Check-in and access this session from the IGF Schedule.

IGF 2022 WS #254 Trustworthy data flows: building towards common principles

    Time
    Wednesday, 30th November, 2022 (12:05 UTC) - Wednesday, 30th November, 2022 (13:35 UTC)
    Room
    CR3

    Organizer 1: Timea Suto, ICC BASIS
    Organizer 2: Makoto Yokozawa, Center for International Economic Collaboration (CFIEC)
    Organizer 3: Kenta Mochizuki, Center for International Economic Collaboration (CFIEC)
    Organizer 4: Ross Creelman, European Telecommunications Network Operators' Association (ETNO)

    Speaker 1: Yoichi Iida, Government, Asia-Pacific Group
    Speaker 2: Maarit Palovirta, Private Sector, Western European and Others Group (WEOG)
    Speaker 3: Carolina Rossini, Civil Society, Latin American and Caribbean Group (GRULAC)
    Speaker 4: Gregory Nojeim, Civil Society, Western European and Others Group (WEOG)
    Speaker 5: David Pendle, Private Sector, Western European and Others Group (WEOG)
    Speaker 6: Peter Farrell, Private Sector, Western European and Others Group (WEOG)
    Speaker 7: Miriam Wimmer, Government, Latin American and Caribbean Group (GRULAC)

    Moderator

    Makoto Yokozawa, Private Sector, Asia-Pacific Group

    Online Moderator

    Ross Creelman, Private Sector, Western European and Others Group (WEOG)

    Rapporteur

    Kenta Mochizuki, Private Sector, Asia-Pacific Group

    Format

    Round Table - Circle - 90 Min

    Policy Question(s)
    • How does government access impact stakeholders’ trust in data, data-driven technologies and global data flows?
    • What are the consequences of mistrust?
    • What are the necessary policy elements to safeguard this trust?
    • What are common overarching principles for trusted government access to private sector data?

    Connection with previous messages 

    This workshop is closely connected to several of the IGF 2021 Katowice Messages, in particular, the ones related to “emerging regulation: market structure, content, data and consumer rights and protection”, “inclusive Internet governance ecosystems and digital cooperation” and, “trust, security and stability”. The sessions aims to move forward on the development of common principles that guide collective action towards enabling data free flows with trust. During last year’s IGF ICC convened a workshop entitled “Trustworthy data flows – what’s at stake and what is needed?”. The event reflected on the economic and societal value of cross-border data flows and discussed what international and interoperable agreements, standards and principles would be needed to enable secure and responsible transfers of data across borders. This conversation was highly valuable to provide insight, evidence and substantive input to the work of the International Chamber of Commerce on trustworthy data flows, and in particular to the White Paper developed and Trusted Government Access to Personal Data Held by the Private Sector.. Launched in April this year, the paper documents the value of cross-border data flows for business operations and discusses the impact of unconstrained and disproportionate government access to personal data as a barrier to the free flow of data with trust. The paper then offers a set of principles and recommendations for consideration as a starting ground towards the establishment of common global rules on obliged access to personal data held by the private sector. Given the value of the conversations at IGF 2021 that informed this paper, we believe that an IGF 2022 workshop would be the ideal opportunity to discuss this progress, invite multistakeholder feedback on the paper and its recommendations and benefit from the IGF’s convening power to initiate ongoing dialogue on trustworthy data flows and inspire continued collaboration.


     

    SDGs

    1. No Poverty
    3. Good Health and Well-Being
    4. Quality Education
    5. Gender Equality
    6. Clean Water and Sanitation
    8. Decent Work and Economic Growth
    10. Reduced Inequalities
    11. Sustainable Cities and Communities
    16. Peace, Justice and Strong Institutions
    17. Partnerships for the Goals

