IGF 2021 WS #80 Trustworthy data flows – what’s at stake and what is needed?

Time
Thursday, 9th December, 2021 (13:00 UTC) - Thursday, 9th December, 2021 (14:30 UTC)
Room
Ballroom C

Organizer 1: Timea Suto, ICC BASIS
Organizer 2: Angèle Beauvois, International Chamber of Commerce
Organizer 3: Ben Wallis, Microsoft

Speaker 1: Norman Barbosa, Technical Community, Western European and Others Group (WEOG)
Speaker 2: Audrey Plonk, Intergovernmental Organization, Western European and Others Group (WEOG)
Speaker 3: Gregory Nojeim, Civil Society, Western European and Others Group (WEOG)
Speaker 4: Heather Dryden, Government, Western European and Others Group (WEOG)
Speaker 5: Joseph Whitlock, Private Sector, Western European and Others Group (WEOG)
Speaker 6: Lee Tuthill, Intergovernmental Organization, Western European and Others Group (WEOG)
Speaker 7: Nabila Hussain, Civil Society, Asia-Pacific Group

Additional Speakers

Ms Robyn Greene, Privacy Policy Manager, Meta

Mr Michael De Santis, Senior Policy Advisor, Innovation, Science and Economic Development, Government of Canada

Moderator

Timea Suto, Private Sector, Eastern European Group

Online Moderator

Angèle Beauvois, Private Sector, Intergovernmental Organization

Rapporteur

Ben Wallis, Private Sector, Western European and Others Group (WEOG)

Format

Round Table - Circle - 90 Min

Policy Question(s)

Data governance and trust, globally and locally: What is needed to ensure that existing and future national and international data governance frameworks are effective in mandating the responsible and trustworthy use of data, with respect for privacy and other human rights?
Data transfers, trade, cooperation and trust: What is the role of local and international norms and principles in facilitating trustworthy international data transfers for trade and cooperation?

Additional Policy Questions Information: Unpacking the topic of trusted cross-border data flows, the session will focus primarily on understanding the barriers for trust in data flows and in exploring potential solutions. The session, in two parts, will aim to respond to the following specific questions: Part 1: Understanding the issues: - How does the lack of trust create barriers to cross-border data flows? - What are the economic and societal impacts of disruption to such flows? Part 2: Developing solutions - What are essential elements that can enhance trust and facilitate data free flow in a data governance framework? - What are policy mechanisms or ongoing initiatives that can be leveraged to further progress in developing such frameworks? - What role can data have to help enhance trust? (e.g. what type of data about data can help to enable more informed solution?)

SDGs

1.1
2.3
2.b
2.c
3.8
3.b
3.d
4.1
4.3
4.4
5.1
5.5
6.5
7.a
8.2
8.3
8.4
9.1
9.2
9.3
9.5
10.3
10.7
11.2
11.3
11.b
12.2
12.4
12.b
13.1
14.4
14.a
15.1
15.2
15.3
15.4
15.5
15.6
15.c
16.5
16.6
17.18

Targets: The United Nations Sustainable Development Goals (SDGs) call for several advances by the year 2030. Although information communication technologies (ICT) are cited as specific targets in only four of the SDGs (4, 5, 9 and 17), we believe ICT and digital technologies play a role in the realization of all of the SDGs by equipping populations with tools to relieve poverty, access education, achieve gender parity, provide basic healthcare and financial services, conserve ecosystems and reduce CO2 emissions, spur economic growth or increase their resilience in the face of global crises – just to name a few. Global data flows are vital in sustaining these opportunities on the long run and ensure efforts are impactful across geographies and cultures. This workshop aims to identify the trust barriers that inhibit global data flows and to discuss how to overcome these barriers so that progress on all 17 SDGs can be achieved with the catalyzing power of trusted cross-border data flows.

The issue

In an increasingly interconnected world, the ability to transfer digital information across borders has become an essential component whether to enable economic growth, facilitate access to education, healthcare or other social services or just simply empower people across the world to access information and connect with each-other. Data transfers are estimated to contribute $2.8 trillion to global GDP—a share that exceeds the global trade in goods and is expected to grow to $11 trillion by 2025. This value is shared by traditional industries like agriculture, logistics, and manufacturing, which realise 75% of the value of the data transfers.

Resilient economies and societal well-being depend on the trusted and uninterrupted flow of data between countries. Our experience during the pandemic made clear that as organizations of all sizes, across all sectors, all over the world move to online-first or online only, virtually no economic activity today happen in national silos. Instead, it depends on close interaction with commercial partners and customers in different countries. The processing and transfer of personal data underlie these exchanges, including remote work and virtual collaboration, distance learning, sustaining supply chain and business operations, providing healthcare remotely, increasing digital security, fighting against cybercrime and child abuse online, fraud monitoring and prevention, and a broad range of other activities that relate to the protection of health, privacy, and security. These services, when secure and respectful of the protection of data, enable the digital ecosystem to function efficiently, businesses to provide critical products and services, and people to stay connected with friends, family and communities, as well as the causes they care about and the businesses they support and depend on.

