Data Localization and Barriers to Crossborder Data Flows

Organised by
Internet Governance Forum
19 December 2017
Room XXVI - E, Palais des Nations, Geneva

The past few years have witnessed an increasingly intense debate on the world-wide growth of national data localization restrictions and barriers to Cross-Border Data Flows (CBDF). Data localization proposals and policies typically involved requirements such as: data must be processed by entities physically within a national territory; data processing must include a specific level of “local content,” or the use of locally provided services or equipment; data must be locally stored or “resident” in a national jurisdiction; data processing and/or storage must conform to national rather than internationally accepted technical and operational standards; or data transfers must be routed largely or solely within a national or regional space when possible. Barriers to CBDF may involve: prohibitions on the transfer of personally identifiable information to jurisdictions deemed to have inadequate laws regarding privacy and data protection; censorship and other limitations on information that governments deem to be ‘sensitive;’ or digital trade protectionism. Governments’ motivations for establishing such policies vary and may include goals such as promoting local industry, technology development, employment, and tax revenue; protecting their citizens’ privacy (or in some cases, claiming to); ensuring access to data for the purposes of law enforcement, and more broadly defending their legal jurisdiction over data; or advancing national security or an expansive vision of “cyber-sovereignty.”

The stakes here are high. For example, the McKinsey Global Institute has estimated that data flows enabled economic activity that boosted global GDP by US $2.8 trillion in 2014, and that data flows now have a larger impact on growth than traditional flows of traded goods. The growth of localization measures and barriers to data transfers could reduce these values and significantly impair not only business operations but also economic development and many vital social processes that are predicated upon the movement of data across a relatively open and unfragmented Internet. Accordingly, specific language limiting such policies has been included in a number of “mega-regional” trade agreements, such as the Trans-Pacific Partnership (TPP), the Transatlantic Trade and Investment Partnership (TTIP) and the Trade in Services Agreement (TiSA). While the TPP has been rejected by the new US government and the forecast for other agreements is cloudy at best, it is possible that at least some of the policies in question are inconsistent with certain governments’ existing commitments under the World Trade Organization’s (WTO) General Agreement on Trade in Services (GATS). Even so, the extent to which these issues should be addressed via trade instruments remains a highly controversial issue, with many in the global Internet community and civil society remaining very critical of non-transparent intergovernmental approaches to an increasingly important piece of global Internet governance, and many privacy advocates vehemently opposing the potential application of trade rules to personal data.

Accordingly, the purposes of this proposed workshop are four-fold. First, it would bring together senior participants in the international trade and Internet governance communities that to date have not had sufficient opportunities to dialogue on their respective approaches to these and related issues. Second, it would take stock of the growth of data localization measures and barriers to data flows and assess the scope and impacts of such policies. Third, it would consider what can be achieved via international trade instruments given the current geopolitical context. Fourth, and most importantly, it would explore the possibility of constructing a parallel track of multistakeholder dialogue and decisionmaking that is balanced and enjoys the support of diverse actors around the world. In particular, we would consider whether a global community of expertise and practice can be constructed to share information and devise effective normative agreements on the issues. Normative agreements involving sufficient monitoring and reporting could help to ensure that data policies are not applied in a manner that constitutes arbitrary discrimination or disguised digital protectionism, and do not impose restrictions that are greater than what is required to achieve legitimate public policy objectives.

ICTSD will be represented by its Chief Executive, Ricardo Meléndez-Ortiz, who will participate as a speaker in the session.