IGF 2022 Day 3 Open Forum #103 Promoting cross-border Data Flow and Trustworthy Data Space

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> MODERATOR: I'm serving as the Chair on the Committee of policy at OECD.  It is my great pleasure to have all of you here today.  Our first original intention to host this session was we wanted to exchange some understanding and ambitions or foresight by different stakeholders, including some other Government.  But because the time slot is relatively early in the morning and we do not have many panelists, I hope we have one panelist online.  But we have only one speaker, except for me.  So I think in this session, we would like to explain what we have been pursuing over last several years to promote cross‑border data flows, in which it has been mainly discussed in Governmental bodies, up until now.

But I think from our perspective, it is even more important to discuss this matter with multistakeholders.  So I hope I can share our intention and our objectives and would like to listen to the opinions or comments from you multistakeholders so we can develop this effort toward next year and even beyond with multistakeholder approach, rather than Governmental discussion.

So in the beginning, let me use a few slides to explain what we have been doing until now. 

So we started our discussion on data flows when we took the G7 presidency in the year 2016.  At that time, in G7, there was no Ministerial data for ICT or digital policy.  It is the first G7 ICT for Minister meeting, which was held in Japan in April. 

So it is already almost seven years ago.  And among various topics in the agenda, we proposed to discuss free flow of information across borders.  Our intention was cross‑border flow of information is very important to support economic growth and innovation by data utilization and digital technologies.  But at the same time, it is very fundamental basis for democratic society to ensure the freedom of expression, freedom of speech online.  So we proposed the discussion in the Minister's meeting together with other agenda items.  And we agreed it is important to promote cross‑border flow of information. 

But at the same time, there is a necessity for Government to strengthen and appear the protection over privacy and promotion of privacy rights and promotion of strengthening of cybersecurity.  So people can join the digital economy without concern. 

So this discussion was succeeded by the following presidency, such as Italy and Canada.  So we discussed how to formulate the importance of cross‑border information flow, at the same time, how we can accommodate the necessity for Government to increase trust among people and take measures to protect privacy, intellectual property and even consumers. 

After three years of discussion, probably from 2016 to 2018, we found every time we discuss this matter, there are some countries who emphasize freedom online, it is very important, and protection over privacy.  Protection over consumer.  And improvement of cybersecurity.  It is secondary importance.  But on the other side, other countries emphasize protection of privacy and increasing trust among users or consumers is the most important. 

It can be prioritized before freedom online.  So in the year 2019, we wanted to fill this gap between different Governments.  In that year, we took the G20 presidency and held it for the Osaka Summit.  The original purpose of this concept is data free flow with trust.  We need free flow of data across borders to promote innovation and maximize benefit from technologies and data utilization.

But at the same time, people don't want to use data or technology if there is no trust in data and technology.  So in the end, these two factors, freedom and trust are not tradeoff or contradictory.  These two elements have to be complementary to each other.

So without trust, there is no freedom.

Without freedom, we lose maximum benefit from innovation.  So we need to promote these two elements at the same time in parallel and in that way, we can only achieve the better environment enabling environment for digital economy

So this concept drew a lot of attention from member countries of G20.  And in the beginning Government interpret in different ways.  I assume we still have difference in understanding of this concept.  But we believe data and digital policy framework needs to be different from country to country.  Because we all have different backgrounds, we all have different social conditions, economic conditions, and cultural conditions.  And even the historical conditions are very different. 

So we cannot converge the policy framework on data and digital technology to one single harmonized framework.

So while we maintain or develop a different policy framework and the regulations on data and digital technology country to country, we need to increase, improve interoperability between countries.

If we have different policy frameworks, we need to know how to bridge the gap between the different policy frameworks and the regulations.  And the data flow and the data technology utilization should be seamlessly passed across borders. 

This is our purpose of this discussion.  And after 2019, the United Kingdom and Germany succeeded the discussion at G7.  And we agreed a Roadmap for DFFT last year.  Next slide.

