Cross-border Data Flows Research Articles

Minimising unnecessary restrictions on cross-border data flows? Indonesia’s position and challenges post personal data protection act enactment

ABSTRACT In the era of massive digital development, data plays an essential role as a ‘fuel’ in reshaping and creating new opportunities in the digital landscape, especially in the digital economy. The significance of data for Indonesia can be seen from the amount of data created, collected, and analysed in various sectors. However, Indonesia also faces problems of data breaches that happened in recent years, which harm society and need immediate attention. This article examined Indonesia’s data and cross-border data flow regulatory and institutional frameworks and its implementation challenges, especially with the recent enactment of a comprehensive Personal Data Protection Act (PDP Act), mainly inspired by the EU GDPR. This article shows that Indonesia is moving to less restrictive data-flow regulations than the previous regulatory regime but is still between the prescriptive and restrictive spectrum of data-flow regulation. This article argues that the enactment of the PDP Act can be momentum for Indonesia to evaluate the current regulatory framework to ensure that Indonesia’s regulation is not providing unnecessary restrictions that lead to complexity of implementation and will hinder from benefiting the utilisation of data.

REGULATION OF CROSS-BORDER DATA FLOW AND ITS PRIVACY IN THE DIGITAL ERA

We are living in a world where information systems are becoming a new weapon to control the future. When the data flows across national borders, it becomes an invaluable resource for economic and informational development in any nation. Today, cross-border data flows are an important component of international trade because companies are frequently transfer customer’s and employee’s data across different countries. This paper will examine the importance of the free flow of cross-border data and its privacy concerns. It also examines the failure of the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, to provide protection from cross-border data transfer; specifically, the Digital Personal Data Protection Act, 2023, is silent on the criteria of listing countries for data transfer and the processing of personal data of those data principals who are living outside India. Some countries have implemented laws pertaining to “data localization” as a means to restrict the movement of data outside their respective borders, but it affects international trade and development. So, it raises a question: What kind of and how much data do nations have to restrict for cross-border data transfer internationally? This paper analyse the General Data Protection Regulation of the European Union, the Cross-Border Privacy Rules of the Asia-Pacific Economic Cooperation of the United States, and the Privacy Shield Framework between the EU and the US. In the end this paper concludes with suggestions for the privacy of cross-border data and the need of uniform law for its worldwide applicability.

China’s privacy protection strategy and its geopolitical implications

How has China’s privacy protection strategy been developed, with its broad scope and stringent requirements for data localization and cross-border data flows? What are the broader geopolitical implications of its divergence from Western models of data privacy? This paper argues that China's privacy protection strategy, characterized by its comprehensive regulatory framework and government access to data, is redefining the contours of global data governance and creating new geopolitical fault lines. Drawing on official documents, laws, regulations, and a case study, this paper highlights the evolution of the regulatory framework in response to emerging challenges posed by technological innovations and the wider geopolitical environment. This paper contributes to the broader discussion regarding the implications of China's privacy protection approach, highlighting potential normative clashes with countries that favor a more open digital economy. China's efforts in developing its own privacy protection strategy have also resulted in the formulation of global standards for data privacy.

Washington’s hesitancy on digital-trade diplomacy

A group of 81 countries reached a negotiating milestone in July 2024 on measures they might take to reduce barriers to trading digital goods and on cross-border data flows. The United States did not join them, however, due to concerns over security and maintaining regulatory autonomy. It will take further negotiations for the parties to reach a comprehensive agreement that can be implemented, a process that will likely take years, but US resistance casts some doubt on whether a broad global push to reform long-outdated digital-trade rules can succeed.

