- There is great value in data, including in finding novel ways of doing business and in sharing.
- Legitimate concerns about data protection, privacy, and national security create a patchwork of different regimes.
- Cross-border data flows are particularly difficult in a new era of digital law and national security.
- Laws can have extra-territorial application and capture businesses based offshore.
- Fair and consistent settings can create social wealth and sustainable industrial competitiveness.
- Covid-19 has accelerated the need for interconnectivity and sharing.
Technology has transformed the way we live, work, buy, bank, communicate; and behind it all is data.
Palaeolithic tribespeople kept data and understood its intrinsic value. The form was different – notches on sticks or bones – but the substance was in essence the same. Information.
Information about trading activity or food supplies; aiding decisions and improving ways of living.
Today, data travels along hair-thin threads of fibre optic cables in tubular casing criss-crossing the globe, like garden hoses buried deep beneath the ocean – more than 1.3 million kilometres’ worth according to cable mapping business Telegeography. In 2021 alone, almost 30 cables were due to go live, including Sub Co’s 9,800km Oman Australia Cable and China Mobile’s 675km Hainan to Hong Kong Express.
The cables reveal a truth: data is only useful if it can be used, combined, analysed and exchanged. It’s why those cables are needed, and why data is often called the ‘new oil’. Unrefined, it is of little use.Data has always driven innovation but instead of bones recording available food supplies we have technology-fuelled tools: blockchain, the internet of things, cloud computing, robotics, artificial intelligence, 5G mobile broadband.
Yet unleashing the value of data… is far from simple.
A complex landscape of data protection, cyber security and privacy regimes has developed over the past 40 years, influenced by cultural preferences and local issues. The US regime prioritises information disclosure (symbolic of freedoms), the EU focuses on protecting security (respecting personal data as a basic human right) and China focuses on privacy and security (data is a matter of sovereignty and national security).
Source: World Economic Forum
What can we do with all of this data?
Canadian cellist Zoë Keating once asked for payment in data, arguing it was more valuable than the money she might otherwise get from her songs being downloaded or streamed.
Virtual banks of data are accumulating around the world. By 2025 the global data volume is expected to increase tenfold from 16.1ZB in 2016 to 175ZB (that is, “zettabytes” – one billion terabytes, or to further highlight the gargantuan size, one trillion gigabytes).
Source: European Commission, McKinsey, OECD, International Data Corporation, Deloitte
As the use of data increases exponentially, so does our collective reliance on it, driving economic activity and GDP. The pandemic accelerated and amplified this as working and personal lives became wedded to the web for many.
The pervasiveness of technology recalls Milton Friedman’s famed quote - ‘We are all Keynesians now’. Friedman revealed to Time magazine in 1966 that the quote went further: "nobody is any longer a Keynesian".
The world’s biggest technology companies sell goods, provide communication and advertising platforms, make watches, are introducing banking options. The absence of strict demarcations sees water flow both ways, bringing risks and opportunities for companies across the board.
The Asia Pacific Economic Cooperation (APEC) estimates approximately 70% of new value created in the economy over the next decade will be based on digitally enabled platforms.
I think the challenge for companies is to recognise that digitisation is not something you get to opt into or even opt out of.” – Scott Farrell, KWM Partner
1. Going digital, seizing opportunities
One of the greatest challenges is for corporations and firms outside of the technology sector to recognise digitisation is not something you get to opt into or out of. The second is to realise the value in the information held by a business when it does “go digital” and proactively seize opportunities.
Just as data could help paleolithic people determine where the mammoths were congregating, or when salmon swam up the river to breed, data can capture sales trends, customer preferences and relationships, enhance offerings, improve internal efficiencies and operations. Data exchange helps many people to collaborate to their advantage.
2. Sharing data
One way of realising value is, perhaps paradoxically, to share it. The Organisation for Economic Co-operation and Development (OECD) has flagged the benefits from enhanced access to and sharing of data, citing one study which estimated a US$3 trillion boost from re-using data across seven areas including healthcare and finance. Benefits flow to users (transparency, accountability, empowerment) as well as businesses. Unlike many goods, data is not ‘used’ or ‘consumed’ in a way which sees it disappear off a shelf.
Novel applications have developed to help businesses improve operations by sharing data. In Germany, the Industrial Data Space (IDS) platform (funded in part by the government) gives users the ability to share information and set rules and time limits. ThyssenKrupp AG has adopted it for logistics, optimising truck transport processes and energy supply to manufacturing plants.
There are growing calls for standardisation to enable interoperability between data systems and across borders, allowing data to move from one system to another without technological plugs.
Governments are increasingly adopting initiatives around open data (including in the US, the UK, France, Mexico, Denmark, and Japan) and public sector information (the EU). Canada has had an open government portal since 2014. In China, the Ministry of Industry and Information Technology (MIIT) has asked internet companies to open links to rival payment services.
Shenzhen is a pilot demonstration zone for improving the data property rights system, including by promoting the open sharing of government data. The Chinese government has also supported the creation of a data platform in the Guangdong – Hong Kong – Macao Greater Bay Area.
