Regulating Cross-Border Data Flows: Issues, Challenges and Impact
By Bryan Mercurio and Ronald Yu
()
About this ebook
Data is now one of the world’s most valuable resources. The adoption of data-driven applications across economic sectors has made data and the flow of data so pervasive that it has become integral to everything we as members of society do – from conducting our finances to operating businesses to powering the apps we use every day. For this reason, governing cross-border data flows is inherently difficult given the ubiquity and value of data, and the impact government policies can have on national competitiveness, business attractiveness and personal rights. The challenge for governments is to address in a coherent manner the broad range of data-related issues in the context of a global data-driven economy. This book engages with the unexplored topic of why and how governments should develop a coherent and consistent strategic framework regulating cross-border data flows. The objective is to fill a very significant gap in the legal and policy setting by considering multiple perspectives in order to assist in the development of a jurisdiction’s coherent and strategic policy framework.
Related to Regulating Cross-Border Data Flows
Related ebooks
Network neutrality: From policy to law to regulation Rating: 0 out of 5 stars0 ratingsThe California Privacy Rights Act (CPRA) – An implementation and compliance guide Rating: 0 out of 5 stars0 ratingsEU GDPR – An international guide to compliance Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe California Consumer Privacy Act (CCPA): An implementation guide Rating: 4 out of 5 stars4/5Data Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsUpcoming Updates In Data Protection: Whistleblowing Channels Rating: 0 out of 5 stars0 ratingsData Protection Compliance in the UK: A Pocket Guide Rating: 5 out of 5 stars5/5Data Protection and the Cloud: Are the risks too great? Rating: 4 out of 5 stars4/5Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsPrivacy’s Blueprint: The Battle to Control the Design of New Technologies Rating: 5 out of 5 stars5/5Digital Earth: Cyber threats, privacy and ethics in an age of paranoia Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsAn Executive Guide CCPA: The Why, When, Where, What , and Who Guide to the California Consumer Privacy Act -2018 Rating: 0 out of 5 stars0 ratingsPrivacy in Context: Technology, Policy, and the Integrity of Social Life Rating: 3 out of 5 stars3/5Cyber Security Awareness for Lawyers Rating: 0 out of 5 stars0 ratingsInternet Governance: The NETmundial Roadmap Rating: 0 out of 5 stars0 ratingsPrivacy in the Modern Age: The Search for Solutions Rating: 4 out of 5 stars4/5Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies Rating: 0 out of 5 stars0 ratingsCIPM A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsLegislating Privacy: Technology, Social Values, and Public Policy Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide Rating: 5 out of 5 stars5/5Big Data Privacy Second Edition Rating: 0 out of 5 stars0 ratingsData Protection Officer Rating: 3 out of 5 stars3/5Cybercrime Investigators Handbook Rating: 0 out of 5 stars0 ratingsLEGAL ASPECTS OF DATA PROTECTION Rating: 0 out of 5 stars0 ratingsCybersecurity Law, Standards and Regulations, 2nd Edition Rating: 0 out of 5 stars0 ratings
Computer & Internet Law For You
Website Law: The Legal Guide for Website Owners and Bloggers Rating: 5 out of 5 stars5/5The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks Rating: 0 out of 5 stars0 ratingsThe Snowden Reader Rating: 0 out of 5 stars0 ratingsCybersecurity Essentials: The Beginner's Guide Rating: 5 out of 5 stars5/5Legal Guide to Social Media, Second Edition: Rights and Risks for Businesses, Entrepreneurs, and Influencers Rating: 5 out of 5 stars5/5Mastering ChatGPT: Business Uses: Podcasts in Print Rating: 2 out of 5 stars2/5The Ultimate Legal Guide for Bloggers & Website Owners Rating: 0 out of 5 stars0 ratingsISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5Legal Guide to Social Media: Rights and Risks for Businesses and Entrepreneurs Rating: 0 out of 5 stars0 ratingsThe ChatGPT Millionaire Hack: Making Money Online has never been this EASY Rating: 0 out of 5 stars0 ratingsAugmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies Rating: 0 out of 5 stars0 ratingsToken Economy: How the Web3 reinvents the Internet Rating: 4 out of 5 stars4/5The Twenty-Six Words That Created the Internet Rating: 4 out of 5 stars4/5The IT / Digital Legal Companion: A Comprehensive Business Guide to Software, IT, Internet, Media and IP Law Rating: 5 out of 5 stars5/5Data Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsPrivacy’s Blueprint: The Battle to Control the Design of New Technologies Rating: 5 out of 5 stars5/5SEO for Beginners: For Beginners Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsThe United States of Anonymous: How the First Amendment Shaped