Digital Trade and Global Data Governance

Powered by the global network of the Internet and its seamless interconnectivity, the modern-day digital economy is heavily driven by the flow of digital data across borders. Although no universal definition exists, digital trade can be broadly understood as “commerce enabled by electronic means—by telecommunications and/or ICT services—and covers trade in both goods and services.” Global digital trade flows are undergirded by a complex regulatory framework, consisting of both multilateral treaties of the World Trade Organization (WTO) and plurilateral trade agreements (PTAs), and growing number of transnational and regional frameworks on different aspects of digital economy regulation. As data flows lie at the heart of digital trade, domestic and global legal and regulatory frameworks on data governance are critical for the digital economy.

As Svantesson describes, we live in a hyper-connected world rife with hyper-regulation. Governments are struggling to strike a balance between participating in a thriving global digital economy and protecting vital public interests, including protecting data privacy, ensuring data security, and fostering competitive and fair digital markets. Developing countries face added challenges due to insufficient digital infrastructure, poor regulatory capacity, and a weak voice on data governance in most global and transnational forums. Consequently, governments are adopting measures restricting and regulating cross-border data flows to address legal and policy risks arising from a global data-driven economy. This creates a complex interface between the growing suite of data-restrictive measures and rules applicable to digital trade contained in various trade treaties and regional instruments.

In my monograph International Trade Law and Global Data Governance: Aligning Perspectives and Practices, I explore the interface of international trade law and global data governance by focusing on five areas of data regulation: privacy and data protection, cybersecurity regulation, governmental access to data, bridging the global data divide, and digital competition regulation. I explore the growing suite of data-restrictive measures across different policy areas and the role of international trade law in both disciplining unnecessary regulatory barriers in digital trade and fostering a meaningful and inclusive global framework for data governance.

The regulation of cross-border data flows is one of the most difficult policy challenges in the digital economy.

The regulation of cross-border data flows is one of the most difficult policy challenges in the digital economy. While the movement of data through the Internet entails numerous economic, social, and even political benefits for stakeholders in the digital economy, it also poses policy risks for global data governance, including fundamental aspects of privacy and cybersecurity. As long argued by scholars, the conflict between a globally interconnected Internet and the jurisdictional limitations created by territorial borders lies at the heart of global data governance. This conflict can lead to deep political divides and mistrust among stakeholders in the global digital economy. It has also resulted in a sharp rise in data-restrictive measures that can hamper digital trade. Such restrictions potentially involve international trade law in various ways, as discussed in detail below, raising complex questions regarding how to resolve the friction between trade and domestic data regulations and the best way to strike a balance between the two.

Four Lessons for Crafting Digital Trade Rules

Building on my monograph, I outline four key lessons for digital trade rule-making, focusing on (a) building a balanced narrative on data regulation, (b) understanding the prospects and limitations of trade law in dealing with data governance concerns, (c) integrating developing country perspectives in digital trade rule-making, and (d) developing a multi-layered framework to bridge the gaps between global data governance and international trade law.

In charting the future of digital trade rules, the first lesson is the urgent need to develop a balanced narrative on data flows. Data regulation is susceptible to extreme, conflicting narratives, such as the free flow of data vs. data sovereignty. This divided narrative is legally and politically counterproductive, leading to regulatory fragmentation and reduced digital trust. Data Free Flow with Trust (DFFT), initially proposed by Japan in 2019, is designed as a multi-track initiative to create different frameworks for enabling data flows. While frameworks such as DFFT are gaining traction, digital or data sovereignty remains a mainstream narrative in most countries to control and regulate digital flows. As Chander and Sun argue, digital sovereignty has become a double-edged sword: while it may foster respect for certain digital rights, it can also be fashioned as a tool for digital authoritarianism.

