The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> NERMINE EL SAADANY: Good afternoon, everyone. Please confirm that you hear me online. Okay. Yes perfect.
So good afternoon. It’s a pleasure to be here with you today. My name is Nermine El Saadany. I am the Regional Vice President at the Internet Society, and I will be moderating this very interesting session today about Protecting Internet Data Flows and Trade Policy Initiatives.
I think the rapid globalization of the digital economy has transformed the way we conduct business and the way we communicate and innovate. As data becomes an increasingly valuable asset, it is imperative to ensure the free flow of cross‑border data. However, there is a rise of protectionist measures and data localization policies that threatens and fragments the Internet and might hinder the economic growth.
So in this session, we will be delving into the critical issue of protecting the Internet data flows in the context of trade policy initiatives.
I have with me online and as well on‑site very distinguished panelists whom I cherish being with and among because of their expertise, and I think the session will be very, very interesting.
And without further ado, I would like to introduce our first speaker online, Ms. Natalie Campbell, the Director and Senior Director, North America at the Internet Society. And allow me, Natalie, to address the very first question in our session. Why removing, in your opinion, Internet protections for cross‑border data flows against mandated data localization and electronic transmission threaten the Internet?
You have the floor, Natalie.
>> NATALIE CAMPBELL: Thank you, Nermine, and thank you, everyone, so much for joining us today. It’s really an honor to be here and to speak to you all about this really concerning issue.
So at the Internet Society, you know, we've been paying attention to different threats to the Internet over the last several years. And, you know, we pay extra attention when we observe threats that would impede the Internet at the infrastructure level, but specifically in terms of what it needs to exist.
Over the last several years, I think it’s no surprise to everyone here that there’s been increasing threats of fragmentation to the Internet, and often these come from governments who are trying to address different issues on the Internet, and doing so without considering what the Internet needs to exist in the first place.
So the Internet Society and our mission for Internet for Everyone, we work as a resource with governments, and we help them understand the impact of different decisions on the Internet and how to mitigate harm with tools like our Internet Impact Assessment Toolkit.
But today we’re here to talk about a newer challenge that is more difficult to tackle and to steer different actors in the right direction because of the secretive nature of these initiatives and the lack of transparency to different folks in this process, and that’s the threats emerging in trade initiatives to the Internet’s promise of global connectivity and specifically open data flows.
So the Internet Society, we’re not a trade expert, but we started paying attention to this issue because it is an Internet threat that we spotted in 2023 when we started seeing talks about certain Internet protections that were being advanced in the World Trade organisation’s Joint Statement Initiative on E‑commerce. We started paying attention when certain protections for open data flows and pushing back on mandated data localization, when that became de‑prioritized and ultimately there was a lack of consensus on these protections that are crucial to the internet and its global connectivity, things that needs to exist in the first place.
So this is why we started paying attention to this issue and why we’re so happy to have an opportunity to speak with everyone here today about it, because we believe that open data flows are not just a nice‑to‑have. The internet needs these to exist.
And the fact that these protections are no longer prioritized in trade initiatives, this is a worrying signal to countries around the world that very much rely on open data flows for digital trade to be successful in the first place.
If we’re no longer thinking about the fact that these need to be prioritized as a protection, then that poses a risk to the internet because countries who are involved in these trade initiatives might otherwise not be prioritizing this when they’re thinking about their own different approaches to national regulation.
Specifically, we’re worried because as many countries around the world don’t have approaches to data governance, they might be looking towards restrictions to data flows or mandated data localization in the name of privacy and security, but we know that these are not actually helpful to both those goals, and are actually very harmful to the Internet’s infrastructure and what it needs to exist in the first place.
So that’s kind of why we were hoping to help share these concerns with folks here today and to have a conversation with participants to not only share awareness about our concerns, but also to brainstorm what can be done to help steer countries in the right direction to protect things that are crucial to the Internet.
And what can we do to support different actors to ensure that trade initiatives are also prioritizing protections for the Internet, especially given the lack of visibility that folks have into these conversations? What can we do together?
Thank you.
>> NERMINE EL SAADANY: Thank you so much, Natalie, for setting the scene for our discussion.
And let me take from what you have said and maybe just take a minute to explain again to our audience, because I see some new folks entered the room.
Our session today will tackle protection of trade and the data flow and cross‑border data, and it will be divided into two parts. Part one will be the panel that we are having now, very, very distinguished panelists we are having online and on‑site. And then the second part we will have some robust kind of discussion where the experts will share some views, as well. And definitely in between we will listen to your views and maybe take some questions and answers.
And from what Natalie has said, and maybe I would refer to my colleague on the left, Mr. Mahroz Khan, Cross‑border Expansion Manager at the Digital co‑operation organisation, the DCO.
And from your expertise, Mahroz, the reaction of the countries on the threats and how they look at the threats that the trade can face, and what is the impact on SMEs in specific?
>> MAHROZ KHAN: Thank you so much and I really appreciate this opportunity to be here.
And I would like to congratulate the Internet Society for organising this discussion.
And from where I’m coming from, I’m a trade and investment lawyer trained at WTO and then UN International Trade Center. So I’m coming from that dimension, but specifically here at the Digital co‑operation organisation I’m working on the nexus between the digital policies and the trade policies through various of its programs.
The DCO is a new intergovernmental organisation with 16 Member States spanning across three different continents. So we have a good mix of Member States from Europe, from Africa, as well as Asia.
So I would like to actually start the premise that there is actually discontent between trade community and the digital community, and it has been lagging for decades. When we talk about, as Ms. Natalie actually mentioned, that this new topic actually started coming to the conversation in the digital community in 2023. So actually, let me actually specifically lay out what actually happened in 2023.
In 2023, United States stated its position that it will not support its argument and it will not enter into any legally binding agreement which guarantees cross‑border data flows. And then it got into news, because then it also had that catchy name "tariffs."
So custom duty, cross‑border data flows, but in addition to that there was a threat that custom duties would be applicable to the electronic transactions.
