Global Data Law

Color powder explosion, metaphor for data explosion, flows, concentration

Multinational corporations, governments (and the EU), intergovernmental organizations (IOs), public-private governance arrangements, and under-coordinated transnational legal regimes are all rushing to shape the practice and conceptualization of global data law.  How is this shaking out, and with what effects?  How are the immense possibilities and immense risks and challenges digitalization poses for economic development being addressed, in particular for developing countries and disadvantaged communities? How are specific digital and legal technologies facilitating and/or impeding transnational data governance? These are the animating questions in this conference exploring what we posit is the emerging field of Global Data Law. This, the second major conference of the Global Data Law project at NYU Law’s Guarini Global Law & Tech initiative, focused on these explicitly transnational dimensions. It followed on from the inaugural conference in November 2018 on Data Law in a Global Digital Economy which addressed legal foundations of global data law (interacting privacy regimes, data contracting, controlled large-data sharing, data property law, scientific research implications of data enclosure, and data business models).  Several of those papers will be published in October 2019 in the NYU Law Review.   

The panels in this conference successively addressed: International Organizations as Data Hubs and Data Governors, Collective Data Governance, Data Law and Transnational Business, Data Localization, Data Law in India and China, The Value of Data (Ownership), Digital Trade, and Digital Development

The opening session on Friday began with international organizations, which have adopted widely divergent approaches, and many do not yet have comprehensive data strategies even if they hold large amounts of sensitive or potentially very useful digital data. Some IOs could evolve into important hubs for data sharing and transnational data governance, potentially providing a partial corrective to the asymmetrical concentration of data in platform companies and in specific geographic regions.

Collective data governance is practiced in a rich variety of innovative forms (often as experiments in public-private governance of data) in diverse communities, cities, and regions. These initiatives face challenges from their nesting in wider bodies of governmental and corporate data law and practice which may curb or undercut them (inadvertently or otherwise).

Unicorns through to large multi-national corporations are scaling their digital operations across borders with relative ease, readily supported by storage and computing capacity offered by cloud computing companies. Data flows from a myriad of collection devices into companies, within companies, and between them; and artificial intelligence/machine learning (AI/ML) is developed from such data and applied to it. Lawmakers around the globe are responding with increasing urgency, seeking to create and/or adapt national data protection and privacy regimes, to regulate data flows, and to mediate access to and uses of public and private data. The business practice of global data law both navigates these paths and in some respects helps construct them, often opportunistically but at times also with longer-term visions and reform projects.

The non-alignment of global data flows and data operations with national jurisdictions creates incentives for ‘extraterritorial’ regulation and limitations to data-transfers. “Data localization” laws and policies can equip states with an instrument of jurisdictional control and practical law enforcement, as well as being used as means to protect rights (eg privacy) and data as a national (even strategic) resource. But measures restricting transnational data transfers (as under the EU’s GDPR and in Korea) are being opposed by transnational businesses and US-influenced international trade agreements (such as the Trans-Pacific Partnership, now in force as CPTPP, and the USMCA) include restrictions on states’ freedom to pursue such policies.

Data is becoming a central input factor of the global digital economy at the same time as China and India become increasingly important in that economy.  China is already a major force in global data governance – manifest also in initiatives such as the World Internet Conference in Wuzhen or the “Digital Silk Road”.  India is moving toward innovative and distinctive laws and policies emphasizing personal data ownership exercised collectively by the government. Investment in domestic digital infrastructure is a priority in most countries, raising major tensions about foreign investment and technological dependence or vulnerability.

The Saturday program addressed cross-cutting fundamentals: the economic value of data and related questions of legal rights and control powers over data; distributional concerns, particularly given the pervasive data generation and control asymmetries between developed and developing countries as well as between major digital economy companies and their smaller counterparts; the emerging ‘digital trade’ regimes and future implications of choices made at this still-early stage of digital economic transformation; the persistence of digital divides and the paths for developing countries and disadvantaged communities of the incipient legal dimensions of digital development.

The organizers thank Rachel Jones for outstanding administrative support. We are grateful to Grace Redman and Lilian Yang for creative design work and to our research assistants Harshita Bhatnagar, Felix Boos, Lauren Bourke, Lucas Cuatrecasas, Nathaniel Eisen, and Gabrielle Pacia for their respective contributions to this project.

