Rethinking Data, Geography, and Jurisdiction

Towards a Common Framework for Harmonizing Global Data Flow Controls

The Internet, and the global free flow of data that it has enabled, has undercut long-standing legal, normative, and procedural arrangements governing the control of information. Across the globe, governments and multinational companies alike are discovering that the prevailing geography-centric approach to data and jurisdiction is simply incompatible with the world of globalized digital communications. They are finding that prior methods of controlling information—such as those used to protect privacy, enforce intellectual property rights, and provide law enforcement access to information for criminal cases—are increasingly being challenged by the hard reality that data today recognizes no national borders.

Through an analysis of the most notable legal, policy, and diplomatic challenges emerging out of the globalization of data—and the various responses to those challenges—this paper makes the case that the international community ought to reject geographic-based data control frameworks. Alternatively, it argues, nations should adopt jurisdictional and operational frameworks that are geography-agnostic and premised instead on data flow “control points,” the levers of control over a particular information system. The paper offers a control point framework for digital policymaking, which the authors derive from control point analysis and the contextual integrity model, two analytic methodologies designed to allow for technical policy discussions in computer engineering and digital privacy law, respectively. Finally, it proffers some recommendations for how the international community might harmonize various national approaches to digital law and policy in a way that is consistent with a control point approach. 


Rethinking Data, Geography, and Jurisdiction


Jonah Force Hill is a fellow in New America's Cybersecurity Initiative. Hill is a policy specialist in the U.S. Department of Commerce, NTIA, where he works on a variety of global technology policy issues, including cross-border data flows, digital trade, cybersecurity policy, online privacy, and internet governance and technical standardization.

Matthew Noyes is the Director of Cyber Policy and Strategy at the U.S. Secret Service and a Major in the U.S. Army Reserve assigned to the cyber policy office within the Office of the Secretary of Defense.