And here, let me also bring you the background. This discussion has been happening in the trade community. Back in 1998, there was a committee formed on electronic transactions where the countries agreed that they will not impose any custom duties on electronic transactions. That was a temporary moratorium. It has been renewed again and again. And recently, since the last four years, it has been extended on a biyearly basis, twice, during the Ministerial Conference of WTO.
The committee at the WTO, there was no agreement on any other issue apart from the moratorium. So it did not produce anything.
So what happened was, a group of countries, specifically 91 countries representing 90% of the global trade, started to negotiate on a plurilateral trade agreement where US, being this big supporter of open cross‑border data flows, proposed its position that we need to have open cross‑border data flows, the data localization requirements must be minimized, and then there must be a strong position on source code sharing.
So later on, what happened? So the conversation started back in 2017. The countries started negotiating. Then, in 2023, United States stated its position it is backing off, and then it got into news, and how it is going to impact the digital community.
So where do we stand today? We do not have an internationally legally binding instrument at any stage which guarantees open cross‑border data flows. This position was actually taken by US at the WTO. However, they have backed down.
Amongst these 91 countries, nine of them dropped, including United States. So the latest agreement that we have amongst the 82 countries is that there must be facilitation of electronic commerce, and the language of the treaty is not much legally binding, and they have taken out cross‑border data flows, the data localization requirement, and the source code.
At the DCO, what we did, looking at these developments, we actually assessed where the countries stand today on these digital trade policies. We actually collected regulations across 16 member states that actually accounts for around 2,500 regulations.
So in order to move towards the next direction, we need to know where we stand today. So we collected this assessment, and then we also did a survey with the business firms who are involved in digital trade, trying to understand their experience to actually connect the dots.
Moving forward, we will be actually sharing a high‑level trends analysis that shows the developments of digital trade.
The importance of this discussion, we are connected with our moderators today through Zoom. That would mean additional imposition of taxes. But then, how those taxes would have to be paid? The speakers connected in different jurisdictions, from Canada to UK and other jurisdictions, how that has to be implemented? So this topic actually creates more regulatory uncertainty.
That also means Ms. Nermine, who has actually come from Egypt, she’s able to call her family through WhatsApp. That means that won’t be possible, or that might not be possible; we do not know.
And for the private sector, here the major issue comes. The private sector, especially for the small‑ or medium‑sized enterprises, it will become a hurdle. We need open cross‑border data flows that allow small businesses, and in the new digital economy, it allows small businesses to provide their goods as well as services and expand into different regions. The uncertainty on this issue would mean, and without any agreement between any countries, that would mean we are uncertain about the future.
So there needs to be actually discussion, the original point that I mentioned, the discussion between trade community and the digital community, and the countries need to actually start monitoring the impact that it will have on their businesses, on their economy, and moving forward, any new shape that our economies can take.
I’ll stop here.
Thank you.
>> NERMINE EL SAADANY: Thank you so much, Mahroz. It’s very insightful.
We will move to our next speaker online, Ms. Jennifer Brody, Deputy Director of Policy and Advocacy for Technology and Democracy, Freedom House. I think, Jen, from your own experience, access to information and communication technologies nowadays is becoming an essential matter for more inclusive society and become more and more related to human rights. So if you can share from your experience and your thoughts about that, please. Jen?
>> JENNIFER BRODY: Sure, my pleasure. And thank you so much for having me here today. It’s a real honor and a pleasure.
First off, just to share, if you’re not familiar, Freedom House, we are the oldest human rights and democracy nonprofit in the United States, founded in 1941. We produce the report that many of you may be familiar with called Freedom on the Net. It surveys essentially the state of Internet freedom in over 70 countries around the world, working with local country analysts.
At Freedom House, we first engaged in this topic after the US government, the USTR, reversed its longstanding cross‑border data flows policy in the World Trade organisation talks in October, 2023, that the panelist who spoke before me alluded to.
Like ISOC, we are not digital trade experts. Instead, for Freedom House, we are human rights experts. So I will be speaking specifically to the human rights impacts of these policy reversals.
So first, I want to touch on data localization laws, which is a result of reversing or helps encourage ‑‑ sorry, I’m on my first cup of coffee. So reversing a longstanding cross‑border data flows policy helps encourage data localization laws.
So what are these data localization laws?
They place personal data firmly within reach of governments, creating unique risks for people’s privacy, free expression, access to information, and other fundamental freedoms. These implications are especially problematic in authoritarian contexts where there exists weak rule of law.
So to zoom in and provide one example, if we’re looking at Rwanda, in Rwanda, the government mandated that companies store data locally, which left personal data easily accessible in an environment in which authorities have embedded agents in telecommunications companies and use data from private messages to prosecute defenders.
And now to zoom out, Rwanda’s approach is quite similar to China’s authoritarian approach to data governance. And I will underscore Rwanda is not an outlier. Governments around the world are seeking to repress dissent by surveilling their people’s digital communications. In fact, over 78% of the world’s Internet users live in countries where simply expressing political, social, and religious viewpoints leads to legal repercussions. And I can say we expect this problem to only be exacerbated with the forthcoming UN Cybercrime Treaty. I'm happy to discuss that more later.
So now, just a few notes on how this policy reversal of cross‑border data flows impacts Internet fragmentation, or leads to it, rather.
So first just some background. We know that at multilateral forums, the Chinese government has been working alongside like‑minded governments to divide the global Internet into state‑run enclaves that can be more easily monitored, censored, and controlled. Unsurprisingly, Chinese officials view the World Trade organisation as yet another forum to assert their approach. In negotiations over electronic commerce rules, the Chinese delegation has, for example, advocated for the need to consider Internet sovereignty as a legitimate public policy objective.
From Freedom House’s perspective, we’re based in Washington, D.C., where I’m coming to you from early this morning, it is deeply concerning that the United States, once a leader of the interoperable free and global Internet, is arguably inching towards China’s Internet sovereignty approach. And this is happening at a time when the world needs the United States to stand up for a free, open, and global Internet now more than ever before.
Indeed, Freedom House’s Freedom on the Net report that I mentioned earlier found in its most recent edition that came out just a few months ago, the report found that Internet freedom declined for the 14th year in a row. So we’re really facing dire circumstances.
