Theme 3: Framework Coalitions

Which countries should be included in an international data framework? How many members should be included? What are the consequences of constraining group membership? Should different coalitions be formed for different subsets of data governance? The discussion did not come to a definitive answer on these questions, so much as underscore the critical sets of trade-offs involved in drawing these lines. Understanding these trade-offs will be an important next step in determining the composition of data governance framework coalitions.

Specifically, there are arguments that support keeping the coalition small in order to have legally-binding, enforceable rules that protect the role of data flows in digital trade and innovation, while providing narrow exceptions for privacy, cybersecurity, national security, and other data-related issues. The idea is that countries may be more willing to create binding international agreements with other members who they already generally “trust” and who they know share a broadly similar approach to data governance (thus reducing the likelihood they’ll use exceptions as a disguise for protectionism).¹

But the risk of doing so is that those countries excluded from membership in a framework coalition could align in a competing bloc or competing blocs.

In determining the composition of the coalitions, the first question is how to account for different interpretations of the concept of “free” data flows. Even relatively free and democratic societies, one expert pointed out, draw lines somewhere on free information flows, such as laws that restrict the online transfer of intellectual property. This expert also pointed out the global rise in cyber sovereignty pushes over the last several years—spanning regulatory changes (like state control of internet service providers [ISPs] and data localization laws) as well as technical changes (like IP blacklisting and DNS filtering)—as evidence that there is not at all agreement on free data flows. Countries might consider restrictions on the transfer of intellectual property-related data to be an acceptable limit on free data flows, but may not feel the same about deep packet inspection (DPI) filtering focused on content on a country’s major internet gateways (which is currently implemented in China’s Great Firewall). If agreement on DPI filtering on internet gateways is not a prerequisite for coalition membership, then the size of the coalition could grow and accommodate China and the United States at once, for example.

This leads to the second question: should the parameters of coalition membership reflect a country’s broader preferences around internet and data governance, given that those preferences themselves are often reflective of a country’s overall governance structures and political goals?² If the answer is yes, then either the coalition needs to be small or forming a data-sharing coalition may not be achievable at all.

One participant raised the question of what happens, as some countries have discussed, if the European Union and countries like the United States, Japan, and India form a data governance framework—that is, design an exclusively compatible data governance regime—which excludes China and many others. Will these other countries then be left without market access to data important to emerging technologies like 5G telecommunications, the IoT, and machine learning/artificial intelligence? Will they be inclined to then move towards a Chinese-style data governance model that might be more globally restrictive in terms of data flows, because they have nowhere else to turn? This could accelerate a move already underway by some countries attracted to China’s approach to digital development (i.e., enhanced controls over the internet with a thriving digital economy). The question of how the creation or formation of coalitions may inherently create out-groups was by no means answered during the roundtable.

Participants identified a number of challenges moving forward:

• Designing or forming coalitions: Does the creation of a global data governance framework have to begin with the formation of membership groups? If so, which countries should design which kind of coalition with which other countries? How could they work to ensure compatibility in their data governance regimes within the coalition? Or will these coalitions form naturally, and are there already mechanisms by which these coalitions can then develop data governance regimes to protect certain objectives?
• Creating out-groups: What are the trade-offs that could arise if some countries are excluded from coalitions? Will this incentivize them to design compatible/compliant data governance regimes—for instance, those with certain privacy protections—or is it only going to isolate them? Will this grouping into coalitions encourage the fracturing of global data flows, and, in fact, undermine the very point of forming coalitions to protect data flows in the first place?