Current Situation and Prospects of International Regulations on the Cross-border Flow of Personal Data

The cross-border flow and commercial utilization of personal data are central to the globalization of the digital economy. The concept of "cross-border data flow" first appeared in the Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980, which initially applied solely to personal data. Since the 21st century, the cross-border flow of data has facilitated global economic integration and innovation, strengthening international collaboration and information sharing. While generating numerous positive effects, cross-border data flow has increasingly complex implications for national security and individual privacy. The need to safeguard national data sovereignty and protect the personal privacy of citizens is paramount, as individuals face heightened risks of personal information leakage and misuse. Furthermore, differing legal and regulatory frameworks concerning personal data across various countries and regions pose legal risks and compliance challenges for cross-border data flows, thereby impacting the protection and security of personal information. In addition, cross-border data flows have given rise to global data security issues that necessitate international cooperation and coordination to address.

Cross-border data flows are a major aspect of today’s global economy. Moreover, the volume of cross-border data flows is growing at a rapid rate, with data flowing through terrestrial and submarine cables, and to a much lesser extent via satellites. According to TeleGeography, a consulting firm that keeps track of international data flows, demand for international bandwidth increased at a compound annual rate of 49 percent between 2008 and 2012. Cross-border data flows are also increasingly critical in trade negotiations. Cross-border data flows are one of the main subjects of the new round of trade negotiations announced by the United States Trade Representative, Ambassador Ron Kirk in January 2013. Similarly, the European Union is considering new data privacy regulations that would impact flows of data in and out of the EU. Ironically, statistics about the magnitude of cross-border data flows are scarce, despite their growing economic and political importance. The trade report from the Census Bureau and the Bureau of Economic Analysis contains some information about imports and exports of telecommunications services, but we show that these figures likely miss much of the increase in cross-border data traffic because of fundamental changes in the structure of global networks. Similarly, international agencies such as the ITU only collect fragmentary statistics on cross-border data flows, though they are putting more effort into estimating such figures. Moreover, we may not have the right conceptual framework for thinking about the economic impact of cross-border data flows. The usual categories of exports and imports don’t apply very well to cross-border data flows, since it’s not clear that an outflow of data from a country should count as an export. Indeed, long-established conventions treat outgoing international phone calls as imports, even though both the originating network and the receiving network play an equal role in the call. We will see below the assignment of outgoing international phone calls to the import category is essentially an artifact of regulation. This paper is intended as a preliminary exploration of the empirical, conceptual, and policy aspects of cross-border data flows. There are six sections. • An examination of how cross-border data flows are being reported — and not being reported — in the current trade statistics. • A typology of cross-border data flows. • An analysis of the magnitude of cross-border data flows, based on a comparison all internet/IP traffic. We find that for the United States, cross-border flows are roughly 16-25% of all U.S. data traffic, which is very significant. Cross-border data flows between Europe and the rest of the world equal roughly 13-16% of all European data traffic. These estimates, which should be treated as highly imprecise and tentative, suggest that the United States is more interconnected with the rest of the world than Europe. • An initial analysis of the economic benefits of cross-border data flows. In particular, we develop a framework for measuring the impact of data flows that cross borders without leaving a monetary footprint. • We explore the implications of latency as the equivalent of the “cost of shipping” for data. • Finally, we briefly examine the effects of policy on data, trade, and growth. An early draft of this paper was presented at a non-reviewed conference on “Measuring the Effects of Globalization” (Washington DC, February 28-March 1, 2013).

With the development of cross-border e-commerce's integration with the global economy, the cross-border data flow is playing an increasing important role in international economy and trade, and the smoothness of it directly or indirectly affects the improvement of the digital economy. Many countries or regions have established their own legal regulation systems for outbound data. Now China is the largest retail export economy in cross-border electronic commerce in the world, it application to join the Comprehensive and Progressive Trans-Pacific Partnership Agreement (CPTPP) is not smooth, and its data cross-border rules are quite different from CPTPP clauses, so it is difficult to align with them. Among them, the security assessment of outbound personal data flow system currently implemented in China is a major factor that makes connecting the cross-border personal data flow rules of China with CPTPP cross-border personal data flow clauses more difficult. By comparing this system in China with the cross-border personal data flow regulation system in the United States and the European Union, as well as the relevant provisions of CPTPP, this paper points out that there are some problems in this system in China, such as vague definition of the basic concept "important data" and excessive burden on data processors, and puts forward some legislative improvement measures to solve these existing problems, such as clarifying "important data", constructing a classification and grading system for cross-border data flow, and reshaping the distribution system of compliance responsibility for safety assessment.

