By Masumi Koizumi
Data is increasingly being viewed as a resource as vital as oil was in the 20th century, with the vast accumulation of information leading to new services across a variety of industries. As the analogy suggests, data is fueling innovation: Firms are studying consumer habits to develop new products, feeding patients’ data into artificial intelligence for the creation of new drugs and bringing self-driving vehicles closer to reality.
For Japan, it hopes to create what it calls “Society 5.0,” a supersmart society where the so-called internet of things, AI and big data generate innovation to help expand the economy and resolve social problems.
But concerns are mounting that valuable reservoirs of information will increasingly be confined within national borders, a phenomenon known as data localization.
China, Russia, India and Vietnam are among countries with restrictive data transfer regulations — rules that can be a setback to businesses with global operations or ambitions. Concerns have already been raised over the emergence of a “splinternet” — an internet fragmented as a result of different national regulations.
Japan, as the host of this year’s Group of 20 summit, is spearheading a move to create a set of international rules enabling the free movement of data across borders. This concept, known as “Data Free Flow with Trust,” was first espoused by Prime Minister Shinzo Abe in a speech at the World Economic Forum’s annual meeting in Davos, Switzerland, in January.
“I would like Osaka G20 to be long remembered as the summit that started worldwide data governance,” Abe said at the time.
“Let Osaka G20 set in train a new track for looking at data governance — call it the Osaka Track — under the roof of the (World Trade Organization),” he added.
Government officials acknowledge that the call for free data flows is not new, but say the inclusion of “trust” is. The idea is that trust should be improved — be it through the protection of personal information, intellectual property or reinforced cybersecurity — to promote free data flows. Important industrial data, for instance, could move more freely between countries with a guarantee of strong cybersecurity measures and intellectual property safeguards, they say.
Despite their divergent stances on data governance, G20 ministers earlier this month endorsed the vision in a statement released after a ministerial meeting on trade and the digital economy in Tsukuba, Ibaraki Prefecture, ahead of the Osaka summit.
“It is meaningful that the term Data Free Flow with Trust was included in the joint statement,” Hiroshige Seko, the minister of economy, trade and industry, said during a news conference after the statement on the digital economy was released on June 8.
Although the concept has only been shared at the ministerial level so far, there is a question of how international data rules based on DFFT, if created at all, would impact both society and individuals.
Hideyuki Fujii, a security consultant at Nomura Research Institute’s subsidiary SecureTechnologies Ltd., said that DFFT “centers on industrial data such as that of health and vehicles.”
But there appears to be a long way to go before any agreement on the concept’s details is possible.
Seko, himself, admitted that in the ministerial discussions, “there were differences in what element of trust each country values.”
In an apparent effort to accommodate conflicting perspectives, the joint statement looked to address this potential pitfall.
“In order to build trust and facilitate the free flow of data, it is necessary that legal frameworks both domestic and international should be respected,” it said.
Numerous governments have different basic philosophies of data governance.
The European Union has its own data regime, called the General Data Protection Regulation, which is rooted in the belief that privacy is a human right and should be protected in transferring data out of the bloc. The regulation prohibits the export of personal data, but not nonpersonal data, to nations and regions outside the bloc where protection standards are deemed “inadequate.”
Though not as strict as GDPR, Japan also has a personal data protection law.
The law requires companies to take steps to protect the data they collect, such as preventing leaks, and regulates transfers to other countries. The government also plans to discuss revisions that could give individuals the power to insist that companies stop using their data.
The U.S., which is home to tech titans Google Inc., Apple Inc., Facebook Inc. and Amazon.com, has essentially championed free data flows.
In contrast, China has stressed the importance of state control, putting personal data and what it designates as important data within its hands. The information collected by businesses in the country must be stored within its borders and a security assessment by authorities is mandated for cross-border transfers.
Given the various standards, SecureTechnologies’ Fujii said that a realistic approach is to first create a data flow rule between countries or within a regional framework. He claimed that Japan, the U.S. and EU are essentially all on the same side of the issue.
When Abe set out DFFT during the Davos speech, he said discussions on data governance should take place under the 164-member WTO, which includes China.
“Under a broad framework like the WTO, member countries can share the DFFT concept, at best,” Fujii said, adding that the details of the rule would depend on discussions among a smaller number of countries.
Still, Fujii noted, DFFT is “a good keyword to spark discussions” on international data rules.