Online Speech Rating: 4 out of 5 stars4/5A Practical Guide to IT Law Rating: 0 out of 5 stars0 ratingsThe Dark Web: The Unseen Side of the Internet Rating: 0 out of 5 stars0 ratingsDigital Earth: Cyber threats, privacy and ethics in an age of paranoia Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide Rating: 5 out of 5 stars5/5The Basics of Digital Privacy: Simple Tools to Protect Your Personal Information and Your Identity Online Rating: 0 out of 5 stars0 ratingsEU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsFreedom of expression and the internet: Updated and revised 2nd edition Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5E-discovery: Creating and Managing an Enterprisewide Program: A Technical Guide to Digital Investigation and Litigation Support Rating: 0 out of 5 stars0 ratingsInternet Governance: The NETmundial Roadmap Rating: 0 out of 5 stars0 ratings
Reviews for Regulating Cross-Border Data Flows
0 ratings0 reviews
Book preview
Regulating Cross-Border Data Flows - Bryan Mercurio
Regulating Cross-Border Data Flows
Regulating Cross-Border Data Flows: Issues, Challenges and Impact
Bryan Mercurio and Ronald Yu
Anthem Press
An imprint of Wimbledon Publishing Company
www.anthempress.com
This edition first published in UK and USA 2022
by ANTHEM PRESS
75–76 Blackfriars Road, London SE1 8HA, UK
or PO Box 9779, London SW19 7ZG, UK
and
244 Madison Ave #116, New York, NY 10016, USA
Copyright © Bryan Mercurio and Ronald Yu 2022
The author asserts the moral right to be identified as the author of this work.
All rights reserved. Without limiting the rights under copyright reserved above, no part of this publication may be reproduced, stored or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written permission of both the copyright owner and the above publisher of this book.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
Library of Congress Cataloging-in-Publication Data
A catalog record for this book has been requested.
ISBN-13: 978-1-83998-428-0 (Pbk)
ISBN-10: 1-83998-428-7 (Pbk)
This title is also available as an e-book.
CONTENTS
Acknowledgements
List of Abbreviations
Preface
1. Introduction
2. Key Considerations
3. Competing Models of Data Governance
4. A Case Study of Hong Kong
5. Considerations in Moving Forward
References
Index
ACKNOWLEDGEMENTS
This book would not have been possible without the support of the Hong Kong Policy Innovation and Co-ordination Office’s Public Policy Research Funding Scheme, which funded Professor Mercurio for a project entitled ‘Regulating Cross-Border Data: A Public Policy Framework for Hong Kong’ (Project No. 2019.A4.064.19D).
We are grateful to Erin Fu Jiangyuan for her assistance in the early stages of this project while serving as a postdoctoral fellow at the Chinese University of Hong Kong. Her research and insights into the project’s initial issues paper had a lasting effect on the shape and direction of this book. We would also like to acknowledge and express thanks to Antoine Martin for the invaluable role he played in conceptualizing the funding proposal and for contributing much of the early background research for the project.
We would also like to thank Andrew Mitchell and Ross Buckley for their support as co-investigators of the project, Douglas Arner and Simon Lacey for their support and assistance and all others who participated in project events or discussed the issues with us over the past two years.
LIST OF ABBREVIATIONS
PREFACE
Data is now one of, if not the world’s most valuable resource. The dramatic adoption of data-driven applications across economic sectors has made data and the flow of data so pervasive that it has become integral to everything we as members of society do – from conducting our finances to operating businesses to powering the apps we use every day.
Flows of knowledge and technology are at the centre of new networks driving production, innovation and opportunities. Data and its flow across borders are the lifeblood of the internet economy and significantly impacted various industrial sectors and the global economy. The growth of networks has allowed businesses to change how they structure and manage their design, production, marketing, customer support and other processes in order to optimize competitiveness and innovation.
Data is also fundamental to machine learning (ML)-based products and services. While developments such as the internet of things (IoT) and data-driven artificial intelligence (AI) systems will hasten the growing importance of the digital economy, these innovations are both strategic and sensitive due to potential externalities for businesses, governments, non-profits and more generally for society. These externalities generate new forces within industries that alter competitive dynamics, and consequently, result in new strategies and management practices. These strategic considerations have substantial implications for policymakers and regulators (Valavi et al., 2021).