The DFFT framework has potential due to its inherent flexibility and modular architecture, but its implementation will necessitate stronger regulatory cooperation and inclusive dialogues on data governance. Governments often have sound and clear policy rationales for regulating and restricting cross-border data flows, including protecting personal data and people’s privacy, cybersecurity, enabling governmental access to data for regulatory supervision and law enforcement, bridging the data divide, and enabling fairer competition in digital markets. Therefore, to build a balanced narrative on data flows, digital trade rules must address policy objectives that relate to data governance, which in turn would require reframing existing rules on digital trade using a meaningful underlying narrative, as discussed below.

The second lesson is that while rules in international trade agreements can apply to domestic regulations on cross-border data flows, several legal questions may arise in the process that lie outside the strict disciplinary boundaries of trade law. Addressing such questions would require a deeper understanding of the interface between trade law and data governance.

Simply put, from a legal perspective, several data-restrictive measures implicate international trade law as they affect digital trade flows (directly or indirectly) and thus may breach obligations in international trade agreements. For example, data localization measures could violate obligations on non-discrimination if they impose additional costs or compliance requirements for foreign suppliers of digital services or provide a competitive advantage to domestic companies offering similar services. Similarly, banning a digital service on the grounds of cybersecurity could violate obligations on non-discrimination and market access. Certain conditional data transfer requirements, such as adequacy measures (common in data protection law), could violate domestic regulation provisions. In applying these tests, a careful assessment of different factors is necessary, such as the discriminatory or trade-restrictive effect of a particular measure, its impact on market competition, and the way the measure is implemented.

Trade treaties contain general and security exceptions, which governments use to defend data-restrictive measures that have a legitimate public interest rationale despite their trade-restrictive impact. Several complications may arise in applying these exceptions, however, including the complexity of “weighing and balancing” of various trade and non-trade considerations, as required under the general exception. Additionally, in the context of WTO treaties, the security exception only applies in exceptional circumstances, such as during a war or public order crisis, and is not a self-judging exception. Legal tests under the security exception necessitate examining whether governments have implemented certain data-restrictive measures in good faith and the causal link between the measure and the national security rationale. Although certain recent PTAs provide relatively lenient security exceptions, excessive reliance on security exceptions can lead to tit-for-tat protectionist measures, harming digital flows and reducing trust. Thus, applying international trade law does not always provide clear answers to address multifaceted and polycentric policy concerns in data governance.

Voice of Developing Countries Must Be Heard

The third lesson is the need to integrate developing country perspectives in framing the digital trade rules of the future. The absence of strong and representative participation from developing and least developed countries creates a major lacuna in the global digital trade framework. A sharp data divide exists between developed and developing countries. This divide is multidimensional and reflected in various dimensions of the digital economy, such as inadequate quality and access to data infrastructure, poor prospects for commercialization of data, and weak data regulatory frameworks. Data colonialism (exercised through the dominant position of a few Big Tech companies from digital powers, including the United States and China) is often offered as the reason for this divide, wherein developing countries are trapped in a vicious cycle of data manipulation, regulatory incapacity, and digital dependency. Further, many developing countries are forced to adopt regulatory models of digital powers without contextualizing them to domestic needs and preferences.

International trade law has largely been ineffective in bridging the global data divide and protecting developing countries’ economic and political interests. The rules in international trade agreements, including PTAs and digital economy agreements (DEAs), do not provide a robust foundation for addressing the global data divide. As often argued, the disciplines on special and differential treatment in WTO law are weak, unfocused, vague, and ineffective. Even recent DEAs such as the Digital Economic Partnership Agreement that contain soft provisions on digital inclusion (a welcome change, of course), do not otherwise provide any binding and robust mechanisms to offer regulatory assistance or technical support to developing country partners.

International trade law has largely been ineffective in bridging the global data divide and protecting developing countries’ economic and political interests.