So I wanted to look back at what does data free flow with trust mean.  This is said by continuing to address challenges related to privacy, data protection, intellectual property and security, we can further facilitate data free flow and strengthen consumer and business trust.

So we need to achieve two objectives at the same time by taking appropriate measures.  And for ‑‑ by doing so, we can promote data flow across borders and we can maximize the benefit from innovation.

At the same time, some countries wanted to add, we will cooperate to encourage the interoperability over different frameworks.

This is what I explained.  We affirm the role of data for development.  This short place always causes some argument.  And in my understanding, this is very much the role of data must be contributed to economic and social development in each country.  Otherwise there is no need for the Government to discuss data policy and digital regulation.

But in some cases, some countries interpret this sentence to (?) to some treatment between developed countries and developing countries as meeting data flows across borders. 

This is a trade negotiation way of understanding.  There can be such an interpretation made in such discussion.

Basically I understand that this is a general statement that data should be contributed to development social and economic development of each country.  This is data free flow with trust. s in 2021 United Kingdom took the G7 presidency and we agree on the Roadmap for DFFT. 

At that time, in our discussion we picked up four elements and I believe this is not exhaustive list.  But this is very good way to approach how we can operationalize the high‑level abstract concept of DFFT into action or practice.

So we picked up data localization regulatory cooperation, Government access and data sharing approaches.  These are the four elements G7 agreed to emphasize in promoting the concept of DFFT.  Data localization means we want to decrease the data localization requirement by many Governments.  And there should be some ways to decrease such unnecessary requirement.  Of course, there can be some legitimate cases, but we wanted to discuss, and we wanted to explore what would be the alternative ways to protect some public legitimate policy objectives without requires localization to Private Sector.  This is the first item.  We have not reached any concrete conclusion in our discussion.  It is an important element.  There should be other elements like this that we need to approach and increase data flows cross‑border without lessons policy objectives.

Second item is regulatory cooperation.  This is being done by a group of privacy protection authorities from seven countries.  So this is running in parallel with our discussion.  And privacy protection authorities are gathering maybe twice or three times per year.  And exchange the information on their regulations, domestic regulations and discuss how to facilitate a cross‑border flow of personal data or privacy‑related data.  So this is very important.  But we haven't heard any practical outcome on the policy measures from the discussion.  But it is very important to continue the discussions among those authorities.  Third element is Government taxes.  This is something we have discussed under the Committee of digital economy policy.  OECD.  We started it several years ago and the Expert Group is still going on.  But I expect in the OECD digital Ministerial meeting, week after next, which will be held in grand can area, we will see some outcome of the discussion.

This Working Group is very unique because in OECD, Digital Economy Policy Committee is a group of Government officials who are involved in digital policy.  Their background are basically economics, legal, or technology.  But in this Working Group there are experts from justice Ministers and law enforcement officials.  And privacy protection authorities are gathering to discuss how we can find the common elements among OECD countries.  In the aspect of protecting Private Sector's personal data from government access.  This is a unique discussion.  Government officials from justice and law enforcement are discussing how they are protecting Private Sector's data.  Even when they need to access such data to respond to emergency or some criminal investigation.  Or some other exception or cases.  There are some rules in the procedure.  And the criteria. 

So the Working Group discussed the common elements among 38 member countries.  And extracted the common standards for OECD countries with Government access to personal data held by Private Sector.  So when this comes up, this is not creating a new standard or new policy enforced.  This is just extract of country implementation of current practices by the Government but during the discussion, we found that there are some gaps in addition to commonalities.

So we may keep discussing.  I'm not quite sure.  It depends on those experts.  There could be discussions continued to improve the criteria and the behavior principles for Government.  Especially the Ministerial of justice or law enforcement should protect when they need to access personal data held by Private Sector.  I will share all outcomes announced in the OECD Ministerial meeting week after next.

The final element is data sharing approaches.  I think you may have noticed the three elements are more or less regulatory and Government practices, or regulations. 

