By Andre Wirjo
“Data regulation can have a relatively minimal impact on the data use of firms while fulfilling legitimate policy objectives.”
Large-scale data analytics have great potential. But there are valid concerns that warrant regulation. How do you strike a balance?
Major and sweeping advancements in information and communication technologies—such as broadband, cloud computing and the internet of things—have lowered the cost of data analytics on a large scale. This has opened the benefits and possibilities of adopting data analytics to businesses of all sizes.
These benefits are trickling down to the customer. Data contribute greatly to economic growth, productivity and employment. In 2016, the McKinsey Global Institute found that data flows come in only second after goods as the biggest contributor to world gross domestic product (USD 2.3 trillion vs USD 2.7 trillion, respectively).
This does not even account for the indirect contribution of data to GDP. If you factor in that cross-border data flows enable other types of flows, including the flow of goods, then the combined indirect and direct contribution of data to world GDP exceeds that of goods.
Data now plays an important role in both traditional and new industries. Firms across different sectors collect and use significant volumes of data for a wide range of purposes. Nevertheless, what we are seeing now is nothing compared to how it will be in just a few years.
In 2018, the technology company Cisco estimated that the number of networked devices will balloon by about 10.5 billion between 2017 and 2022. As more people and devices connect to the internet, data will only get more important to businesses.
As more and more businesses collect and use data, concerns about the need for a regulatory environment come to mind, along with questions of what the nature of regulation will or should be.
[For more on this topic, download “Fostering an Enabling Policy and Regulatory Environment in APEC for Data-Utilizing Businesses,” a report by the APEC Policy Support Unit.]
These concerns, in a data age, are not unfounded. Headlines abound with hacking incidents and data leaks. For the most part, businesses have undertaken various steps to ensure the privacy and security of the data they collect and manage. Nevertheless, the practices of some well-known firms have left more to be desired.
Andre Wirjo presents this report at the Trade Policy Dialogue on Fostering an Enabling Policy and Regulatory Environment in APEC for Data-Utilizing Businesses, held in Puerto Varas, Chile, on 23 August 2019.
Governments across the world are stepping in. Many have put in place or are in the midst of enacting various regulations aimed at data. They are responding to public outcry for better data protection, as well as fulfilling other public policy objectives (e.g., providing rapid access to data; promoting competition; or reaping more benefits from the digital economy in the form of employment, investment and innovation/technology know-how).
Governments are starting to regulate data collection, storage, processing and transfers. They are requiring the disclosure of intellectual property, the building of back doors, and the use of mandatory encryption standards. These regulations are there for legitimate public policy objectives. Yet, for some of them at least, we wonder if they are the best way forward.
A study by the APEC Policy Support Unit (PSU) cites instances where alternative middle-ground approaches to data regulation can have a relatively minimal impact on the data use of firms while fulfilling legitimate policy objectives.
Governments could encourage and recognize the adoption of existing voluntary industrial standards. A review of potential and existing domestic regulations can be made against privacy guidelines and frameworks. More effort could be put into complementing regulations with effective enforcement.
Economies could work together to enhance cross-border data flows through various mechanisms, such as the mutual recognition of privacy certification systems (e.g., the APEC Cross-Border Privacy Rules), the incorporation of relevant provisions in free trade agreements, and the negotiation of relevant commitments at the multilateral level.
Economies could work together to enhance domestic security through alternative mechanisms, like reforming mutual legal assistance treaties, as well as bilateral and multilateral data sharing. There are also unilateral approaches that focus on mandating access to specific types of data.
Economies should exchange information and their experiences to help each other in operationalizing these approaches, in monitoring and evaluating their impacts, and in determining how they can be improved.
While some have already started exploring this middle ground, there is a fundamental need for dialogue to identify ideas and ways to overcome bottlenecks, standstills or sluggish progress.
Lastly, APEC member-economies must leverage the collaborative nature of the organization through capacity-building activities like workshops and technical training assistance. The hardware of laws and regulations should be complemented with the software of human capability and institutional cooperation.
This will improve existing complementary regulations related to data. It could lead to the establishment of more competent data protection authorities, and enhance cross-border enforcement among many other benefits.