Anti-dumping Duties & Countervailing Provision in Digital Trade

With the technological advancement in the world, in recent years, the rapid growth of digital trade has presented new challenges for anti-dumping duties and countervailing provisions in India. Digital technologies have reshaped the global commerce which includes cross-border data flows and Intellectual Property Rights (IPR) considerations and this has posed various complexities as traditional trade regulations struggle to adequately address these complexities of digital trade. The objective of this paper is to investigate the implications of anti-dumping duties and countervailing provisions in digital trade as well as identify the if there is any need for updating the regulatory frameworks in Indian trade laws. The problem arises from the intersection of digital trade and anti-dumping measures, where the digital economy presents essential constraints to traditional methods for evaluating market inefficiencies and establishment of fair market value. Similarly, particular issues of data flow and IPR are associated with digital product and services which introduce unique challenges, such as difficulty and quantifying intangible assets and addressing virtual market manipulations. This paper will deal with such types of specific challenges posed by the digital economy in India, including identification of digital trade-related market inefficiencies and shortcoming of existing anti-dumping provisions. Through an examination of recent cases and industry examples this study will provide practical suggestions which aims to bridge the gap of regulatory framework and foster a fair and competitive digital trade environment. In summary, this research paper examines the implication of digital trade such as data flows & IPR on the anti-dumping duties and countervailing measures and whether there is a need for any update in the regulatory framework in Indian trade regulations

Ethical and Legal Implications of Data Sharing in SaaS Laboratory Management Systems

Over the years, the use of Software as a Service (SaaS) in a laboratory information management system has transformed sharing and management in the latter system. Such a transformation, however, brings along complex ethical and legal challenges for which scrutiny is supposed to be considered. Implication for adopting SaaS platforms includes fundamental concern about data privacy, security, and the overall integrity of scientific research. The paper systematically analyses ethical and legal implications associated with data sharing through SaaS platforms in the management of laboratories. This thus revolves around the understanding of how these systems can handle key aspects such as data ownership, respect for privacy, and compliance with international laws, and the resultant effects these would have on respective stakeholders across the scientific community. We, in this approach, have reviewed a wide range of literature, including fine details of case studies and views by experts, in light of current practices and challenges within SaaS-based laboratory management. We incorporate all these methods within the research to provide an integral view of the multidimensional ethical and legal landscaping, therefore delivering an approach with both depth and context to the analysis. It was mainly, regarding informed consent, and a very complex legal challenge emphasized in this study for compliance with GDPR, along with data confidentiality, respectively, for compliance with HIPAA. The study focused on the non-existence or lack of uniformity of regulatory frameworks that can provide for the special characteristics of SaaS data management and cross-border data flows.

Policy recommendations for integrating artificial intelligence into global trade agreements

The integration of artificial intelligence (AI) into global trade agreements presents a transformative opportunity to enhance efficiency, competitiveness, and innovation in international commerce. This review outlines policy recommendations aimed at facilitating the seamless incorporation of AI technologies into the framework of global trade agreements. As AI technologies continue to proliferate across various sectors, including manufacturing, logistics, and services, understanding the implications and challenges of their integration into trade agreements becomes paramount. This review provides insights into the current landscape of AI in global trade, highlighting both the existing challenges and opportunities for leveraging AI to drive economic growth and sustainable development. Key policy considerations include the harmonization of AI standards, addressing intellectual property rights and data ownership, facilitating cross-border data flows, ensuring transparency and accountability in AI decision-making, mitigating potential job displacement and inequality, and promoting ethical AI practices. Drawing on case studies and best practices from regional trade agreements and industry-specific implementations, this review offers actionable recommendations for policymakers, businesses, and international organizations. These recommendations emphasize the importance of collaborative efforts, capacity building, and monitoring mechanisms to effectively harness the benefits of AI while mitigating potential risks. By embracing AI as a driver of innovation and efficiency in global trade, stakeholders can foster a more inclusive and resilient trading environment that maximizes the benefits of technological advancements for all participants.