On a fragmented Internet, people have limited access to information from foreign sources, which is especially critical in closed spaces. And just to provide a concrete example, Wikipedia, the free encyclopedia that we all know and love and is run by the nonprofit Wikimedia, they cannot afford to comply with data localization laws because they require setting up expensive data collection and storage facilities. So if Wikipedia can’t operate, people's right to information is essentially undermined because they cannot access this resource.
Also, on a fragmented Internet, people may struggle to connect with loved ones abroad and may face barriers to organising online with communities around the world. For example, in Uzbekistan, due to Skype and Twitter’s non‑compliance with the data localization law, authorities temporarily blocked these and other popular platforms, and this severely limited people’s ability to communicate and access information.
And I will stop there.
Thank you.
>> NERMINE EL SAADANY: Thank you so much, Jen, and thank you so much for accepting our invitation, while it’s very early at your end. We much appreciate it.
I would refer now to my panelists on my right, Sabhanaz Rashid Diya, CIGI Senior Fellow and the Founder of the Tech Global Institute.
We have been listening, Diya, a lot about data localization and how this can impact free trade and cross‑border data and so on, and I would like to listen to your views on that regard, please.
Thank you.
>> SABHANAZ RASHID DIYA: Thank you, Nermine, and it’s very good to be here with a number of experts, both on‑site and online.
So I am Sabhanaz Rashid Diya, and I’m a Senior Fellow at the Center for International Governance Innovation, which is a thinktank out of Canada, as well as I am part of the Tech Global Institute, and we primarily work with global majority countries around technology policy issues.
I think I just wanted to build on what my last speaker said around data localization laws kind of cropping up across the world, particularly in authoritarian regimes and the challenges around it.
But I think if you can kind of take a step back and really start kind of questioning or interrogating how this really came about beyond some of the trade agreements, in the sense that I think there’s been a perpetual conflation of concepts such as sovereignty and cross‑border data flows and kind of treating it as a binary framework in terms of, you know, if there’s data flows happening, then a country’s sovereignty is being questioned.
Similarly, there’s also a conflation of ideas between cybersecurity and cross‑border data flows in the sense that, you know, if a country wants to have a more cyber‑resilient ecosystem, then they’re better off having local localized data centers or local data storage mandates in order to be able to protect their people in a more meaningful way.
And I think these sort of frameworks, and we oftentimes, you know, don’t want to kind of indulge too much in analogies, but these sort of binary frameworks have really fueled a lot of frustrations and misconceptions and interpretations among governments around the world, where they are more and more inclined towards data localization mandates. And we’re seeing increasingly these sort of laws being cropping up around the world, but particularly in global majority countries, which already have resource constraints, and many of these countries where there’s very serious concerns around speech, privacy, and people’s civil rights.
If I could just build on that a bit more further, I think, you know ‑‑ and I think Farzaneh is going to talk a little more about the role of civil society in terms of how we've been divided since 2017, building on what Mahroz said in terms of what kind of that looks like.
But, you know, civil society in the global majority really understand that the intent behind it is kind of what Jen has alluded to in terms of that law enforcement wants increasingly access to personal data to be able to control population and to be able to, you know, infringe upon their speech rights.
And with the expansion of transnational private sector, that need has become even more greater, and they feel the only way to kind of access the data is by having these mandated local data storage provisions.
I think the other way we have seen it also come up is, you know, oftentimes there’s also frustrations among law enforcement domestically in terms of just genuine crimes and the very complex process they have to go through with, you know, with MLATs and other kinds of data‑sharing agreements with other countries, and that complex process has really also made it difficult for them to access user data.
So there’s a number of other sort of, I would say, equities at play, both political and national security equities at play, that have led to this proliferation of data localization laws across the world. Some of these are genuine challenges and some of these are more political challenges or there’s a need to control. But I think it is important to be able to place the expansion of data localization mandates within this political context in order to better understand why it’s happening in the first place.
In other areas we've seen it really kind of come up is within bilateral and multilateral funding instruments. And we've seen areas where, for example, there is a need to push towards more increased cybersecurity measures, and many countries interpret that as local data storage measures because the way they can ensure cybersecurity, in their minds, is by having local data storage measures.
So we have seen this come up in many of the debt conditionalities from the World Bank and the IMF groups. We have seen it come up in some of the bilateral aid functions, as well, in terms of where we see a lot of push toward a lot of conflation between cybersecurity and localization mandates, particularly in the global majority.
I can also ‑‑ I think if you have a second round to where we’re going to talk about where we see opportunities with the multilateral instruments as well, but I just want to give a bit more background in terms of where we are seeing it coming up, why it’s coming up, and on the various equities at play that has led to this happening.
And of course, with the US kind of backing down on their position on cross‑border data flows, it has, I would say, exacerbated these tensions even more because now in the absence of an internationally legally binding agreement around cross‑border data flows and the various existing and new challenges around technology, data transfer, cybersecurity and online safety, we’re left in a limbo where civil society and communities within the global majority are stuck with these data localization laws that have made it extremely difficult for them to express themselves, protect their privacies, and exercise their civic rights.
Thank you.
>> NERMINE EL SAADANY: Thank you so much, Diya.
And I’m sure that we will have some questions from the floor to continue our discussion, as well.
But let me refer to last but not least, our online panelist Farzaneh Badiei, Ph.D., Founder, Digital Medusa.
And Farzaneh, you will speak and reflect on the digital sovereignty and will continue with the threats on technical community and the ability of countries to develop data governance policies. Farzaneh.
>> FARZANEH BADIEI: Thank you, Nermine. And thank you for the invitation.
Just for those who don’t know, I have been working on Internet‑related issues and governance and infrastructure for over a decade, and I started Digital Medusa to protect and defend the Internet. It’s very similar to the Internet Society’s mission, but I think we need multiple organisations to actually do that in such a juncture.
So this kind of like advocacy against free trade and digital free trade, we saw that happening around 2014 when there was this TPP trade negotiations were going on. And there were several civil society organisations and individual scholars that believe that free trade, a digital free trade, it actually hampers that digital sovereignty and privacy of people because Nation States cannot come up with their own data protection laws. And also labour, there were a few labour unions that believe that because of this digital free trade agreement, the labour rights were not being protected, especially in the Global South. And the conversation was ongoing and since. Well, digital trade, like free trade and digital trade has been like a topic of conversation for 20 years, as Mahroz also mentioned. More than 20 years. Twenty‑five years.