Governments are also increasingly appreciating the economic and social benefits promised by sharing data.
China opened the Shanghai Data Exchange in late November 2021. Anonymised data on flights and energy consumption were among the 20 data products exchanging hands on day one.
In December 2021, the Australian government revealed its economy-wide vision to create what it calls a “national ecosystem of data that is accessible, reliable and relevant and easily used”. The end game is to build a world-leading “modern data-driven society” by 2030.
The Australian Data Strategy contains no new laws or policies; rather, the plan is to use existing regimes to enable the use of data “to bring tangible benefits to the Australian people and enable data as the lifeblood of our digital economy, including through the government engaging with the private sector to secure economic and social data for limited approved uses”. Nonetheless it highlights an important shift in the way data is viewed and understood as a value proposition.
3. Letting customers take their data with them
There is also an increasing push from consumer organisations for the right to ‘port’ data between businesses and regulators are following, led by efforts in Australia.
Since mid-2020, consumers in Australia have had the right to ask certain businesses to share the information held about them. Known as the consumer data right, the banking sector was the first to come under the regime, meaning people and businesses can ask a bank to share data about their transaction history or interest rate, for example. The energy sector is next in line, followed by telecommunications.
The aim is to give consumers better access and control, including dashboards to show the use of their data, who they’re sharing it with, and how to stop it. Ease of comparisons and more competition – driving prices down and innovation up – are also targets.
One of the nation’s largest banks – The Commonwealth Bank of Australia – became the first major bank to register to receive data from other businesses, not just port it elsewhere, in early 2021.
Canada, Singapore, Japan, India, Brazil and the UK are looking at the potential to expand an economy-wide consumer data right using Australia as a model.
The European Union is also breaking new territory; moving from its focus on privacy to one which promotes data sharing. A new data governance strategy in 2020 is set to roll out over five years, including a data trust.
This would involve public servers holding information about Europe’s half a billion people, which companies would have to access rather than storing or moving it themselves. Europeans would then receive data dividends of a financial or non-monetary kind; taking data sharing into a bold new arena.
In the US, some senators want to force dominant digital platforms to allow competing platforms to connect and communicate with their systems and allow users to transfer data although wider support seems uncertain.
Barriers to data use are high – and they’re getting higher
Acknowledging opportunities is one thing; accessing them is another. The ability to share and use data is not as seamless and straightforward as the kilometres of sub-sea fibres snaking their way around the world might suggest.
Since the 1980s, valid concerns around privacy, data ownership and more recently national security have driven jurisdictions to introduce restrictions. Up until 2000 the uptake was slow: there were only 16 nations with data protection and privacy regimes globally. This steadily increased, picking up pace over the past decade. Today, almost 70% of nations have data protection and privacy laws requiring consumer notice and / or consent.
1. The way we store it
One major problem with data is that it is siloed. It is collected for one purpose and stored in a particular way that is not accessible and hence not useable. The virtual equivalent of sales receipts sitting in a shoe box.
2. The need to protect it
Since the 1980s, valid concerns around privacy, data ownership and more recently national security have driven jurisdictions to introduce data protection laws and restrictions on data transfers.
As early as 1983, the German Federal Constitutional Court had to decide upon the legality of a census. The court established the basic right to informational self-determination – a person’s right to decide what happens to their data – and the census was delayed. It was carried out four years later in a modified manner.
Up until 2000, however, the uptake was slow: there were only 16 nations with data protection and privacy regimes globally. This steadily increased, picking up pace over the past decade. Today, almost 70% of nations have data protection and privacy laws requiring consumer notice and / or consent.
Sir Tim Berners-Lee (knighted by the Queen of the United Kingdom in 2004) wants to revolutionise the way people’s data is stored and accessed.
The much-lauded computer scientist from the Massachusetts Institute of Technology devised the first internet browser and server. He is now steering a MIT project called Solid, which lets people create ’Pods’ to store their information. People can then give access to (or remove it from) others, for any part as needed. Common language is used to allow interoperability. Whether or not people get paid “will be determined by the market”, the project website explains.
Governments are also rethinking the landscape via the use of data trusts: a structure to manage digital rights, ideally building transparency and accountability. Canada and the UK have set up data trusts for various policy developments including public data for AI research; India is set to follow.
But it is Europe which might lead change again.
In 2020 the EU began a trial of a secure data sharing marketplace called Trusts, bringing together 17 economic and scientific partners to test and showcase uses for AML compliance, agile marketing and improving customer services. Trusts creates a legal and ethical framework, featuring security functions and interoperability. The hope is to move from the dominant hierarchical structure where one data owner shares with or sells to others; to an independent two-sided market where data sellers and buyers can meet at large.
Companies are also exploring interoperability and trust options. The Data Transfer Project, a combined effort of Apple, Facebook, Google, Windows, Twitter and SmugMug, launched in 2018 to allow portability between providers. IBM and Mastercard manage financial information of Ireland-based clients via a data trust.
Should people receive payments?
