No transfer, no deal”, was the title of a 2014 report by the Swedish National Board of Trade. This followed a study on 15 data-transfer dependent companies. From the study it was evident that for these companies, trade was inconceivable without data being transferred.

For many people across the world, the Covid-19 pandemic has tilted lifestyles towards a more digital reality and arguably, the digital economy has helped the global machinery to continue grinding despite the catastrophic disruption.

Bar hangouts have become virtual parties and movie dates have become Netflix parties.

Satya Nadella, the CEO of Microsoft, posted recently: “We’ve seen two years’ worth of digital transformation in two months.”

Even before the outbreak of Covid-19, the influence of digital technology on import-export trade was growing and has played a significant role in increasing the total value of cross-border transactions from $5 million in 1990 to $30 trillion in 2014, according to the McKinsey Global Institute.

Whereas the possibilities of digital trade have been accelerated on account of the pandemic, we have to remain alive to the existing and developing barriers to digital trade.

Restrictions imposed by countries on the cross-border transfer of data is one of the barriers. In a world where it is increasingly difficult to ring-fence the digital economy, data flows across borders are becoming the bloodstream of cross-border trade.

Restrictions and limitations on data flows could be in the form of data localisation requirements, adequacy decisions as provided under the General Data Protection Regulation (GDPR) or the requirement to satisfy certain conditions before transferring data to a third country.

With GDPR, cross-border data transfers between EU countries and third world countries is unrestricted where an adequacy determination has been made, which means that such countries have been found to have appropriate data protection safeguards.

This is particularly problematic in the overall digital trade as the process of issuing the adequacy determination can be arguably unclear, with a country like Morocco still waiting for a determination having requested an adequacy decision over a decade ago in 2009.

Even more interesting, is that it is almost impossible that the EU will ever issue an adequacy decision in favour of China whose influence on the global economy cannot be ignored.

The GDPR approach EU is arguably centred on pushing countries to harmonise their outlook on privacy rather than prioritising keeping businesses accountable on personal data protection.

As a result, different regimes will enact their own data protection laws and require adherence by the residents of third countries, ending in a “spaghetti bowl” of regulations that will be tough to traverse.

Data localisation is another restriction to the cross-border transfer of data. Data localisation regimes usually involve two main types of requirements — localisation of data storage and localisation of data processing.

The former requires that certain or all personal data should be located within the national borders and the latter requires that specific activities relating to collected data should take place domestically.

Read the full article via Business Daily here.