IGF 2022 WS #69 Governing Cross-Border Data Flows, Trade Agreements & Limits

Tuesday, 29th November, 2022 (13:20 UTC) - Tuesday, 29th November, 2022 (14:50 UTC)

Organizer 1: Yik Chan Chin, ICANN & Beijing Normal University
Organizer 2: Ioana Stupariu, Central European University
Organizer 3: Michael Karanicolas, Mr

Speaker 1: Yik Chan Chin, Technical Community, Asia-Pacific Group
Speaker 2: Zhisong Deng, Private Sector, Asia-Pacific Group
Speaker 3: Locknie Hsu, Civil Society, Asia-Pacific Group
Speaker 4: Courtney Radsch, Civil Society, Western European and Others Group (WEOG)
Speaker 5: Meri Baghdasaryan, Civil Society, Eastern European Group
Speaker 6: Rolf H. Weber, Civil Society, Western European and Others Group (WEOG)
Speaker 7: Mansi Kedia, Civil Society, Asia-Pacific Group


Michael Karanicolas, Civil Society, Western European and Others Group (WEOG)

Online Moderator

Ioana Stupariu, Civil Society, Eastern European Group


Yik Chan Chin, Technical Community, Asia-Pacific Group


Round Table - U-shape - 90 Min

Policy Question(s)

The workshop intends to address the following three policy questions in relation to issues of cross-border data regulations, digital trade agreements, privacy and national/cyberspace security: This workshop will tackle those questions from a global perspective through its regional diverse speakers from the Europe, USA, China, India and Singapore. 1. What are the major characteristics of the cross-border data governance framework of major trading countries? what methods are used by their regulators to protect privacy and national/cyberspace security in their cross-border data regulations? What could be done to improve the current framework? 2. How have countries circumvented diemmma due to different considerations such as personal information protection, promotion of free trade, and maintenance of national and cyberspace security in their bilateral or regional trade agreements to promote the varying legal frameworks for cross-border data flows ? What measures are used to protect privacy and national/cyberspace security? What could be done to improve the current measures? 3. Will the continuous development of bilateral or regional trade agreements and current fragmentation of the cross-border data rule systems will further aggravate multilateral trade system such as the WTO or may laying the foundation for a unified rule system in the future.

Connection with previous Messages:


9. Industry, Innovation and Infrastructure
10. Reduced Inequalities

Targets: The proposed workshop will help to address below SDG targets: 9.b discussion will help to support domestic technology development, research and innovation in developing countries, including by ensuring a conducive policy environment for, inter alia, industrial diversification and value addition to commodities 10.5 discussion will help to improve the regulation and monitoring of global financial markets and institutions and strengthen the implementation of such regulations 16.7 discussion will help to ensure responsive, inclusive, participatory and representative decision-making at all levels 17.16 discussion will help to enhance the global partnership for sustainable development, complemented by multi-stakeholder partnerships that mobilize and share knowledge, expertise, technology and financial resources, to support the achievement of the sustainable development goals in all countries, in particular developing countries 17.18 discussion will help to enhance capacity-building support to developing countries, including for least developed countries and small island developing States, to increase significantly the availability of high-quality, timely and reliable data disaggregated by income, gender, age, race, ethnicity, migratory status, disability, geographic location and other characteristics relevant in national contexts


Cross-border data flows is obviously one of the core issues of the international digital trade agreements in the context of digital economy. The workshop will explore the important issue of governing of cross-border data flows through trade agreements such as Regional Comprehensive Economic Partnership (RCEP), the United States-Mexico-Canada Agreement (USMCA) , the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and etc., and their limitations. First, it will explore the major characteristics of the data governance paradigms of major trading countries such as the United States, China, the European Union, ASEAN, and India; Secondly, given the multilateral WTO mechanism governing cross-border data flows cannot respond to the real needs of digital trade or the digital economy in a timely and effective manner, how have countries circumvented the delimmas through bilateral or regional trade agreements to promote the varied legal framework for cross-border data flows due to different considerations such as personal information protection, promotion of free trade, and maintenance of national security; Finally, it will discuss whether the continuous development of bilateral or regional trade agreements and current fragmentation of the cross-border data rule systems may further aggravate multilateral trade or may laying the foundation for a unified rule system in the future. Combing both local experts with a global perspective on digital trade and cross-border data flows regulations, this workshop aims to build an international platform for experts, scholars, and legal practitioners from relevant fields to jointly discuss the above important and timely issues, challenges and opportunities on an interdisciplinary and multi-dimensional approaches. Speakers and moderators from Europe, USA, China, Singapore, India and will discuss above questions from diverse geographic and stakeholder’s perspectives. Speakers: Dr. Yik Chan Chin, Associate Professor, Beijing Normal University, China Mr. Jet DENG Zhisong, Dentons China Professor Locknie HSU, Singapore Management University, Singapore Ms. Meri Baghdasaryan, LL.M, Legal Fellow at Internet Rights and Principles Dynamic Coalition; Prof. Rolf H. Weber, University of Zurich, Switzerland Courtney Radsch, UCLA Institute for Technology, Law and Policy Institute Fellow, Center for International Governance Innovation (CIGI)senior fellow, USA Dr. Mansi Kedia, Research Fellow at Indian Council For Research On International Economic Relation, India Online Moderator: Dr. Ioana Stupariu, Central European University Onsite Moderator: Mr. Michael Karanicolos, The UCLA Institute for Technology, Law and Policy, USA Intended Panel Agenda: 1) Setting the scene: online and onsite moderators, 3 minutes 2) Short introduction in regard to cross-border data governance mechanisms and digital trade agreements joined in each regions, each speaks for 4 minutes with 5 minute of immediate audience response in the end 3) Policy questions discussions amongst speakers 30 minutes moderated by Dr. Ioana Stupariu & Mr. Karanicolos 4) Interactive question and answer session, 30 minutes moderated by Dr. Ioana Stupariu and Mr. Karanicolos 5) Wrap-up of the moderators, 5 minutes.

