K.S. Park participated in a panel on fragmented data governance held on December 6, 2022 by UBC School of Public Policy and spoke as follows:
Panel questions for Dec 6 webinar
Please note that questions 1-3 will be posed to all panellists, and questions 4-8 will be posed to each panellist individually.
1. We know that digital flows and technologies are growing exponentially and will represent an ever-growing part of international trade. How do you evaluate our international governance structure at the moment for those digital flows? On a scale from 1 to 10 (10 highest), how would you score the overall global governance structure of data and digital flows? And why?
KSP: A regression is taking place around the world: the reification of data. Data is a relationship between sentient beings and the objects sensed, knowledge of the world external to the consciousness of that being. Transfer of data is speech. Collection of data is learning. Thus, a restriction on the transfer of data is a restriction on speech or freedom of speech.[i] A restriction on the collection of data becomes a restriction on learning or freedom to learn. Data—originally, a configuration of the consciousness perceiving external objects—is being reified, that is, treated as if it is a tangible thing. Increasingly, data is deemed to be a possession by people reflected in it or those producing it and subject to delivery fees for transfer. Data is deemed capable of being “owned by data subjects” as in the rights-to-be-forgotten jurisprudence “owned by data producers” in the concept of data ownership or charged fees for delivery as in European Commission’s recent ‘fair share’ deal.
These trends of data reifications tend to coalesce into mutual escalation as municipal governments attempt to assert sovereignty over the now-reified data. Such governments claim data sovereignty, as if data is something to be defended from foreign control just like territory, under such mottos as “we should rule over all our countrymen’s data.”[ii] As a consequence of these trends, the creativities, growths, and progresses that feed on the sharing and acquisition of data are suppressed and stunted.
The trends of data reification I discussed have resulted in various municipal measures that revolve around the idea that data is real, and that the municipality’s jurisdiction must be protected in that regard. The Chinese government has used the concept of data sovereignty ostensibly to protect its own citizens from the notion of harmful data.[iii] European governments have seen GDPR as protecting not just privacy but European economic assets.[iv] These municipal measures—often operating under the motto of data sovereignty—are stimulating other similar measures in escalation. Much of data sovereignty is operationalized by access bans on websites and apps not complying with particular data restrictions of the specific governments claiming such sovereignty, or worse, by data localizations that require all data or some classes of data accessed by the government’s constituents to be located domestically. Trump’s proposal to kick TikTok off of U.S. soil was triggered in part by the Chinese firewall, whereby all data accessible by Chinese citizens is required to be located within China and left vulnerable to their surveillance.[v] The irony is that the U.S. “sovereign-based” response will only harden and justify the Chinese government’s position. Further, it is financially certain that adoption of the sender pay rule in one country will ignite data delivery fee warfare, in which other countries will adopt the same rule to protect their own network operators, as seen in the February 2021 case of Indonesia attempting to respond to Korea’s sender pay rule.[vi]
2. What do you think are the most essential pillars (global or regional, or club-like) that regulate global data and digital flows now?
KSP: In order to preserve the global data and digital flows, the regulatory system should also be global. The regional efforts makes sense but only as an intermediate step toward a potentially global norm. The reason I say this is because of the mutual escalation of “data sovereignty” phenomena I mentioned above, which could happen on a regional level. If a group of countries band together to form an exclusive free data trade zone, the countries that are not included in the initial formation may create their own formation in competition. Any regional formation must be transparent and inclusive, meaning open to entry by the current non-members as long as they meet a transparent standard. One such example is EU’s adequacy scheme under GDPR which has been open to non-EU countries such as South Korea, which was granted the decision this year. EU’s adequacy scheme is one good example of a global-looking transparent and inclusive regional norm. There are other global norms that can be used to make regional formation more global looking. International human rights and Budapest Cybercrime Convention are global standards that can be adopted as an operating norm by regional formation.
3. The elephant in the room: data ownership and control is a critical basis for AI development. India, Indonesia and South Africa refused to sign on the Osaka G20 data free flow with trust declaration in 2019 out of concerns for data ownership and infant industry protection. The EU is waking up to the fact that it does not control much of the data produced in the EU, except for GDPR restrictions on privacy. In Canada, Jim Balsillie has raised the alarm too. What can be done to reach a governance agreement on data ownership and free flow that addresses the quasi-monopoly situation of a few big first movers controlling so much of our data?