Cross-border data flows are a major aspect of today’s global economy. Moreover, the volume of cross-border data flows is growing at a rapid rate, with data flowing through terrestrial and submarine cables, and to a much lesser extent via satellites. According to TeleGeography, a consulting firm that keeps track of international data flows, demand for international bandwidth increased at a compound annual rate of 49 percent between 2008 and 2012. Cross-border data flows are also increasingly critical in trade negotiations. Cross-border data flows are one of the main subjects of the new round of trade negotiations announced by the United States Trade Representative, Ambassador Ron Kirk in January 2013. Similarly, the European Union is considering new data privacy regulations that would impact flows of data in and out of the EU. Ironically, statistics about the magnitude of cross-border data flows are scarce, despite their growing economic and political importance. The trade report from the Census Bureau and the Bureau of Economic Analysis contains some information about imports and exports of telecommunications services, but we show that these figures likely miss much of the increase in cross-border data traffic because of fundamental changes in the structure of global networks. Similarly, international agencies such as the ITU only collect fragmentary statistics on cross-border data flows, though they are putting more effort into estimating such figures. Moreover, we may not have the right conceptual framework for thinking about the economic impact of cross-border data flows. The usual categories of exports and imports don’t apply very well to cross-border data flows, since it’s not clear that an outflow of data from a country should count as an export. Indeed, long-established conventions treat outgoing international phone calls as imports, even though both the originating network and the receiving network play an equal role in the call. We will see below the assignment of outgoing international phone calls to the import category is essentially an artifact of regulation. This paper is intended as a preliminary exploration of the empirical, conceptual, and policy aspects of cross-border data flows. There are six sections. • An examination of how cross-border data flows are being reported — and not being reported — in the current trade statistics. • A typology of cross-border data flows. • An analysis of the magnitude of cross-border data flows, based on a comparison all internet/IP traffic. We find that for the United States, cross-border flows are roughly 16-25% of all U.S. data traffic, which is very significant. Cross-border data flows between Europe and the rest of the world equal roughly 13-16% of all European data traffic. These estimates, which should be treated as highly imprecise and tentative, suggest that the United States is more interconnected with the rest of the world than Europe. • An initial analysis of the economic benefits of cross-border data flows. In particular, we develop a framework for measuring the impact of data flows that cross borders without leaving a monetary footprint. • We explore the implications of latency as the equivalent of the “cost of shipping” for data. • Finally, we briefly examine the effects of policy on data, trade, and growth. An early draft of this paper was presented at a non-reviewed conference on “Measuring the Effects of Globalization” (Washington DC, February 28-March 1, 2013).

This article will discuss the increasing importance of the multi-layered approach that personal data is taking in transnational cross-border data flows. It examines the role personal data plays in the evolving digital economy. The article will address a further accentuating question as to how far, if at all, the cross-border data flows are being considered in the area of national security. Throughout the outbreak of coronavirus, technology has been used by nation states to trace and collect health data of its citizens, in the interest of the broader national interest/security of individual states. Some states in developing the technology to track and trace their citizens went one step further and established bilateral agreements to share some of the data, such as Australia and Singapore. What emerged, was the evolving complex layers regulating while enabling data flows. The dichotomy facing governments and regulators is to allow for the free flow of personal data, while ensuring data subjects do not relinquish their privacy. To achieve this, I propose a Theory Of Action (TOA). Such an approach is widely accepted in other industry sectors where governments regulated a minimum standard, such as primary, human health and food production. Cross-Border Data Flows, Data Transfers, Digital Economy, National Security, Trade in Data