So, but as Trump got elected in 2017, he wanted to renegotiate NAFTA and kind of created this chaos that everybody got worried that we might actually lose this protection for cross‑border data flow. And one of the things that was very interesting was that so we gathered together, civil society gathered together. Like we issued statements on how cross‑border data flow is very important for protecting human rights, but also defending and protecting the global cross‑border data flow.
And so for a few years, it was okay, but then there was this surge of digital sovereignty brewing among many Nation States. And they believe that they can assert their sovereignty by localizing data, and usually going after or going against the principles that made the Internet happen, which is like global cross‑border data flow with no discrimination.
And so, and to our surprise, in 2022, we saw another surge of advocates that advocated, that told USTR in its consultations, that free trade agreements, especially when it comes to digital issues and like big tech, it’s always like there’s also this surge towards like attacking big tech, for good reasons, but here I will explain why we went the wrong path. So they advocated for not having digital free trade clauses in different trade agreements because of the labour rights, because they believe that data protection cannot happen if there are these free agreements.
And also, there was also a copyright issue that they thought that these advocates thought that the free trade agreement can actually take away. Like they wanted stronger intellectual property, which is very much like has been hampering cross‑border data flow and fair use for a long time.
So anyway, we saw they successfully, in a way, managed to convince USTR to backpedal the clause that is very important for cross‑border data flow. I think the reason for being successful was, first of all, this urge that they wanted to fight with big tech and that they did not understand the implications of this work on Internet infrastructure and global connectivity; that you are not only hampering big tech’s operation, but you’re also hampering the operation of the network operator that is a small network operator that needs to rely on foreign services to provide connectivity.
Also, there was this misconception that data protection laws cannot happen if you have a free trade clause, which I don’t know why this misconception keeps happening. I don’t want to deny it, but I haven’t seen enough evidence about it.
And also, of course, there's the talk about digital sovereignty and all the Nation States want to, one way or another, to assert their digital sovereignty. And most of the time, that is not to protect their citizens, but it’s to protect their power and control.
And now, we are in this mess. (laughs)
So now I’m going to discuss ‑‑ yes, sorry, by USTR, I mean US Trade Representative.
And so in the next segment, I’m going to discuss a little bit how, on a granular level, not having free trade agreements that facilitate cross‑border data flow can actually have an impact on network operators, which we have kind of overlooked because the focus has been always on how to get big tech to be more accountable. And we have not looked at what sort of effect our advocacy will have on these network operators.
Thank you.
>> NERMINE EL SAADANY: Thank you so much, Farzaneh.
And here comes the time where we open the floor for discussion. I have with me, as well, my colleague John Morris online to help with the chat questions that we received, and as well Israel Mose is here on the ground to help with the questions from the floor.
So, John, do we have any questions over the chat, please?
>> JOHN MORRIS: We don’t yet. But please, for the folks online, please post your questions and we’ll come to you.
>> NERMINE EL SAADANY: And I encourage, as well.
Yes, please?
>> MORITZ TAYLOR: Hello. I hope you can hear me. My name is Moritz Taylor. I’m a Senior Project Manager at the Council of Europe. I work for the Secretariat of Convention 108 and Convention 108+, which is the Council of Europe’s data protection convention. It’s based on human rights, democracy, rule of law. And it’s the oldest convention in this field, and now has updated some time ago.
One of the important aspects of it is that it does have the principle of free cross‑border data flows as part of it. And I see here, now twice I think I've heard it, states struggling to come up with their own laws. We’re here to help with these kinds of things, if people agree with the Council of Europe’s approach, of course. I mean, if they don’t, then that’s their deal. But there are two conventions I can think of that are relevant here: The Budapest Convention, which is a convention against cybercrime, global convention, anyone can join it; and Convention 108.
Perhaps the panelists have some thoughts on this, because it is also part of a kind of a regional fragmentation. I had a lightning talk on Sunday about standardizing definitions in data transfers. I think it’s one of the ways of getting there, because increased data flow actually, logically, at least in my mind, reduce the need for data localization. If there are agreements for law enforcement, et cetera, to access data across borders, then there’s no need for them to shut themselves off from the rest of the world. That’s all.
Thank you.
>> NERMINE EL SAADANY: Thank you so much for your question.
Diya, maybe you can reflect, if you’d like.
>> SABHANAZ RASHID DIYA: I’ll have to reflect very briefly on that, unless my speakers online would also like to chime in.
I think I completely agree in terms of the Convention 108 and the Budapest Convention providing very useful frameworks for that.
But I think to your point about why are not more nation‑states approaching for help, I think there is a fundamental, a couple of underlying, I would say, values misalignment.
But more important than that, I think there’s also political misalignment in terms of especially within the Global South. I think Farzaneh very eloquently explained the history of the genesis of it, and particularly within Global South communities, Global South governments, and this urge to fight big tech. But I think there’s also an urge to fight Westphalia, and there’s an urge to fight Global North hegemony.
And I think in many ways, even if the Budapest Convention is there, it is universal, anybody can join it, I think those kinds of political tensions, geopolitical strifes, have led to countries less willing to approach those for help and rather go for their own data localization provisions, even if they’re imperfect.
And yes, countries do struggle to come up with a data protection regime that makes sense. And I think you really got to the crux of it in terms of really having standardization of definitions, standardization of transfer clauses, what enables a transfer versus what does not enable a transfer, what are the conditions for access to data, and how do we really build a comprehensive human rights framework and due diligence across the transfer pipeline and across the data sharing pipeline.
But I think there continues to be those kinds of sort of values misalignment, political misalignment, that leads to it.
And I think that’s also the reason why we see the UN Cybercrime Convention Treaty also come up, because of the fundamental values misalignment in that space.
But, yeah, happy to kind of take this offline, but those are some of my initial comments.
>> NERMINE EL SAADANY: Thank you so much, Diya. Thank you.