KSP: Data ownership is not a good justification to restrict cross-border data flows or reject free flow data. Data ownership attempts to reward ‘data producers’ with some control over the data so produced above and beyond the pre-existing database rights or trade secret laws. However, as proposed, data ownership norms concern non-personal data and do not have privacy implications that personal data carry. If we agree that data is the sentient beings’ perception of external objects, it is difficult to find justification for rewarding people for simply observing things. Yes, there are different grades of data quality depending on the details that observation acquires and the level of portability in which data are recorded. However, database rights and trade secret laws respond to these concerns. When data are produced in interactions between the two entities, it is for them to negotiate over how the resulting information will be accessed and stored by either. Lacking privacy implications, there are no reasons for the government to intervene. If local businesses would like to keep records of what kind of people order from them, they should negotiate with platforms on or choose from platforms sharing such data with those businesses. Such concern should not be a reason to ban data flows which may actually harm local businesses’ ability to benefit from the platforms. There are concerns of unequal bargaining power between platforms and local businesses, which should be addressed ex post by competition laws or antitrust policies but ex ante data regulations are too drastic tools to address these concerns. Again, new data governance should be limited to personal data where privacy, the basic right, of powerless individuals are at stake. Data protection laws were designed to address that imbalance in bargaining power but there is no need for such regulation in non-personal data.
4. For Stephanie Honey: from NZ’s perspective, what are the most hopeful ways to overcome digital fragmentation? What about DEPA and IPEF? What do businesses and civil society think?
5. Susan Aaronson: Can you tell us more about your Hub’s Global Data Governance Mapping Project? How do you collect data and what do you aim to map? What are the 2-3 key findings that have emerged?
6. Henry Gao: How worried are Singapore and ASEAN about the fragmentation of governance? and what are the expectations about DEPA? What are the most positive trends you see? What are possible coexistence rules that could be reached with China and taken as global rules
7. KS Park: How is Korea managing the US-China data split? From a Korean perspective, are you hopeful about DEPA and IPEF in developing a good data governance framework?
KS: Korea is not doing too well and I think that Korea is one best sample country that can benefit from aligning data governance with international human rights standard. Internally, Korea has unique unprecedented regulations restricting free flow of data such as mandatory notice-and-takedown, internet real name law, comprehensive administrative censorship, etc., which has fueled the complaint of reverse discrimination against domestic platforms and in turn resulted in further isolationist patchwork solutions such as server localization or sender pay initiatives. It took us at Open Net extraordinary efforts in stopping the passage of the server localization bill in 2018 which would have paralyzed digital trade in and out of Korea. However, externally, Korea is politically following the US’ footstep, for instance, joining the Future of the Internet Declaration though a little late and informally critical of Chinese surveillance state. There is not much digital trade between China and Korea to begin with. DEPA and IPEF will be good frameworks for Korea to join but remember my concern on these regional initiatives: risk of escalation.
8. Masahiro Kawai: How worried is Japan about the fragmentation of digital governance and the growing weaponization of data? What are your views on IPEF’s potential? What is the view of Japanese digital and AI companies?
[i] Jane Bambauer, “Is Data Speech?,” Stanford Law Review, Volume 66, p. 57 (2014).
[ii] Hindustan Times, “Seduction of Data Sovereignty,” (2019) available at https://www.hindustantimes.com/analysis/the-seduction-of-data-sovereignty-in-india/story-iOS8cVKxstIIgJLy47Iy0J.html (commenting on India’s Railways and Commerce Minister Piyushi Goyal’s G20 Meeting Address, “data is a sovereign asset”).
[iii] See Anupam Chander and Haochen Sun, “Sovereignty 2.0,” Georgetown Law Faculty Publications and Other Works 2404 (2021): 11 for an objective genealogy of Chinese data sovereignty.
[iv] Frances G. Burwell and Kenneth Propp, The European Union and the Search for Digital Sovereignty: Building Fortress Europe or Preparing for a New World?” (Atlantic Council, 2020).
[v]Ana Swanson et al., “Trump Approves Deal Between Oracle and TikTok,” New York Times, September 19, 2020.
[vi] Kyung-sin Park, “Joint-Statement with SAFEnet (Indonesia): Civil Society Demand that Net Neutrality Be Protected in Interconnection Rules,” Open Net Association Press Release, February 15, 2021, http://opennetkorea.org/en/wp/3200?ckattempt=1.