03 October 2023
CO23138 | Global Data Governance: ASEAN Pathways to Regional and International Leadership
SYNOPSIS
With negotiations on the Digital Economy Framework Agreement kicking off recently, ASEAN has a chance to become a game changer in Global Data Governance. However, it will have to clear domestic, regional, and international hurdles before leading the conversation on global data policy, which is currently messy and contentious.
COMMENTARY
The contest to construct a global data governance regime is well underway. Current discussions revolve around three major actors: the United States (US), China, and the European Union (EU). In her new book, Digital Empires, Anu Bradford differentiated their data governance regimes which outline the philosophical divisions that underline the technical discussions.
Whereas the US prefers limited government intervention to minimise the risk of stifling free speech and innovation, China prefers the opposite: stronger state-driven digital market policies to protect national security interests. Meanwhile, the EU favours a third approach, where regulators strive to preserve individual rights to foster a democratic digital environment while maintaining Europe’s competitiveness in the digital economy.
Indeed, the current picture of global digital and data governance is messy and disjointed. Cross-market disputes in data regulatory practice have regularly made headlines in recent months. In March, the US Chamber of Commerce voiced its concern with Europe’s new Data Act, a law that they suspect would force American firms to share proprietary data with their European competitors. This September, EU regulators demanded that Apple open its heavily-guarded ecosystem to competitors in compliance with European laws – a move that the tech giant has relentlessly resisted in the past over consumer privacy and security concerns.
Building Southeast Asia’s Credibility
This squabble leaves the rest of the world with an urgent data policy challenge: build their own data governance regimes and lead the conversation or be forced to tag-along with one of the three major powers.
In Southeast Asia, policymakers have chosen the former. Last month, the Association of Southeast Asian Nations (ASEAN) formally began negotiations for its Digital Economy Framework Agreement (DEFA), a regional regulatory framework envisioned to keep Southeast Asia competitive in the global digital economy.
Inevitably, harmonising contrasting domestic data protection and localisation laws will have to be tackled to enable smooth cross-border data flows, a key factor needed to unlock the regional digital economy’s growth potential, estimated to reach US$2 trillion by the end of the decade.
The potential benefits in developing a strong DEFA are not only economic in nature. An incentive in global governance exists as well. Developing a coherent and credible regional digital governance policy is the first step for ASEAN to build its relevance and make its impact in global conversations on data governance.
In their 2011 book, The New Global Rulers, Tim Büthe and Walter Mattli argued that hierarchical and centralised domestic institutions will have a greater voice in international rulemaking versus those that are fragmented and decentralised. Without establishing this credibility, ASEAN risks getting dragged along and submitting to the influence of one of the three major powers.
That ASEAN has been able to start DEFA talks is already a feat in itself given the strong divergence in domestic preferences in data policy. Some members like Vietnam have doubled down on their data localisation policies and required businesses to store their data locally, consequently restricting cross-border data flows. Meanwhile, Singapore has signed four Digital Economy Agreements (DEAs) to date – ensuring free flow of data with its five partner countries.
Clearly, ASEAN must be able to overcome the collective action problem that comes with the disjointed domestic interests between members. Negotiators will have to resist urges to settle with a watered-down agreement in exchange for swift approval by members. If DEFA is headed in that direction, the cross-border problems will not be sufficiently settled, nor will DEFA provide ASEAN with a common stance and leverage in global negotiations on data governance. Conversely, a DEFA with a strong data policy that minimises hindrances to cross-border data flows while ensuring safeguards in data privacy and security will allow ASEAN to maximise its economic potential and gain global political currency.
Leading the Global Data Governance Conversation
Establishing a credible governance regime is only the first step for ASEAN in entering the data governance race. These solutions must also be accepted at the global level to minimise the risk of large-scale disputes. In Digital Empires, Bradford offered a gloomy appraisal for a unipolar solution to global digital governance. However, while the prospects of harmonising different regional frameworks into a unified global standard today are indeed slim, some possibilities remain.
There are two scenarios in which building a global data policy could be possible. One possibility is to essentially outsource the task to what Büthe and Mattli referred to as private “focal regulatory institutions”. This trend of global private governance is not new; in fact, two of these private regulators already have a standard – the ISO/IEC 27001 – governing cyber-resilience and data integrity. For this scenario to be beneficial to ASEAN, it requires not only strong regional institutions, but also heavy reliance on external expertise and private sector dialogue – stakeholders that ASEAN envisions to engage with during DEFA negotiations.
The second direction is to rely on public international institutions and forums to craft an international agreement. Here, ASEAN could use its own platforms, like the East Asia Summit, to lead discussions in bridging differences in data policy with its external partners. Elsewhere, the United Nations launched an Open-ended Working Group (OEWG) on Information and Communications Technology (ICT) in 2021, covering a wide range of ICT security issues including data security.
In either case, this data governance strategy will only bear fruit if there is consistent dialogue and best practice exchange between domestic and regional actors – and it remains to be seen whether ASEAN’s partners have the appetite for it. Nonetheless, if ASEAN gets DEFA right, the region will have a rare opportunity to become a global leader in digital data governance.
About the Author
Jose Miguelito Enriquez is Associate Research Fellow in the Centre for Multilateralism Studies at S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. His research interests include digital economy governance in ASEAN, populist foreign policy and multilateralism, electoral politics of the Philippines, and foreign policy of the Philippines with a focus on US-Philippine relations.
