The U.S. wants to maintain cross-border data flows. That may be tough.

Author(s): 
Publication Type: 
Other Writing
Publication Date: 
June 2, 2016

"Karen Kornbluh, the former U.S. ambassador to the Organization for Economic Cooperation and Development (OECD), has a new cyber brief making the case for open cross-border data flows at the Council on Foreign Relations website (full disclosure: I authored an earlier brief in this series). Kornbluh argues that foreign jurisdictions pose an increasing threat to open flows of data across networks such as the Internet. They are imposing “data localization” requirements that force e-commerce companies to maintain personal data within national borders, require them to treat this data in certain ways, and make it available to law enforcement officials when they want. Kornbluh hence argues that the United States should:

explore new avenues to prevent these restrictions on the free flow of data. Given that the majority of the world’s largest Internet companies are headquartered in the United States, tensions erupt most frequently when foreign citizens’ data is held by U.S. companies or stored on U.S. soil.

However, (as Kornbluh almost certainly realizes) it is going to be very hard to really open up flows of data across borders for basic political science reasons.

States don’t agree on open data flows

The fundamental problem that Kornbluh wants the United States to address is as follows: The Internet and similar technologies are supposed to promote open flows of information. However, these networks span the borders of very different states with very different priorities. Some formally value freedom of the press, while others do not. Some believe in strong privacy limitations on how businesses can use personal data, while others prefer a free for all. Some are democracies, others autocracies.

These differences lead states to regulate information flows to protect and promote their own interests and values, even when this clashes with the values of others. For example, the European Union has sought to make U.S. companies respect its understanding of privacy laws, including the so-called “right to be forgotten.” States such as China have tried to get domestic and foreign e-commerce firms to provide information and access that would allow them to keep an eye on what their citizens are doing and to block certain kinds of information flows. Both of these, for different reasons, are at odds with American priorities and make life hard for U.S. companies which find themselves obliged to obey rules set by foreign governments."

Read the full piece at The Washington Post