But in order to promote data utilization or data flows, it is very important to promote the restrictions or inconvenience which Private Sector are feeling in the transaction.  So we wanted to share, exchange current practices, especially in the priority sector, such as healthcare or medical care or education or automobile transport, those important sectors.  The countries implementing the different practices by Private Sector.  And this is not regulatory matter, but it is the business practices which should be improved by changing good practices and brought from each other.  Fourth element is more Private Sector affairs.  I believe this is very important in this Roadmap.

But this is something, you know, we can discuss among Government officials, but this is even more efficient if we have discussions with multistakeholders for this element.

At the same time we're now promoting a national data strategy.  It was elevated last year based on the abstract high‑level concept of DFFT.  So we are trying to promote a data flow and data utilization.  Data sharing through the Government data strategy.  And the basic concept is the same with DFFT.  So we need trust, but we need to keep free, open and enabling environment for data as much as possible. 

And we picked up four, or six items to promote international cooperation.  One is trade agreement, privacy protection, security, trust services, which is kind of voluntary services to provide how to ensure the trust and credibility of data.  And the fifth item is data utilization in general.  And the last item is digital infrastructure to support data flow.

This is what we have discussed inside the Government.  And personally, I'm not completely supportive of all of those six elements, but, you know, if you look at data policy and digital technology policy from different angles, there can be such a discussion argument possible. 

Okay.  So I skip this.  This is talking about AI principles, which we also pursued over the last several years.  And AI means also the fundamental element in future digital society.  So basic concept is pretty much same.  We want to promote utilization development, deployment of AI which is based on human centered principles and democratic bodies.  So that people do not need to worry too much about the deployment of AI solutions. 

So thank you very much for your attention.  As I said, there is one panelist online.  Dr. Yokozawa is with us and I would like to invite him to make any comments or questions.  So please. 

>> Sorry.  Am I audible? 

Okay.  Can you hear me? 

>> MODERATOR: Yes, now, I can hear you. 

>> Okay.  Thank you.  Actually thank you very much for inviting me here.  I had some trouble to go into this room.  But very happy to be with you distinguished panelists and distinguished audience.  My name is Mac Yokozawa, I am working in OECD and APEC as representative from the International Chamber of Commerce, which is where ICC has a branch and a member of the Chamber of Commerce I think I am saying in Ethiopia.

So basically I'm talking on behalf of Private Sector.  Yes, I should be brief for the first time.  And maybe I will follow if I have time in the following ‑‑ in this time frame.

So I want to say just two things, very simple.  One is why the DFFT matters to Private Sector.  Why the companies and the industries, business are talking very seriously about DFFT or free flow of data.  That is one point. 

The second point is as you nicely mentioned to the Government access, which is ongoing the issue.  And we have spent a lot of time, many, many ‑‑ very long time in OECD and in other fora to work as a solution to have good rules.  I wouldn't say that is principles, as in the submission, but we might have some good governance rule or guidance to think about the Government access to data.  I would fill that in later.

The first one, this might be quite interesting, why business is talking about the DFFT and data flow.  So the quick answer to that is the ‑‑ everyone needs to have a harmonized market, and unified market.  We don't want the market or economy itself to be fragmented.  So everyone is just looking at Ukraine and Russia.  They used to be a single nation.  Now they are spreaded out.  So what caused that fragmentation that miserable things.  The research shows the fragmentation of the regulation will lower the GDP or economic growth by up to the several percentages.  And that should be a very big number, if you think about it, now the GDP is naturally ranked. 

From the biggest point of view single market will benefit all of business.  So we can assume unified market, we can sell our product to any part of the world.  So this is why we need the free flow of data.  And we can utilize the computer system networks and data wherever you are.  So we need the free flow of data to have ‑‑ really have this situation and raise our business and keep our business safely and stably. 

So this is the basic reason why we are looking at the free flow data.  The single market, that is number one.

The second one I will tell about is the trust.  This is a common question, if I talk about it with free flow of data and trust.  Trust is a very, very interesting concept.  And that we place the consideration of the personal data protection and also the security and entity protection.