Expected Outcomes

1) Develop a framework for collaborative response that includes multi-stakeholders (not only governments) such as academics, civil society and other specialists to provide a meaningful platform that tackles the structural issues and challenges of cross-border data flows governance. 2) Facilitate the debate, understanding as well as shaping the evolution of norms, principles of cross-border data flows governance in the future digital trade negotiations and enforcements. 3) Identify differing viewpoints regarding cross-border data flows governance approaches regarding help the creation of an environment in which all stakeholders are able to prosper and thrive 4) Policy recommendations and key messages report to the IGF community

Hybrid Format: 1) How will you facilitate interaction between onsite and online speakers and attendees? The workshop have an onsite moderator and online moderator, each is responsible for moderating the onsite and online speakers and attendees. And both moderators will ensure all speakers and attendees no matter online and onsite will have the equal opportunity to speak, raise questions and engage in each session of the workshop. 2) How will you design the session to ensure the best possible experience for online and onsite participants? The session will be opened by the online and onsite moderators to provide participants an overview of the policy questions discussed in the session, the professional background of the speakers, and the format of interaction. The moderator will ensure the audience from both offline and online being able to ask questions to the speakers immediately following their presentations to encourage active participation. In the part 3), the session will move to discussion. The moderators will invite each speaker to express their views on a set of questions generated from their presentations and guide the debate amongst speakers and the audience to foreground their common ground and differences. In the part 4), moderators will invite questions from the onsite audience and online participants, the question time will last about 30 minutes in order to provide sufficient interactions amongst speakers, audience and online participants. Online participants will be given priority to speak, and their participation will be encouraged by moderators. The onsite and online moderator will summarise the findings and recommendations and future actions of the panel. - Please note any complementary online tools/platforms you plan to use to increase participation and interaction during the session. Online Participation: The online moderator will participate in the online training course for the Official Online Participation Platform provided by the IGF Secretariat's technical team to ensure the online participation tool will be properly and smoothly used during the proposed session.

Online Participation


Usage of IGF Official Tool.


Key Takeaways (* deadline 2 hours after session)

The risks of not developing a minimal common international approach in governing cross-border data flows is high, the bilateral or regional trade agreements are not adequate to address the cross-border data flows.

The approaches adopted by China, the USA, India, ASEAN, and the EU towards cross-border data flow differ, both in their degree of stringency and in their priorities (e.g. national security, free trade, privacy, etc.), while this fragmentation increases barriers to trade, harmonising them would bring risks of not respecting national interests and the different degrees of development.

Call to Action (* deadline 2 hours after session)

The comparability mechanisms could be a possible solution , but different degrees of development and digital capacities need to be brought into the equation.

Bilateral and regional agreements are important but not adequate, minimal global rules are needed to minimise costs to businesses

Session Report (* deadline 26 October) - click on the ? symbol for instructions

The workshop had around 120 onsite and online audiences. Six experts from China, Europe, India, Singapore and Africa had shared their analysis.

Dr. Chin and Mr. Deng explained that China’s cross-border data governing approach is based on  values of  sovereignty, personal data protection  and national  security. Chinese authority is trying to strike a balance between safeguarding national security and promoting those international trade.The Data Security Law of China and Personal Information Protection Law govern China’s cross border data export. The vast majority of data can be legally exported after meeting the requirements of security  assessments, security certifications, standard contracts, etc. However, it is totally prohibited to provide any information any data in China for any foreign authority or any foreign judicial authority except obtaining approval from the Chinese Government. This is a challenge for the Chinese authority to solve. The new Data Export Security Assessment Measures  have provided some legal certainty by defining four categories of  personal and important data that are required for a prior security assessment  to assess the risk. This formulation  is moderately referenced to the practices of  general and national security exceptions provisions in many regional FTAs. On the other hand, China's regulation on the cross-border data transfer is still in the process of very fast and rapid progress; China focuses much more on the outbound data with few regulations in term of the inbound data transfer. China's cross-border data rules will inevitably affect the direction of international cross-border data rules, to engage with China to becoming part of a community crafting shared norm and rule creation for the future is inevitable.

