Governance of cross-border data is a major challenge for countries as their businesses and innovators seek to combine complements in capacities to innovate for producing global products. The importance of creating appropriate regulatory frameworks in this regard is important as governments and businesses realise the importance of maintaining data security without hindering flow of information and its commercial use. The realisation is increasingly dawning upon India as it struggles to discover regulations that would facilitate its economic growth through innovation while ensuring data flow and digital trade doesn’t affect citizen privacy. Apart from creating effective domestic regulations, this would become a challenge for India in negotiating future trade agreements as well.
Trade agreements are being widely considered frameworks that should put in place regulations relating to governance of cross-border data and e-commerce. But fixing such regulations are exceedingly difficult given the differences among countries in outlooks and approaches to data security and its commercial use. Even the EU and the US have major differences in outlook on data protection with the former considering fundamental rights of citizens, including the right to privacy of data, superior to trade rights. While sovereign outlooks determine these perceptions, it is difficult to determine the ‘optimal’ level of data protection content in trade agreements that would simultaneously satisfy both protection and innovation. Many trade agreements across the world are trying to build in enabling data regulations, particularly through e-commerce rules that would facilitate cross-border innovation by bringing together multiple country enterprises. The approaches in this respect have varied from relatively more market-centric focus in the Trans-Pacific Partnership (TPP) to a far more cautious and rudimentary approach in the Regional Comprehensive Economic Partnership (RCEP). The US has traditionally emphasised in its FTAs digital governance rules that should not clamp innovative impulses. This is evident from the Chapter 14 of the Trans-Pacific Partnership (TPP). The TPP rules have been liberal to the extent of allowing cross-border exchange of personal information for business purposes, preventing data localisation that urges businesses to retain data onshore, and not insisting on divulgence of proprietary information by foreign businesses for getting market access. But this won’t certainly be the norm for most other trade agreements, including the Trans-Atlantic Trade and Investment Partnership involving the US and EU, where the EU might insist on higher standards of data protection and privacy than in the TPP.
The challenge for a country like India with distinct capacities to innovate is to move towards domestic regulations on digital trade that wouldn’t hamper innovation while ensuring sufficient security of private data. The choice of the right policy mix is difficult. But the eventual decision has important bearing for the prospects of a signature initiative like Make-in-India. Foreign investments in Make-in-India industries would be influenced by data regulations for the latter. Data localisation requirements would be distinct disincentives, as would insistence on proprietary content. Indeed, other restrictions on digital items, such as high import duties on electronic parts and components for electric vehicles, would also be considered detrimental for investor interests.
Governing digital trade and data flow through trade agreements faces the challenge of moving into areas that are difficult to regulate given their overlap with other complex trade issues such as intellectual property. Data regulations are also critical in terms of the security risks they entail, particularly financial risks, arising from lapses in cyber security and data theft. The International Telecom Union’s Global Cyber Security Index for 2017 ranks India at 23 and among countries that are maturing in strengthening efforts to combat cyber attacks. Nonetheless, India is yet to be in a position where it can convincingly claim to have reached a stage of data protection that would allow its businesses to engage in cross-border partnerships through digital trade without risks. This would, undoubtedly, also influence its attitude to trade negotiations.
As the world moves to embrace cutting-edge digital innovations like Bitcoins, trade agreements would have to increasingly align to the new innovations. The TPP has reflected some of the new content that future trade agreements are likely to consider with respect to cross-border data rules. Due to the lack of an overarching multilateral template on data rules, regional and bilateral agreements would pick up their own templates. Whether they follow the TPP or not, is a different issue. But India must be prepared to accept that data regulations and digital trade rules would be key aspects of all trade agreements that it would negotiate in future with OECD countries as well as several major emerging markets. At the same time, its domestic regulations on cross-border flow of data must also reflect contemporaneity so that foreign investors in innovative industries are not discouraged. Data rules and digital trade governance deserve much greater attention from India than it has got till now. Thwarting efforts to adopt global e-commerce rules at the WTO, or avoiding discussion on e-commerce in regional and bilateral trade agreements, would provide only temporary relief, not a permanent cure.
Senior research fellow and lead (trade and economic policy), Institute of South Asian Studies, NUS
Views are personal