


The April 2023 United Nations World Data Forum was held in China to discuss the need for a consensus on the legal structures around cross-border data flow—essential processes for distributing information in our data-driven global economy. While even mentioning China near international data regulation discussions may bristle some US national security hairs, it’s important to note that Europe is collaborating with China to enable a set of common principles for data processing. The US might get left behind.
This begs the question about the importance of data transfers and privacy challenges in today’s digital markets: What should the rules be, and who should decide them? The US needs to participate in these discussions to ensure US data privacy rules are not being driven by the rest of the world’s standards by default.
Managing the global movement of information creates continuous challenges of data privacy, security, and control. In today’s innovative economy, we increasingly rely on the exchange of data across national boundaries to communicate and trade information. For businesses, transferring data across borders is important to expand their reach and connect with customers in new markets. It’s also important to manage the legal restrictions for basic transfers of resource data for multinational corporations monitoring global operations.
The recent UN conference points out that cross-border data flow agreements are the regulatory tool that enables the international legal transfer of a wide range of information—such as personal, financial, and business data—for everything from communication and commerce to supply-chain management and research. As the digital economy continues its global reach for business prospects, the United States needs comprehensive data protection or “privacy” regulations to ensure that American companies can operate with the same data transfer rules as our international counterparts. Without a national privacy law, American companies will continue to face competitive disadvantages compared to companies in other countries that have negotiated the transfer of information between servers across national borders.
As the use of data in technology evolves, governments and businesses must work together to ensure that cross-border data is regulated in a manner that promotes innovation, protects privacy and security, and respects national sovereignty. Recent reports on how governments can manage artificial intelligence (AI) are a reminder of the global developments before us that will create even more friction in analyzing consumer information as new AI tools combine datasets at a massive scale to allow for data-driven decisions. The regulation of these international data streams is a contentious issue in international trade negotiations, with countries seeking to balance the benefits of data flows with the need to protect their citizens’ privacy and security.
Such regulation also comes in myriad approaches. The UN discussion examined the basic differences between the three major governance approaches of the European Union, China, and the United States. US regulations cover data privacy by industry sector, the EU regulates all data collected on an individual, and China focuses on where the data processing activity takes place.
Congress needs to pass a comprehensive national privacy law with one set of privacy standards for data collection to help not only individuals control their personal information within the 50 states but also to help the US catch up to the global norm of enhanced protections for sensitive data and create trust in our global trade partners with these data transfer policies. As we navigate the complexities of the digital age, we need a robust, standardized framework to govern the use of consumer data that focuses on transparency and enables an audit function on data controls. It’s time to regulate the collection, use, and disclosure of consumer data beyond our traditional industry sector model to manage US data governance at scale.
Cross-border data flow negotiations can help the US focus on revolutionizing the legal structure around communicating and exchanging information on a global scale. A national data protection or privacy law would also provide a legal framework for certainty regarding the permissibility of defined forms of personal data that are allowed to be processed in these data-driven trade agreements.
These discussions on the movement of data are a reminder of how crucial data access is for individuals and businesses and for the information flow needed for digital services from anywhere in the world. As we rely more heavily on these transfers, the need for further standardization is key, and a US national privacy law becomes increasingly important to our standing globally. With so much personal and business data exchanged between servers across national borders, we must have standardized mechanisms for data processors and controllers to build the harmonized framework that will support and protect American privacy and security in a global digital economy.
CLICK HERE TO READ MORE FROM RESTORING AMERICAThis article originally appeared in the AEIdeas blog and is reprinted with kind permission from the American Enterprise Institute.