Protect data without giving in to protectionism

Decision makers are often told, erroneously, that “data is the new oil.” In fact, like oil, they are a precious commodity for the economy. But unlike oil, data is not a competitor: one party using data does not reduce the amount of data available to others. And unlike oil, data is not fungible: one data cannot be replaced with another in the way barrels of oil are interchangeable. Unfortunately, the “data is oil” analogy has led to ill-conceived policy ideas, especially the idea of ​​data sovereigntyaccording to the Center for Data Innovation*, the main think tank that studies the interaction between data, technologies and public policies and which is part of the Information Technology and Innovation Foundation (ITIF).

Many countries are now advocating a “data sovereignty” policy, a concept according to which governments should keep all national data at the national level to ensure they remain subject to country rules. Policymakers who follow this line of thinking believe that governments should treat data as a finite natural resource that must be protected from foreign actors seeking to exploit it for profit. Proponents of this approach actually view data as no different from other resources a country may be naturally endowed with, such as oil or minerals, notes Daniel Castro, director of the Center for Data Innovation and vice president of the Information Technology and Innovation Foundation who said wrote a study note on this.

India adopted this perspective early.. Its draft national e-commerce policy states that “the growing importance of data justifies its treatment as other assets over which a country would have a sovereign right.” Furthermore, India makes it clear that its goal is to prioritize national access to data: “In the same way that non-Indians do not have access to national resources on the same basis as Indians, non-Indians do not have the same access rights to Indian data.”

Australia offers one of the latest examples of this type of reasoning deemed “confusing” by the Center for Data Innovation. In its ‘National Data Security Action Plan’, the government states that ‘Australia’s data is a valuable national asset that requires stringent security measures’ and that ‘inadvertently allowing another country to’ access Australia’s most critical data will erode our sovereignty and control over it data in the long run.” In other words, Australian policymakers are trying to block national data for fear that foreign actors exploit it for unfair economic gain. In India as in Australia, data sovereignty is a thinly disguised form of protectionism.However, these policies often gain popularity because many politicians confuse data protection with data protectionism, the think tank regrets.

Data protection is a legitimate step aimed at ensuring the confidentiality, integrity and availability of data. For example, policy makers should seek to protect sensitive information from inadvertent disclosure. Sensitive information includes both personal data and non-personal data that, if disclosed, violates privacy, security, economy and safety. For example, this sensitive information can be personal information about a person’s health, intellectual property (IP), including trade secrets, that companies want to protect, or non-personal information such as classified government data that harms national security. In such cases, Stricter data protection measures, including cybersecurity, can help prevent data breaches.

But data protectionism isn’t about preventing the disclosure of sensitive information, believes Daniel Castro. Rather, he aims to prevent people outside the country from generating value from data. If the goal of these policies is to maximize value for domestic companies, these restrictions are almost certain to have a negative impact, he said. The problem is that most data has little or no value until companies do something with it. Therefore, the more data companies have access to, the more value they generate. The fact of restricting foreign companies’ access to domestic data limits the scope of companies that can add value to the data. This means that data owners, whether they are consumers or businesses, are missing out on opportunities to profit, directly or indirectly, from their data, according to the Center for Data Innovation.

“Take the example of an Australian radiology lab that has thousands of medical images. Data protection rules are perfectly legitimate to ensure that personal health records remain private. However, Australian data protection laws prohibit organizations from transferring medical records overseas. This prevents radiology labs from using non-Australian AI systems that could be faster and cheaper, and more accurately interpret diagnostic imaging results. These restrictions result in potentially higher costs for Australian businesses and consumersas well as worse health outcomes”.

Moreover, data protectionism does nothing to improve data protections, judges the think tank. In-country data storage request has no impact on overall data security. Australian data, for example, is no longer secure on an online service simply because that service is owned and operated by an Australian rather than a US company. The security of the online service depends on a number of technical, logical and physical controls within the company.

Countries that pursue data protectionism also risk backlash from other governments. For example, Australian mining giant Rio Tinto collects data from around the world as part of its smart mining program to analyze geology, optimize energy use and automate its autonomous equipment. If other governments ban Rio Tinto from sending data back to Australia, it will have a negative effect on the company.

First policy makers learn that data is not oil and that data protection does not justify data protectionismthe better the future situation of consumers and businesses, concludes the expert group.

*https://datainnovation.org/