SIIA hosted a panel discussion for delegates to the World Trade Organization (WTO) E-Commerce Work Committee in Geneva on March 14, 2017.  UNCTAD’s Cecile Barayre, the Brookings Institution’s Joshua Meltzer, Tala’s Zach Marks, and Google’s Nicholas Bramble provided background information, which elicited many insightful questions.  One takeaway that is perhaps not obvious to all who participate in trade negotiations is that cross-border data flows are not necessarily synonymous with domestic deregulation.  This is consistent with SIIA’s view that governments should permit – indeed even encourage – cross-border data flows through offering data transfer interoperability mechanisms that enable cross-border data flows, but at the same time ensure compliance with national privacy and other laws.  This resource paper provides information on sources that governments and others can consult as they consider policy in this space.

Cecile Barayre discussed UNCTAD’s work on data flows, particularly the April 2016 “Data protection regulations and international data flows: Implications for Trade and Development” report.  The report notes that in 2013, B2B E-Commerce amounted to 15 trillion dollars.  In 2013, B2C Commerce was 1.2 trillion dollars with China being the biggest market.  Ms. Barayre’s presentation provides updated numbers, including the estimate that Internet of Things value-added services will grow from around $50 billion in 2012 to about $120 billion in 2018.  The estimated 2017 global market value of the cloud computing industry ranges from $107 billion to $127 billion.  UNCTAD concludes that developing countries do indeed have a stake in the data economy; it is important to avoid fragmentation in developing privacy laws (although that does not imply uniformity); interoperability mechanisms are needed; and, privacy and other regulations should take into account their potential economic impact.  In developing regulations, there should be multistakeholder involvement.  

Joshua Meltzer presented findings from the October 20, 2016 Brookings Institution report on “Digital Colombia: Maximizing the global internet and data for sustainable and inclusive growth.”  He noted that as Colombia transitions away from a commodity-driven trade model to value-added substitutes, data flows are critical.  Moreover, they are important for all sectors, not just the IT sector.  In Colombia, automotive, rice , and textile producers are benefiting from digitization.  The international dimension is important to get right, for instance de minimis duties for smaller transactions, as well as cross-border data flows.  Domestic policy is equally important, which means fostering appropriate skills throughout the economy (not just engineers for the IT sector) and appropriate tax/competition/intermediary liability policies.

Zach Marks provided a presentation on how Tala, an SME, relies on cross-border data flows to provide financial access, choice, and control services in Kenya and the Philippines.  Marks explained that Tala offers a smartphone downloadable app that credit applicants can use to apply for small loans.  Analyzing answers to eight questions, Tala is able to develop a sufficiently actionable financial profile on applicants to be able to offer loans from 10 to 500 U.S. dollars.  Over the last two years, Tala has made about a million loans in Kenya.  The company plans to expand in the Philippines, Sub-Saharan Africa, and Latin America.  The potential is huge as Tala estimates that there is a global “credit gap” involving 2.5 billion people.  Marks explained that Tala relies on a cloud-based solution to store and process the data it needs in order to analyze smart-phone acquired data.  While using local data servers is theoretically possible, it would increase costs and could increase cybersecurity risks.  Localizing data does not  increase cybersecurity as this Carl Bildt piece on “Why Technology, not Geography, is Key to Cybersecurity” notes.

Nicholas Bramble reminded the audience that cross-border data flows is truly a comparatively recent Internet age phenomenon.  There is a strong relationship between open data flows and trade: trade between countries with high Internet usage is about 25%  higher than trade between countries that are not as open.   Youtube creators on average see over 60% of the views of their videos coming from foreign users, which often generates export revenue for those creators.   Similarly, there has been significant growth in the ability of Small and Medium Sized Enterprises (SMEs) in developing countries to reach overseas customers through Search and Adwords. In the meantime, the global Internet is driving the development of new technologies like machine learning -- cross-border data flows are crucial to innovations such as IBM’s Watson, which mines data from millions of medical papers all over the world to improve treatment of diseases. So how to take advantage of these developments, and make it easier for SMEs in developed and developing countries to participate in global trade?  Internet access needs to be broadened (4 billion people still do not have access); new rules of the road for data flows are needed; and, data localization needs to be avoided as it tends to undermine, not strengthen, privacy and security.  Interoperability mechanisms are needed such as APEC’s Cross-Border Privacy Rules (CBPR) system -- which could provide a model to protect privacy on a global basis, regardless of the location of data.  The CBPR rules include three fundamental operating principles that provide confidence for governments that their laws and regulations are being respected while providing companies with multilateral recognition of privacy commitments – the principles are: 1) company self-assessments; 2) outside validators; 3) enforcement by national authorities.   Currently four countries participate in the system including Mexico, and other developing countries could decide to join the system in the coming years.

In response to questions from the Chinese and Canadian representatives, Marks explained that Tala provides credit scoring and loan services but does not take deposits, although the company is exploring the possibility.  He said that Tala complies with national privacy and other laws by working with local law firms in the countries in which it operates.    The Tala app is not downloadable in Switzerland, which prompted a broader discussion on payment processing standards and rules around the world.   Bramble explained that Google Play is able to process payments to developers in 77 out of 196  countries around the world in part because the 77 countries have good standards on issues like payments regulation and intermediary liability – he noted that even Google cannot establish a local presence in every country in the world in order to process payments.

The Pakistani Ambassador to the WTO asked how to address the fact that data localization is often led by security establishments around the world.    The panelists agreed that this is indeed often the case – Meltzer noted, for instance, that the United States carved out financial services from the TPP’s data flow obligations because regulatory agencies considered that local data storage facilitated access to the data.   All the panelists agreed that there needs to be better interagency coordination among trade, privacy, security etc. policymakers and regulators.

The South Korean representative was curious as to why Tala started operations in the developing world in Kenya and is now considering the Philippines.  The answer is that Kenya is already a “unicorn in the world of mobile money” so as Marks put it, it is relatively easy to establish a “digital monetary trail” on potential customers in Kenya.  Another reason cross-border data flows are important to Tala in this context is that the cloud model that Tala uses makes it easier to perform the analysis required to screen for fraud.  The Philippines is a natural market for Tala because it is English speaking with a large pool of tech savvy consumers.

The World Bank representative said that the “Treasury always wins” in disputes with trade ministries (the Brazilian representative emphatically agreed) and inquired what the implications were for tax policy in a world of cross-border data flows.  He also wondered why dispute settlement cases had not been launched at the WTO against data localization as some GATS provisions arguably make such cases possible.   Barayre said that tax was indeed a complex matter and noted, for instance, that if she purchased an item from a French website,  she had to pay VAT in both France and Switzerland.  Meltzer said that the Brookings Institution is planning work in the tax area with the challenge being to address legitimate revenue collection concerns without choking off the development of the digital economy.  Bramble mentioned G20 and OECD work on tax issues.  With respect to WTO dispute settlement cases, the consensus was that there simply was not enough certainty regarding the law to warrant filing.

Responding to the observation by the Brazilian representative that national regulations exist for a reason, Meltzer said that cross-border data flows are not tantamount to a deregulatory agenda.  For instance, the Transpacific Partnership, while including binding data flow provisions, also required countries to have privacy rules (without mandating what kind of system to adopt).

Carl Schonander is Senior Vice President for Global Public Policy.