Regulating Cross-Border Data Flows: Issues, Challenges and Impact

By Bryan Mercurio and Ronald Yu

Data is now one of the world’s most valuable resources. The adoption of data-driven applications across economic sectors has made data and the flow of data so pervasive that it has become integral to everything we as members of society do – from conducting our finances to operating businesses to powering the apps we use every day. For this reason, governing cross-border data flows is inherently difficult given the ubiquity and value of data, and the impact government policies can have on national competitiveness, business attractiveness and personal rights. The challenge for governments is to address in a coherent manner the broad range of data-related issues in the context of a global data-driven economy. This book engages with the unexplored topic of why and how governments should develop a coherent and consistent strategic framework regulating cross-border data flows. The objective is to fill a very significant gap in the legal and policy setting by considering multiple perspectives in order to assist in the development of a jurisdiction’s coherent and strategic policy framework.

• Language: English
• Publisher: Anthem Press
• Release date: Aug 16, 2022
• ISBN: 9781839984303

Book preview

Regulating Cross-Border Data Flows

Regulating Cross-Border Data Flows: Issues, Challenges and Impact

Bryan Mercurio and Ronald Yu

Anthem Press

An imprint of Wimbledon Publishing Company

www.anthempress.com

This edition first published in UK and USA 2022

by ANTHEM PRESS

75–76 Blackfriars Road, London SE1 8HA, UK

or PO Box 9779, London SW19 7ZG, UK

and

244 Madison Ave #116, New York, NY 10016, USA

Copyright © Bryan Mercurio and Ronald Yu 2022

The author asserts the moral right to be identified as the author of this work.

All rights reserved. Without limiting the rights under copyright reserved above, no part of this publication may be reproduced, stored or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written permission of both the copyright owner and the above publisher of this book.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library.

Library of Congress Cataloging-in-Publication Data

A catalog record for this book has been requested.

ISBN-13: 978-1-83998-428-0 (Pbk)

ISBN-10: 1-83998-428-7 (Pbk)

This title is also available as an e-book.

CONTENTS

Acknowledgements

List of Abbreviations

Preface

1. Introduction

2. Key Considerations

3. Competing Models of Data Governance

4. A Case Study of Hong Kong

5. Considerations in Moving Forward

References

Index

ACKNOWLEDGEMENTS

This book would not have been possible without the support of the Hong Kong Policy Innovation and Co-ordination Office’s Public Policy Research Funding Scheme, which funded Professor Mercurio for a project entitled ‘Regulating Cross-Border Data: A Public Policy Framework for Hong Kong’ (Project No. 2019.A4.064.19D).

We are grateful to Erin Fu Jiangyuan for her assistance in the early stages of this project while serving as a postdoctoral fellow at the Chinese University of Hong Kong. Her research and insights into the project’s initial issues paper had a lasting effect on the shape and direction of this book. We would also like to acknowledge and express thanks to Antoine Martin for the invaluable role he played in conceptualizing the funding proposal and for contributing much of the early background research for the project.

We would also like to thank Andrew Mitchell and Ross Buckley for their support as co-investigators of the project, Douglas Arner and Simon Lacey for their support and assistance and all others who participated in project events or discussed the issues with us over the past two years.

LIST OF ABBREVIATIONS

PREFACE

Data is now one of, if not the world’s most valuable resource. The dramatic adoption of data-driven applications across economic sectors has made data and the flow of data so pervasive that it has become integral to everything we as members of society do – from conducting our finances to operating businesses to powering the apps we use every day.

Flows of knowledge and technology are at the centre of new networks driving production, innovation and opportunities. Data and its flow across borders are the lifeblood of the internet economy and significantly impacted various industrial sectors and the global economy. The growth of networks has allowed businesses to change how they structure and manage their design, production, marketing, customer support and other processes in order to optimize competitiveness and innovation.

Data is also fundamental to machine learning (ML)-based products and services. While developments such as the internet of things (IoT) and data-driven artificial intelligence (AI) systems will hasten the growing importance of the digital economy, these innovations are both strategic and sensitive due to potential externalities for businesses, governments, non-profits and more generally for society. These externalities generate new forces within industries that alter competitive dynamics, and consequently, result in new strategies and management practices. These strategic considerations have substantial implications for policymakers and regulators (Valavi et al., 2021).