All of this work is made possible by the generous support we receive from Frank Guarini in his creation of the Guarini Institute for Global Legal Studies; NYU's Global Institute for Advanced Study; and NYU Law School Dean Trevor Morrison.

Date: Friday and Saturday, 26-27 April 2019
Location: NYU Law, Furman Hall, 245 Sullivan Street, Lester Pollack Colloquium Room (9th Floor)
Organizers: Angelina Fisher, Benedict Kingsbury, Thomas Streinz
Twitter: @GuariniGlobal #globaldatalaw


Friday, April 26, 2019: Global Data Jurisdictions

Introduction and Framing

Benedict Kingsbury, NYU Law
Angelina Fisher, NYU Law
Thomas Streinz, NYU Law

International Organizations: From Data Hubs to Data Governors

From monitoring sustainable development, to building capacity of national statistical organizations, to finding new insights offered by data from different sources, international organizations seek to capture value that digital data offers to their operations and for their constituents. Often, the required data is held by private commercial actors, unwilling or unable to provide access to it due to both business and legal considerations. Operating in multiple jurisdictions, international organizations face conflicting legal regimes governing collection, processing, use and transfer of data outside territorial borders. Although themselves immune from domestic laws, international organizations nonetheless feel the pressures of these regimes both directly (e.g., they may face barriers transferring data from one field office to another) and indirectly (e.g., commercial actors may be wary that sharing their data with international organization will run afoul of data transfer laws). This session examines these issues, but also goes further to ask whether international organizations, by virtue of their privileged status, can play a bigger role in the global data governance regime.

Moderator: Angelina Fisher, NYU Law

Jimena Blumenkron, ICAO
Kareem Elbayar, OCHA
Manuel García-Herranz, UNICEF Innovation
Luis Gerardo Gonzalez Morales, UNSD
Cynthia Licul, United Nations Development Programme
David Satola, World Bank

Collective Data Governance

The increasing integration of digital technology into daily lives blur the roles of public and private actors in governance of communities and territories. Public policy- and decision-makers increasingly rely on data that may be collected through privately owned devices (e.g. sensors), managed and analyzed through privately owned infrastructure (e.g. proprietary algorithms), and stored on servers operated by private cloud computing companies. These developments can produce informational asymmetries among stakeholders and may challenge traditional expectations of public accountability and transparency of decision-making (e.g. a public body may be unable to disclose data that underpinned a particular policy; in some cases, private companies reserve the right to challenge freedom-of-information requests where compliance with such requests would require disclosure of company data or algorithms). This session examines how law and legal technologies could be deployed to “open” data in public-private contexts. Questions addressed by this session include: how do we conceptualize communities for purposes of determining access to data?  Do different categories of data (e.g., data about individuals, collective data, geographic data, etc.) have different implications for the “open data” movement? Should the freedom-of-information framework be adapted to apply to data held by private actors? What role does (and should) intellectual property law play in mediating access to software and data?

Moderator: Amba Kak, Mozilla

Lisa Austin, University of Toronto
Teresa Scassa, University of Ottawa
Nnenna Nwakanma, World Wide Web Foundation

Commentator: Jason Schultz, NYU Law

Data Law and Transnational Business

Multinational corporations providing online services need to navigate a complex landscape of data laws within and across jurisdictions. The European Union’s General Data Protection Regulation (GDPR) has emerged as a powerful instrument to protect European “data subjects” regardless of the location of “data processing”. Several jurisdictions are looking to the GDPR as a potential model for data regulation and companies’ privacy policies have been adjusted to avoid exposure to the GDPR’s stringent sanctions regime. But questions about the GDPR’s viability and sensibility remain. This panel will present cutting-edge empirical research on people’s dispositions towards different privacy policies. Two experienced practitioners will respond with their insights about transnational data law in practice.

Christopher Sprigman, NYU Law
Lisa J. Sotto, Hunton Andrews Kurth
Boris Segalis, Cooley

Data Localization

Countries around the world have adopted different measures asserting various forms of control over data. Often grouped under the broad term “data localization”, these policies range from local processing and/or local storage requirements to laws requiring local copies and continued access to data. Strict data transfer laws (as in Korea and, to a lesser extent, the EU) create data localization incentives that might amount to de facto data localization. Meanwhile, recent trade agreements such as the Trans-Pacific Partnership (TPP) and the new NAFTA between the United States, Mexico, and Canada (USMCA) have come to include provisions constraining states’ ability to limit the free transfer of data and to require the use of domestic computing facilities. This panel will introduce two alternative but complementary ways of understanding data localization and its regulation: 1) as a barrier to ‘digital trade’; 2) as an instrument of jurisdictional control. The drivers, benefits, and problems of data localization will also be at issue in the subsequent panel on India’s and China’s respective data laws.