With the booming development of digital economy, the cross-border activities of data are becoming more and more frequent. At present, data has become an important national strategic resource in the information age. Rational data flow plays an important role in promoting economic growth, accelerating innovation and facilitating globalization. The current global cross-border data flow regulatory system is in a critical period of formation. In the context of the continuous improvement of the current rules system at the regional level, the Regional Comprehensive Economic Partnership Agreement (RCEP), as an important regional free trade area agreement (FTA), has made new provisions on the cross-border flow of data, and the regional data flow rules represented by RCEP profoundly reflect that the rules of global cross-border data flow should not be completely dominated and formulated by developed economies, and all kinds of sovereign countries All kinds of sovereign countries should have the right to participate and the right to speak in the system. The regulation of global data cross-border flows in the digital economy is not only motivated by economic interests, but more importantly, by the protection of national interests. Therefore, under the current data governance system, China should use RCEP as an external driving force to revise and improve the relevant domestic rules on cross-border data flows, so as to promote the benign development of the data governance system, accelerate the promotion of the free flow of data across borders, strengthen cooperation with the international community, continuously expand the intersection of rules on cross-border data flows, achieve convergence of rules, and promote the Chinese solution for the governance of cross-border data flows.

The paper provides three specific arguments in support of the two key claims to promote an interface between data protection and digital trade law. It engages in the current academic debate among scholars to understand the role of digital trade law in coordinating the regulatory thicket of national data protection regulations (NDPRs) among states. In pursuance, it proposes a rebuttal to the critique that digital trade law is fundamentally ill-suited to engage in data protection policy debates. The paper argues that data protection and digital trade law cannot remain in separate silos as they both are fundamentally intertwined with the governance of cross-border flow of personal data. Data protection issues should form an indispensable consideration in the context of digital trade liberalisation and vice versa. The paper concludes that the standards regime in international trade law can be considered as a blueprint for the necessary regulatory interface between data protection and digital trade. The paper consists of five main sections. This introduction is the first section. The second section titled ‘Interconnected structural blocks of a data protection regulation in general’ provides the general structural elements of a data protection regulation and how the data protection principles and practices combine to actualise the mechanisms which govern the cross-border flow of personal data in a jurisdiction. It highlights that the structural elements of a data protection regulation are interconnected, which necessitates policy coherence between data protection and digital trade law. The third section titled ‘Three arguments against and in favour of an interface between data protection and digital trade law’ provides an outline of the critiques by Irion, Kaminski and Yakovleva to the proposals by Chander and Schwartz to promote a legal interface between data protection and digital trade law. Notably, it provides a rebuttal to the critiques by supporting the proposals by Chander and Schwartz. It supports the proposal for an international agreement on data privacy among states in the future which can bring coherence in the governance of cross-border flow of personal data. The fourth section titled ‘Future interface between data protection and digital trade law’ underscores the need for a self-standing agreement on data privacy in the context of international trade law. This is due to the fact that traditional trade law approaches need readjustment to cohesively tackle the realities of digital economy, especially data protection issues. In pursuance, it proposes that the trade standards regime, ie the Technical Barriers to Trade (TBT) and Sanitary and Phytosanitary (SPS) Agreement in the World Trade Organization’s (WTO) provide a unique blueprint to envision a self-standing legal agreement and forum on data protection concerns as it relates to cross-border flow of personal data in international trade law. The section briefly highlights the relevance of the WTO trade standards regime as a blueprint for the future international data privacy agreement in international trade law. The fifth section concludes the paper by raising two key challenges for a policy coherence between data protection and digital trade law — (a) progressive coordination and (b) a reasonable legal interface between the two regimes in both theory and practice.

The digitalization of international trade has transformed the global economic landscape by reshaping how goods and services are exchanged across borders. This study examined the economic impacts of cross-border e-commerce, cross-border data flows, and platform economies on trade performance, market accessibility, and firm-level competitiveness. Drawing on a systematic review of recent empirical and theoretical studies, the analysis revealed that cross border e-commerce significantly reduced transaction costs, enhanced export diversification, and facilitated the participation of small and medium-sized enterprises (SMEs) in international markets. Cross-border data flows were found to improve trade efficiency by enabling real-time information exchange, enhancing supply chain coordination, and supporting the expansion of digital service exports. Platform economies further transformed trade structures by aggregating global demand, integrating logistics and payment systems, and creating network effects that increased market reach, although they also introduced challenges related to market concentration and unequal firm visibility. The study highlighted that while digitalization generated substantial economic benefits, these benefits were unevenly distributed due to differences in digital infrastructure, regulatory frameworks, and firm capabilities. Policy interventions aimed at harmonizing digital trade regulations, investing in digital infrastructure, and supporting SMEs’ digital adoption were identified as critical for maximizing inclusive growth. The findings underscore the importance of coordinated international policies to balance innovation, competition, and equitable access in the evolving digital trade ecosystem.

