If trade is the lifeblood of the global economy, data is its DNA. Without good information, the entire worldwide system would collapse. Data flows don’t just support e-commerce by enabling physical goods to be traded online. They also enable fully digital products and services—search engines, social media, electronic payments and much else.
The growth in cross-border data flows is mind-boggling. This year, global internet traffic will reach some 150,000 gigabytes per second. That’s up from about 150 gigabytes per second in 2002, and just 100 gigabytes per day in 1992. Digital trade, too, has been growing faster than trade in physical goods since well before the pandemic.
Trade Rules Are Lagging
As digital transformation races ahead, though, international trade rules are falling behind. The World Trade Organization (WTO), for example, has no multilateral agreement on digital trade. Australia, Japan and Singapore are leading the effort to introduce new WTO rules, and the process is picking up speed after a period of fits and starts. A final agreement, though, is still some way off. Countries can find common ground when it comes to electronic signatures and paperless trading, but on issues such as electronic-transaction frameworks, the proposed text has been reduced to language and not binding commitments. Consensus is even harder to reach on the more contentious points.
This year, global internet traffic will reach some 150,000 gigabytes per second. That’s up from about 150 gigabytes per second in 2002, and just 100 gigabytes per day in 1992."
None of this comes as a surprise. At a time when data is upending the way businesses and societies interact, data governance is emerging as a geopolitical flashpoint. Tensions play out in regional trade groups and even smaller bilateral accords.
Recent Indo-Pacific Developments
For Australian businesses operating in the Indo-Pacific region, three recent developments bring the relevant geopolitics to the surface. First, in December 2021, Australia signed a so-called CLOUD Act Agreement with the United States. (The acronym stands for Clarifying Lawful Overseas Use of Data.) This will help American and Australian law-enforcement agencies, when investigating serious crimes, to access data held by service providers operating in the other’s jurisdiction.
In Australia, the agreement was referred back to Parliament’s Joint Standing Committee on Treaties this August. According to the U.S. Department of Justice, CLOUD Act Agreements make it less likely that countries will force businesses to store and process data locally. Some nations require data localization because, they say, it aids law enforcement and regulatory oversight. By facilitating government-to-government cooperation, the U.S.-Australia agreement addresses the concern that foreign data may be withheld for one reason or another.
Resisting data localization is consistent with the original Trans-Pacific Partnership (TPP), which included the United States. Although President Donald Trump withdrew from the original TPP on his first day in office in 2017, Australia is a party to its successor agreement, and the relevant rules remain unchanged: Countries must allow cross-border data transfers and must not introduce data localization measures unless they’re required to achieve a “legitimate public policy objective.”
Second, in January 2022, the Regional Comprehensive Economic Partnership (RCEP) came into force. RCEP is a trade pact among Australia and 14 other Indo-Pacific countries, including China but not the U.S. It reveals China’s hand on some thorny digital-trade issues. This was followed this May by substantive moves toward negotiating the Indo-Pacific Economic Framework (IPEF), which is spearheaded by the United States and does not include China. One key priority of IPEF is to develop regional standards for cross-border data flows.
The two groupings highlight the divided approaches to issues of data movement among Australia’s main partners. Under the auspices of IPEF, the U.S. is encouraging “high-standard rules of the road in the digital economy” to reduce data localization. As part of RCEP, China agreed to allow cross-border transfers and not to introduce localization measures—but those are subject to a public-policy exception that is entirely self-adjudicated. In other words, it’s up to the country introducing a restrictive measure to decide whether its restriction is necessary. RCEP dilutes these standards further by exempting measures that a country considers necessary to protect its “essential security interests” and by carving out all electronic commerce rules from state-to-state dispute settlement.
Third, there are signs that some countries’ views on data localization may be shifting. Indonesia—traditionally a strong advocate for data localization—passed Government Regulation 71 of 2019 in the face of opposition from Indonesian data companies. Regulation 71 allows private electronic systems operators to process and store data outside of Indonesia. With 204 million internet users, 370 million mobile phone connections and half its population under 30, this is a major step forward for tech businesses in the Indo-Pacific.
India’s support of data localization shows signs of receding as the number of Indian internet users—now nearly 650 million—is exploding. This August, Prime Minister Narendra Modi’s government withdrew its long-promised Personal Data Protection Bill after receiving feedback from a joint parliamentary committee. The bill would have required companies to store several kinds of data within India. While the committee’s report did not call for fully free data flows, it recommended narrowing the circumstances in which data must be stored domestically. The government is likely to introduce a revised bill late this year; however, ministers are already calling for it to include “global standard cyber laws.”
These are positive developments. Indonesia is a signatory to RCEP, and India is a founding member of IPEF. Their shifting views on cross-border transfers should encourage greater data liberalization across the region.
Exporters, including those in Australia’s burgeoning tech sector, need strong and consistent digital-trade rules governing the Indo-Pacific region. Sometimes a push for data localization is benign. Prosecuting serious crime, for instance, and protecting government data or individual privacy are valid policy concerns. But these can be addressed in targeted ways, as the CLOUD Act Agreement shows. Likewise, concerns about consumer protections and privacy can be tackled with existing legal tools and customer disclosures. This is a key lesson from the Australian Competition and Consumer Commission’s recent string of actions in domestic courts against Google. Too often, calls for data localization are either simply misguided or, more malevolently, motivated by protectionism, censorship and control. In practice, whether well-intentioned or not, localization makes data-driven trade more costly and less secure.
A truly multilateral solution to cross-border data flows has clear advantages. But while exporters wait for the WTO to act, regional agreements and groupings can be a useful starting point. The IPEF in particular promises major strides toward data liberalization in the Indo-Pacific. Like-minded countries should continue working together to facilitate digital trade. Such efforts will find support in Washington, where a bipartisan group of senators called recently called on the White House to prioritize this. In their words, which should apply equally in other world capitals, including Canberra, “ongoing debate over domestic rules for the digital economy should not hold us back from substantive engagement with our allies.”
Jo Feldman is a partner at Norton Rose Fulbright in Australia. She is an arbitration and litigation lawyer with over 17 years’ experience working with government and the private sector. She has broad experience in disputes under national and international laws and has acted for and against states in investment treaty arbitrations.
Daniel Allman is a special counsel at Norton Rose Fulbright in Australia. He is a dispute resolution lawyer and has been recognized in Best Lawyers: Ones to Watch in Australia™ for 2023 in both Alternative Dispute Resolution and International Arbitration.
Alan de Rochefort-Reynolds is an associate at Norton Rose Fulbright in Australia. He is a commercial dispute resolution lawyer and his practice focuses on acting for parties in arbitration and litigation relating to contracts, financial services and corporations legislation.