So from the business point of view, it is easy to understand.  So if we have trust with our customer or with our business partners, wherever the business partners exist in any part of the world.  So in Japan's case, if we are outsourcing some of our business to the Asian or African countries, we need a free flow of data and trust.  And if we have a trust to the companies in Africa or in Ethiopia, we can reduce the cost.  If we don't have trust to a company in some country, we will have to spend a lot of money and effort and human resource to make sure this company is safe, this company is trustable.  This company won't harm our business. 

So we need a cost to ensure those things.  Also at the same time, we can reduce the risk in our business.  The result, sometimes that should be to the consumer business and also the B2B business in outsourcing the business ordinarily. 

So this is a very easy explanation why from industry we need DFFT.  Not only the data free flow but trust.  So I will tell furthermore about this if we have time ‑‑ if I have time later.

So let's move on to the second part.  The Government access.  The Government access is relatively very new issue.  We were not talking about this five years ago.  But now it is very important thing.  If you look up the basic question, which is who will control the resources in the digital economy and society?  This is a basic question if we think about Government access.  I think the Government access is not only to the dollar.  So not only in OECD, it is working very hard in making some outcome about the Government access to data held by the Private Sector. 

So that is data.  That's data.  So I think I can expand this idea not only to data but network itself.  And also the algorithm or program.  So if you think about the network, that is the Internet shut down.  So that can be said as the Government wants to access control of the Internet or network.  And sometimes they want to shut down the network in their country.  Not to spread any unpleasant data in their country or to the world.

So the Government access to network, I can replace this word to the Internet shut down.  And also a little bit mention about the AI principles.  So AI is a very new item we have to talk about, but that is basically an algorithm or program to help our society and our economy in a very good way in the future.  So if a Government want to access to the algorithm, we might have to use malicious algorithm, malicious software, malicious AI, artificial intelligence, that can be caused as an ethical program or some human rights program as well. 

So this is a basic structure.  So we have dual issues, the cross‑border data flow or DFFT, and also how we can tackle with the Government access control or improper control to digital economy and digital society.

So this is basic model of the thoughts we are usually talking about.  So I will stop here.  I hope if I have time to further explain this idea.  So thank you.  Back to you.

>> MODERATOR: Thank you, Doctor for the comments and systems.  I fully agree that a harmonized market probably with transparency would be very important.  At the same time, as I said, we are not proposing to other countries to change your regulation.  Adjust your policy framework to the same standard, but we want to increase interoperability between different policy frameworks and regulatory frameworks so data should not be stuck, digital technology solution can be utilized across borders.

So I hope in this way we can promote the discussion internationally.  As I said, probably in the beginning, or maybe I may have forgot, but next year, Japan is taking G7 presidency and also Japan is hosting IGF next year.  So we want to discuss this matter with Government and also, of course, with other stakeholders and besides G7 discussions.  And then we want to come back to IGF in autumn, in October, to discuss this in multistakeholder approach. 

So I would like to use the remaining time with you to invite you to suggest any discussion, any direction or any aspect which we should approach in our discussion next year and what we should do in IGF next year.  So the floor is open.  I invite everybody.  Okay, please. 

>> ATTENDEE: Thank you very much, gentlemen.  My name is Martin Holland, I'm the Deputy Executive Director of the Internet policy network.  We had the pleasure in the past to work together.  I'm reacting as part of my role of co‑leading something called the Datasphere initiative.  It is a body that was spun off early last year, where we talk about the holistic approach to data governance.  I want to applaud the Japanese Government to the points I made, since we're talking about hundreds of multistakeholders, it is a multifactor structure.  There is Government and others.  We want to propose also our willingness to cooperate with you over the course of next year in the run‑up to the IGF.  One of the projects we'll announce today during our town hall is an African Forum for sandboxes for data, which is an experimental mechanism that goes very much in that direction.  We will also have this contribute to a conference that we're aiming to organize next year that will most likely be related to a way to responsibly share data globally.  Global Forum.  And love to time it also with the key milestones that the presidency of Japan foresees so we can provide input.

