Cyber Brief: A New Framework for Cross-Border Data Flows

The Digital and Cyberspace Policy Program has launched a new Cyber Brief. This one is authored by CFR Senior Fellow for Digital Policy and Net Politics contributor Karen Kornbluh. 

It won’t be a surprise to readers of this blog that the flow of data across international borders creates jurisdictional challenges. There are ample cases of law enforcement encountering challenges when seeking evidence stored on a foreign server during a domestic criminal investigation or when individuals expect domestic privacy protections for data hosted abroad. Increasingly, countries have responded by imposing new requirements to store data locally, threatening cross-border data flows, which generate approximately $2.8 trillion of global gross domestic product each year.

In her brief, Karen argues that the United States should take the lead in addressing the jurisdiction challenge by promoting cross border data flows while improving international data privacy standards. It can do so in three ways. First, she argues the U.S. government should promote a common approach to data protection that is gaining traction through regional agreements such as the Privacy Shield and the Asia-Pacific Economic Cooperation’s (APEC) privacy framework in order to assuage privacy concerns. Second, the United States should finally update the mutual legal assistance treaty (MLAT) system. Third, the United States should leverage its willingness to take these actions in diplomatic negotiations to seek international endorsement of the norm of the free flow of information, especially as China has put digital issues on the agenda for this year’s Group of Twenty meeting.

You can find the full brief here.