The Transnational Data Governance Problem

Data permeates all aspects of modern societies. As a result of decades of digital transformation, inputs in digital form are created, gathered, and shared across the globe to support core societal functions, including healthcare systems, transportation, international commerce, finance, and national security. The ‘digitization of everything’—that is the transformation of virtually any analog information into digital form—and the unprecedented expansion of datafication—consisting in the quantification of various aspects of human life into digital information—have led to the production and use of an ever expanding amount of data, laying the ground for the Fourth Industrial Revolution. As a new paradigm has emerged, data has become a strategic asset and data flows interlock individuals, private actors, and public entities in global networks. While increasingly integrated into traditional societal and economic activities, these networks gave rise to a new economic ecosystem (the ‘data economy’), where digital information is sourced, analyzed, aggregated, and exchanged for a value.

Key to this process that has put data at the heart of a variety of societal systems is the existence of a global, decentralized data infrastructure, the Internet, that allowed for a largely unrestrained free movement of data across jurisdictions and economies. Crucially, over the past three decades, the governance of data (and data flows) has been primarily consisting of rules of conduct established by large technology intensive firms (BigTech); whereas public interventions have been aimed at establishing privacy rules, protecting vulnerable individuals, and safeguarding the neutrality of the Internet. With a techno-libertarian ethos and the Silicon Valley as its center of gravity, the regulatory governance of data was residual—limited to the initiatives of single jurisdictions.

In our new paper, forthcoming in the Berkeley Technology Law Journal in Spring 2022, we posit that this paradigm has shifted. We argue that with the emergence of a transnational framework for data governance that is deeply fragmented, global data flows and the Internet are poised to change profoundly. Due to the strategic role of data and absent an international legal framework governing data, policymakers have been developing different systems of rules and processes to extend their jurisdictional control over the digital world, domestically and transnationally. Legal and regulatory frameworks are being developed to define rights and obligations for data holders and consumers; competition policies have been triggered to curb the abuse of dominant positions of incumbent, data-intensive firms; new rules to assert control over internal and external data flows and related infrastructure are being enacted. Crucially, as the rules governing data grow in complexity and expand their reach across policy domains, new fault lines emerge along geopolitical tensions and conflicting domestic interests. Digital innovation, competitiveness, and cybersecurity are leading priorities for domestic policymakers aiming at asserting sovereignty over data and the digital world, more generally. The result is the emergence of a global data governance framework that is transnational in nature and increasingly fragmented by the designs of the major competing economies.

In our paper we frame these dynamics advancing a twofold argument. First, we show that fragmentation is stemming from the emergence of distinct data governance styles in the United States, the European Union, and the People’s Republic of China, the world’s three largest economies. Governance styles emerge as the product of the following variables:

• The general attitude towards markets, as evidenced by the general variety of capitalism, the policy priorities in the context of the data economy, as well as domestic antitrust and competitiveness policy.
• The principles guiding public intervention in the data economy, as observed in both the normative orientation to protect data flows and the level of control attributed to private actors over data.
• The regulatory approaches deployed by state actors to exercise control through a combination of rule design and private-public enforcement strategies.   

Second, we argue that emerging data governance regimes are on a collision course that is already altering the international digital landscape and is poised to compromise globalization and the global data economy. Efforts to assert sovereignty over global data and networks result in expansionary influences that are well depicted by the Brussels and Beijing effects, whereby governance styles and regimes of EU and China are taken as new alternatives to the Silicon Valley model. The result, however, is not balanced competition between alterative mode of regulation; it is a rather conflictual dynamic that is tugging at the pillars of the shared decentralized, interconnected, and permission-less Internet, with the potential to splinter the very foundation of the data-enabled global economy. This dynamic emerges distinctively from the Schrems cases—where the European Court of Justice invalidated the mechanisms of American companies deployed to ensure compliance with EU law—or from the Chinese 2021 Data Security Law and 2021 Personal Information Protection Law, requiring that any personal information generated within China be stored within its territory and any authorization to export data outside domestic borders must be authorized by the Cyberspace Administration of China, a central authority with overseeing data-flows in the country.  

The emergence of governance styles and the efforts to extend sovereignty into the digital domain are causing the previously permissionless international data flows to become fractured. However, as data governance styles harden into conflicting, competing, non-interoperable transnational data governance regimes and national interests clash, any effort to promote international coordination (necessary to address this issue) becomes even more difficult. For this reason we characterize transnational data governance as a ‘wicked problem’.

While there is no single solution to the wicked problem of transnational data governance, we identify three possible approaches that could be implemented discretely or combined. The first approach moves from the understanding that data is a strategic resource that, from a governance standpoint, presents issues similar to those posed by water (rather than oil, as common discussions often imply). The lack of an international framework for the management of water rights, in fact, has led to the proliferation of bilateral arrangements (on a case-by-case basis) to resolve jurisdictional conflicts. Similarly, the management of jurisdictional conflicts over cross-border data flows can be addressed through bilateral arrangements. However, as it is the case for water, we argue that a consensus is required to acknowledge the special legal status of data in international law.

Our second approach to address the transnational data governance problem is based on a regulatory coalition model built on regional or sectoral governance regimes. This is a plurilateral approach that builds on a shared technological infrastructure, managed by an independent entity, where each jurisdiction decides which channels for data flows are opened and for which purpose. For instance, jurisdictions could maintain existing restrictions on the circulation of personal data, while allowing a free transnational flow of data for trade and financial purposes.

The third approach that we propose is multilateral. A multilateral framework for transnational data governance may entail the establishment of a new Digital Bretton Woods to perform coordination, oversee data-related negotiations, and drive legal and regulatory harmonization of data governance. A entrusted with the power of setting legal and regulatory standards, and coordinating the development of policies, principles, and standards related to data governance may be established.

Looking forward, we envisage that the most effective solution requires a combination of different approaches. For instance, a bilateral approach can be maintained, while regulatory coalitions develop. In any respect, the establishment of a Digital Stability Board, intended as a soft-law organization similar to the Financial Stability Board, would be a cornerstone to address the transnational data governance problem.

Douglas W. Arner is Kerry Holdings Professor in Law at the University of Hong Kong, Faculty of Law.

Giuliano G. Castellano is Associate Professor in Law at the University of Hong Kong, Faculty of Law.

Eriks K. Selga is a Ph.D. student at the University of Hong Kong, Faculty of Law.