Digital trade is an essential and growing element of global commerce, but its growth is threatened by nationalist data protectionism. Overcoming this problem requires coordinated global policies that balance the gains from efficiency with the needs for protecting data privacy.
The concept of digital trade includes physical products sold over the internet, downloadable digital goods, such as software, data, and entertainment files, and software-based intermediate services in business, finance, and engineering. International data collection and distribution contribute significantly to the development of new digital technologies, including artificial intelligence and the Internet of Things.
With that large and growing scope, it is no surprise that digital trade is a key driver of globalization and economic growth. For example, by 2020 online shopping reached 17% of global retail trade, a trend spurred by the pandemic but continuing to rise. The US International Trade Commission estimated that , global digital trade – then at its onset -, including multiple data-based services, raised US real GDP by more than 3.4%, while consulting firm McKinsey computed that data flows raised global GDP by at least 10% in the decade through 2015. These sums are surely larger today. Such gains come from new product innovation, improved technologies, higher productivity, and lower trade costs, all facilitated by digitization. Moreover, international digital markets are easier to access than those for physical exports, raising opportunities for small and medium-sized enterprises (SMEs), especially from emerging and developing economies. Few if any other technologies offer this range of potential benefits, highlighting the need for encouraging digital trade.
Trade relies on data, and data relies on coordinated policies
Such gains rarely come without costs, however. Digital trade in its various forms cannot exist without international data flows, which raise their own concerns. Online searches, e-commerce transactions, and the provision of various electronic services inevitably involve the collection of personal data, which can be instantaneously transferred for storage and processing across borders to third parties. Those exchanges are worrisome if personal data are sent to or used in jurisdictions that do not protect the privacy of that information to the degree expected by consumers and providers in other locations. This makes source countries reluctant to permit cross-border data flows, reducing the gains from digital commerce.
This situation seems to call for policy harmonisation among countries that trade data. However, international variations in policies regarding data privacy are common because countries differ in their preferences between economic efficiency and other goals, such as national security or financial stability, in defining data ownership and permissible usage. They may also vary in their regulatory capacity. Trying to bridge this gap presents daunting problems.
In essence, there are two broad challenges for trade policy makers in these closely related information markets. The first is how to reduce barriers to cross-border trade in digitized goods, services, and inputs, which should enhance efficiency and growth. The second is the more difficult question of how to secure protection for international flows of data required to optimize digital trade.
Cutting or eliminating remaining restrictions on digital trade is critical for expanding trade, growth, and equity. It can be done through a mix of unilateral, plurilateral, and multilateral initiatives. Emerging and developing countries should undertake unilateral trade-facilitation measures in e-commerce, essentially of two kinds. First, policies to reduce red tape and fixed costs in getting goods across borders are important. These include such items as paperless invoicing, low or zero tariffs on electronic transmissions, cooperative international digitized customs arrangements, permitting e-signatures and digital authentication, connecting to electronic payments systems, and establishing clear de minimis values for small shipments of products that escape tariffs. All these policies have been shown in numerous studies to significantly expand trade and improve international market access for small traders. Second, efforts should be made to build technical capacity so that all households and firms, especially Small and medium-sized enterprises (SMEs), have access to digital technologies and e-commerce.
Both types of policy regimes could be considerably bolstered at the multilateral level through extending the WTO’s Trade Facilitation Agreement to incorporate such measures, map electronic customs logistics to export growth, and encouraging international technical assistance. The key here is to link technology policy with trade policy, a framework currently under negotiation by over 80 WTO members, which seek a common set of trade rules facing e-commerce.
Heading off data protectionism
Turn next to the more sensitive issue, protecting the privacy of personal and confidential data while restricting efficient international data flows as little as possible. Fundamental policy and cultural differences render a top-down, multilateral approach based on regulatory harmonisation virtually impossible. For example, the European Union, as expressed in its General Data Protection Regulation (GDPR), views data privacy as a fundamental right, wherein data are essentially owned by individuals who can determine their use. In contrast, US policy favors commercial interests in the collection and manipulation of data, though arguably this is changing. China elevates the security interests of the state to the top priority in data use, with an additional goal of favoring domestic technology companies in global competition over information. Many countries carve out digitally provided goods and services as cultural exceptions from trade disciplines. These preferences seem unbridgeable through a global policy regime. Indeed, attempts to extend the WTO’s General Agreement on Trade in Services (GATS) to international data regulation, or even to use GATS principles to liberalize digital trade as a service, have largely failed.