    Targets: The United Nations Sustainable Development Goals (SDGs) call for several advances by 2030. Although information communication technologies (ICT) are cited as specific targets in only four of the SDGs (4, 5, 9 and 17), we believe ICT and digital technologies play a role in the realization of all of the SDGs by equipping populations with tools to relieve poverty, access education, achieve gender parity, provide basic healthcare and financial services, conserve ecosystems and reduce CO2 emissions, economic growth or increase their resilience in the face of global crises – just to name a few. Global data flows are vital in sustaining these opportunities on the long run and ensure efforts are impactful across geographies and cultures. This workshop aims to underline the identified trust barriers that inhibit global data flows, with a focus on the private-public relations. The event builds on a set of principles that could guide public policies to overcome these barriers so that progress on all 17 SDGs can be achieved, with the catalyzing power of trusted cross-border data flows. Trust in data flows is vital to maintain the proper functioning of our economies and societies and protect lives and livelihoods across the globe, which also links the event with core SDGs as 1, 8 and 10. Trust in processing and transfer of personal data are also essential for SDG 3, 6 and 11 given increased digitization of the healthcare sector, energy systems and cities respectively. Finally, it is fundamental to the achievement of peace, justice and strong institutions as aimed by SGD 16.


    Description

    Cross-border data flows underpin every aspect of today’s business—cloud services, customer relationship management, human resource management, remote work, workplace collaboration, and supply chain management. They also underlie distance learning, telemedicine, the fight against cybercrime and child abuse online, fraud monitoring and prevention, investigation of counterfeit products, and a broad range of other activities. The processing and transfer of personal data are integral to many of these exchanges, making trust a vital element for resilient and sustainable economic growth and recovery. However, trust in international data flows is being eroded over concerns that government demands to access data may conflict with universal human rights and freedoms, including privacy rights, or cause concerns and conflicts with domestic laws when such access transcends borders. These increased concerns and reduced trust have led to uncertainty that may discourage individuals’, businesses,’ and even governments’ participation in a global economy, and can negatively impact inclusive and resilient economic growth. They can also serve as the rationale for an increasing number of compelled data localisation measures globally. Governments have legitimate interests in preventing, investigating and prosecuting serious crime, as well as in addressing national security threats. Addressing the trust deficit requires robust and comprehensive national privacy regulations, with firm commitments to protecting the rights and freedoms of individuals, including the fundamental right to privacy, when personal data is subject to government access. The lack of clarity, transparency, and consistency between national approaches to government access to data has led to a steady growth in the number and restrictiveness of measures to constrain cross-border data flows. Moreover, inconsistencies in the implementation of law enforcement and national security interests in national laws, and the lack of international norms and interoperability of policy and regulatory regimes have created significant administrative burdens on businesses, while eroding the trust of businesses, people, as well as governments in using digital technologies, and impacting their potential in the digital economy. High-level principles and safeguards for government access to personal data held by the private sector are an essential first step in addressing cross-border data flows with trust, providing a much-needed foundation that can lead to more scalable measures and global dialogues. These principles must be based on international human rights law, which may demand protections that some countries do not currently have in place. In addition, cooperation between governments and stakeholders including business and multilateral organisations are needed to advocate for interoperable policy frameworks that would facilitate cross-border data flows, enabling data to be exchanged and used in a trusted manner, thereby aiming for high privacy standards. This workshop aims to discuss a set of such draft principles, based on work currently ongoing at the OECD, research conducted by the Centre for International Economic Cooperation of Japan and report recently released by the International Chamber of Commerce.


    About the speakers

    • Mr Peter Farrell, Global Privacy Director at Unilever;
    • Mr Yoichi Iida, Director of International Research and Policy Coordination at the Ministry of Internal Affairs and Communications of Japan;
    • Mr Gregory Nojeim, Senior Counsel and Director at the Security and Surveillance Project at the Center for Democracy and Technology;
    • Ms Maarit Palovirta, Director of Regulatory Affairs at the European Telecommunications Network Operators Association (ETNO);
    • Ms Carolina Rossini, Co-Founder and Director of Partnerships and Research at the Datasphere Initiative;
    • Ms Miriam Wimmer, Director at the Brazilian Data Protection Authority (ANPD);

    Expected Outcomes

    The workshop aims to raise awareness of, gather feedback on, and build towards agreement on a set of principles and safeguards for trusted government access to personal data held by the private sector.