One item I wanted to bring up as a question is related to the layer of the items we discussed today.  One of the topics that resonates strongly, I'm wondering about also to what extent in the OECD discussions and run‑up to the presidency, this is a topic for Japan is related to Charters.  And model templates for how those data spaces actually interact with each other.  That is a prerequisite for interoperability. 

Another thing we're investigating are licensing agreements for data sharing and the question of what extent a data governance protocol can be technologically enabled.  Which would be a fascinating multistakeholder discussion to be had concerning inclusiveness and engagement.  I was wondering about that aspect.  And look forward to tell you more about what we're doing and expand it in more detail.  Thank you. 

>> MODERATOR: Thank you very much for your very encouraging comment.  Actually, we have been learning a lot from Internet jurisdiction probably from the ER2016.  I met also Mr. La Chapelle in the G20 meeting.  We look forward to working together and look forward to your further comment. 

Okay, please. 

>> ATTENDEE: Thank you.  Thank you for sharing.  I'm a candidate of research on governance, especially cross‑border data flows.  I have a question regarding the challenges for the international cooperation on data governance since currently showing a divergence on the Government approaches of major economies and increase the cost for the Private Sector.  And from Academia maybe there is opinions about the reasons behind the divergence privacy fragmentation may include the political interests, the industry interests.  So I wonder what is your opinions from the official side?  Thank you. 

>> MODERATOR: Thank you very much.  I hope I understood your question correctly.  We have seen a lot of gaps, especially regarding privacy protection between U.S. and European countries.  We wanted to fill the gap, bridge the gap.  And we have mutual recognition with EU as a country.  But at the same time, we have very similar concept or ideas with the U.S. policy framework.  Which currently do not have any regulatory framework on privacy protection. 

I think as I mentioned in part of the discussion, there can be different approaches to reach Government legitimate policy objective.  It may depend on the social or cultural or economic conditions of the country.  So we don't ‑‑ we cannot tell other countries you need to do this.  Of course, you had better do this.  But it should depend on their own conditions.  So at least our objective is to bridge the different frameworks and that would also contribute to business or even the Academia when, you know, you look at the data for research and studies.  It needs to flow across borders freely. 

So I hope when it comes to the regulatory affairs, Government needs to take the lead.  But this is not the matter limited to regulation.  Because each if there is no regulation, people may not want to use data if people are afraid of risks.  So we need to increase trust among people.

So I think our approach is a whole society approach to increase trust across the society, across different stakeholders.  And we don't believe regulation is the only way to do that.  I hope this answers your question.  Yes. 

>> ATTENDEE: Thank you, first of all, I'm glad this panel is being held here.  It will be very interesting to see how this discussion evolves when IGF goes to Japan.  I represent the Brazilian data protection authority.  So the topic of cross‑border data flows is definitely one of our priorities and we currently are dealing with standard contract clause modelling.  Looking at A‑Pac model.  We know the Japan has the strategy agreement with the EU was quite unique but it was the scope GDPR.  This is a topic we would like to learn more.

What I would like to bring is we have this feeling that many times Global South is still of scope and in the relevant discussions, I would say for Latin America and the African community.  So I think it is very important that IGF has been held in Ethiopia this year.  Because we ‑‑ I have followed some panels and heard a lot of voice.  A lot of discussion that we have common goals, let's say, but we have specificities and it has to be brought to the table.

As a member of the data protection authority, I would like to say we're eager to share experience.  We're part of the Latin America protection network with the data protection network.  So we follow the experience that maybe that could be something interesting to follow other discussions.  Of course border data flow and pretty much sure other African representatives might have something as well.

I believe for IGF Japan should be successful, I believe this is something that should be taken into consideration.  Well, I will finish here.  Thanks for the opportunity. 

>> MODERATOR: Thank you very much for the comment.  As I have explained, we have been promoting this data flows discussion mainly in G7.  But the main reason is that is the most convenient and most ‑‑ what they say, earliest opportunity for us.  We are always afraid that some people may say, you know, only a small number of countries are discussing their own policy development without participation of other countries.  And splitting the world into two groups.