Thus, full multilateralism is not the answer, at least not for quite some time. Neither is a unilateral approach, in which countries choose their own data-protection regimes without consideration for international economic or security spillovers. This has been amply demonstrated by the proliferation of systems in numerous countries that are built on clearly protectionist aims. Such policies include, among other items, tariffs on digital goods, weak intellectual property rights that fail to discipline cyber-theft of trade secrets or to go after file-sharing websites that encourage digital piracy, and requirements that foreign software firms and platforms divulge source codes for proprietary algorithms.
The protectionist element most closely related to data privacy are data-localisation mandates. This policy requires that firms offering data-driven services, a process that also collects user data, store their acquired data on servers that are physically located within the regulating country. Governments justify this policy as a necessary means of protecting the data of residents from foreign use and manipulation and improving reliability of data networks and national security. However, such policies force the development of costly and duplicative computing capacity within regulating countries and raise barriers to efficient international provision of data services. Evidence indicates that data localisation amounts to a significant and costly barrier to trade in data services and digital trade. Because data can be readily transmitted at low cost, efficiency supports permitting firms to store them where there are greatest cost advantages, including from economies of scale in concentrated server locations.
Data localisation raises high costs on global data-services firms without necessarily improving data security. The fact that data may more efficiently be stored abroad does not prevent regulatory authorities from requiring that personal data collected within their borders be used and transmitted subject to appropriate privacy rules and norms. A better approach would be to eliminate localisation requirements in return for national regulatory flexibility in data use. Governments should pursue a policy of mutual recognition to encourage this flexibility, subject to some minimum floors in data protection. This form of policy coordination, rather than uniformity, combined with the absence of protectionist data localisation requirements, offers the best avenue for building a globalised and efficient data-driven economy.
Indeed, this is the essential approach taken to data protection by two major preferential trade agreements (PTA), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the US-Mexico-Canada Agreement (USMCA). These pacts ban data-localisation rules and other protectionist elements in regulating data flows, while encouraging members to establish effective data-protection regimes. They also permit relatively wide scope for domestic policy exceptions, such as for national security, subject to a “least trade-distorting impact” provision. That such agreements were reached suggests that effective international approaches to digital trade and data privacy are likely to be plurilateral going forward.
The European approach
While important steps forward, these PTAs are insufficient to satisfy the EU, which seeks data protection abroad that effectively meets its domestic standards under the GDPR. The EU approach requires that to provide data services and collect personal data among its residents, foreign countries must meet an adequacy test in protecting information or firms must meetcertain corporate standards. The EU has certified such adequacy in a range of countries and makes it a requirement in the major PTAs it negotiates, such as the Canada-EU Trade Agreement. The EU approach is novel in global trade policy because it extends its domestic policy preferences into foreign jurisdictions, an example of necessary extraterritoriality if a global data firm wishes to access the market.
Important questions remain about which approach is more advisable going forward. Mutual recognition raises fewer roadblocks to data flows and is likely to be more attractive to emerging and developing economies as their data systems improve but leaves potentially wide differences in policies that could risk abuse of personal information. The EU demand for policy equivalence offers more security to individuals and firms in controlling international use of their data, which may raise more confidence in the digitised system but may be unacceptable to countries with significantly different policy preferences. In this environment, what may be concluded about the need for new rules to facilitate digital trade and data flows? In brief, there are several steps individual countries could take to reduce the costs of digital trade, including tariff elimination, improving trade logistics, and increasing universal access to digital opportunities. Such changes could be buttressed by extensions of the TFA and modernization of the GATS at the WTO. In contrast, there is little scope for multilateral negotiations or rule-setting in data protection. Instead, such progress must come from plurilateral negotiations, whether through PTAs or on a sectoral level, focused on stronger privacy standards, mutual recognition across trading partners, and even adoption of the EU approach to extraterritoriality in this arena. It is important that any such policy agreements be kept open to membership by other countries to diminish the current tendencies toward international fragmentation.