07 Sep

Posted by: Aishwarya Bhatia

Category: Governance

Gearing up for the G-20 Summit, Delhi 2023, this September, India is ready to host leaders from different nations to address the global economy, climate change mitigation and sustainable development.

Our director and co-founder, Swapnil Shekhar’s post on data being the new water and not oil sparked a conversation about data flowing across borders and the growing discourse about data resilience, data localization and privacy.

But first:

What is cross-border data flow?

It refers to the movement of information between computer servers across national borders. Shopping online, using social media platforms to connect with friends and family, or any other online activity is part of the cross-border data flow process.

In lieu of the G-20 summit, the use of data for addressing the key issues mentioned above will be a crucial topic of discussion. It will also allow different nations to put their stance on cross-border data flow and their approaches to use data for better governance.

However, recent debates around using data as a commodity have increased interest in how we classify its utility. Sure, data as the “new oil” intimates its importance as a crucial tool for the globe, but it also posits it as a commodity that can be sold for profits. The idea, now, is that data is more like water, a universal resource accessible to the world while also being protected for national use.

However, different nations have different policies governing data use, and commonly, it is blanketed under two broad categories: democratic and autocratic. It is important to define these two terms, especially in this context. Democratic use of data is said to be based on open approaches that rely on market mechanisms, while autocratic use of data privileges the role of the state and aims to strengthen the capacity to harness all data, both public and private.

Today, no coherent international framework defines cross-border data exchange, which is why different nations have adopted different approaches, especially based on their context and needs. This blog will explore this kind of diversity and see how data governance models reflect unique features of their institutions and political cultures.

1. India

India’s digital future hinges on how it manages cross-border data flows. Having reaped the benefits of being digitally connected and chasing an open market policy in the areas, the free flow of data is crucial to this equation. However, this approach to data use has also brought significant issues, such as unlawful data access, data monopolization, and unchecked data extraction.

With the recent developments in the passing of the Digital Personal Data Protection Act 2023, India has chosen to transfer the personal data of its citizens to all countries except a “specified negative list” where these transfers would be restricted. This has not hindered India’s approach towards data sharing and data empowerment, which remain the most important drives of India’s strategy on data governance.

2. USA

The United States has adopted a laissez-faire approach that supports the unrestricted flow of data across borders to prioritizes commercial interests over privacy in its digital trade policy. It does not have all-purpose federal legislation on data protection for either personal or non-personal data. Furthermore, the US emphasizes advocating for an internal dialogue on a singular approach that can aid the interoperability of different regulatory regimes. Having signed the Osaka Declaration on Digital Economy, which stresses that by continuing to respond to privacy, data protection, and other security-related challenges, the nations can facilitate the free flow of data and enhance the trust of consumers and businesses.

3. EU

The EU General Data Protection Regulation (GDPR) focuses on privacy concerns and governs how individual’s personal data in the EU may be processed and transferred. As for cross-border data transfers to non-EU countries and international organizations, this commission assesses the level of protection given by a territory or processing sector in that particular area and only allows transfers wherever there are appropriate safeguards in place.

4. China

China’s regulations about data use is largely based on mechanisms that secure national security and other public interests. Data flow across borders is more stringent in China than in the EU. Ease of business and individual data rights, while important, are considered secondary in China’s hierarchy of concerns, the primary being national security. For example, non-Chinese firms that work with Chinese data face increased operational costs, making domestic firms more likely to gain market share and eventually fostering national IT champions. China’s multiple data protection models, such as the Cyber Security Law (CSL), the Data Security Law (DSL), and the Personal Information Protection Law (PIPL), have hampered cross-border data flows, which suit the country’s contextual needs and priorities.

Numerous other countries have developed legal frameworks that suit their data processing requirements, while some nations have no legislation around data protection at the moment. The idea for these global summits, such as G-20, is to inform data governance systems on an international level so that we can work collectively and collaboratively to create a system that simultaneously ensures everyone’s well-being and protection.