Anyone else from our panelists would like to reflect on that before we refer to the second speaker, our second question?
Yes, sure. I think you need to open the mic.
>> MAHROZ KHAN: Hello? Great.
Thank you so much for actually mentioning those conventions. I’m well aware of the Budapest Convention, not the other. So you see, there needs to be this technical exchange of information that needs to happen there.
Specifically, there are actually regional approaches, but when it goes to international, countries are stopped. Actually, our previous speaker Ms. Farzaneh actually mentioned about CPTPP. Then we also have the new ambitious trade protocol of the African Union.
I know about CPTPP, they're advising a chapter on digital trade. What I heard from negotiators, they'll be moving towards more restrictive approach there.
So for any decision to be made we need the evidence. I think the most important, what I want to say here, is that for policymakers they need to make informed decisions. And I think the negotiators jump directly towards legalizing their understanding, and I think we miss the steps of learning what would be the impact. And I think many developed countries do it, but not developing countries, so then they are uncertain. Okay, what would be the impact if I enter into international legally binding contract? Why it’s happening at WTO, that goes against, again, why the reason the WTO was able to be created, the original idea from 1947, did not crystallize until 1996? But because of injection of intellectual property policy area into this space. And why that space? Because that provides a legally enforceable mechanism. It provides that platform. That’s why it has been negotiated there.
And just to reference what US position was originally for cross‑border data flows, the text was, no party shall prohibit or restrict cross‑border transfer of information, including personal information, by electronic means if this is for trade.
So I think we need to move towards informed policy decisions, and we need to learn on these fronts.
>> NERMINE EL SAADANY: Thank you so much.
I think we have a question here.
Yes, please.
>> DANA KRAMER: Hello. My name is Dana Kramer, representing my NRI, both Youth and National for Canada.
I was wondering about, like, there are a lot of tariff threats right now that are occurring out of the United States, and we don’t know whether or not these threats will materialize. And I’m from Canada, so we’re quite sensitive to it at the moment.
And I was curious about, does the panel think that we might see increased threats for tariffs on digital services, for instance, as a mechanism to fight back against some of these US‑imposed tariffs, because they do have so many technology companies that have global reach? Or would that be a misalignment of understanding some of your arguments today?
Thank you.
>> NERMINE EL SAADANY: Thank you so much.
Natalie, do you have a reflection on that? Go ahead. >> NATALIE CAMPBELL: Sure, thanks. Hi, Dana. I’m also from Canada, and I've also been paying attention to those suggestions recently about tariffs.
I do think that the suggestion of imposing tariffs is one thing when we’re talking about bringing commodities from one country to another. The fact that that has translated to the idea of electronic transmissions is really problematic because the Internet has no borders. So that’s where my concerns would be.
And we have seen these conversations happening, as Mahroz mentioned, at the World Trade organisation. The fact that some countries would like to see tariffs on electronic transmissions, that would be a source of revenue for some of these countries. I think that’s how they’re looking at it.
And so I do think it is important, as we raise awareness about these threats, that that is something that is highlighted. Cross‑border data flows, that’s not a commodity. The Internet’s not a commodity. We can’t regulate the Internet like a commodity. Open data flows and electronic transmissions, these are needed for the Internet to exist in the first place. And the minute that you put any kind of barrier to access, whether it’s a tariff or a regulation restricting what we can share online and what moves across borders, that becomes a problem for the Internet. That becomes a problem for all of us here relying on the Internet to be able to connect with one another. And essentially, what it’s doing is placing national borders online and making the Internet not seamless, making it complex.
So I do think that’s a really good question and underlines the importance of hopefully some of the solutions that we can brainstorm in the next portion of this event on how can we get that message across. How can we help governments and folks involved in trade initiatives? How can we help them understand that we can’t be considering these things if we want the Internet, which digital trade needs to be successful in the first place? We want that to continue to exist.
>> NERMINE EL SAADANY: Thank you so much, Natalie.
I think if we don’t have further questions from the floor, either online or on site, maybe we can start our second part, because this will be another interesting segment of our discussion today, as we will be tackling very important questions. How can we help? How can we collaborate with our different hats to stop trade policy changes that can hinder the Internet?
In this part, I would actually pose a question, and I will refer to my panelists to reflect on that questions with their own hats and their own expertise.
So our first question in that sense will be, how can we steer countries towards data governance approaches that address privacy security concerns while protecting the open, globally connected, secure, and trustworthy Internet?
And if I can put you, Jennifer, to be our first reflector on that? Jen?
>> JENNIFER BRODY: Yes. Happy to jump in. Thank you for the question. So yes, we know that, as has been discussed, to protect cybersecurity, right, to enhance data sovereignty, as folks like to call it, data localization laws are often implemented. You know, often ‑‑ not always, but sometimes, arguably, right, with good intentions.
But if we don’t have strong laws in place, like comprehensive data protection laws that are human rights centric, more often than not they result in, you know, extremely harmful surveillance that undermines many, many human rights.
And just on this topic, I wanted to share there’s an academic scholar, Anupam Chander. He wrote an excellent piece called Data Nationalism that essentially debunks the arguments that, you know, data localization helps enhance cybersecurity and protect citizens. I just dropped that article there if anyone is interested.
So anyway, I would love to, you know, hear from folks in the room. How do we encourage companies or countries around the world, rather than, you know, localizing data, pursuing alternative mechanisms, you know, to allegedly protect their people?
At Freedom House, we’re very strong advocates of comprehensive data protection laws.
So I would love to kind of open it up to the floor to see, to see what folks think.
And then, before I do that, I’ll also share one other Freedom House resource. I wanted to develop something shorter and pithier for this. We didn't have the bandwidth at the organisation, but it's just another great resource for this group. My colleague some years ago, before I started at Freedom House, actually, wrote a fantastic report called User Privacy or Cyber Sovereignty. So essentially unpacking many data localization laws around the world and walking through their impacts on human rights from the freedom of expression, right to assembly, association assembly, which could also serve as a good resource in local advocacy.
So I will stop there.
>> NERMINE EL SAADANY: Thanks a million, Jen.