Legal Regulation Risks and Insights Related to Cross-Border Flow of Data

The primary objective of this research is to ensure the secure and compliant transmission of personal information from China. To this end, the Chinese government has implemented the "Standard Contract Measures for the Export of Personal Information." This study employs both literature review and factor analysis methods to meticulously examine the potential risks in the practical implementation of these measures, and further suggests strategies to address the current challenges. Additionally, the study introduces foreign systems for reference, aiming to guide Chinese enterprises in circumventing legal risks associated with cross-border data flows and ensuring the security and compliance of personal information departing from the country. The findings of this research reveal that the existing legal framework for cross-border data flows in China has certain shortcomings, providing valuable insights for the improvement of China's legal framework and related regulatory systems. Furthermore, it offers practical cautionary value for Chinese enterprises in their operations.

Cross-Border Data Forensics: Challenges and Strategies in the Belt and Road Initiative Digital Era

Cross-border data forensics in the era of the Belt and Road Initiative (BRI) are facing increased complexity. Multinational enterprises are encountering legal and technical challenges due to the fragmentation of global data regulations. The different data protection standards in major jurisdictions such as the European Union, China and the United States have created varying approaches to data privacy, national security, and cross-border data flow management. A study was conducted to explore the intricate framework of traditional Mutual Legal Assistance (MLA) in criminal cases. It highlights the inefficiency of cross-border data forensics and proposes reform proposals to strengthen international data-sharing cooperation. The study suggests that data localization is an effective alternative, but developing digital forensics standards in line with the goals of the Belt and Road Initiative would be a better option. To achieve this, a comprehensive regulatory framework needs to be established that balances national security, personal privacy and international cooperation in data exchange. The framework should emphasize that cross-border data management needs to coordinate and integrate technical, legal and business considerations.

Analysis on the legal problems of data exit

Faced with the exponential growth of cross-border data flow, it is too weak to supervise through existing laws, regulations and rules, and the regulatory rules for cross-border data flow should be further refined and improved. This paper summarizes the existing legal problems by analyzing the current status of data exit legal supervision in our country. Based on China's national conditions and respecting the objective laws of the development of the digital economy, targeted countermeasures and suggestions are proposed from many aspects, a scientific and coordinated regulatory system for cross-border data flow is built, a dynamic balance between development and security is sought, and cross-border data governance is adapted to the growth needs of the digital economy, so as to ultimately achieve a good law and good governance for cross-border data supervision.

Leveraging the Legal Entity Identifier to mitigate the risk of financial crime and enhance fraud prevention in cross-border payments

While today’s global digital economy promises a new era of commerce, its sheer complexity also presents opportunities for malicious actors to perpetrate money laundering, terrorism financing, and other forms of financial crime. Despite the escalating compliance costs faced by financial institutions needing to meet increasingly rigorous anti-money laundering (AML), counter-terrorist financing (CTF) and sanction screening obligations, the lack of harmonisation within cross-border data flows inhibits the identification of suspicious actors and exposure of criminal networks. This contributes to a cross-border payments ecosystem that can be broadly characterised by limited trust, high costs, low speed and insufficient transparency. This is leading to increasing industry recognition of the need to promote unified, data-driven approaches to combating financial crime globally. In view of this growing consensus, the Legal Entity Identifier (LEI) is emerging as a key enabler. This paper examines the drivers of this consensus by: (1) detailing findings from key industry organisations, such as the Bank for International Settlements (BIS) and Financial Action Task Force (FATF), outlining the need to increase data quality and standardisation of the data identifiers used within cross-border payment messages to counter complex global criminal enterprises; (2) outlining regulatory and industry momentum to leverage the unique benefits of the LEI within cross-border payment messages, to include an analysis of the implications and opportunities of ongoing initiatives to enhance payment market infrastructures; and (3) demonstrating how, by addressing inconsistencies in how legal entities are identified, connecting a greater range of datasets, and capturing entity relationships and ownership structures, the LEI mitigates AML–CFT risks, enhances fraud prevention, and supports more efficient sanction screening in cross-border payments. This is supported by examples of real-world industry initiatives.

