ODI’s Senior Policy Advisor Lawrence Kay explains how international regulatory cooperation can strike the right balance between protecting sensitive data from misuse and sharing data in trade to boost innovation and economic growth
Author: Lawrence Kay
Cross-border data flows carry the information that underpins international trade in goods and services. The flows are an input to how companies analyse and design things that people will buy, making data like an intermediate product that is used or combined with other things to create a final product. The ease with which data can be re-used has made this process of creating new and improved products from information – combining new and old knowledge in fresh ways – arguably faster than it has ever been. But data also holds sensitive information on people, companies, and countries, meaning that policy-makers face a difficult balance between easing data sharing for the benefits it can bring, while restricting it when appropriate.
The ease with which data can be re-used has made this process of creating new and improved products from information
The use of large amounts of data in artificial intelligence and other emerging technologies is making the context in which data might be shared in the future uncertain. In 2019, America’s National Bureau of Economic Research published a range of academic papers on the potential social and economic effects of AI, with some discussing potentially considerable effects on employment; others that it will produce large innovation and productivity gains; several pointing out the risks of misused training data; and some discussing the fact that AI might be a rare ‘general purpose technology’ that changes many sectors at once. Such a range of potential effects from AI suggest that the policy-makers of today will find it hard to predict which regulations will be required tomorrow, and that they will need to be flexible about cross-border data flows in the development of new goods and services.
Different privacy norms and regulations in different countries around the use of personal data in emerging technologies makes international alignment over data flows in trade particularly hard
Different privacy norms and regulations in different countries around the use of personal data in emerging technologies makes international alignment over data flows in trade particularly hard. Leading research has shown that privacy preferences between individuals are idiosyncratic, while surveys of national attitudes to the sharing of personal information domestically and internationally can differ wildly. The European Centre for International Political Economy has shown that these differences can manifest in considerable barriers to data sharing between countries, with significant cost for trade in services.
Trade agreements take some of the lead in striking this data sharing balance because they affect the terms of exchange between countries – within the parameters of the World Trade agreements – and can be flexible towards changing domestic regulation. For example, the Digital Economy Partnership Agreement (DEPA) – a trade deal between Chile, New Zealand, and Singapore – states that ‘data sharing enable[s] data-driven innovation’ while recognising that ‘the digital economy is evolving.’ The agreement commits the countries involved to cooperating as the technology frontier changes, through schemes that involve information exchange, mutual recognition of standards, equivalence, harmonisation, and memoranda of understanding, while ‘…[recognising] the economic and social benefits of protecting the personal information of participants in the digital economy and the importance of such protection in enhancing confidence in the digital economy and development of trade.’
The ODI’s work on data sharing in the UK suggests why it might be tough to share data internationally in deep, trusted ways.
DEPA is the best international example of the tricky problem faced by policy-makers in the fields of data, emerging technologies, and trade: to set a privacy floor for the use of sensitive data at home while appreciating that valuable trade partners might take a different approach; all while knowing that it’s hard to predict how technology will use data in the future.
The ODI’s work on data sharing in the UK suggests why it might be tough to share data internationally in deep, trusted ways. Our Data Access Map is a fun way of showing the many mechanisms available for making data open, shared, or closed, according to the nature of the information it holds and the technology available. The prototypes of data trusts we have tested have shown the potential for parties to agree on the rules for sharing sensitive or valuable data, but also that defining rules and getting agreement takes time. Countries could create joint data trusts or other forms of data institutions for, say, health data; and these would need considerable involvement from regulators.
We have found a range of problems in data sharing between companies that inhibit investment and product development
There are also a number of classic economics problems that reduce data sharing. The ODI has been working with the Bennett Institute for Public Policy at the University of Cambridge on the value of data, and we have found a range of problems in data sharing between companies that inhibit investment and product development. These include problems of incomplete contracts, externalities, governing the commons, and others, and raise considerable issues over the proper valuation of data and the efficiency of its use in the modern economy. Solutions could involve new ‘options contracts’ for data, or an evolution in intellectual property frameworks – again, issues that would need considerable international collaboration, at both the multilateral and country-to-country levels.
There have been a range of approaches for data sharing between developed countries that are likely to need to address data sharing problems through new models of regulatory cooperation. The Centre for International Governance Innovation, for example, has proposed a ‘plurilateral single data area’ between the European Union, Japan, and North America; while the International Data Spaces Association was established with the aim of establishing global standards for reference data and its interfaces. These follow schemes like the EU-US Privacy Shield, and speak to the mix of the potential for data sharing and the necessity for coordinated frameworks. But there has, so far, been little work on how such initiatives would operate.
There are examples of long-standing and successful IRC for global coordination over new and changing technology.
International regulatory cooperation (IRC) gives a start on how these and other data sharing schemes might be developed. IRC is about fostering the understanding, and often the standards and rules, between countries that help them to set appropriate friction for companies that want to trade between the respective jurisdictions while keeping to accepted business practices. The OECD’s typology of the types of IRC lists the models that countries might pick and we discuss them in more depth in a further blog:
- Integration and harmonisation through supranational or joint institutions
- Negotiated agreements such as treaties and conventions
- Regulatory partnerships between countries
- Inter-governmental organisations
- Regional agreements with regulatory provisions
- Mutual recognition agreements
- Transgovernmental networks
- Formal requirements to consider international regulatory cooperation when developing regulations
- Recognition of international standards
- Soft law
- Dialogue and informal exchange of information
There are examples of long-standing and successful IRC for global coordination over new and changing technology. The International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use has coordinated standards for trialling new drugs, and set a process by which global issues in frontier pharmaceutical development are identified and discussed to create mutual understanding across countries with regard to future regulatory issues. There are also emerging examples of financial sector regulators mutually considering regulatory barriers to market entry by fintechs, such as the Global Financial Innovation Network.
In further blogs on international regulatory cooperation, we discuss how IRC might be used to raise trust in the data flows of global trade.