Key Points: * Global data flows underpinning cross-border digital trade have moved centre stage in international trade negotiations. New trade law disciplines on the free flow of data are included in a number of international trade deals. * The European Union (EU) has a key role to play in the global governance of the protection of personal data. The EU’s strict data protection regime has sometimes been framed as a digital trade barrier. * This article juxtaposes the EU’s governance of fundamental rights to privacy and data protection with external trade policy on cross-border data flows. * The process of aligning EU’s normative approach to personal data protection with its external trade policy has been, until very recently, riddled with contradictions. * The article concludes with an assessment of the EU’s recent horizontal strategy on cross-border data flows and personal data protection in trade and investment agreements, which aims to align EU external policy.

The first decades of the 21st century have been characterized by the growth of digital trade fueled by new business models based on cross-border data flows. With data taking a central role in the digital economy, governments and their constituents have become increasingly concerned about the commercial handling and commoditization of personal data. Consequently, governments have entered the business of regulating cross-border data flows, especially with the aim of protecting the privacy of their citizens. This regulatory trend does not occur in a vacuum: the World Trade Organization (WTO) through the General Agreement on Trade in Services (GATS) regulates the types of measures and treatment that governments may adopt regarding foreign providers of digital services. Further, several Free Trade Agreements (FTAs) include electronic commerce or digital trade chapters establishing obligations regarding cross-border data flows. This paper focuses on cross-border data flows restrictions aimed at protecting privacy and the assessment of their WTO-consistency. This perspective covers a broader range of measures and offers a more comprehensive understanding of privacy regulations before trade fora than the existing literature does. In particular, this paper draws attention to the assessment of privacy-based restrictions under the GATS exceptions and argues that the necessity test and chapeau requirements will prove critical in any future adjudication over complaints against a country’s policies restricting crossborder data transfers. This analysis highlights that the linkage between trade and privacy will continue to intensify and that this linkage will be further shaped by countries being taken to court.

Today, cross-border data flows are an important component ofinternational trade and an element of digital service models. However, they are impededby restrictions on cross-border personal data transfers and data localization legislation. ThisArticle focuses primarily on these complexities and on the impact of the new EuropeanUnion (“EU”) legislation on personal data protection—the GDPR. First, this Articleintroduces its discussion of these flows by placing them in their economic and geopoliticalsetting, including a discussion of the results of a lack of international harmonization of lawin the area. In this framework, rule overlap and rival standards are relevant. Once thissituation is established, this Article turns to an analysis of the legal measures that havefilled the gap left by the lack of international regulation and the failure to harmonize law:extraterritorial laws in the European Union (regional legislation) and the United States(state legislation); and data localization laws in China and Russia. Specific provisionsrestricting cross-border personal data transfers are detailed under EU legislation, as are theinternational agreements that have been invaluable in allowing flows between the UnitedStates and the European Union to continue—first the Safe Harbor, and now the Privacy Shield. Finally, in this context, the role of data governance is investigated, both in thecontext of data controllers’ accountability for the actions of other actors in global supplychains under EU law and under the Privacy Shield. Thus, this Article goes beyond the lawitself, to place requirements in the context of the globalized business world of data flows,and to suggest ways that companies may improve their compliance position worldwide.

Public policy interests implicated by international data governance and data flows, indispensable for the global governance of AI, stretch far beyond issues of economic growth and development. They also involve a broader set of national and regional priorities, such as national security, fundamental rights protection (such as the rights to privacy and to protection of personal data) and cultural values, to name just a few. Differences in the relative weight accorded each such priority when contrasted with the economic and political gains from cross-border data flows, have resulted in a diversity of domestic rules governing cross-border flows of information, especially when it relates to personal data, and a diversity of approaches to govern the use of AI in both private and public law contexts. Against this backdrop, this chapter’s aim is two-fold. First, it provides an overview of the state of the art in international trade agreements and negotiations on issues related AI, in particular, the governance of cross-border data flows. In doing so it juxtaposes the European Union’s (EU) and the United States approaches and demonstrates that the key public policy interests behind the dynamics of digital trade negotiations on the EU’s side are privacy and data protection. Second, building on the divergent EU and US approaches to governing cross-border data flows, and the EU policy priorities in this respect in international trade negotiations, this chapter argues that the set of EU public policy objectives weighted against the benefits of digital trade in international trade negotiations, especially with a view to AI, should be broader than just privacy and data protection. It also argues that an individual rights approach has limitations in governing data flows in the context of AI and should be expanded to factor in a clearer understanding of who wins and who loses from unrestricted cross border data flows in an age of data-driven services and service production.

