Solving the Missing Puzzle in Data Governance

Solving the Missing Puzzle in Data Governance

By Sarthak Luthra, 7 June 2019

‘Isms’ are self-contained hypothesis generators. For example, could we really understand what Data Protectionism is without an understanding of what data protection means? 

Tackling the 21st era of protectionism is gaining more importance, and the policy makers, globally are attempting to strike a fine balance between regulation and technology. While some are allowing technology to evolve ahead of the imposing regulation, others are creating a protectionist perception by imposing restrictions on cross-border data flows.

In the former league countries such as Japan, Singapore and the Philippines have shown acceptance to promoting cross-border data flows. However, in the ASEAN region, which is observing an exponential growth in the e-commerce sector and unicorns, countries such as Vietnam and Indonesia are widely touted for their data localization requirements. Beyond ASEAN, India is also looking at imposing data localization requirements across different policies in the making – the Data Protection Bill and the E-commerce Law.

It is evident that governments across the globe are concerned about data stored overseas, to which they have less oversight and limited enforcement to access. The missing puzzle to this data governance school of thought is that not all data is sensitive – some personal information related to national security must be protected – categories of which could be some categories of personal and non-personal, and anonymous data that can be excessively used across varied sectors, including medical records in the healthcare for cross-border healthcare services (medical tourism), real time data sharing in cross-border manufacturing and production process, among others.

As part of global efforts, the G20 summit scheduled to be hosted in Japan on 28–29 June 2019 in Osaka, can be a stepping stone to fill the missing puzzle. The Abe’s proposal to create a Data Free Flow with Trust is one such regime that bundles data flows with trade. For example, if Vietnam removes the blanket data localization requirements, SMEs and entrepreneurs operating in the rest of the world are more likely to trade with Vietnam and expand in the country without worrying about storing their data in Vietnam or opening mini-data centres, which comes with its own opex and capex. Relatedly, companies already operating their subsidiaries in a data protectionist country, will not be able to transfer data from their overseas subsidiaries, long-term implications of which could not only be a trade war but a data war, i.e., paying a tax on transferring the data from an overseas subsidiary

Amidst the trade war between China and the U.S., the thought of factories and manufacturing firms looking to shift their bases to the other countries including Indonesia and Vietnam, could experience pre-mature obstacles if strong data protectionist regime prevails. Protecting personal data and security are a key components of any data protection regime, but regulations that go beyond could throw the baby out with the bathwater.

So far it is observed that regulatory developments have been reactive, whereas technology developments are relatively more proactive in nature. To address this gap, one of the fundamental elements that needs attention is the implementation and the timeline of a implementing a regulation. Not to mention, the concept of trust needs to be defined clearly, when it comes to data flows.

The recently published paper on Principles and Policies for “Data Free Flow With Trust” by ITIF, effectively elaborates some of the key Call to Action items:

  • Rather than tell firms where they can store or process data, policymakers should hold firms accountable for managing data they collect, regardless of where they store or process it.
  • Countries should revise the inefficient processes and outdated legal agreements that govern law enforcement requests for access to data stored in another country’s jurisdiction.
  • Countries should develop the legal and administrative frameworks (with respective checks and balances) that allow Internet service providers to block data flows that involve the illegal distribution and use of unlicensed content.
  • Countries should support and not undermine encryption’s role in securing data flows and digital technologies.

Wrap up!

A shared approach that ensures data is protected irrespective of the location, helps people and companies maximize the socio-economic benefits, promotes innovation, and avoids prescriptive regulation, should be the foundation of rethinking to integrate in a global digital value chain.

 

Image Source: https://digital-luxembourg.public.lu/initiatives/free-flow-data-regulation

Posted in

Related Articles

India Follows Suit in Addressing Digital Taxes

India Follows Suit in Addressing Digital Taxes 30 August 2019, By Alex Nnamchi As the lack of implementation of digital taxation towards multinational tech giants becomes increasingly acknowledged, governments are seeking ways to correct this. Being the second-most populous country with a large online presence, India is following suit. The Central Board of Direct Taxes […]

Shares Skyrocket as China Launches New Stock Market to Compete with Nasdaq

Shares Skyrocket as China Launches New Stock Market to Compete with Nasdaq By Alex Nnamchi, 8 August 2019 In its first week of launching, China’s new Nasdaq style equity exchange board has gotten off to an explosive start.  Deemed “STAR” for short, the Shanghai Stock Exchange Science and Technology Innovation Board began trading last Monday […]

New cryptocurrency Libra, opportunities and challenges for Thailand

Libra and impacts on Thailand The official announcement of new digital currency “Libra” by Facebook and its 27 partners last month has heightened regulatory concern for authorities around the world. The move to create its own cryptocurrency platform by global tech heavyweights, may echo a new era of financial disruption.  Authorities around the world including […]