Article: The Data Is In The Details: Friendshoring, Data Flows and the Role of Digital Trade Rules

The label ‘friendshoring’ has recently emerged to describe an approach to supply chains that focuses on ensuring they can be relied upon, trusted and secured as opposed to just maximising their economic efficiency. Aspects of friendshoring have a longer history in the context of cross-border data flows, which have been (and are increasingly) subject to restrictions aimed at protecting privacy, cyber-security and national security interests. Data flows are critical to the functioning of modern supply chains and are themselves important sources of value. While the goals of data flow restrictions are often laudable, data friendshoring is not without risks and costs. It can have an uneasy relationship with existing trade rules, and spillover effects for other policy interests (including in relation to internet governance and the strength of the rules-based trading system). This article sets out the connections between friendshoring and data flow restrictions. It then examines the role that trade rules play in relation to data friendshoring, including the uncertainty of the application of certain current trade rules to data friendshoring and the benefits that digital trade rules can contribute in relation to data friendshoring. These benefits includes ameliorating the risks associated with data friendshoring, providing greater certainty for those involved in these arrangements, and enabling on-going discussions between potentially fragmented regimes to help rebuild trust over the longer term. digital trade, friendshoring, data flows

PRIVACY LAW CHALLENGES IN THE DIGITAL AGE: A GLOBAL REVIEW OF LEGISLATION AND ENFORCEMENT

As the world becomes increasingly interconnected through digital technologies, the protection of individuals' privacy has emerged as a critical concern. This paper conducts a comprehensive global review of privacy legislation and enforcement mechanisms, shedding light on the challenges posed by the digital age. With a focus on the intricate balance between technological advancements and the fundamental right to privacy, the study explores the evolving legal landscape and its implications for individuals, businesses, and governments. The analysis encompasses diverse jurisdictions, highlighting the variations in privacy laws and enforcement approaches across regions. From the European Union's robust General Data Protection Regulation (GDPR) to the nuanced approaches in Asia and the Americas, this review synthesizes the evolving regulatory frameworks. Special attention is given to emerging issues such as the use of artificial intelligence, biometrics, and surveillance technologies, which pose unique challenges to existing privacy paradigms. Moreover, the paper investigates the effectiveness of enforcement mechanisms in ensuring compliance with privacy laws. It examines the role of governmental agencies, regulatory bodies, and international collaborations in addressing cross-border data flows and global privacy challenges. The study also evaluates the impact of recent high-profile privacy incidents on shaping legislative responses and enforcement strategies. By presenting a holistic view of privacy law challenges in the digital age, this research contributes to the ongoing discourse on safeguarding individuals' privacy rights in an era of rapid technological innovation. The findings provide valuable insights for policymakers, legal practitioners, businesses, and individuals seeking a deeper understanding of the evolving dynamics surrounding privacy legislation and enforcement on a global scale.
 Keywords: Law, Privacy Law, Digital Age, Review, Data Protection.

Differential Interaction: Development of Cross-border Data Flow Governance Mechanisms In Asean

Cross-border data flows, which are fueled by the digital economy, increase the productivity and efficiency of the global economy. The cross-border movement of data has a direct influence on both national security and the growth of the digital economy.Therefore, in order to deal with the security and development issues brought on by the digital geopolitical game, on the one hand, ASEAN focuses on the overall growth of the digital economy and data security,on the other hand, it continues to encourage the spread of the innovative "ASEAN+" governance model and actively participates in the creation of regulations for the digital world. The digital geostrategic competition between large nations is skillfully employed, on the other hand, to aim for a more advantageous position in order to mitigate the negative impacts brought on by mechanism fragmentation. A governance mechanism for cross-border data flow is built using the relational governance concept of “self” and “other” interaction.The negotiating cost and compliance cost will be decreased through the adaptable interplay between mechanism spillover and mechanism internalization, expanding the digital economy in the ASEAN region and enhancing competitive advantages on a worldwide scale.