California-based independent think tank The Berggruen Institute thinks so. In a plan on building an “equitable data economy”, drafted by a working group of practitioners and scholars, the institute proposes a data dividend tax on companies in California based on data aggregation and storage. The revenue raised would fund projects to benefit residents, including public Wi-Fi and computing infrastructure. The use of AI is a critical element, generating the value of data by learning from aggregated data sets. The plan was inspired by the call for a data dividend made by California Governor Gavin Newsom in his State of the State speech in 2019.
The Berggruen Institute says the idea highlights the public contribution in providing data and could unleash a series of measures to share the gains created by technologies with a broad cross-section.
“In the same way that we say, ‘we went to the moon’, all Californians – and all Americans – can say we created the amazing AI technologies that are improving our lives every day,” the plan notes.
Some jurisdictions still have none, creating a different problem. The United Nations Conference on Trade and Development (UNCTAD) points out the lack of consumer protection laws across many transitional and developing countries, which rubs against the importance of consumer confidence.
Regime updates have been rare, which means jurisdictions can be grouped into categories based on the dates of their originating laws, and the development of data protection laws is significantly influenced by local issues and political pressures.
The concerns driving the regulations are important but disparities between various regimes and whether they strike the balance needed creates difficulties. Ramifications include compliance costs, restraining innovation, withholding social benefits and hindering the intensely data-driven supply chain.
The rapid acceleration of technological advancement is prompting action from governments and regulators. China, Australia, Singapore, New Zealand, India, Canada and Vietnam are all in the process of introducing new privacy laws or revising existing regimes (or recently did so). In China, laws introduced towards the end of 2021 focus on an overall concept that there is no national security without data security, and data security is fundamental to national security.
How to maintain the vision of global interconnection has become an issue that countries must seriously face when formulating personal data protection legislation and privacy supervision policies. The important criterion for evaluating any legal system lies in whether it delicately balances the various aspects.” – Susan Ning, KWM Partner
The inconsistencies between national privacy laws, the complexity and cost of compliance with those laws as well as the restrictions on the ability to transfer or manage data offshore present significant challenges for multinational businesses.
The importance in carefully navigating the fragmented regulatory landscape is heightened by the growing threat of sanctions. Regulators are active and significant probes and actions are under way from west to east, including in China, EU, US, Australia, Ireland, South Korea and Germany.
Source: UNCTAD
“As a non-US fintech company trying to set up in the US you really want to be very careful, be very meticulous, in the process of acquiring US regulatory approval.” – Eli Han, KWM Partner
Making good ethical sense…
Legislative restrictions aside, businesses must traverse the moral issues around the use of consumer data. This is particularly an issue when it comes to the use of algorithms, such as those which determine eligibility for services.
This will only increase in importance as investor and consumer demand for ESG policies grows.
The Danish and UK governments are among those which have looked closely into data ethics, with Denmark exploring a possible “national seal” to show a business uses data responsibly and securely and the UK establishing a framework to guide data use. In Australia, an AI Ethics Framework guides responsible and inclusive design and implementation, in a bid to build trust and make it a global leader in the area.
A future of harmonisation, or at least common standards?
The lack of standardisation throughout the economy drives huge costs into business for not a lot of gain and I do think we need to look at barriers in this digital economy. The amount of effort that we have to go to at the moment to actually enable data sharing to work effectively, is tremendous.” – Cheng Lim, KWM Partner
International institutions are aiming high. The OECD is promoting better access and sharing; critically, it is working on an internationally accepted taxonomy on privacy, data ownership and related topics.
APEC is also promoting harmonisation and interoperability, while the UNCTAD is trying to close the digital divide between nations which are at different stages of development.
Nations have shown a degree of eagerness. China’s new personal information laws include a commitment to actively participate in the formulation of international rules and promote exchanges and cooperation. The EU agreed in 2016 to “support the development of international arrangements that promote effective privacy and data protection across jurisdictions, including through interoperability among frameworks”.
“We have live matters that involve the creation of hybrid worlds, it involves the creation of avatars that may involve physical robots that are in new jurisdictions and it’s easy to laugh this off as a passing fad. There is a need for legal readiness to contemplate or at least be sufficiently flexible to provide the principles for addressing these new areas of risk becomes especially important.”
Thriving in a data and technology dominated future
"Over the next decade, it is estimated approximately 70% of new value created in the economy will be based on digitally enabled platforms.” – Asia-Pacific Economic Cooperation
In his award-winning book Sapiens: A Brief History of Humankind, Yuval Noah Harari explores why human sapiens, among all the species on the planet, came to dominate. Two theories both relate to our ability to collate and use information to our advantage.
Thousands of years later, it remains a determinant for survival and success, but today technology is critical to its success. Even as efforts persist towards harmonisation, the scene is clouded by local concerns and the competition for data rights between countries will undoubtedly intensify.
For businesses, this means not only understanding the value of data and the available technology, but how to best use it while managing regulatory risks and ensuring cyber security.
Regulators must be prepared to work together to standardise laws, to embrace flexibility in a constantly evolving environment, and to proportionately respond to the new technology to come.
Thanks to John Guerrato in the Knowledge Management team for research assistance.