To take just one example, the international collaborations on COVID-19 research and responses demonstrate how these flows have enabled new discoveries, information sharing, and collaboration, to help mitigate the global crisis by enabling better understanding of the virus, tracking of the spread of the pandemic and evolution of the different variants, and development and distribution of vaccines. At the same time, global data flows have enabled more efficient production, manufacturing and distribution of much needed medical equipment, along with the digital services that are foundational to the continuity of our lives, our communities, societies and governments.

Nevertheless, we are seeing trust in international data flows being eroded because of concerns over security and data protection, consumers’ rights, universal human rights and freedoms, including privacy rights, and the lack of clarity, transparency, and consistency between national approaches to government access to data held by the private sector. These increased concerns and reduced trust have led to uncertainty that may discourage individuals’, businesses’, communities’ and even governments’ participation in a global economy that is increasingly digital, and can negatively impact economic growth when it is most needed. This session aims to better understand the causes and impact of this lack of trust and to offer an opportunity for participants to explore together potential solutions towards developing comprehensive data governance frameworks that enhance trust and facilitate data free flows.

The session has a dual focus:

  • Firstly, it aims to contribute to the shared understanding of the issues at stake and explore how this lack of trust create barriers to cross-border data flows and what are the economic and societal impacts of disruption to such flows?
  • Secondly, it aims to bring diverse stakeholders together to discuss potential solutions and determine what are the essential elements that can enhance trust and facilitate data free flow in a data governance framework. They will also take stock of existing policy mechanisms or ongoing initiatives that can be leveraged to further progress in developing such frameworks. In their discussions, participants will also consider what role can data itself have to help enhance trust (for example, what type of data about data can help to enable more informed solutions)?

The discussion

The session aims to bring together experts from various organizations that are developing data governance frameworks and related policy and regulatory measures or recommendations, as well as representatives of all stakeholder groups contributing to or impacted by such frameworks and policies. Following a short scene-setter presentation, two roundtables will be taking place, where different experts will be invited to lead the discussions with all participants, based on the policy questions outlined above. Each roundtable will have thought-starter intervention by the speakers to stimulate a lively and interactive exchange with the audience members to provide further perspectives and to complement or challenge the speakers’ point of view. Online participation will be aided by a remote moderator, who will capture thoughts and questions expressed in writing in the chat and weave them into the conversation.

The agenda

Although discussion and participants contributions will ultimately drive the agenda, the following will be used to guide conversation:

  1. Setting the scene (10 minutes): the session will start with the introduction of invited speakers and a short setting the scene presentation
  2. Understanding the issues (30 minutes): Speakers, from various backgrounds and different policy perspectives will reflect on the use and value of data and data flows in their respective fields and discuss the economic and societal impacts of disruption to such flows due to decreasing levels of trust.
  3. Developing solutions (40 minutes): Speakers will take the floor in turn to answer the following questions and stimulate discussion with all participants: What are essential elements that can enhance trust and facilitate data free flow in a data governance framework? What are policy mechanisms or ongoing initiatives that can be leveraged to further progress in developing such frameworks? What role can data have to help enhance trust? (e.g. what type of data about data can help to enable more informed solution?)
  4. Wrap-up (10 minutes): the moderator, with the help of the rapporteur, will summarize the discussion and ask the speakers and audience to comment on the session’s key takeaways

Session format

The goal of the roundtable format is to create an open forum in which speakers and attendees participate equally in the discussion and knowledge sharing. The session will open with a short setting the scene presentation to frame the discussion and ensure all participants have a shared base for the subsequent discussions. Each topical roundtable, as outlined above, will have further thought-starter interventions by invited experts, and for the remainder of each roundtable, the speakers become facilitators, inviting comments and questions from those around the (virtual) room and letting the audience dictate the ultimate direction of the conversation. This will allow attendees to drive their own learning, listen to multiple perspectives on the same issue, and share experiences with individuals throughout the room.

 

Expected Outcomes

The workshop will provide participants with an improved understanding of both the technical, economic and policy elements necessary to enhance trust in cross-border data flows. The summary of the workshop will feature a list of initiatives, resources or case studies mentioned by speakers and participants and will provide a menu of good practices for policy approaches. Lastly, the workshop will aim to highlight areas for future action and potential questions to be explored in future IGF sessions.

Online Participation

Online interaction in this session will be facilitated by incorporating in real-time the thoughts and questions of the audience expressed in writing in the chat or Q&A function of the online platform provided for the session. Prospective participants are also encouraged to share their questions in advance, using the "raise a question" feature on this page.

Key Takeaways (* deadline 2 hours after session)

Economic and societal value of cross-border data flows: economic opportunity and growth, supporting global supply chains, central to business operations and entire economic sectors, enabling companies of all sizes to address bigger markets. Essential to the delivery of public services; for better understanding and acting on cybersecurity threats; and for human rights in terms of access to information and freedom of expression.