The Game Process and Achievement of EU and US Cross Border Data Flow Rules

In today's data-driven era, the governance of data rules has become a focal point for countries worldwide. This paper elucidates the significant differences between the United States and Europe, both major players in this domain, in terms of legislation and value positions. They also operate within distinct social data environments and possess varying national interest needs. These influence the direction and results of the game between the two sides in the data privacy framework. The paper also encompasses many far-reaching factors involved in this process, such as the political relationships between the United States and Europe, and the economic conditions on both sides. In the contest for dominance in data governance rules, the United States and Europe have been constantly interacting, refining regulations through ongoing friction, and to some extent, driving the development of the data industry. Meanwhile, the world still needs a more mature and stable regulatory framework for data governance rules, indicating the necessity for further significant progress in this area.

The Role and Impact of Cross-Border Data Flows in International Business Digital Trade

Abstract Data is an important production factor in the era of the digital economy, and cross-border data flow is a prerequisite for digital trade. The Digital Services Trade Restrictiveness Index (DSTRI) is the basis of this paper’s research on the impact of cross-border data flow on digital trade. Firstly, cross-border data flow and digital trade are refined into cross-border data flow restrictive measures and digital service trade, and the mechanism of cross-border data flow restriction on digital service trade is investigated. Then, the impact model is constructed based on the gravity expansion model, the variable selection is carried out, the model variables are tested from the perspective of Pearson correlation and multicollinearity, and the optimal regression model is selected. Finally, baseline regression results are derived based on the model, and heterogeneity analysis and robustness tests are conducted. Cross-border data flow restrictions have a correlation coefficient of −2.176 with total digital services, and they have both negative and positive effects on the total trade in digital services. The total trade in digital services in DSTRI is negatively impacted by all policy areas of restrictions, which suggests that restrictions in any policy area can hinder the development of digital trade. When conducting the robustness test, cross-border data flow restrictions still have a significant inhibitory effect on digital services trade, which is consistent with the results of the benchmark regression, indicating that the results of the benchmark regression in this paper are reasonable and valid.

African rules on cross-border data flows: The significance of regulatory convergence and the AfCFTA Digital Trade Protocol’s potential contribution

African rules on cross-border data flows: The significance of regulatory convergence and the AfCFTA Digital Trade Protocol’s potential contribution

全球数据跨境流动国际法规制现状、问题及解决

全球数据跨境流动国际法规制现状、问题及解决

How the Data Rules of EU is Exported to the Outside of the Region: Take the EU ’s General Data Protection as an example

The General Data Protection of the European Union, the GDPR is the concentrative embodiment of the stringent regulation of data policy. In the field of cross-border data flows, the “White-List” evaluation mechanism of cross-border data flows is constructed by “adequacy decision”, “appropriate safeguards” and exceptional stipulates. Through the evaluation by the above mechanism, if the protection level of the overseas data recipients is substantially equal to the level of the EU, the EU will authorize the transfers of EU data to the region. This mechanism mentioned above, somehow makes the data rules of the EU and the preference on stringent regulation of data policy adopted by more and more Non-EU countries. The mode of data regulation supervise is considered as an ideal reference and it is gradually spread globally. However the evaluation mechanism of cross-border data flows, should be regarded as a new-type barrier on data flows. And it will block the development of free market for global trade in data services. Thus, to resolve the conflict on the regulations of data supervision and cross-border data interaction, the World Trade Organization should shoulder more responsibilities, promote a broader global negotiation.

Governance in the Free Cross-border Flow of Data

Every part of life, work and friendship has been inseparable from the Internet. When we casually click on the links on the network, when we need to enter personal information on the network due to work and policy, when enterprises are used to storing most of the data in the emerging cloud computing service platform, when the official website of the core departments of the country was maliciously attacked. We are facing more frequent information leakage in the era of big data. Especially with the trend of multinational corporations, regional interoperability, and the integration of the world economy, data and information can flow across borders without obstacles. Undoubtedly, cross-border business trade, project co-operation, geo-location, and server tracking are necessary, but the large amount of data recording, flow, and tracking brings great risks to personal privacy, business secrets, and the maintenance and stability of national security. As a result of the growing awareness of the risks and drawbacks of cross-border data flows, jurisdictions and regions have developed legislation and rules to balance the free flow of data and cross-border security.