In the next G7, we are very keen on including the element approach to Global South and we want to share our discussions, our achievement, and even challenges with those countries so that the data can flow easily around the world.  Not only in developed countries.  That is very important.  And IGF is the most suitable venue for that discussion.  I fully agree.  Thank you very much. 

>> ATTENDEE: Hi, thank you.  My name is Florren Markus, I'm an e‑Government consultant in Estonia.  First, thank you for the panel.  It is really important.  As an example in Estonia and Finland, all e‑files are exchangeable across borders.  We can see one small use case of how cross‑border can save lives as well.

To come to my question ‑‑ I do not want to single out Japan here at all.  There is still a lot of work to be done in many countries.  There was an interview, I believe with the digitalization Minister will in September where he mentioned 1,900 services e‑Government for businesses are still reliant on floppy disks and mini CDs.  I believe Japan is not the only country where that is still the case.

The question is cross‑data governance is important, but are we ready for that step?  Do we have the digitalization to go across borders.  And what are the mechanisms to accelerate that digitalization? 

>> MODERATOR: Thank you very much for the very difficult question.  Actually, I have the meeting of e‑Government Japanese Government is very much falling behind.  We are always, you know, looking at Estonia as a good example (audio skipping).  Good practices.  I'm quite sure we can learn more from Estonia.  We have so much process to improve our e‑Government.

Regarding the question, yeah.  I understand, you know, we may need to establish our internal framework to govern data before we promote data flow across borders.

If we proceed in that order, that would be more logical and more secure.  But, you know, we don't have the time before us, and because Japan is a society rapidly getting older and also shrinking.  We need to make use of data technology as much as possible.  It is very urgent for us.  We cannot wait until our very slow development of e‑Government before we allow or promote the data flow.  Private Sector is always quicker than us. 

Okay.  I see ... an online participant is asking question.  If you would like, please take the floor. 

>> ATTENDEE: May I jump in? 

>> MODERATOR: Yes, please. 

>> ATTENDEE: Thank you very much for giving me the floor.  Hello, everyone.  Distinguished panelists.  I'm from (distorted audio).  I would like to talk about the need and necessity of legal framework for cross‑border data governance.  Isn't it time to form a legal framework for cross‑border data governance within the United Nations to prevent strategic misuses of national big data, of countries for illegitimate proposals by dominant Government and international platform.

As we all know, the data and big data is a strategic national answer for every country.  (?) this legally binding framework could help digital (?) and transparency at the international level and help with the framework for the dominant actor in the digital framework and digital economy

It could also guarantee the development rights of the developing countries, the rights to development in cyberspace could be ensured by this framework.  And also fundamental right of user prevents the formation and this framework also guarantee the fundamental right of user and prevents formation of new data colonialism. 

My question is that what would be the contribution of United Nations and Global Digital Compact to address this critical issue and to establish drafting process of U.N. convention on data?  Thank you very much for giving me the opportunity to raise my issue.

>> MODERATOR: Thank you very much for the very difficult question.  I think data colonization is something we can't action.  This shouldn't be the way data is moving across borders.  You are not exploited by big companies or developed countries.  But we share the benefit on equal basis.

And digital compact should contribute to the development of Global South.  Not only to them, but I think one of the very important objectives is to share the benefits of digital technologies and data across countries around the world.  And across stakeholder ‑‑ different stakeholders around the world.  So I think digital compact should promote such philosophy.  But personally, I am not quite sure whether it is time for us to discuss data convention yet.  As the e‑Government liter from Estonia pointed out, we are still trying to understand how to governor data internally or domestically.  It is difficult for policymakers or ... convention negotiators of the Government to discuss data as a binding agreement across Nations.  But this is my personal impression.  And there can be more urgent needs around the world. 

In any case, we need to keep learning about the data.  That is my answer.  Okay.  So thank you very much.  I think time is up.  And thank you all for the very active discussion.  And if you have more questions or comments, please contact me.  Feel free to contact me. 

As I said, we will have important meetings from next year to even beyond.  And we want to discuss not among the Government, but more with multistakeholders.  So we would also welcome your input, comment and each questions.  We look forward to working with you.  So thank you very much.