State players should determine cross-border data laws

The development of rules governing the transfer of information between countries must be done at an international level, and not among market players, to ensure consistency and transparency.
Written by Jamie Yap, Contributor on

Regulations regarding the flow of data between countries should be determined by state regulators at an international level, thereby ensuring consensus and legally-binding commitments to enact consistent rules across different markets.

Industry watchers also add that political red-tape and the longer time needed for government officials to hash out these laws should be expected.

Deborah Elms, senior fellow and head of Temasek Foundation Center for Trade & Negotiations (TFCTN) at Nanyang Technological University's S. Rajaratnam School of International Studies, said the right place to negotiate the finer details of regulations relating to cross-border data flow would be at World Trade Organization (WTO).

This way, all 157 member states have to accept the same set of rules and see to it that their commitments are met or face sanctions from the WTO, Elms added.

Mayank Kapoor, industry analyst for Asia-Pacific ICT practice at Frost & Sullivan, agreed, saying rules regarding data flow across borders cannot be left to industry players as they will find it a challenge reaching a consensus due to the limited standardization between them.

As such, it is important for governments and regulatory bodies to establish relationships and agreements to assist in easing the flow of information in the cloud computing era, he stressed. They are also better positioned to decide which types of information need to comply with the rules and which remain subject to the sovereignty of the country it resides in, he added.

Given that there are currently no WTO agreements specifically focused on cloud computing, the restrictions and regulations over cross-border information flow are determined by a country's government or its regulators, Kapoor noted. The People's Bank of China, for one, forbids banks from storing or processing customers' financial information which were obtained in China outside of the country, he explained.

Elms noted the WTO will not be able to create any rules regarding cross-border information any time soon as these are part of an even larger package of regulations, and will take time to develop.

Work in progress
In the meantime, smaller, piecemeal efforts such as the Trans-Pacific Partnership (TPP) aim to at least get some consistency and transparency around the rules governing cross-border data flow among member states, she noted.

A Reuters report in September said the United States was calling for stronger, binding rules that will protect free flow of data across borders with the Asia-Pacific region, and these rules are part of the TPP free-trade negotiations. Countries in the region involved in the talks include Australia, New Zealand, Singapore, Malaysia, Vietnam and Brunei, but the final outcome is not expected until at least mid-2013, it noted.

U.S. companies are concerned business may suffer if cross-border data rules are unclear or arbitrarily enforced, as well as increasing demands from Asian governments to build local data centers here as a prerequisite to offer their services to domestic markets, the report added.

When approached, a spokesperson from the Singapore Ministry of Information, Communications and the Arts (MICA) said both it and the Infocomm Development Authority (IDA) could not comment as the TPP details were still being discussed.

Elms said TPP rules have yet to be written up as negotiators are still working through the potential implications of the different rules.

"This is a completely new set of issues that have never, to my knowledge, been specifically covered in a trade agreement," she explained.

Industry-wide clarity needed
The benefits for such a trade agreement are plain, though. "If nothing else, it would settle the argument about what governments are and aren't legally entitled to do in blocking or restricting cross-border supply of data and services for members," Elms pointed out.

The standardized rules will also boost companies that either operate in or are have offices in Asia, Kapoor said. Multinational corporations (MNCs) and small and midsize businesses (SMBs) in the region will be able to leverage IT and cloud computing to improve or expand their businesses in new markets.

There could also be greater access to low-cost IT resources on demand, which would facilitate more business agility, he added.

But providing highly-available and cost-effective Internet access across all Asian markets will be a challenge that needs to be overcome once cross-border data flow rules are drawn up, the analyst said.

"The fact is most regions in Asia have limited access to high-speed Internet at low costs. This will impact the ability to leverage cloud providers without local presence, since it will lead to latency and impact end-user experience," Kapoor stated.

Editorial standards