A recent NewtonX survey with senior government officials as well as executives at tech startups in the U.S. found that 91% report at least one type of cross-border data activity. International data flows have increased 45x between 2005 and 2014, and contribute to global economic acceleration and new market opportunities. Indeed, a McKinsey analysis found that global flows have raised world GDP by at least 10% over the past decade (trillions of dollars per year) and that data flows account for a larger share of this impact than trade in goods. Digital platforms lower the costs of international transactions, and give businesses new avenues through which to reach potential customers around the world.
Despite the benefits of data without borders, however, recently countries around the world have begun to deglobalize their data, mandating that data flows only occur between select countries/businesses, and that data be exclusively stored within the native country’s borders. While this enhances security and data privacy, which is hugely important, it also has the potential to stymie economic growth. To identify how different governments, and by extension, international and internationally-dependent companies can effectively use global data flows to raise productivity in a new epoch of regulated data flow, NewtonX interviewed three American cybersecurity policy workers, one of the top drafters of GDPR, and a cybersecurity journalist at one of the top International newspapers.
The insights from this article are sourced from NewtonX surveys, panels, and expert consultations. To gain access to these services visit newtonx.com.
A Door Half Open Policy: Protecting Data While Also Promoting Data Flow
Where GDPR outlined a generalist framework for protecting consumer data that all European countries must adhere to, the U.S. has historically taken a more piecemeal approach, with different laws for regulating privacy of healthcare records, financial documents, and federal communications. It’s highly unlikely that the U.S. would ever overhaul this approach in favor of a monolithic guideline such as GDPR.
And indeed, while GDPR is certainly a robust policy for giving customers control over their own data, it severely limits international data flow, as it permits data transfers only to countries that are deemed as having adequate protection. Personal data can flow between the 28 E.U. countries as well as between Norway, Liechtenstein and Iceland. Aside from these countries, data transfers can only be made between 11 countries that the European Commission (EC) determined have “adequate” levels of protection.
The problem with cutting out entire countries from data flows, is that it significantly reduces the potential for global economic growth as a result of efficient digital products. Currently, global flows are concentrated among leading countries (most of which were included in GDPR), but the gaps between the leaders and the rest of the world are closing. An analysis of the economic opportunities indicated that some third-world economies could grow by over 50% by accelerating participation in global data flows.
Countries don’t have to make a Sophie’s Choice between data privacy/protection and economic growth, however. For instance, India ruled that digital payment enablers (digital payments in the country have been growing 30% annually) must keep all payments data on servers within India. However, India’s finance ministry has proposed that financial data in the country be “mirrored,” meaning that a company could participate in multi-national data flow in a secure manner so long as a mirror image of the data pertaining to the country’s residents be stored within the country.
For most personal data, the risks of information that could be used maliciously in a foreign powers’ hands (such as the Russia Twitter/Facebook scandals) far exceed any benefits to be gained from international sharing. This data includes health records, political orientation, and any personally identifying data. But other types of data such as, for instance, anonymously collected statistics or well production for a global oil producer could be shared to great benefit with very little potential risk.
Breaking Barriers with Some Data, Not All Data
The flow of ideas, information, talent, and material is what spurs the innovation and efficiency that we’ve seen come about as a result of globalization. While fears over data protection are highly warranted, it’s important for these fears not to impede economic growth when unnecessary. As cybersecurity becomes more robust and data analysis becomes faster and more efficient, it’s likely that countries will once again ease up on international data sharing in order to spur economic growth.