Bridges vol. 39, May 2014 / Innovation Matters
By Stephen Ezell
This article elaborates on countries’ increasing use of barriers and restrictions to digital trade, explains why such practices are damaging for individual countries and the broader global economy, and provides policy recommendations to better safeguard the open cross-border data flows and digital services that have become the lifeblood of the modern global economy.
Over the coming decades, much value in the increasingly knowledge-based global economy will be created digitally. This will occur especially through:
i) prevalence of information and communications technology (ICT)-based business models, such as advertising-supported content, fractional ownership, dynamic pricing, marketing of excess capacity, auctions and matching markets, and “cloud computing”-based outsourcing;
ii) “servicification” of products (e.g., selling products such as jet engines or medical radiology equipment as services); and
iii) application of “big data” techniques to generate novel, value-creating insights from large data sets.
This growing digitalization of the global economy is reflected in the expectation that global Internet traffic will quintuple between 2011 and 2015, and by the approximately 50 percent annual growth in cross-border trade in data. Researchers estimate that more data crosses the Internet every second than was stored on the entire Internet just 20 years ago. Tekes (Finland’s National Agency for Technology and Innovation) estimates that, by 2025, half of all value in the global economy will be created digitally. Unfettered data flows are also crucial for global trade in services; in fact, the European Centre for International Political Economy (ECIPE) estimates that 50 percent of all trade in services depends on access to open data.
Thus, securing a free flow of data and provision of digital services across borders will be vital to ensuring the health of a robust knowledge- and innovation-based global economy. Unfortunately, more and more countries are erecting either outright barriers or subtler restrictions to cross-border data flows or provision of digital services. We see this principally in two forms of localization barriers to digital trade: i) countries’ requirements that firms must use local ICT infrastructure, such as data centers, as a condition of market access and local data storage requirements, and ii) countries’ data-privacy laws that regulate data usage in ways that hinder the development of innovative information-based business models. This article will provide examples of how countries are introducing barriers to digital trade, explain why these barriers are harmful to countries that implement them and to the broader global economy, and provide policy recommendations regarding the growing threat of digital trade barriers.
As ITIF writes in Localization Barriers to Trade: Threat to the Global Innovation Economy, the first type of localization barrier to digital trade is a country’s requirement that enterprises establish local data centers or use local ICT infrastructure as a condition of being permitted to provide digital services (such as social networks or search engines) in that country. Brazil, China, Indonesia, Malaysia, Nigeria, South Korea, Venezuela, and Vietnam are among many countries imposing such digital trade restrictions. For instance, as of September 2013, Vietnam’s Decree 72 implemented localization requirements mandating that all Internet services companies – such as Amazon, Google, Facebook, and Spotify – operate at least one data center in Vietnam itself. Likewise, China has implemented local data server requirements purportedly to protect national security and control currency. Not only do such policies clearly violate the World Trade Organization’s General Agreement on Trade in Services (GATS), but they also introduce market balkanization that unnecessarily raises the cost and decreases the supply of global innovation by requiring construction of duplicative ICT facilities, raising firms’ costs and reducing the resources available to invest in innovation.
The second type of localization barrier to digital trade is seen in countries’ local data storage or local data residency laws. Almost two dozen countries, developed and developing alike – including Australia, Canada, China, France, Greece, India, Indonesia, Kazakhstan, Malaysia, New Zealand, South Korea, Taiwan, Turkey, Vietnam, and even the European Union – have introduced or are actively considering local data storage requirements or onerous data security and data privacy regulations that would create geographic restrictions on where ICT service providers can store and process data. Countries’ requirements for local data storage often go hand in hand with their requirements to use local data centers. For example, South Korea’s strict data privacy rules effectively require that financial service providers locate their data servers physically inside Korea. Australian and Canadian rules regarding electronic health records apply a blanket requirement that personal data be stored in-country. Even the European Union’s (EU) data protection regulation, embodied in the EU’s Data Retention Directive, makes it clear that personal data cannot be moved outside the EU. Greece has taken the EU’s Data Retention Directive a step further, by explicitly requiring that storage of data about subscribers’ communications by phone and over the Internet be “within the premises of the Hellenic territory.” Yet, by definition, such local data storage requirements preclude cross-border data flow and thus not only impede, but in many cases prevent, companies from offering cloud-computing or data analytic services across borders.