Moderator: Samm Sacks, New America

Chan-Mo Chung, Inha University School of Law
Thomas Streinz, NYU Law

Commentator: Anupam Chander, Georgetown University Law Center

Data Law in China and India

Alongside the EU and the United States, China and India are emerging as significant actors in global data governance. Chinese digital economy companies dominate the Chinese market – shielded by the Great Firewall – and compete with US companies in third countries. China has inaugurated a new forum to discuss internet governance issues, develops digital infrastructure and related standard-setting through its Belt and Road Initiative, and regulates data domestically through various legal instruments, in particular a quite comprehensive cybersecurity law. Meanwhile, India has developed a new ambitious e-commerce policy emphasizing data localization and ownership over “national data” to develop India’s digital economy beyond the established digital services sectors. A number of experts from and of the region are going to discuss these alternative policies. Do they have model character for other countries? How compatible are they, both with each other, and with the emerging international frameworks?

Moderator: Surabhi Ranganathan, Cambridge University

Amba Kak, Mozilla
Parminder Singh, IT for Change
Samm Sacks, New America
Sun Ping, USALI

Commentator: Mark Wu, Harvard Law School

Saturday, April 27, 2019: Developing Digital Economies: Data Trade, Investment, Security

The Value of Data (Ownership)

Data is a crucial input factor in the data-driven economy due to the characteristics of contemporary AI technology. The quantity and quality of data determines the relative performance of machine-learning algorithms. At the same time, control over data is highly uneven and key economic and legal questions remain unresolved: How to account for data in companies’ balance sheets? How to measure the contribution of data services delivered “for free” (i.e. against data) in the data-driven economy? How to evaluate the significance of cross-border data flows? How does data fit into established categories of property law? And should there be new property rights in data?

Moderator: Lisa Austin, University of Toronto

Dan Ciuriak, CIGI
Wendy Li, US Bureau of Economic Analysis
Shitong Qiao, University of Hong Kong / Duke Law

Digital Trade

International trade law is an important tool of global economic governance – should it also govern data? The WTO was founded just before the Internet’s commercialization took off. The WTO’s work program on electronic commerce has stalled but a group of countries has vowed to push ahead to ‘modernize’ and ‘update’ international trade law for the digital era. Meanwhile, the US successfully pushed for a set of new rules for the digital economy in the Trans-Pacific Partnership (TPP) agreement. For the first time, countries committed to the free transfer of data and limited their ability to demand the use of domestic computing facilities. Curiously, the TPP entered into force without the US but retained the US-backed model. A new version of similar provisions has been negotiated in the new NAFTA between the US, Mexico, and Canada (USMCA). The panel will discuss these developments by addressing inter alia the following questions: to what extent does ‘digital trade’ fit into the established conceptual framework of international trade law? Are more and more “goods” becoming “services” in the Internet of Things? Are old commitments in need of revision or are they being updated automatically under the principle of “technology neutrality”? How does trade law determine the origin of data? And might the security exception swallow attempts to regulate ‘digital trade’?

Moderator: Mona Pinchis-Paulsen, NYU Law

Anupam Chander, Georgetown University Law Center
J. Benton Heath, NYU Law
Robert Howse, NYU Law
Amy Porges, Porges Trade Law
Thomas Streinz, NYU Law
Mark Wu, Harvard Law School

Digital Development Roundtable

Countries have deployed various development strategies within the economic and legal frameworks supplied by the Bretton Woods institutions and the international trade and investment law regimes. What is the best way for developing countries to adapt to the digital transformation? Is “data law” just a tool for the digital superpowers or is there a way to grow a digital economy without giving free access to Silicon Valley’s or China’s mighty tech companies? How important are free data flows and data ownership, respectively and together, for developing countries and, particularly, for disadvantaged communities? This final roundtable will try to address this questions, weaving together several themes of the conference.

Juan Ortiz Freuler, World Wide Web Foundation
Amba Kak, Mozilla
Nenna Nwakanma, World Wide Web Foundation
Alvaro Santos, Georgetown Law
Parminder Singh, ITforChange