Differing Data Flow Systems Harm Global Trade in Digital and Data Services, Study Finds
Differences in data transfer regulatory regimes adversely affect international trade in digital and data-reliant services, economists from the European Centre for International Political Economy said in a paper published last month.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
It recommended that policymakers deploy and scale up safeguard mechanisms for international transfers of personal data between the EU and partners that are compatible and reduce trade cost frictions, such as shared data transfer impact assessment checklists. It also urged more work on expanding low-friction channels, such as EU adequacy decisions, to cut compliance costs.
The introduction of the GDPR in 2018 created conditions that could raise the cost of trading services within the EU, particularly where cross-border transfers of personal data are required, wrote trade economist Elena Sisto and Chief Economist Erik van der Marel. They examined whether the GDPR affected trade in digital services between EU member countries and third (non-EU) countries.
The paper accounted for the fact that, over time, many EU trading partners have adopted a data transfer model similar to the EU's, a trend known as the "Brussels effect." It also examined sectoral data intensity, measured by the share of companies in each sector participating in the EU-U.S. Data Privacy Framework and partner regimes' alignment, and distinguished EU-style systems from non-aligned ones.
"The results show that, for both imports and exports, trade in digital services experienced a significant decline following the introduction of the GDPR," the report said. One key finding was that the differences in how the EU and partner countries govern cross-border data flows, not differences in domestic data protection regimes, drive the negative outcomes.
The economists also found that the negative effects on imports could be explained by the fact that EU digital imports that rely on personal data often require the underlying data to be transferred from the partner country, which then exports the services to the EU. Differences in how those data transfers are regulated therefore directly affect the ability of EU countries to import.
For exports, the authors wrote, the negative results are potentially due to reduced imports leading to a decline in exports as technology-intensive companies in EU nations are unable to source the best available device inputs under the GDPR's safeguard mechanisms, weakening their international competitiveness. In addition, onerous data transfer requirements are likely to make the production of AI services more difficult.
The findings "suggest that while the GDPR has contributed to harmonising privacy standards across EU member states, additional efforts to align cross-border data transfer mechanisms with those of external partners may be necessary to achieve broader regulatory convergence," the paper said.