In fact, as the Swedish National Board of Trade reports in an important new paper, No Transfer, No Trade, which assesses the importance of cross-border data transfers to Swedish companies, the open movement of data is instrumental to modern companies’ operation of internal processes as well as to their ability to offer customers innovative services. As the authors note: “Today, business and trade is totally dependent on data flows – data that has to be moved in order to make trade happen and for the efficient running of companies. Practically no company is able to do business, or take part in international trade, without the ability to transfer data across borders.” For these reasons, it’s vitally important that policy makers in the global trade community aggressively push back against countries’ localization barriers to trade, and that governments refrain from enacting them in the first place.
It’s also worth noting that countries’ local data protection laws are motivated by – or at least attempt to be justified on the basis of – privacy concerns. The belief is that if data are required to be kept within a country, either they will be more secure or governments will be better able to prosecute those who violate privacy laws. But neither belief is true. Data are no more likely to be secure or insecure in Canada, Korea, the United States, or the UK. Rogue employees or data breaches can occur anywhere. The second issue of jurisdiction is equally flawed. The location of servers has absolutely no effect – for good or for bad – on privacy, as the local government would still have legal jurisdiction over companies that own the data, regardless of where their data are actually stored. Thus, mandating that data be stored locally tends to be a mercantilist tactic with no positive effect on privacy or security.
While not constituting a mercantilist barrier to trade, several countries and regions are considering implementing restrictive data privacy laws that threaten to significantly constrain digital innovation. For example, Europe’s proposed updated Privacy and Electronic Communications Directive (PECD) places stricter restrictions on online behavioral advertising. The regulations limit the ability to target online advertisements to users based on certain protected categories of data, such as an individual’s race or ethnic origin, sexual orientation, political opinions, religion or beliefs, trade-union membership, genetic information, or health status. This might make sense, until one thinks about the types of advertisements and services this might limit. For example, these restrictions could potentially prevent or limit European marketers from effectively creating targeted ad campaigns for services, such as online Christian bookstores or dating web sites, based on a particular faith or sexual orientation.
Analyzing the impact of the Directive’s existing rules in a paper called Privacy Regulation and Online Advertising, Avi Goldfarb and Catherine Tucker found that once European privacy laws went into effect, they resulted in a 65 percent reduction, on average, in the effectiveness of online ads. They estimate that if advertisers reduce their spending on online advertising in line with the reduction in effectiveness resulting from stricter privacy regulations, “revenue for online display advertising could fall by more than half, from US$8 billion to US$2.8 billion.” In a broader analysis of the potential economic impacts from Europe’s General Data Privacy Regulation (GDPR), ECIPE’s paper on The Economic Importance of Getting Data Protection Right: Protecting Privacy, Transmitting Data, Moving Commerce reports that, if fully implemented, the GDPR could result in such serious disruptions to services trade and cross-border data flows across Europe that the negative impact on EU GDP could reach -0.8 to -1.3 percent. The direct negative welfare effect of the regulation could reach as much as $1,353 (€1,041) per year for a household of four people. Moreover, the authors note that if the “right to be forgotten” rule – which would entail a right for individuals to withdraw consent, even years after it was given, for specific companies or organizations to store or handle their personal data – is added to the GDPR, the regulation could cause EU GDP to decrease as much as 1.5 to 3.9 percent.
Approaches to privacy and digital commerce differ strikingly between the United States and Europe. In Europe, privacy tends to be viewed as a fundamental human right and, as a right, it takes primacy over other personal and societal values. In contrast, many people in the United States view privacy more as a consumer right, so it appears reasonable to give consumers more ability to manage their online privacy settings in exchange for providing innovative digital services.In fact, online advertising provides the revenue that fuels innovative business models and drives much of the Internet economy. Many of the most popular web sites on the Internet – from Google’s free email service (Gmail), to YouTube videos, to Facebook’s social networking services – would not exist today without online advertising. It’s probably fair to argue that the United States’ greater openness to online advertising has played a role in the US developing a more robust Internet services industry than Europe. To be certain, securing robust privacy rights for citizens – and providing effective redress mechanisms if and when corporations violate those rights – is vital. But such policies should not come at the expense of compromising digital innovation. Instead of having European policy makers’ prescriptive regulation, European consumers should be given more freedom to manage their online privacy settings in exchange for digital services.