Although data plays an outsized role in the evolution of a country’s business and living environment, the breadth and impact of data make it difficult for a nation to ‘regulate’ per se. This is the result of numerous factors, including the growing number of interconnected devices that individually can generate ever-larger amounts of data with each new product line. Generation and application of data are now occurring in ways that had been unimaginable and/or impractical just a few years earlier. Domestic legislatures are not only struggling to catch up with the complexities associated with the technology but also in formulating standards and rules which are effectively targeted and do not result in serious unforeseen consequences. This has proven to be challenging, and trade-offs between, say, privacy and industrial policy or intellectual property (IP) protection and the development of AI must be made.

The challenge becomes even more pronounced with each technology leap which invariably challenges the perimeters of many regulatory remits and the scope of existing laws and regulations. Stated differently, the emergence of a new technology may impact upon or be covered by multiple laws, regulations and regulators. Regulators are thus having to divert resources to understand every new technological innovation at the risk of inefficient outcomes for regulators and industry.

The lack of a globally accepted standard for cross-border data flows further complicates matters. While several international organizations have sought to develop principles and best practices, none are legally binding. Efforts by the World Trade Organization to negotiate a plurilateral agreement on e-commerce that would result in some levels of binding standards have stagnated. With no comprehensive binding multilateral rules regulating data flows, it is unsurprising that current approaches to managing cross-border data flows vary considerably among and between nations. As such, the policies and legal frameworks of large economies such as the United States (US) and European Union (EU) become internationalized in a de facto manner and affect firms seeking to do business in every region. Such internationalization is further strengthened when other nations seek to emulate the approaches to the regulation of cross-border data developed by the larger economics. This too can prove challenging as the frameworks developed by the US, EU and China are different in approach, design and objective. This makes it particularly important for economies to examine possible ways to take elements from each of the major jurisdictions in such a way as to ensure compatibility and efficient outcomes.

Coverage and Ambit

Despite the importance and pervasiveness of cross-border data flows in scientific research, technological innovation and on our daily lives, the literature remains nascent with a dearth of scholarship taking a holistic approach to the topic. For example, some commentators focus solely on the issue of data ownership and ignore components that are critical to the formulation of a comprehensive and coordinated framework on cross-border data flows. This book takes a wider view and engages with the yet unexplored topic of the necessity of developing data strategies and questions as to the possible formats of the related legal frameworks. Thus, instead of focusing on an individual’s relationship with data, this book takes a jurisdictional approach. Analysis of a jurisdiction’s approach is critical for the development of a framework for the promotion and regulation of trade in data. The objective of this book is thus to fill a very significant gap in the legal and policy setting by considering multiple perspectives to assist in the development of a jurisdiction’s coherent policy framework.

The challenge for governments is to coherently address the broad range of data-related issues in the context of a global data-driven economy. Such issues include national competitiveness, business attractiveness, personal rights and the broader regulatory framework. These issues directly impact several components of an economy including trade, finance, privacy, cybersecurity, consumer protection and innovation. Such components are in themselves comprised of other factors; for instance, innovation involves issues of IP and competition and increasingly trade issues involve a range of factors such as IP, consumer protection and privacy. The complexity of the interconnected issues, combined with the unpredictability brought about by the emergence of new technologies (especially AI), impact national and international settings and make the task of setting out and implementing a coherent policy more difficult.

It should be stated, however, that it is not possible to cover all related issues in this short and focused book. Instead, we address only the most important issues jurisdictions and regulators must be conscious of when formulating a policy on cross-border data. Thus, several issues are beyond the ambit of this book. These include such matters as general matters of corporate law and criminal law such as the confiscation of proceeds of crime, cybercrime, fraud detection, content regulation, money laundering, data compatibility and interoperability, banking secrecy, taxation, insurance and e-commerce regulations related to the sales of regulated goods. Likewise, we avoid detailed discussion and analyses on the technical aspects of data flows such as network operation, network performance, technical interoperability and relevant related international standards as well as general societal considerations such as education and access equity.

Likewise, the book is largely structured around broader concepts of economic policy. While ideology and social policy are certainly relevant to data governance and impact policy choices, they do not serve as the focal point of the book. The precise mix of factors that go into formulating a policy will be different for each jurisdiction. Hong Kong is and has always been more economic minded. All indications point not only to this continuing but, in fact, becoming even more so in the coming years. In order to maximalize usefulness and impact, this book focuses on factors most likely to resonate with Hong Kong policymakers. To be clear, the purpose of this book is not to develop a ‘Hong Kong model’ to be replicated by others. That being said, this book does set out considerations necessary for jurisdictions to establish a framework based on their own situation, needs and priorities. In this regard, Hong Kong presents an interesting case study of the various factors that need to be considered before formulating a coherent and consistent policy framework. While other jurisdictions will have different factors and circumstances that necessitate a different policy, the structure and analytical framework developed in this book will be equally applicable and helpful in allowing