The Internet is not bilateral in nature, so governing access to, and the sharing of, data needs to be based via multilateral rather than bilateral solutions. It is not about necessarily having identical rules and regulation in every country, but rules and standards to govern the cross-border flows of data need to be interoperable, flexible and future-proof.

Call to Action (* deadline 2 hours after session)

Governments, supported by international organisations, should pursue international and interoperable agreements, standards and principles to enable secure and responsible transfers of data across borders.

This should be done in an informed way by drawing on evidence and consulting stakeholders to understand the scale and scope of the value of trusted data flows, whilst also providing appropriate protection of personal data and other rights and interests.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

 

Part 1: Cross-border data flows – what’s at stake?

Cross-border data flows bring great economic value: 

  • Data transfers are estimated to contribute about $2.8 trillion to global GDP, exceeding global trade in goods, and are expected to grow to $11 trillion by 2025.
  • They are important for economic opportunity and growth, supporting global supply chains, enabling companies of all sizes to address bigger markets, and playing a central role in the operation of many businesses and entire economic sectors - 75% of the value of data transfers is estimated to benefit sectors such as logistics, manufacturing, and agriculture.

Cross-border data flows bring great societal value: 

  • They are essential to the delivery of public services
  • They play a vital role in understanding and acting on cybersecurity threats that continue to increase in number and sophistication, enabling companies and law enforcement authorities to protect customers across the world from cybersecurity threats 
  • They are important for the exercise of human rights, e.g., in terms of access to information and freedom of expression.
  • The exchange of research data was crucial to the development of treatment and vaccines that have been deployed to tackle COVID-19.

However, all of these benefits are increasingly dependent on, and on occasions undermined by, some of the ways in which rules and norms to govern access to, and sharing of, data are being developed. Sometimes this is a consequence of a legitimate desire to protect personal data or other rights that does not always weigh these protections against the importance of cross-border data flows. Also, there is a growing trend of “data nationalism”, a view that all data generated in a particular country must remain within that country. 

Part 2: Cross-border data flows – what’s needed?

The Internet is not bilateral in nature, so governing access to, and the sharing of, data needs to be based not on bilateral solutions but rather on multilateral ones (though it is recognised that it can be extremely difficult to get agreements on common policy and regulatory principles). It is not about necessarily having identical rules and regulation in every country, but, to help governments navigate trade-offs and opportunities around data governance,  rules and standards to govern the cross-border flows of data need to be interoperable, flexible and future-proof.

Governments should therefore pursue international and interoperable agreements, codes of conduct, data governance standards and principles to enable trusted transfers of data across borders, taking into account:

  • The value of international organisations as places to negotiate agreements, but also as fora for discussion where different countries and different voices are represented.
  • The merit of tackling issues in an informed way by drawing on evidence and an understanding of the implications of different approaches to data transfers, and the scale and scope of the value of data flows so they can be appropriately weighed against the important efforts to protect personal data.
  • The importance of multi-disciplinary and multistakeholder collaboration by enabling discussions between different parts of government (e.g., representing law enforcement and national security, trade, privacy and consumer protection, as well as the sectors of industry that rely on and benefit from data flows) and bringing in voices from industry and civil society to reflect a very broad range of expertise and interest to help guide principles and avoid siloed thinking.

Panelists noted a number of international venues, approaches and regulatory frameworks that can be drawn upon to think about how to balance interests and safeguard secure and responsible data transfers. 

  • One place to look is WTO norms where there is a presumption in favour of the flows of goods across borders, but with safeguards as well as a recognition of the rights of governments to regulate in non-discriminatory and transparent ways consistent with good regulatory practices. The WTO provides a broad international framework that has been tested and developed over decades, which could play a role in reaffirming core principles.
  • A 2021 OECD  Recommendation on enhancing access to and sharing of data notes the importance of international dialogue and includes recommendations about minimizing restrictions to cross border data, and that measures that condition such flows should be nondiscriminatory, transparent, necessary and proportionate.
  • The APEC Cross-Border Privacy Rules (CBPR) is a framework that ensures responsibility, security and trust in data transfers.
  • The Canadian approach to cross-border data flows underpinned by principles of meaningful consent and accountability – it does not prohibit organisations from transferring personal data outside of Canada but does require those organisations to get consent from the individual and to remain accountable for, and retain some control over, that data, even when transferred across borders. This was contrasted with the less flexible and more complex GDPR. While the GDPR has been very important in starting to address the trust deficit, the requirement for adequacy decisions or other approvals from regulators can become de facto data localization because of the lengthy time it can take to establish those agreements, particularly for developing countries. 

Two recent reports looking at the role of cross-border data flows in economic growth for developing countries were mentioned in response to a question about how to share the prosperity and benefits of data across various parts of the world.

  • An UNCTAD report on cross-border data flows notes that data nationalisation threatens the interests of developing countries in particular because reducing the sharing of information and data reduces market opportunities for MSMEs in those countries.
  •  

    A World Bank report on data for better lives calls for a new social contract that enables the use and reuse of data to create economic and social value and ensures equitable access to that value.