In conclusion, as United States Trade Representative (USTR) Mike Froman recently noted: "Combining globalization with new technology and with new business models has dramatically accelerated the pace of change and innovation. The flow of data is as important as the movement of goods.” American and European policy makers can take several steps to better ensure open cross-border flows of data and digital services. First, as ITIF argues in How to Craft an Innovation-Maximizing Transatlantic Trade and Investment Partnership (TTIP) Agreement, TTIP should flatly prohibit the use of localization barriers to digital trade that require foreign enterprises to locate servers/data centers or store data in-country as a condition of market access. TTIP should incorporate language embodied in The European Union-United States Trade Principles for Information and Communication Technology Services, which includes two key principles agreed to by USTR and the European Commission:
i) First, the principle on cross-border information flows states that: “governments should not prevent service suppliers of other countries, or customers of those suppliers, from electronically transferring information internally or across borders, accessing publicly available information, or accessing their own information stored in other countries.”
ii) Second, the principle on local infrastructure states, in part, that: “Governments should not require ICT service suppliers to use local infrastructure, or establish a local presence, as a condition of supplying services.”
Moreover, similar language should become part of every trade agreement currently being negotiated with other parties by the European Union and the United States (e.g., the Trans-Pacific Partnership). TTIP should also extend the so-called Safe Harbor agreement, through which US companies declare their compliance with EU data protection standards and are allowed to process data on EU citizens. In other words, TTIP should include a strong e-commerce chapter that protects all digital products against discrimination and other trade restrictions. Also, in TTIP, the EU and United States should make their cross-border commitments on a “negative list” basis, so that any service not specifically excluded is covered, allowing for innovation.
Thinking more expansively, and given that the complexity surrounding global data flows will only continue to grow and become increasingly important to the global economy, Europe and the United States should engage their trading partners in developing a “Geneva Convention on the Status of Data” (as ITIF recommends in The False Promise of Data Nationalism) that establishes international legal standards for government access to data. A multilateral agreement could settle questions of jurisdiction, establish rules of transparency, create better cooperation for legitimate law enforcement requests, and limit unnecessary access by foreign governments to data on citizens of other countries. A multilateral agreement could also clarify which country’s laws take precedence when companies encounter conflicting rules. By working together to create a global pact on issues of government access to data, countries previously involved in mass electronic surveillance can also reassure people at home and abroad that they respect individual privacy and will hold each other accountable in the future.
Ezell, S. J., R. D. Atkinson, and M. A. Wein. “Localization Barriers to Trade: Threat to the Global Innovation Economy.” ITIF. September 2013.
Goldfarb, A., and C. Tucker. “Privacy Regulation and Online Advertising.” posted on Social Science Research Network. August 4, 2010.
ECIPE. “The Economic Importance of Getting Data Protection Right: Protecting Privacy, Transmitting Data, Moving Commerce.” The U.S. Chamber of Commerce. March 2013.
Wein, M. A., and S. J. Ezell. “How to Craft an Innovation Maximizing T-TIP Agreement.” ITIF. October 2013.
Castro, D. “The False Promise of Data Nationalism.” ITIF. December 2013.
Castro, D. “Proposed EU privacy rules could limit innovation and cost businesses.” Government Security News Magazine. March 8, 2012.
Känkänen, J., P. Lindroos, and M. Myllylä. “Industrial Competitiveness Approach: Means to guarantee economic growth in Finland in the 2010s.” Finnish Ministry of Employment and the Economy. September 2013.
“No Transfer, No Trade– the Importance of Cross-Border Data Transfers for Companies Based in Sweden.” Kommerskollegium 2014.
“Vietnam and the Internet: The audacity of repression.” The Economist, August 2013.
Stephen Ezell is a Senior Analyst with the Information Technology and Innovation Foundation (ITIF), a Washington-DC based technology and economic policy think tank, where he focuses on science, technology, and innovation policy and trade issues. He is the co-author with Dr. Robert Atkinson of Innovation Economics: The Race for Global Advantage (Yale, September 2012). Ezell came to ITIF from Peer Insight, an innovation research and consulting firm he co-founded in 2003 to study the practice of innovation in services industries. He holds a B.S. from the School of Foreign Service at Georgetown University, with an Honors Certificate from Georgetown’s Landegger International Business Diplomacy program.