Prof. Locknie Hsu explained ASEAN’s approach in governing cross-border data that involves a set of principles, a set of frameworks, and a set of very useful tools to enable data flows to be smoother and to be facilitated. They include ASEAN data management framework, ASEAN cross‑border flows mechanism consisting of ASEAN certificate for cross‑border flows and cross‑border contractual clauses, and ASEAN e‑commerce agreement. For ASEAN, there is another layer of data concerns, i.e. consumer protection, and also cybersecurity.

Prof Rolf H Weber pointed out  that within the 27 Member States of the European Union, cross‑border data flows is not really restricted or only restricted to a lot of minimal extent.  Since it is the practice of the European Union to have free and liberal and open space for businesses and for Civil Society. There is an important distinction between personal and nonpersonal data.  As far as nonpersonal data is concerned, there are not many impediments to cross‑border data flows.  As far as personal data is concerned, cross‑border data flows is subject to compliance with relatively strict rules. As far as cybersecurity is concerned, EU have a regulation on the security of important networking infrastructure and a cybersecurity strategy.  But to a very far extent, cybersecurity remains a national domain. Comparing the European approach with the Chinese approach, the rules in European Union are less strict and more open. Cross‑border data flows should be legal, free, and secure, there should have more rules on a global level.

Dr. Mansi Kedia pointed out that India’s model is going to be somewhere in the middle, using bilateral arrangements, informal arrangements or formal arrangements.  Or a model at the global level, which would address their concerns about national security and access to data in instances of cybercrime. India is much more conservative. India has seen a series of data localization norms that started very early on with  public sector, financial and banking services sectors. It was followed by consultations and deliberations on a privacy bill.  And the first and second versions which had hard localization policies and requirements. This strong need for sovereign control of data is also reflected in India's position in several multilateral and bilateral positions.  The recent softening of the stance is reflected in a recognition that cross‑border data flows have economic costs, cross‑border data flows will help trade and the digital businesses.  But the government has made in favor of data localization because of the dominance of big data and monopolization that might take center stage in the days to come. The other economic argument is that data localization will force companies to set up data centers in India which can lead to a domestically created digital economy and India won't be dependent so much on foreign companies for the digital services. India wanted a broader jurisdiction over citizen data, India should have extraterritorial jurisdiction over that data. 

For the roundtable question:

What are the possibility of cooperation and collaboration and where are the challenges? 

Dr Yik Chan Chin: First, There is a convergence in privacy protection as the foundation for data export despite how strong to protect privacy is varied between countries. Secondly, many countries  put national security as one of the preconditions and important exceptions in FTA as well. But there is important divergence amongst national governments in how to define the national security,

Prof. Locknie Hsu: National laws are fragmented in terms of how to deal with data localization, data transfer rules are also different. It is important to be mindful of businesses' needs in compliance and understanding what the boundaries are and understanding how to navigate the rules and understanding what they can and can't do, so on.  The comparability mechanism can help bridge some of the gaps between international, regional and global rules.

Prof Rolf H. Weber: We do have special instruments that can be applied if the equal level of protection should be achieved, 

Dr. Mansi Kedia:  We shouldn't worry about the fragmentation at this point.  Each country will work out a way to get to this when they're ready. 

Mr. Zhisong Deng: China is the second economy in the world and export a lot of goods and services out of the country, it needs more dialogues among those major jurisdictions to figure out how to promote free trade.

Ms. Linda: Africa has a general framework on trade which is the Africa free trade agreement that came into force in 2021.the power of big tech in Africa is concerned.

For the roundtable question:

What are the risks of not developing a nonnational approach? would it lead to divide or would the bilateral trade agreements be enough to continue to use in both trade and digital sovereignty? 

Dr. Yik Chan Chin: there is no global agreement, which is not ideal situation, but there is the co‑existence of different regional agreements and mechanisms.  Ideally, we want a digital agreement at the global level. At the moment, there is slow progress in the WTO in terms of e‑commerce negotiation. hoping a minimal framework developed out of these discussions. 

Dr. Mansi Kedia: Harmonization of cross‑border data flows is important, but  other policies will need to be addressed to address the problem of the digital divide before it reaches the point of harmonization. Otherwise, it will completely breakdown digital economic engagement across different countries.

Prof Rolf H Weber: minimum harmonization would certainly lower the administrative costs of internationally active entities.

 Prof Locknie Hsu: there is a question mark in terms of what these exceptions scope should be, how to clarify what businesses need to know, what they can and cannot do as mentioned before. 

Mr. Zhisong Deng: Without a common international approach, I am noticing three risks.  trade barriers; localization requirements will increase the burden on the global enterprises; losing the maturity of the digital economy. We can start with reaching more bilateral or regional agreements. The core issue is that all the countries should respect the national and security interest of other countries. 

Ms. Linda: Africa where most of the data protection laws now are enacted post GDPR mirrors the GDPR, sometimes it didn't work because of the different context, different budgets, and different political structures.  Different ways of looking at data governance and see where does the public interest lie, and where does also the national security lie.   How do we achieve data serenity without data localization.  And sort of balance tools and agree on that as we proceed to have the global conversations.  Because I think those differing points of view really have people in their own corners, deciding on their own data Government approaches.