Public policy interests implicated by international data governance and data flows, indispensable for the global governance of AI, stretch far beyond issues of economic growth and development. They also involve a broader set of national and regional priorities, such as national security, fundamental rights protection (such as the rights to privacy and to protection of personal data) and cultural values, to name just a few. Differences in the relative weight accorded each such priority when contrasted with the economic and political gains from cross-border data flows, have resulted in a diversity of domestic rules governing cross-border flows of information, especially when it relates to personal data, and a diversity of approaches to govern the use of AI in both private and public law contexts. Against this backdrop, this chapter’s aim is two-fold. First, it provides an overview of the state of the art in international trade agreements and negotiations on issues related AI, in particular, the governance of cross-border data flows. In doing so it juxtaposes the European Union’s (EU) and the United States approaches and demonstrates that the key public policy interests behind the dynamics of digital trade negotiations on the EU’s side are privacy and data protection. Second, building on the divergent EU and US approaches to governing cross-border data flows, and the EU policy priorities in this respect in international trade negotiations, this chapter argues that the set of EU public policy objectives weighted against the benefits of digital trade in international trade negotiations, especially with a view to AI, should be broader than just privacy and data protection. It also argues that an individual rights approach has limitations in governing data flows in the context of AI and should be expanded to factor in a clearer understanding of who wins and who loses from unrestricted cross border data flows in an age of data-driven services and service production.

The problem of using cross-border data flows, which are becoming an important factor of production for the sustainable development of modern international trade in goods and services has been analysed. In international exchange, the importance of digital services continues to grow steadily, and as this rises, global data flows are increasing too. The latter, while serving the interests of global digital platforms, can nevertheless contribute to the diversification of developing countries’ exports and increase their participation in global value chains. The increase in digitalization of companies due to the rapid introduction of new technologies (data analysis, cloud computing) has raised their importance as a factor in commercial transactions, affecting both new and traditional industries. Despite the advantages for companies, consumers and national economies arising from the ability of organizations to easily exchange data across borders, many countries at all stages of development have established barriers to cross-border data transfer. The most common concept of such restrictions has become data localization, the implementation of which is a significant burden on the growth of the Gross National Product. The digital mercantilism of countries considered in this article is a response to the challenge of increasing the country’s participation in the international division of labour in the digital economy. However, barriers for cross-border data transfer also delay and increase the cost of developing new and innovative products, undermine the ability of local multinational companies to use global platforms to facilitate collaboration between firms, universities and other research organizations and promote their own innovations. International practice has not yet developed a single, dominant approach in the context of regulating cross-border data flows, but addressing this issue requires a new format of multilateral regulation that has not been used for international trade in traditional goods and services.

The Internet is becoming a key platform for commerce that is increasingly happening between buyers and sellers located in different countries, thereby driving international trade. Additionally, as the Internet enables cross-border data flows this is also underpinning global economic integration and international trade. For instance, cross-border data flows are now intrinsic to commerce, from Internet-based communications like email and platforms such as eBay and Facebook that bring buyers and sellers together, from the financial transaction to purchase the product in other countries to the downloading of the goods and services. Despite the growing significance of the Internet for international trade, governments are restricting the Internet in ways that reduce the ability of businesses and entrepreneurs to use the Internet as a place for international commerce and limits the access of consumers to goods and services. Some of these restrictions are being used to achieve legitimate goals such as preventing cybercrime or restricting access to morally offensive content, but may be applied more broadly than necessary to achieve those objectives. In other cases, Internet restrictions are targeting foreign businesses and the sale of goods and services online in order to benefit local ones. Such Internet restrictions are discriminatory and harm international trade. This paper discusses the importance of the Internet and cross-border data flows for international trade. It proposes steps that governments should take to apply existing international trade rules and norms and identifies where new trade rules are requires to further support the Internet and cross-border data flows as drivers of international commerce and trade.