SYNOPSIS
With negotiations on the Digital Economy Framework Agreement kicking off recently, ASEAN has a chance to become a game changer in Global Data Governance. However, it will have to clear domestic, regional, and international hurdles before leading the conversation on global data policy, which is currently messy and contentious.
COMMENTARY
The contest to construct a global data governance regime is well underway. Current discussions revolve around three major actors: the United States (US), China, and the European Union (EU). In her new book, Digital Empires, Anu Bradford differentiated their data governance regimes which outline the philosophical divisions that underline the technical discussions.
Whereas the US prefers limited government intervention to minimise the risk of stifling free speech and innovation, China prefers the opposite: stronger state-driven digital market policies to protect national security interests. Meanwhile, the EU favours a third approach, where regulators strive to preserve individual rights to foster a democratic digital environment while maintaining Europe’s competitiveness in the digital economy.
Indeed, the current picture of global digital and data governance is messy and disjointed. Cross-market disputes in data regulatory practice have regularly made headlines in recent months. In March, the US Chamber of Commerce voiced its concern with Europe’s new Data Act, a law that they suspect would force American firms to share proprietary data with their European competitors. This September, EU regulators demanded that Apple open its heavily-guarded ecosystem to competitors in compliance with European laws – a move that the tech giant has relentlessly resisted in the past over consumer privacy and security concerns.
Building Southeast Asia’s Credibility
This squabble leaves the rest of the world with an urgent data policy challenge: build their own data governance regimes and lead the conversation or be forced to tag-along with one of the three major powers.
In Southeast Asia, policymakers have chosen the former. Last month, the Association of Southeast Asian Nations (ASEAN) formally began negotiations for its Digital Economy Framework Agreement (DEFA), a regional regulatory framework envisioned to keep Southeast Asia competitive in the global digital economy.
Inevitably, harmonising contrasting domestic data protection and localisation laws will have to be tackled to enable smooth cross-border data flows, a key factor needed to unlock the regional digital economy’s growth potential, estimated to reach US$2 trillion by the end of the decade.
The potential benefits in developing a strong DEFA are not only economic in nature. An incentive in global governance exists as well. Developing a coherent and credible regional digital governance policy is the first step for ASEAN to build its relevance and make its impact in global conversations on data governance.
In their 2011 book, The New Global Rulers, Tim Büthe and Walter Mattli argued that hierarchical and centralised domestic institutions will have a greater voice in international rulemaking versus those that are fragmented and decentralised. Without establishing this credibility, ASEAN risks getting dragged along and submitting to the influence of one of the three major powers.
That ASEAN has been able to start DEFA talks is already a feat in itself given the strong divergence in domestic preferences in data policy. Some members like Vietnam have doubled down on their data localisation policies and required businesses to store their data locally, consequently restricting cross-border data flows. Meanwhile, Singapore has signed four Digital Economy Agreements (DEAs) to date – ensuring free flow of data with its five partner countries.
Clearly, ASEAN must be able to overcome the collective action problem that comes with the disjointed domestic interests between members. Negotiators will have to resist urges to settle with a watered-down agreement in exchange for swift approval by members. If DEFA is headed in that direction, the cross-border problems will not be sufficiently settled, nor will DEFA provide ASEAN with a common stance and leverage in global negotiations on data governance. Conversely, a DEFA with a strong data policy that minimises hindrances to cross-border data flows while ensuring safeguards in data privacy and security will allow ASEAN to maximise its economic potential and gain global political currency.
Leading the Global Data Governance Conversation
Establishing a credible governance regime is only the first step for ASEAN in entering the data governance race. These solutions must also be accepted at the global level to minimise the risk of large-scale disputes. In Digital Empires, Bradford offered a gloomy appraisal for a unipolar solution to global digital governance. However, while the prospects of harmonising different regional frameworks into a unified global standard today are indeed slim, some possibilities remain.
There are two scenarios in which building a global data policy could be possible. One possibility is to essentially outsource the task to what Büthe and Mattli referred to as private “focal regulatory institutions”. This trend of global private governance is not new; in fact, two of these private regulators already have a standard – the ISO/IEC 27001 – governing cyber-resilience and data integrity. For this scenario to be beneficial to ASEAN, it requires not only strong regional institutions, but also heavy reliance on external expertise and private sector dialogue – stakeholders that ASEAN envisions to engage with during DEFA negotiations.
The second direction is to rely on public international institutions and forums to craft an international agreement. Here, ASEAN could use its own platforms, like the East Asia Summit, to lead discussions in bridging differences in data policy with its external partners. Elsewhere, the United Nations launched an Open-ended Working Group (OEWG) on Information and Communications Technology (ICT) in 2021, covering a wide range of ICT security issues including data security.
In either case, this data governance strategy will only bear fruit if there is consistent dialogue and best practice exchange between domestic and regional actors – and it remains to be seen whether ASEAN’s partners have the appetite for it. Nonetheless, if ASEAN gets DEFA right, the region will have a rare opportunity to become a global leader in digital data governance.
About the Author
Jose Miguelito Enriquez is Associate Research Fellow in the Centre for Multilateralism Studies at S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. His research interests include digital economy governance in ASEAN, populist foreign policy and multilateralism, electoral politics of the Philippines, and foreign policy of the Philippines with a focus on US-Philippine relations.
