A world Fragmented by divergences in data regulation

News

In the current times, Data is the new oil, and across the globe, various countries have been using very different approaches to manage this resource. Justice Srikrishna Committee Report of 2018 also mentions this divergence between the US, European and Chinese approaches, which is only increasing with passing time.

What are the different approaches used across the world for data management?

Status of Data-

US has always had a laissez-faire approach to data regulation. It tends to look at personal data as property and believes that anyone who has a legitimate claim over data also has the right to alienate it.

In China, although the tech companies are regulated in the same laissez-faire manner but here data is also perceived as an asset that the state can use to secure the country’s financial and economic stability.

Europe has taken a rights-based approach, conferring on all natural persons a set of statutory rights, which ensure that the consent they provide doesn’t extinguish their rights over personal data. The EU’s General Data Protection Regulation (GDPR) sets out these rights along with the legal mechanisms that can be deployed to enforce them.

Cross Border flows of data–

US supports the unrestricted flow of data across borders; the Trans-Pacific Partnership is an example of this which requires participating parties to commit to promote cross-border data transfers.

China has adopted perhaps the hardest line of all. Two decades ago, it built the ‘Great Firewall of China’, a massive surveillance and censoring system that it uses to control the movement of data packets across its borders.

Europe prioritizes data flows to countries whose legal systems meet their high standard of adequacy—requiring all other countries to go through a set of additional hoops if data is to be transferred to them.

What are the implications of this divergence?

As our world becomes increasingly dependent on data, this divergence will have costs and complications.

As the US companies have global reach, they exert an influence well beyond the sovereign territory of the US.

China with its Great Firewall has aggressively enforced its sovereignty over data within its land borders. It is also increasingly through initiatives like the Digital Silk Road has begun to export this uniquely Chinese approach to any other country looking to replicate its state-centric approach.

Europe has chosen to strictly enforce its fair business conduct regulations on all international tech companies that operate within its sovereign territory—requiring them to comply or pay hefty fines.

What is the best alternative for India?

The Srikrishna Committee analysed the three dominant approaches to data governance with a view to proposing a fourth path for Indian data governance. It proposed a framework that rather than focusing solely on the protection of personal data also allows this data to be used for empowerment.

What is the way forward?

There is an urgent need to find common ground between these different approaches so that we can come up with a common framework for governance that everyone agrees upon. This then can be integrated into our technical and regulatory systems.

India also needs to align its data governance framework with the common principles shared by other governance models around the world.

Source– This post is based on the article “A world Fragmented by divergences in data regulation” published in Live Mint on 26th Feb 2022.