing data localization requirements across different policies in the making – the Data Protection Bill and the E-commerce Law.

It is evident that governments across the globe are concerned about data stored overseas, to which they have less oversight and limited enforcement to access. The missing puzzle to this data governance school of thought is that not all data is sensitive – some personal information related to national security must be protected – categories of which could be some categories of personal and non-personal, and anonymous data that can be excessively used across varied sectors, including medical records in the healthcare for cross-border healthcare services (medical tourism), real time data sharing in cross-border manufacturing and production process, among others.

As part of global efforts, the G20 summit scheduled to be hosted in Japan on 28–29 June 2019 in Osaka, can be a stepping stone to fill the missing puzzle. The Abe’s proposal to create a Data Free Flow with Trust is one such regime that bundles data flows with trade. For example, if Vietnam removes the blanket data localization requirements, SMEs and entrepreneurs operating in the rest of the world are more likely to trade with Vietnam and expand in the country without worrying about storing their data in Vietnam or opening mini-data centres, which comes with its own opex and capex. Relatedly, companies already operating their subsidiaries in a data protectionist country, will not be able to transfer data from their overseas subsidiaries, long-term implications of which could not only be a trade war but a data war, i.e., paying a tax on transferring the data from an overseas subsidiary

Amidst the trade war between China and the U.S., the thought of factories and manufacturing firms looking to shift their bases to the other countries including Indonesia and Vietnam, could experience pre-mature obstacles if strong data protectionist regime prevails. Protecting personal data and security are a key components of any data protection regime, but regulations that go beyond could throw the baby out with the bathwater.

So far it is observed that regulatory developments have been reactive, whereas technology developments are relatively more proactive in nature. To address this gap, one of the fundamental elements that needs attention is the implementation and the timeline of a implementing a regulation. Not to mention, the concept of trust needs to be defined clearly, when it comes to data flows.

The recently published paper on Principles and Policies for “Data Free Flow With Trust” by ITIF, effectively elaborates some of the key Call to Action items:

  • Rather than tell firms where they can store or process data, policymakers should hold firms accountable for managing data they collect, regardless of where they store or process it.
  • Countries should revise the inefficient processes and outdated legal agreements that govern law enforcement requests for access to data stored in another country’s jurisdiction.
  • Countries should develop the legal and administrative frameworks (with respective checks and balances) that allow Internet service providers to block data flows that involve the illegal distribution and use of unlicensed content.
  • Countries should support and not undermine encryption’s role in securing data flows and digital technologies.

Wrap up!

A shared approach that ensures data is protected irrespective of the location, helps people and companies maximize the socio-economic benefits, promotes innovation, and avoids prescriptive regulation, should be the foundation of rethinking to integrate in a global digital value chain.


Image Source:

Posted in

Related Articles

China-Central Asia Summit: Highlights, Lessons and Opportunities

By How Yong Yang As it practices its “Peripheral Diplomacy” with its neighbors along its borders, China recently concluded its inaugural in-person China-Central Asia Summit in Xi’an, the capital of northwest China Shaanxi Province. The city was the starting point of the millennia-old Silk Road. To enhance cooperation, Chinese President Xi Jinping has pledged a […]

Sustainable Finance for Energy Transition Efforts: An Update from Indonesia

By Dandy Satriatama A 2015 study, estimated that unmitigated climate change could drastically reduce the income of the average person on Earth by roughly 23 percent in the year 2100. The findings further indicate climate change will widen the global inequality between rich and poor countries. The world’s poorest 40 percent of nations are predicted […]

De-dollarization: Gaining momentum in Southeast Asia? 

By Victoria Hyde De-dollarization is nothing new, but could the latest trend away from the dollar prove long-lasting?  The US dollar has been the dominant global currency for decades, with countries around the world using it as a means to exchange, store value, and manage their respective domestic currencies. After the US emerged as a […]