Natalie Dunleavy Campbell and Stan Adams
Last October, the United States Trade Representative (USTR) abandoned its longstanding demand for World Trade Organisation provisions to protect cross-border data flows, prevent forced data localisation, safeguard source codes, and prohibit countries from discriminating against digital products based on nationality. It was a shocking shift: One that jeopardises the very survival of the open Internet, with all the knowledge-sharing, global collaboration, and cross-border commerce that it enables.
The USTR says that the change was necessary because of a mistaken belief that trade provisions could hinder the ability of US Congress to respond to calls for regulation of Big Tech firms and artificial intelligence. But trade agreements already include exceptions for legitimate public-policy concerns, and Congress itself has produced research showing that trade deals cannot impede its policy aspirations. Simply put, the US – as with other countries involved in WTO deals – can regulate its digital sector without abandoning its critical role as a champion of the open Internet.
The potential consequences of America’s policy shift are as far-reaching as they are dangerous. Fear of damaging trade ties with the US has long deterred other actors from imposing national borders on the Internet. Now, those who have heard the siren song of supposed “digital sovereignty” as a means to ensure their laws are obeyed in the digital realm have less reason to resist it. The more digital walls come up, the less the walled-off portions resemble the internet.
Several countries are already trying to replicate China’s heavy-handed approach to data governance. Rwanda’s data-protection law, for instance, forces companies to store data within its border unless otherwise permitted by its cybersecurity regulator – making personal data vulnerable to authorities known to use data from private messages to prosecute dissidents. At the same time, a growing number of democratic countries are considering regulations that, without strong safeguards for cross-border data flows, could have a similar effect of disrupting access to a truly open internet. Without a strong commitment on crucial internet protections from the US and the 90 WTO members involved in the joint e-commerce initiative, there is a real risk that many more countries – including the more than 100 developing countries without an approach to data governance – could be swayed to choose a regulatory path that veers away from an open internet.
As more barriers to information flows are erected, the risk of harm to people, businesses, and countries rises. Consider data-localisation mandates, which may require all information about citizens or residents to be stored, collected, or processed within their country’s physical borders. Far from protecting individual privacy and security, such mandates compromise it. For starters, the mandates could leave data more vulnerable to direct seizure by authorities that do not respect human rights. Over the last decade, the Wikimedia Foundation – the nonprofit that hosts Wikipedia, the free online encyclopedia created and maintained by volunteer editors around the world – has received dozens of requests for user data each year, many of which have had little or no legal basis.
There have been cases, for example, where a government or wealthy individual has sought to obscure accurate public information or even to take retaliatory action against the volunteer who published it. The Wikimedia Foundation refuses such requests, but data-localisation requirements could make this more difficult, as governments assume greater control over information stored within their borders. Then there are the economic implications. Establishing data-collection and storage facilities in countries around the world would be expensive – so expensive, in fact, that it could threaten the economic viability of non-profit and commercial entities alike. Smaller players would have an even harder time competing with big global tech platforms.
Finally, forcing Internet-based services to establish multiple, redundant data centers in different countries will create new security vulnerabilities, which leave sensitive personal and corporate information in greater danger of intrusions and data breaches. People’s access to information could also be hampered.
Following the US announcement last October, G7 ministers were quick to reaffirm their commitment to open digital trade and digital markets, and their support for the Data Free Flow with Trust initiative, which promotes coordinated approaches to privacy and data governance amid increasing digital protectionism. But the G7, on its own, is ill-equipped to counter the misguided policies and geopolitically-driven efforts that could carve up the Internet beyond recognition. To preserve an open, globally connected, and secure internet, all countries – including the US, with its enduring global clout – must reassert strong support for the policies that underpin it.
But the sustained effort needed to prevent the global erosion of the Internet goes beyond trade negotiations. People everywhere must urge their leaders to protect the internet from aggressive digital-sovereignty measures at the WTO’s joint initiative on e-commerce negotiations, in other international engagements, and at home. For their part, policymakers taking decisions or designing legislation must be diligent to assess potential impacts to online data flows and prevent harm to internet openness.
In some ways, the internet is a victim of its own success: it has become so integral to our lives that we take it for granted. But the survival of the internet as we know it today is far from guaranteed. Only with a concerted global effort can we ensure that it does not become increasingly fragmented, insecure, and under the control of governments and corporations.