And I’m not sure if you’d like to maybe interact. So if you have any reflections on what Jen has already mentioned, we can pause and take some questions.
And if not, maybe we can continue to our next reflection on my question, and then we can go back to you and hear your views, as well.
So maybe Farzaneh, you can reflect on the question, if I may ask you? Yes, go ahead.
>> FARZANEH BADIEI: Oh, sorry. So is this like about my prompt?
>> NERMINE EL SAADANY: Yes, it is. (laughs)
>> FARZANEH BADIEI: Yeah, all right, great. So I just, I don’t want to blabber on, so I just want to see the wording on that framework.
So one of the things that I see is being the problem and this is why we’re not agreeing on a lot of things among ourselves and in policymaking is that we have not really nailed down all the impact, adverse impact, of blocking cross‑border data flow. I mean we have worked on it, but we have to show how that network operator that lives on a small island and uses the infrastructure, the data infrastructure that is not on that island, how data operation can be affected and how it hampers the meaningful connectivity for their users.
And when I was talking to different network operators, especially people from those operators from those islands told me that this could raise an important risk for their operations.
So I think that also there’s another example of this is a trade barrier, but when we say that, when we kind of do not liberate cross‑border data flow, then we’re talking about restrictions on data flow for DNS, like Domain Name System Resolvers, which is one of the critical parts of the Internet. Today, all of us have used DNS resolvers to connect. These trade barriers, they could also create some ambiguity of whether I can provide my DNS resolver services to other nations and other people. And then people in countries that need access to DNS resolvers that operate and is stable and functional, then they might not be able to use it.
I think that these case studies should be brought up more, and we need to really assess the impact. Internet Society has a really great Internet impact assessment tool that we can use and measure the impact of these trade agreements that do not facilitate cross‑border data flow anymore on access to the Internet and global cross‑border data flow.
So this is my suggestion because, you know, I don’t really care whether we protect the Internet by trade agreements or anything else. What we care about is to keep the Internet global and interconnected and facilitate data flow. Trade agreements, until now, have been the critical mechanism that facilitated this. So it is not that we are being like free trade advocates. It’s just that it’s one of the main tools that have allowed us to bring the Internet to everyone. So if they have other solutions, if there are other solutions, then I’m all ears.
But also, we need to address concerns that we kept talking about, like data protection. I think Council of Europe's suggestion is very relevant. We need to standardize our practices, our security practices, our privacy practices globally, so that communities don’t feel left behind and just go against cross‑border data flow to solve their issues. So I just wanted to put that out there.
I think that these are like some of the suggestions that I've been thinking about. I think we need more interaction with network operators, especially from the Global South with people who provide critical infrastructure and see how we can also address the concerns that are raised by the labour unions and others that how we can actually solve those problems without affecting cross‑border data flow.
>> NERMINE EL SAADANY: Thank you so much. That’s much appreciated.
And Natalia, I think it might be within the context that you shed some light on the toolkit and maybe you can give us some examples as well about how this works.
>> NATALIE CAMPBELL: Sure, thank you, Nermine.
So I mentioned it before, but one of the ways that the Internet Society works with governments to help them understand how to support the Internet and mitigate harm of unintended consequences when they’re going about regulation is we help them use our Internet Impact Assessment Toolkit, which Farzaneh just mentioned.
And what this does is it helps governments and anyone who uses the toolkit to understand what the Internet needs to exist in the first place. It lays out a framework of not only what do we need to think about when we want to make sure that we’re protecting the Internet’s foundation, things like data flows that are critical to it existing in the first place, but also what should we think through when we’re developing policy to ensure that we’re working towards an Internet that is open, globally connected, secure, and trustworthy.
So we make ourselves available to work with governments who want advice on whether they’re headed in a direction that supports the Internet, and to think through the different aspects of the framework, which has helped us mitigate a lot of negative impact to the Internet proactively in many countries around the world.
But what's the value of this toolkit is that when we mentioned before about governments thinking about things like mandated localization or data flow restrictions, they often have a mindset for privacy and security. What our toolkit does, it helps countries understand how that’s a myth.
And I can give a really concrete example. I recently had the opportunity to travel to Oman for this very reason, doing a workshop about our toolkit with some government departments there. I was a little bit surprised when I arrived, you know, in trying to get to the hotel and curious about why a company like Uber wasn't in a country. And I came to understand that the transportation department has data localization laws, meaning that personal information has to be stored within a country of Oman. But at the same time, there’s another rule in a country that any service or person in a country needs a license to use things like encryption, which we know is a foundation of security online into protecting our data and keeping it private and secure.
So I thought to myself, well, this is a really interesting example of how countries who might be thinking about things like mandated data localization as privacy and security‑enhancing is actually a myth. Because if I’m a company such as Uber, am I really going to want to expand my services in a country where I can’t use encryption to secure any kind of personal data at all? That has to be stored within a country? And the risks of not only exposing personal data to whoever might want access, not just the government, but without encryption anyone who wants access could get access.
That was a very clear, I guess, way to help folks locally understand how, often, when we’re talking about these issues in the name of privacy and security, it’s actually counterintuitive and not helping us get closer to that direction at all.
So that’s the value of tools like our toolkit, and one way that I think that is useful to think about when we’re talking about how do we steer countries in a direction that supports the Internet.
If trade initiatives were to also think about how to make use of these tools, I think it could also be a valuable way to help folks understand how do we go about initiatives, and even just the value of the Internet to digital trade in the first place.
>> NERMINE EL SAADANY: Thank you so much.
Mahroz, can you reflect? And can we take the last comment from your side on that question so that can we move to the other one.
>> MAHROZ KHAN: Definitely. Thank you so much again.
And I totally agree with the references made by the earlier speakers, Ms. Farzaneh and Ms. Natalie. So we need to know where we stand before we make our decision. I would state that again. First on the regulatory side, and secondly the governments need to talk to the businesses about how it is going to impact them. The fact that we are importing any goods, importing any services, there is a reason for that because it is better service, it is better good, it has a price competitive advantage. So once we put tariffs or new regulatory barriers to external goods and services, it also impacts our own consumers.
