Policy recommendation: Trusted cloud

Cross-border data flows

The opportunity

In our increasingly interconnected world, the ability to transfer digital information across borders is essential to economic growth and opportunity. McKinsey Global Institute estimates that the international flow of data contributed 2.8 trillion U.S. dollars to the global economy in 2014,[1] a figure that could reach 11 trillion U.S. dollars by 2025.[2]

According to Michael Porter and James Heppelmann, writing in the Harvard Business Review, data-fueled technologies have the potential to drive a sharp increase in innovation, productivity gains, and economic growth.[3] Policymakers are beginning to recognize that cloud computing is creating opportunities for companies large and small to drive innovation and transform every aspect of business operations. Access to these technologies and the freedom to use them to send data across borders is especially important for small and midsized companies because it can enable them to compete against larger businesses and reach customers around the globe in ways that have never been possible before.

The challenge

Most governments recognize that innovations powered by cloud computing offer huge potential benefits, and they understand that these innovations often require the movement of data across international borders. At the same time, there are growing concerns and misconceptions about the potential to misuse digital technologies to exploit children, commit fraud and other crimes, and carry out acts of terrorism.

Striking a balance that facilitates the smooth flow of data and provides appropriate capabilities to preserve privacy, protect individual and public safety, and promote national security is a difficult challenge. Compounding the difficulty is the fact that many existing laws and agreements governing the flow of data across international borders were created years—even decades— before the widespread adoption of email, social networks, texting, and other capabilities that we take for granted today.

As a result, companies large and small face legal restrictions that sometimes limit their ability to store, transfer, and process data across borders. These restrictions include legal mandates to store data locally, local supply requirements, and the effects of conflicts between laws in different jurisdictions. The impacts include higher costs, reduced economic opportunities, closed markets, and restricted access for consumers to new products and services.

Policy recommendations

Governments can help businesses and consumers realize the benefits of cloud computing without sacrificing their ability to protect privacy and public safety. While the responsibility to create trust primarily lies with technology companies, governments have a fundamentally important role to play in encouraging greater use of cloud services to help businesses grow and deliver innovative services to consumers. As governments assert national sovereignty over online content and conduct, they must also respect the legitimate interests and sovereignty of other jurisdictions and recognize the critical importance of access to an increasingly global network of cloud services for businesses large and small.

Steps governments can take to protect access to cloud-based services that rely on cross-border data transfers and to preserve their own regulatory authority include:

  • Promote trade rules that protect cross-border data flows. The proposed Trans-Pacific Partnership agreement provides a good model for such rules by requiring parties to allow cross-border transfers of information and restricting forced localization of computing facilities while also permitting exceptions to the extent necessary to protect the privacy of personal data and achieve other legitimate policy goals. The EU-U.S. Trans-Atlantic Trade and Investment Partnership—that is still under discussion—and the proposed multilateral Trade in Services Agreement to complement the WTO General Agreement on Trade in Services, both offer important opportunities to expand the reach of protections for cross-border data flows.
  • Minimize disruptions to data flows in domestic legislation. Virtually all companies today use services that involve the transfer of data, and many of these transfers cross borders. When drafting domestic rules, governments should minimize adverse impacts on products or services that involve cross-border data transfers. In particular, they should avoid rules that prohibit data from being stored or processed in other jurisdictions or that require the use of domestic cloud services providers or datacenters. In some cases, such provisions are incompatible with existing international obligations.
  • Encourage e-commerce. Electronic commerce, which invariably involves cross-border data flows, has the potential to expand opportunity and foster equal access to the benefits of cloud computing because it brings the global marketplace to every consumer with an internet connection, while enabling even the smallest local business to reach consumers and suppliers anywhere in the world. To ensure that e-commerce reaches its full potential, governments should refrain from imposing customs duties or other taxes on cross-border electronic transmissions (consistent with the 1998 WTO moratorium on e-commerce duties) and commit to extending nondiscriminatory treatment to digital products and services.
  • Avoid establishing conflicting rules that raise barriers. In a world where data flows are global, the risk of conflicting national rules is substantial. Because compliance costs from conflicting rules are enormous, and may exceed what many smaller firms can afford, governments should ensure that legislation provides maximum flexibility and creates the least risk of conflict.

Evidence and further reading

Back to top