Related to the global data divide is competition regulation in the digital sector. One of the biggest drivers of Big Tech companies (which are monopolies in some digital markets) is their disproportionate data advantage, which generates network economies of scale, tips markets in their favour, facilitates their easy entry into multiple new (adjacent) markets, and stifles new market entrants while reinforcing the economic and political power of Big Tech. As a result, these companies can conduct massive user surveillance and trap their users in their digital platforms/silos indefinitely. To respond to these concerns, governments have adopted measures to control data harms and foster data equity. The effectiveness of these emerging competition regulatory tools in enhancing competition in digital markets is debated.

Given the complex relationship between trade and competition at the multilateral level, especially disagreements among WTO members, the role of international trade law remains unclear in the context of regulating competition. Some aspects of competition were included under the WTO framework (for example, in relation to the telecommunications sector under the General Agreement on Trade in Services), but these disciplines have not been updated to the modern-day digital economy. Most PTAs with competition rules contain high-level disciplines such as adopting competition laws (sometimes with policy networks, including the International Competition Network) and cooperating on competition matters. However, none of these rules are specific to the digital sector, which increasingly faces unique competition problems.

International trade law must play a more proactive role on both these fronts. First, it is important to build a streamlined mechanism for special and differential treatment in the context of digital trade. The WTO’s Trade Facilitation Agreement is a helpful prototype. For instance, regulatory assistance and capacity-building programs for developing countries that prioritize their regulatory needs must complement obligations on enabling data flows. Similarly, trade agreements must incentivize meaningful models of technology transfer, particularly to help the customization of digital technologies for developing countries. Further, boosting developing country participation in data governance and standard-setting institutions can indirectly benefit the development of inclusive trade rules.

Second, while a multilateral agreement on digital competition (e.g., under the WTO) may be unlikely, there are other important forums—such as the Organisation for Economic Co-operation and Development and the International Competition Network—for developing soft law norms and best practices for competition in the digital sector. Certain regional bodies also show potential to develop more robust disciplines for competition. Digital competition principles are more likely to be included in PTAs and DEAs as they provide more flexibility to incorporate global best practices by reference, build regional practices, and even facilitate dialogues for cross-border competition enforcement in dedicated committees.

Finally, the fourth lesson is that a multilayered approach will be instrumental for international trade law to play a meaningful role in global data governance. This approach combines binding treaty provisions (e.g., in PTAs and DEAs) with other tools, including soft law frameworks, multistakeholder and transnational norms and standards, and informal and flexible mechanisms for regulatory cooperation and resolution of data-related trade disputes. Regional bodies and transnational policy networks also play a critical role in providing a foundation for the global framework for cross-border data flows, and thus trade bodies must be better aligned with them.

How to Achieve This Alignment in Practice?

A multi-layered approach is possible only if we can create new flexible instrumentalities in international trade law that consider the digital economy’s complexities. For instance, countries could develop and agree on a non-binding framework for cross-border data flows. Developing a standards framework for data-driven services, modelled on the TBT Code of Good Practice, could help address gaps in international trade law in accounting for prevalent private and multistakeholder technical standard-setting.

New multistakeholder mechanisms are needed to facilitate international regulatory cooperation. This path is pragmatic, as several divisions are already visible in the data regulatory preferences of WTO members. A binding multilateral agreement that provides comprehensive disciplines on cross-border data flows is less likely in the short term, though this is happening in some PTAs and DEAs. Trade policy-makers must also focus on incremental steps, such as systematic notification of data-restrictive measures, political resolution mechanisms for difficult data disputes—especially on national security—and robust enforcement of transparency obligations. In the long term, these mechanisms are likely to build trust.

Future policy agendas must operationalize trust-based frameworks that build on regulatory interoperability and digital inclusion.

Finally, future policy agendas must operationalize trust-based frameworks that build on regulatory interoperability and digital inclusion. For instance, interoperability and mutual recognition mechanisms can be linked to market access provisions and trustmarks/data certification mechanisms. In this way, international trade law can help provide the building blocks for the global framework for cross-border data flows while remaining politically sensitive about issues that are harder to reconcile due to political or ideological conflicts among countries.

Neha Mishra is an assistant professor of international law at the Geneva Graduate Institute.