Abstract
The free flow of data across borders underpins today's globalized economy. But the flow of personal data outside the jurisdiction of national regulators also raises concerns about the protection of privacy. Addressing these legitimate concerns without undermining international integration is a challenge. This paper describes and assesses three types of responses to this challenge: unilateral development of national or regional regulation, such as the European Union's Data Protection Directive and forthcoming General Data Protection Regulation; international negotiation of trade disciplines, most recently in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP); and international cooperation involving regulators, most significantly in the EU-U.S. Privacy Shield Agreement. The paper argues that unilateral restrictions on data flows are costly and can hurt exports, especially of data-processing and other data-based services; international trade rules that limit only the importers' freedom to regulate cannot address the challenge posed by privacy; and regulatory cooperation that aims at harmonization and mutual recognition is not likely to succeed, given the desirable divergence in national privacy regulation. The way forward is to design trade rules (as the CPTPP seeks to do) that reflect the bargain central to successful international cooperation (as in the EU-US Privacy Shield): regulators in data destination countries would assume legal obligations to protect the privacy of foreign citizens in return for obligations on data source countries not to restrict the flow of data. Existing multilateral rules can help ensure that any such arrangements do not discriminate against and are open to participation by other countries.
Highlights
The ability to move data freely across borders underpins a growing range of economic activity and international trade
McKinsey estimated that cross border data flows were 45 times larger in 2014 than in 2015, and around 12 percent of international trade in goods is over global e‐commerce platforms such as Alibaba and Amazon (Manyika et al, 2016)
Regulatory convergence is unlikely because national privacy protection can have economic costs – quite apart from those arising from restrictions on international data flows – and the relative importance of these costs can differ across countries
Summary
The ability to move data freely across borders underpins a growing range of economic activity and international trade. Since EU efforts to achieve its privacy goals can be circumvented when data are sent to other jurisdictions with lower levels of privacy protection, the EU Directive and Regulation make it illegal to transfer personal data outside the EU unless privacy is adequately protected in the data destination country, including with respect to the rights of the data subject This has meant a privacy regime equivalent to the EU, as has been confirmed by the Court of Justice of the European Union Regulatory convergence is unlikely because national privacy protection can have economic costs – quite apart from those arising from restrictions on international data flows – and the relative importance of these costs can differ across countries..
Sign-in/Register to view highlights & summary 
Submitted Version (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call