Leading U.S. technology firms have become loud critics of cross-border data restrictions in foreign markets, arguing that such moves run counter to the distributed nature of cloud computing and threaten to curb global economic growth.
[ Related: Open Internet Central to U.S. Trade Policy ]
Now, the Information Technology and Innovation Foundation (ITIF) is advancing that argument, warning that the impact of cross-border data restrictions is felt much more broadly than in just the tech sector, as companies in traditional spheres of the economy from mining to retail are hit by those policies.
Perversely, then, policies aimed at supporting local businesses end up harming the same domestic economy they are trying to help, the ITIF's new report (PDF available here) concludes.
"Firms in traditional industries ... are quite engaged in cross-border data activity, and oftentimes policy makers in those countries are not aware of that," ITIF President Robert Atkinson said this week at a panel discussion.
"So what you have has developed in this space -- essentially sort of [this] idea that foreign policy makers hold, which is that it's only U.S. technology companies that are ... dependent upon cross-border data flows. It's only the Microsofts of the world, or the IBMs or the Googles or the Oracles," he adds. "And since those are not our companies, those are their companies, we're sort of okay with putting restrictions on cross-border data flows, the logic goes."
The ITIF's report calls on U.S. trade officials to make data flows a core element of their negotiations with overseas partners, pressing for language to facilitate data movement in initiatives such as the landmark Trans-Pacific Partnership currently under discussion.
Additionally, the group is urging international bodies such as the World Bank and World Trade Organization to push back against restrictive data policies. ITIF is proposing that the WTO spearhead a "digital services agreement," a global treaty that would undercut the incentives for curbing data movement over international borders.
Competition and Privacy Top Reasons Cross-Border Data Flows Get Restricted
The motivations vary for restricting cross-border data flows. Some policy makers have embraced data-residency requirements as a tool to protect local tech companies from international competition. Others have pursued restrictions on data flows as a vehicle for safeguarding how consumers' personal information is used and transmitted, concerns that were only exacerbated by the disclosures of former NSA contractor Edward Snowden.
Those privacy concerns have been prominent in the European Union, which has historically taken a more protective approach toward users' personal information than U.S. regulators. But the recent characterizations of EU nations as hostile to U.S. tech firms are overblown, argues Andrea Glorioso, a counsellor with the EU's delegation to the United States, who says the discussion too often is "based more on appearance than on facts."
"Together with the U.S., the EU is one of the drivers of free trade," Glorioso says.
The ITIF's report frames the data-movement issue as one that's much larger than just the tech sector. In a series of case studies, the report examines multi-national companies like mining colossus Rio Tinto, consumer products maker Unilever and Royal Dutch Shell, highlighting how each relies on a technology infrastructure to relay data spanning everything from mine production outputs to consumer analytics in real time.
"You wouldn't think of mining as a data-intensive industry, but it is," Atkinson says. "These data flows are all global."
The ITIF contends that data-localization laws enacted for economic benefit, such as the requirement that data be stored in a facility within the country, are a shortsighted approach that, while it might create a handful of data-center jobs in the near term, will ultimately restrict access to Internet-enabled services and applications that could help domestic firms grow and more vigorously compete in the international market.
Then, too, the authors of the report take issue with the notion that localization rules will further privacy and security considerations.
"When it comes to data security, it does not depend on where the data is stored, but rather the means used to store it," they conclude. "A secure server in Laos is no different from a secure server in Brazil."