Data protection frameworks must be compatible with international data flows for developing countries to benefit from the global digital economy

19 April 2016

National and regional legal frameworks that protect data in the ever-expanding digital economy are often outdated, incompatible or missing, UNCTAD has found. This will store up problems for the future integration of developing countries into the global economy and threaten the amazing benefits they could derive from cross-border e-commerce.

In a new report, Data Protection Regulations and International Data Flows: Implications for Trade and Development, UNCTAD says that coherent and compatible data protection regimes will be ever-more important in the face of new technologies such as cloud computing, big data, and the Internet of Things. More dialogue between all stakeholders is needed to achieve adequate protection, the report urges.

According to UNCTAD's Cyberlaw Tracker, as of April 2016, only 108 countries have data protection laws and 35 have draft laws. Around 60 developing countries have no data protection laws at all.

Existing national and regional regimes, such as those in the United States and the European Union, often contain similar principles but even they diverge in their approaches to dealing with cross-border data flows.

Figure 1: Data protection core principles
Data protection
Source: UNCTAD


The report found that differing notions of privacy and a variety of different stakeholder interests creates tensions: individuals are concerned about their right to privacy and being able to safely and confidently use online services; governments are concerned about national security and safety; and businesses are concerned with compliance burdens and regulations that may hamper innovation and trade.

The report tracks the evolution of data protection, outlines and summarizes the current landscape of global, regional and national data protection regimes, identifies common challenges in the development and implementation of regimes, and presents policy options. It draws on contributions from 18 governments, regional and international organizations as well as representatives of the private sector and civil society to offer a single source of information for consultation by policymakers.

Figure 2: Key Policy Options
Policy Options
Source: UNCTAD

The report identifies eight policy options for countries as well as international and regional organizations to consider when adopting or revising data protection legislation and guidelines.

In order to promote international compatibility, it is important to avoid duplication and fragmentation in approaches to data protection.

Instead of pursuing multiple initiatives, the report suggests, global and regional organizations may need to concentrate on one unifying initiative or a smaller number of initiatives that are internationally compatible.

In developing and promoting international and regional data protection initiatives, consideration should also be given to the compliance burden, and the potential for adverse effects on trade, innovation and competition, especially from the perspective of small and medium sized enterprises (SMEs).

In this context, the report says that SMEs should participate in debates related to such initiatives, and underlines that provisions that build consumer trust and confidence in regulatory models will help to grow e-commerce around the world.

UNCTAD, as a convener of stakeholders from both developed and developing countries, offers a forum for discussion on this vitally important subject.

In this respect, the new data protection report was released on April 19, 2016, at an Ad Hoc Expert Meeting on Data Protection and Privacy during UNCTAD's second annual E-commerce Week in Geneva, Switzerland.