And looking at the impact that the previous US tariffs threat had on their own development of industry, we have a great example there. What happened with the steel industry? Has it developed? Is it good for the local consumers? No.
And one of the earlier questions made is, are the new tariff threats real? They are very real. They are not just used in the debate of the digital economy. They are used for other purposes, as well. For example, the tariffs threat posed by the United States, when the European Union announced its digital services taxation in the earlier Trump term.
And so moving back from tariff threats to actually what can be done. So the governments need to actually do their regulatory assessment. They need to talk to business in an organised way. And here, the role of international organisations and societies need to help the governments, specifically because of the reasons because I find bureaucrats do not have that much benefit in doing more work than what they are actually mandated to do.
The next step would be so a country needs to look internally, talk to their private sector in an organised way, where it can be actually monitored. For a given sector, this policy position will have this impact. For another sector, this will be the impact.
And then, move towards actually co‑operation amongst other countries, because a country on its own is not sufficient. As Ms. Natalie actually gave the example of Oman, I had a similar experience there two weeks ago. And another example was shared about Rwanda, the data localization in Rwanda. And there we have another project on how we can actually increase investments in the digital space of Rwanda. And there, from the evidence we found, well, they have to loosen out their data localization requirement. And what we know right now is actually the government, after having seen the evidence, they need to attract investors. They need to attract big tech for the betterment of their economy. So now they’re rethinking, okay, how can we actually adjust those rules? So with better informed policymaking decisions and with the help of international organisations and the society, we can actually move towards that transition.
>> NERMINE EL SAADANY: Thank you so much, Mahroz.
If we have any reflections, as well, from the floor, that would be the time that we can maybe open the floor for some discussions and reflections.
Online, Moritz, do we have any?
>> MORITZ TAYLOR: No questions have come up online.
>> NERMINE EL SAADANY: Okay. So maybe we can move to our second prompt or the second question, and I can pose the question here as, how can the participants actually work on these issues in their own countries or organisations?
So, Diya, maybe you can start.
>> SABHANAZ RASHID DIYA: Definitely, thank you.
I think many of the strategies were alluded to by my previous speakers, but I think one of the things that, and I think it’s also quite central to the IGF, but generally even this particular conversation, is the role of having diverse voices in this conversation. Right?
So Farzaneh talked about small network operators within the global majority. If I look around the room or even outside, there aren't as many network operators even present here, but we’re having these conversations here. And even in the WTO and many of the negotiations, we don’t see that voice or that perspective.
Similarly, small business owners, small business enterprises, who again rely on open cross‑border data flows to be able to conduct the business, they’re also not represented.
So I think there is a very serious role in which we have to think about the decision‑making around whether we want to support cross‑border data flow or not, what is the localization mandate, the stakeholders, whether it’s consumers, whether it’s network operators, whether it is small business owners, whether it’s civil society, whether it’s a technical community. I think these stakeholders are often missing from these conversations, and it becomes very much limited or very narrowly focused.
I think the other thing that I think Mahroz alluded to was this debate between the digital community and the trade community, but I would actually expand the debates even within the digital community and even within the trade communities around these various issues, but also, again, the broader connectivity community has also been kind of excluded from any of this.
I think, again, given the interconnectedness that we live in, I would say there’s a real need in terms of, one, involving not just more diverse stakeholders within national boundaries, but also internationally, having other stakeholders in place and kind of engaging them, because so much of the technologies are interconnected. So much of the trades are about sort of the cross‑border piece.
And I think there’s new challenges and new dichotomies at play that mandate a much broader conversation.
So that’s one.
I think the second is in terms of where we see how sort of participants here can contribute. I think Farzaneh kind of, and also Mahroz sort of got into it, in the sense that we really have to be very clear about exactly what we’re asking for and what the clear messagings are. Because there’s so many different kinds of equities at play and because there are so many different kinds of messaging around it, I think that makes the conversation even more challenging to navigate. So really asking, you know, what specific aspects of trade, what specific aspects of interconnectivity, what specific aspects of cross‑border data flows, how do we want it, what the impacts are.
And I think there’s some really important work that has been done by researchers in the past that really talks about some of the impact. But really crystallizing what the asks are and what the impact is, is really, really important to move this conversation forward. Because otherwise, it becomes either too heavily focused on trade or too heavily focused on Internet sovereignty or digital sovereignty. And I think that does a disservice to, I think, both sides of the aisle.
And the last piece I was going to say is just reference to some research. I think Nigel Cory. I remember when we were looking into the data localization mandates in Vietnam and Pakistan and some of it in Bangladesh, which is my country, you know, a lot of the work that was done at the time we were looking, we were trying to find research that would help us understand what really is the impact of data localization and what really is the impact of that on businesses and on network operators. And, you know, lo and behold, there really wasn't any research available at the time for global majority countries. Nobody could crystallize the exact GDP impact, the exact trade impact, the exact sort of purchasing power impact that these kinds of agreements and these kinds of moves would have. And we had to end up commissioning that kind of research to come up.
So in the absence of data and research that actually can inform policy decisions, again, we go back into these binary dichotomies, binary debates, these values misalignment, without any concrete data to actually back any of the policy decisions.
So I think there’s a real necessity for evidence in this space. It is a longstanding debate, but the way the debate has evolved recently is very much on, I would say, perceptions and misconceptions versus actual hard data pointing in very specific directions.
And I think there’s a very important contribution from participants here, but also across the various communities that I've mentioned in terms of driving that data collection and evidence‑gathering to inform decisions.
>> NERMINE EL SAADANY: Thank you so much. Thank you. Maybe I can refer to you again, Mahroz, for quick reflections and as well maybe final comments, and then we will move to the other panelists, as well, as we are wrapping our session.
>> MAHROZ KHAN: Hello. Yes, great. Thank you so much again, and I would actually quickly sum up because I have actually talked a lot in this conversation today. So again, this is what is the next way forward? Actually collecting the right evidence. And just to share, you shared another example, and okay, what is digital trade? The data on this does not exist. WTO, World Bank, IMF, they have collated together, and right now they are assessing the methodologies. So a lot of work needs to be done there in that dimension to actually really see what is the impact of this.
