Solving the Missing Puzzle in Data Governance

Solving the Missing Puzzle in Data Governance

By Sarthak Luthra, 7 June 2019

‘Isms’ are self-contained hypothesis generators. For example, could we really understand what Data Protectionism is without an understanding of what data protection means? 

Tackling the 21st era of protectionism is gaining more importance, and the policy makers, globally are attempting to strike a fine balance between regulation and technology. While some are allowing technology to evolve ahead of the imposing regulation, others are creating a protectionist perception by imposing restrictions on cross-border data flows.

In the former league countries such as Japan, Singapore and the Philippines have shown acceptance to promoting cross-border data flows. However, in the ASEAN region, which is observing an exponential growth in the e-commerce sector and unicorns, countries such as Vietnam and Indonesia are widely touted for their data localization requirements. Beyond ASEAN, India is also looking at imposing data localization requirements across different policies in the making – the Data Protection Bill and the E-commerce Law.

It is evident that governments across the globe are concerned about data stored overseas, to which they have less oversight and limited enforcement to access. The missing puzzle to this data governance school of thought is that not all data is sensitive – some personal information related to national security must be protected – categories of which could be some categories of personal and non-personal, and anonymous data that can be excessively used across varied sectors, including medical records in the healthcare for cross-border healthcare services (medical tourism), real time data sharing in cross-border manufacturing and production process, among others.

As part of global efforts, the G20 summit scheduled to be hosted in Japan on 28–29 June 2019 in Osaka, can be a stepping stone to fill the missing puzzle. The Abe’s proposal to create a Data Free Flow with Trust is one such regime that bundles data flows with trade. For example, if Vietnam removes the blanket data localization requirements, SMEs and entrepreneurs operating in the rest of the world are more likely to trade with Vietnam and expand in the country without worrying about storing their data in Vietnam or opening mini-data centres, which comes with its own opex and capex. Relatedly, companies already operating their subsidiaries in a data protectionist country, will not be able to transfer data from their overseas subsidiaries, long-term implications of which could not only be a trade war but a data war, i.e., paying a tax on transferring the data from an overseas subsidiary

Amidst the trade war between China and the U.S., the thought of factories and manufacturing firms looking to shift their bases to the other countries including Indonesia and Vietnam, could experience pre-mature obstacles if strong data protectionist regime prevails. Protecting personal data and security are a key components of any data protection regime, but regulations that go beyond could throw the baby out with the bathwater.

So far it is observed that regulatory developments have been reactive, whereas technology developments are relatively more proactive in nature. To address this gap, one of the fundamental elements that needs attention is the implementation and the timeline of a implementing a regulation. Not to mention, the concept of trust needs to be defined clearly, when it comes to data flows.

The recently published paper on Principles and Policies for “Data Free Flow With Trust” by ITIF, effectively elaborates some of the key Call to Action items:

  • Rather than tell firms where they can store or process data, policymakers should hold firms accountable for managing data they collect, regardless of where they store or process it.
  • Countries should revise the inefficient processes and outdated legal agreements that govern law enforcement requests for access to data stored in another country’s jurisdiction.
  • Countries should develop the legal and administrative frameworks (with respective checks and balances) that allow Internet service providers to block data flows that involve the illegal distribution and use of unlicensed content.
  • Countries should support and not undermine encryption’s role in securing data flows and digital technologies.

Wrap up!

A shared approach that ensures data is protected irrespective of the location, helps people and companies maximize the socio-economic benefits, promotes innovation, and avoids prescriptive regulation, should be the foundation of rethinking to integrate in a global digital value chain.


Image Source:

Posted in

Related Articles

How will South Korea’s Online Platform Self-Regulation Work?

By Somang Yang | August 2, 2022 Photo by Joongil Lee on unsplash Since the Yoon Seok-yeol administration took office with a deregulatory zeal, the fate of various legislative efforts to regulate the power of online platforms look doomed. The “Online Platform Fairness Act” was promoted by the ruling Democratic Party of Korea during the Moon […]

Vietnam’s new FDI Strategy promises opportunities for tech companies

By Nga Dao | June 14, 2022, 2.00pm Photo by Samson on unsplash Vietnam’s Deputy Prime Minister Pham Binh Minh has signed off Decision 667/QD-TTg approving the Strategy for foreign investment cooperation in the 2021-2030 period. The Strategy was issued following Resolution 50-NQ/TW of the Politburo (the highest body of the Communist Party of Vietnam) […]

The Indo Pacific Economic Framework for Prosperity

By Mark Chan | June 5, 2022, 2.00pm SGT Photo by Adrian Schwarz on unsplash First proposed by U.S. President Joe Biden at the East Asia Summit in October 2021, the Indo-Pacific Economic Framework for Prosperity (IPEF) has garnered significant attention following its launch in May 2022. It is widely seen as an attempt at […]