Is Transnational Data Governance Broken?

Fragmentation of transnational data flows and their governance is emerging globally as the result of evolving differences in approaches to data among major economies, alongside technological and geopolitical competition and conflicts. Divergences in the strategies of the three leaders in data and the most significant standard-setting jurisdictions – the United States, the European Union and China – are creating a serious problem in governance of transnational data flows. The consequence of the problem is a possibility of a world with separate data and internet areas, exported and enforced through competing data and technology regulatory regimes emanating from each leader. Left unaddressed, the problem risks a regression in transnational cooperation in any area that benefits from international data flows – a significant risk in the context of the global digital commons and global digital threats.

At the base of this problem is that each jurisdiction is characterized by an evolving and distinct data governance style based on a number of characteristics: (1) the general attitude towards markets and this evolving policy domain as shown by the variety of capitalist practices, policy priorities, and domestic antitrust and competitiveness measures; (2) the principles guiding public interventions in the data economy as demonstrated by the norms that have defined protective efforts and the control over data attributed to private actors; and (3) the regulatory approaches deployed to exercise control through a combination of rule design and strategies for private and public enforcement.

These data governance styles are hindering the status quo of data globalization. Through US leadership, an extensive cyber regime complex – consisting of international organizations, global corporations, non-governmental organizations and governments – has underpinned the current permission-less, open and liberal internet. The resulting free market for data has enabled data globalization across the world economy, led by large US technology and data companies. The dominance of these companies in the new frontier of digital globalization has – not surprisingly – triggered reactions. Starting with the EU and China, policymakers around the world – and even now in the US – have acted to limit the power of such companies. Data has become a focal point of domestic policies, resulting in the intensification of legislative interventions, regulatory initiatives, administrative enforcement actions, and court decisions.

Credit: helloRuby / Shutterstock.com

The result is a clash of data governance styles that is problematic for three reasons. First, the three jurisdictions are each building data governance frameworks that reflect digital extensions of their existing and emerging priorities. Second, these styles are solidifying into non-interoperable and even conflicting regimes as a result of increasing focus on digital sovereignty, security and direct competition, particularly among the major economies. Third, the emergence of non-interoperable competing approaches to data governance is creating regulatory and technological fragmentation to the detriment of global commons, with the real risk of splintering the global approaches to data and technology, undermining opportunities for multilateral cooperation in this exponentially expanding realm of the global economy.

In looking for solutions, we have considered whether a “Digital Bretton Woods” is necessary. While we view a collective international omnibus solution to the problem based on common global approaches to data flows unlikely, by drawing on the models of bilateral riparian regimes, multilateral regulatory coalitions, and the original plurilateral design of the Bretton Woods system, we argue that technologically enabled mechanisms combining a variety of transnational relationships in a structured framework of data regimes in major jurisdictions may be a possible answer.

No one potential solution alone is a convincing candidate in a transnational framework that is more and more fragmented. A balanced combination of the three, however, may be more palatable and necessary, offering the ability for jurisdictions to choose – and most importantly, to switch between modes of data governance and transmission as needed, while also allowing flexibility for nation states to seek the broadest range of ways to bargain with, or for, sources of data adaptable to different types of data, sectoral requirements, and counterparties, while offering an incremental path to mending the growing fractures.

First, bilateral data governance is bound to grow. This offers the most flexibility in setting rules for both parties in the negotiation. As can be inferred from the growing range of bilateral and plurilateral trade agreements including data transmission rules, the perspective on how data should be included in trade varies, but it is a growing priority. Like bilateral trade agreements, bilateral data agreements are the best way to allow jurisdictions to develop gradually their own frameworks for transnational data governance, offering the ability to forge agreements as necessary. They are also an important basis for gauging international data governance practice from which plurilateral approaches can take shape.

Second, the importance of plurilateral approaches to transnational data governance is in their ability to draw on the benefits of economies of scale. Especially in the digital economy, the availability and frictionless access to data (although not necessarily via ownership or even exclusive control) is becoming more important. Relatively frictionless data travel or access (for instance remotely, perhaps even on an anonymized query-based structure enabled by distributed ledger technology, such as blockchain or other federated data storage technologies) is a necessity to ensure the efficient maintenance of key policies and data-intensive industries, including finance and healthcare.

SWIFT, for example, depends on the ability of banks to receive and send messages across several entities before a payment is confirmed. As data governance standards develop, sectoral coalitions – backed by regulatory regimes requiring a certain level of adherence – are likely to increase, imitating the opt-in system of the EU’s General Data Protection Regulation (GDPR), under systems of mutual recognition. An example of such a trend is the creation of anti-money laundering utilities creating data exchange frameworks between banks and law-enforcement entities, as well as in the formation of major supply-chain finance conglomerates that are combining increasing numbers of stakeholders into a single data system to ensure veracity. For countries with smaller data pools, they may also be the only way to train artificial intelligence (AI) or conduct other machine-learning projects. In the context of ASEAN, a common approach to data is possible and should be a strategic objective. The challenge will then be relations with third parties and their potentially diverging approaches.

Under a vision where all three solutions are being used concurrently, the role of a possible Digital Stability Board (DSB) would be vital to coordinate at the most basic level what the technical standards are for shifting between unique bilateral systems of data transmission, plurilateral networks, and multilateral data supply chains. Like the minimum capital requirements for market risks imposed by the FSB, the DSB would impose minimum cybersecurity requirements, data stewardship standards, and typologies to ensure that data can fit the requirements of a conversion to a different channel of transmission. At an advanced level, for critical data, it may act as a neutral clearing station.

Our proposed balanced model does not require the defragmentation of the transnational data governance network, nor does it require a treaty-based Digital Bretton Woods. Instead, it empowers jurisdictions to choose their data governance relationships by providing a standardized method for opening, closing and swapping between data channels. It provides flexibility even in the case of multiple internets by creating a system that can handle an increasing dynamic of connecting and disconnecting data streams, which is already emerging as a major challenge across Asia and beyond.