And secondly, what is the main agenda? What should be the main agenda of like all these different spheres? I would say sustainable development. And there, we cannot just have free trade agenda. We cannot just have just for the sake of open Internet.
Open Internet is good for the society. It is good for the consumers. It is good for the producers. It provides economic opportunities. But on the other hand, we also have to be careful about environment. We have to be actually thinking holistically.
And I would say a lot of work needs to be done at the evidence level, and here the role of technical agencies is to actually prepare those kind of tools, those kind of actually methods that could actually help the governments. For example, as you mentioned, Internet Society’s toolkit that I think could be a really good tool. And then the main agenda is the final destination for sustainable economic development.
I don’t think I have anything else to add here.
Thank you. Thank you so much.
>> NERMINE EL SAADANY: May I go back to our online panelists, and maybe Farzaneh, you would like to reflect on, as well, maybe final comments from your side, please?
>> FARZANEH BADIEI: Yeah. So actually, Professor Mueller just told me that he’s in the room. And in 2017 at Internet Governance Project at Georgia Tech, we started working on digital free trade issues, and we also came up with a special issue on digital trade, and we wanted to raise awareness about the importance of the issue. But at the time, we couldn't believe that the U.S. government would backpedal from the cross‑border data flow. But we did raise concerns because, as I mentioned, there were like renegotiations of free trade agreements.
And so all I’m saying is that we need to see what has been done in the past, what sort of academic work has been done in the past, what sort of advocacy has been done in the past, and gather those documents and work that has been done, especially in academia and civil society organisations. And so not to start anew, but also see what sort of new issues have been raised so that we can tackle them.
But as I said, we are here to raise awareness and we are here to defend and protect the free global Internet. And if like, well, one of the main ways to do that was to have the free digital trade clause in these free trade agreements.
And we have to, in our advocacy, while we have to address the concerns of data protection and security, we should also think about alternatives to free trade agreements and see what else can facilitate cross‑border data flow, because unfortunately the enemies of the Internet are multiplying year by year, from the states, to businesses, that they want digital sovereignty. They want to fight with the big tech at the cost of free and open Internet.
And I think that a lot of it is because they don’t understand the implications of having a restricted Internet that is not connected globally. And we can learn lessons from countries that actually block their citizens from the global Internet and raise awareness.
Thank you.
>> NERMINE EL SAADANY: Thank you so much, Farzaneh.
Jen, final remarks from your side as well, please.
>> JENNIFER BRODY: Yeah, thank you.
Just quickly, I just want to pick up on something that Diya mentioned regarding the importance of the international development banks in these conversations, right? The World Bank, the regional development banks, like the Inter‑American Development Bank. We’re thinking about advocacy. We were chatting about how these actors are incredibly important to include in these conversations. And when evaluating, for example, helping a country build a national database, from what I understand, they’re lacking data protection experts, folks who know how to center human rights, and in cybersecurity policies, et cetera.
So just to flag for the global community working on these issues, that’s a target that I’m quite interested in engaging, and I think there’s a lot of potential there.
>> NERMINE EL SAADANY: Thanks, Jen.
Natalie?
>> NATALIE CAMPBELL: Thank you.
I want to highlight a point that Diya made earlier that I think is extremely important. We’re talking about digital trade initiatives, but this isn't a digital trade problem, per se. We’re talking about an existential threat to the Internet. And I think that reminding people, when we are raising awareness about this issue, that we have to lead with that. It might be difficult or even impossible for some of our audiences and different stakeholders to engage in trade initiatives, but what we can do is raise awareness with our own national decision‑makers who are part of these conversations.
Luckily, organisations like the Internet Society has over 110 chapters around the world who are helping to expand our reach in raising awareness about this existential threat to the Internet. They are a voice for the Internet, both of policymakers, but also in terms of helping to gather other local partners and stakeholders who can make our collective voice louder. Our chapters are already using things like our Internet Impact Assessment Toolkit to help decision‑makers avoid harm to the Internet on national policy, including on data governance legislation.
But what we need to do, I think, is to be talking to more folks who are involved in these trade initiatives and helping them to understand as well that we’re not just worried about an aspect of digital trade here. We’re worried about an existential threat to the Internet. That folks understand how the Internet works and why data flows aren't just a nice‑to‑have, but they are crucial if we want an Internet, I think that’s going to be increasingly important going forward. And it's something that we can all do and work throughout our own various audiences and organisations to help make sure that we’re all working together to protect the Internet.
>> NERMINE EL SAADANY: Thank you so much, Natalie.
I would ask the floor if there is any reflections before we close?
Would you like to say anything, Dr. Mueller?
>> MILTON MUELLER: Hello, everybody. I’m Milton Mueller. I’m at the Georgia Institute of Technology’s Internet Governance Project, and former colleague of Farzaneh in both ICANN and IGP.
I think the point that I haven’t heard that probably needs to be brought to your attention is the intersection of these trade issues with national security. For about 80% of the time, national security is an excuse for restricting trade, but in the context of geopolitical rivalry between the US and China it has become a very powerful excuse. I don’t know. When you have a president that imposes tariffs on Japanese and the Canadians and refuses to allow a buyout of US Steel by the Japanese on the grounds of national security, you have to wonder if he’s thinking about the Japanese and Canadians as enemies or what. But in the digital economy, the situation is extremely dire. Every form of digital service, digital product application, is now perceived as a national security threat. So it’s not just data flows. It’s the battery storage systems, the electric vehicles, because they can see things and they might be sending data back to China. Of course, we have the TikTok ban, but we have cables and telecom service licenses being taken away from people who had them because they are Chinese companies. So the political environment around digital trade has been completely blown up by the national security issue, and that means you’re dealing with slightly different dialogue and a different set of constituencies.
>> NERMINE EL SAADANY: Thank you so much, Dr. Mueller, and thank you for being here.
I think our time is out, and I would like to thank all the panelists and the audience for the valuable contribution.
I think collaboration is the key. This is my take, collaboration among all stakeholders, so that we can maintain the data flow freely, and to maintain or to shape the future of the Internet and the trade in the best possible way.
Thank you so much, and looking forward to meet you again online and off‑site.
Thank you.