    Reference documents


    Online Participation

    Join the meeting online via Zoom. Please make sure that you:

    1. Register to the IGF;
    2. Add this session to your schedule to be provided with the link to connect;
    3. Log-in (or create) a standard Zoom account to be able to access the meeting link;

     

    Key Takeaways (* deadline at the end of the session day)

    Cross-border data flows underpin today’s business, government & societal functions. Processing & transfer of personal data are integral to these, making trust a vital element for sustainable growth. Trust is eroding over concerns that government demands to access data may conflict with universal human rights & freedoms or cause conflicts with domestic laws when access transcends borders.

    High-level principles & safeguards on government access are a much-needed foundation towards scalable measures and global dialogues.

    Call to Action (* deadline at the end of the session day)

    Principles for trusted government access must be based on international human rights law, which may demand protections that some countries do not currently have in place. (see more on these principles in the ICC White Paper on Trusted Government Access)

    Such principles must lead to effective multilateral and multistakeholder collaboration to foster interoperable approaches and legal certainty to enable data to be exchanged and used in a trusted manner, thereby aiming for high privacy standards.

    Session Report (* deadline 9 January) - click on the ? symbol for instructions

     

    Introduction

    Global data flows are at the heart of the world’s economy and well-being. This became evident with the COVID-19 pandemic lockdowns in 2020, when companies of all sizes, across all sectors around the world enabled remote work and transitioned their businesses to online-first or online-only. Data transfers are estimated to contribute $2.8 trillion to global GDP—a share that exceeds the global trade in goods and is expected to grow to $11 trillion by 2025.

    Companies rely on these flows to conduct day-to-day business with customers, partners, and suppliers; innovate in their business and operations; detect cyber threats and intrusion patterns; and compete more effectively – in sectors as diverse as agriculture, healthcare, manufacturing, banking and shipping. In 2021, the G7 also emphasized the importance of cross-border transfers, noting that the “ability to move and protect data across borders is essential for economic growth and innovation.”

    However, trust in international data flows is being eroded over concerns that government demands to access data for criminal and national security purposes may conflict with universal human rights and freedoms, including privacy rights, or may conflict with other national laws when such data transcends borders. These concerns have led to uncertainty that may discourage individuals’, businesses’, and even governments’ participation in a global economy, negatively impacting inclusive and sustainable economic growth. 

    Key takeaways

    Participants in the session agreed that governments need to access personal data to protect public safety and national security, but warned that access without safeguards inevitably leads to abuse, violations of individuals’ fundamental rights, and a loss of trust in data flows.

    The session highlighted the need for cooperation between governments and stakeholders, including business and multilateral organizations to develop interoperable policy frameworks that would facilitate cross-border data flows and enable data to be exchanged and used in a trusted manner thereby aiming for high privacy standards.. The OECD effort to define principles and safeguards for government access to personal data held by the private sector was referenced as an example to provide a firm foundation for data-free-flow-with-trust.

    The conversation also highlighted various factors that impact trust when governments request access to private sector data. For example, legal barriers to data transfers can arise from differences in laws governing government access and discrepancies in safeguards when data transcends borders. In addition, companies that receive government requests for data they hold must decide (a) whether the demand is lawful; (b) whether any cross-border demand presents a conflict of law between jurisdictions in which they operate; (c) how much data they are compelled to disclose; and (d) what information about their responses to these demands may be disclosed to customers and the public. These concerns also significantly contribute to public sectors’ reluctance to deploy digital technologies broadly, fearing that this would potentially expose their public sector data to third-party governments that may demand access.

    Call to action

    The session called for the creation of commonly agreed shared principles for trusted government access to ensure that government access to personal data is consistent with the protection of individual rights and the rule of law.

    Such principles must lead to effective multilateral and multistakeholder collaboration to foster interoperable approaches and legal certainty to enable data to be exchanged and used in a trusted manner, thereby aiming for high privacy standards.

    Policymakers should support open cross-border data flows, while also ensuring that users have adequate privacy, security, and IP protections and that those protections are implemented in a manner that is transparent, non-discriminatory, and not a disguised restriction on trade.

    Further reading