Although data plays an outsized role in the evolution of a country’s business and living environment, the breadth and impact of data make it difficult for a nation to ‘regulate’ per se. This is the result of numerous factors, including the growing number of interconnected devices that individually can generate ever-larger amounts of data with each new product line. Generation and application of data are now occurring in ways that had been unimaginable and/or impractical just a few years earlier. Domestic legislatures are not only struggling to catch up with the complexities associated with the technology but also in formulating standards and rules which are effectively targeted and do not result in serious unforeseen consequences. This has proven to be challenging, and trade-offs between, say, privacy and industrial policy or intellectual property (IP) protection and the development of AI must be made.
The challenge becomes even more pronounced with each technology leap which invariably challenges the perimeters of many regulatory remits and the scope of existing laws and regulations. Stated differently, the emergence of a new technology may impact upon or be covered by multiple laws, regulations and regulators. Regulators are thus having to divert resources to understand every new technological innovation at the risk of inefficient outcomes for regulators and industry.
The lack of a globally accepted standard for cross-border data flows further complicates matters. While several international organizations have sought to develop principles and best practices, none are legally binding. Efforts by the World Trade Organization to negotiate a plurilateral agreement on e-commerce that would result in some levels of binding standards have stagnated. With no comprehensive binding multilateral rules regulating data flows, it is unsurprising that current approaches to managing cross-border data flows vary considerably among and between nations. As such, the policies and legal frameworks of large economies such as the United States (US) and European Union (EU) become internationalized in a de facto manner and affect firms seeking to do business in every region. Such internationalization is further strengthened when other nations seek to emulate the approaches to the regulation of cross-border data developed by the larger economics. This too can prove challenging as the frameworks developed by the US, EU and China are different in approach, design and objective. This makes it particularly important for economies to examine possible ways to take elements from each of the major jurisdictions in such a way as to ensure compatibility and efficient outcomes.
Coverage and Ambit
Despite the importance and pervasiveness of cross-border data flows in scientific research, technological innovation and on our daily lives, the literature remains nascent with a dearth of scholarship taking a holistic approach to the topic. For example, some commentators focus solely on the issue of data ownership and ignore components that are critical to the formulation of a comprehensive and coordinated framework on cross-border data flows. This book takes a wider view and engages with the yet unexplored topic of the necessity of developing data strategies and questions as to the possible formats of the related legal frameworks. Thus, instead of focusing on an individual’s relationship with data, this book takes a jurisdictional approach. Analysis of a jurisdiction’s approach is critical for the development of a framework for the promotion and regulation of trade in data. The objective of this book is thus to fill a very significant gap in the legal and policy setting by considering multiple perspectives to assist in the development of a jurisdiction’s coherent policy framework.
The challenge for governments is to coherently address the broad range of data-related issues in the context of a global data-driven economy. Such issues include national competitiveness, business attractiveness, personal rights and the broader regulatory framework. These issues directly impact several components of an economy including trade, finance, privacy, cybersecurity, consumer protection and innovation. Such components are in themselves comprised of other factors; for instance, innovation involves issues of IP and competition and increasingly trade issues involve a range of factors such as IP, consumer protection and privacy. The complexity of the interconnected issues, combined with the unpredictability brought about by the emergence of new technologies (especially AI), impact national and international settings and make the task of setting out and implementing a coherent policy more difficult.
It should be stated, however, that it is not possible to cover all related issues in this short and focused book. Instead, we address only the most important issues jurisdictions and regulators must be conscious of when formulating a policy on cross-border data. Thus, several issues are beyond the ambit of this book. These include such matters as general matters of corporate law and criminal law such as the confiscation of proceeds of crime, cybercrime, fraud detection, content regulation, money laundering, data compatibility and interoperability, banking secrecy, taxation, insurance and e-commerce regulations related to the sales of regulated goods. Likewise, we avoid detailed discussion and analyses on the technical aspects of data flows such as network operation, network performance, technical interoperability and relevant related international standards as well as general societal considerations such as education and access equity.
Likewise, the book is largely structured around broader concepts of economic policy. While ideology and social policy are certainly relevant to data governance and impact policy choices, they do not serve as the focal point of the book. The precise mix of factors that go into formulating a policy will be different for each jurisdiction. Hong Kong is and has always been more economic minded. All indications point not only to this continuing but, in fact, becoming even more so in the coming years. In order to maximalize usefulness and impact, this book focuses on factors most likely to resonate with Hong Kong policymakers. To be clear, the purpose of this book is not to develop a ‘Hong Kong model’ to be replicated by others. That being said, this book does set out considerations necessary for jurisdictions to establish a framework based on their own situation, needs and priorities. In this regard, Hong Kong presents an interesting case study of the various factors that need to be considered before formulating a coherent and consistent policy framework. While other jurisdictions will have different factors and circumstances that necessitate a different policy, the structure and analytical framework developed in this book will be equally applicable and helpful in allowing