English
Français
Deutsch
Italiano
Polski
Português
Русский
Español
ไทย
Türkçe
简体中文
हिन्दी
日本語
Receive free Data sharing updates
We’ll send you a myFT Daily Digest email rounding up the latest Data sharing news every morning.
The lost tribe of disillusioned Twitter users, fleeing the barely-moderated brawl they say the app’s new owner Elon Musk has fostered in their favoured public square, are roaming the fractured social media landscape in search of refuge. An obvious haven is Threads, a newly launched sister app to Instagram, owned by Mark Zuckerberg’s Meta. But the EU’s Twitter refugees are so far denied sanctuary. Threads remains unlaunched in the bloc, apparently until regulators implementing the EU’s Digital Markets Act have sorted out whether the app’s sharing of data with Instagram could create a dangerous concentration of market power.
It’s a good example for those warning that the digital world is splintering into three empires centred on the US, the EU and China. The argument is ably made in a forthcoming book by Anu Bradford, the Columbia University academic who popularised the idea of the “Brussels Effect” — the EU exporting its regulations through market power — and thinks the same is happening with digital governance.
The division is already obvious in the regulation of personal data. The US allows corporations a freer rein to use and transfer information, while the EU regulates to protect individuals’ privacy. China — copied by other autocratic regimes — is increasingly walling off its realm such that no data escapes state attention or leaves without permission. And economically interventionist (not to say protectionist) nations like India increasingly force companies to keep data at home to mine it for value.
In practice, as Bradford makes clear — her arguments are far more nuanced than the hubristic official EU talking points which frequently reference them — the divisions aren’t absolute, at least not between the US and EU. (China is a very different matter.) Differences in regulatory philosophy and persistent legal uncertainty haven’t prevented bilateral data flows between the EU and US economies becoming the biggest such exchange in the world.
A patchwork of partial official deals and corporate ingenuity has just about held together an international data transfer system between the democratic advanced market economies. But it’s an uncomfortably jury-rigged arrangement subject to judicial challenge, regulatory whim and governments bent on data protectionism.
To protect transatlantic information exchange, Washington and Brussels are currently having their third go inside a decade at creating a lasting data transfer bridge. The previous versions (Safe Harbor and Privacy Shield) were struck down by the European Court of Justice in cases brought by Max Schrems, the Austrian privacy activist. Naturally Schrems is now promising to tilt at the new version.
Without formal data-sharing agreements, data controllers in the EU and elsewhere use other tools such as so-called “standard contractual clauses” — officially-sanctioned private legal agreements about the use of personal information. They do provide some certainty but require extra documentation and cost.
Brussels also has a unilateral tool to extend its regulatory reach: its data “adequacy” findings are a stamp of approval for a partner country’s data regulation which allows personal information freely to be exchanged with the EU. Recent estimates published by the Centre for Economic Policy Research show that a grant of adequacy is followed by a significant increase in digital trade with the EU. This is a familiar pattern from earlier generations of regulation, on things such as cars or chemicals: complying with EU rules is a pain, but there are rich rewards once you do.
However, adequacy falls well short of a reliable international system. Only 15 countries or territories have achieved it, and it’s a unilateral designation the EU can withdraw at short notice.
There’s no single regime governing the more open and free-flowing US-inspired model, though Asia-Pacific organisations such as the Cross-Border Privacy Rules (CBPR) forum and the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) trade deal encourage members to commit to the free cross-border transfer of data.
The post-Brexit UK will be an interesting test case as it attempts to straddle multiple systems. Having obtained an adequacy finding from the EU, Britain is now joining both CPTPP and CBPR. But the EU remains by far the UK’s biggest partner for cross-border data flow. Like British businesses in many other sectors clamouring to stay close to EU regulations, the baseline for UK tech companies is to maintain Brussels’s adequacy finding.
Bradford contends that a permissive system like the US’s creates too many issues with personal privacy and overmighty tech giants to be sustainable, and that governments are gravitating towards the EU regulatory model. If so, it wouldn’t be the worst outcome. The EU’s approach might be rigid and bureaucratic, as frustrated would-be Threads users can attest, and perhaps somewhat protectionist, but unlike China’s it’s not actually crippling international data flow.
In that case, convergence would work better undertaken as a conscious co-ordinated effort by market democracies rather than an inefficient mishmash drifting unevenly towards the Brussels approach. If data protection and the digital economy is a global order of empires, it’s only just about holding together. An endless series of short-term fixes and workarounds is not a substitute for a system that’s stable, balances rights with freedoms and is grounded in international law.
Read the full article here
