Start of menu
Search US website
Close Menu
Many countries are barring the flow of citizens’ data through a series of laws and mandates that can act as a barrier to cross-border trade.

Barriers to Digital Import-Export Trade: Data ProtectionARTICLE

By Zack Andresen

Economists have shown that import-export trade has helped lift millions of people out of poverty in the last 30 years1 – and now digital trade is poised to turbocharge that effect.2 The internet-enabled digital economy could multiply the value of international trade, what with 47 percent of the world’s population now online3 and 70 percent of global e-commerce shoppers having already made a cross-border purchase by 2016 (although that falls to 28 percent for the U.S.).4

But, despite the opportunity and potential impact of digital import-export trade, companies face a number of barriers to successful cross-border business.5 Significant among them is the free-flow of data between countries.6 In an effort to ensure cyber security for citizens, many countries – the U.S. included – have enacted data protection laws aimed at policing the free-flow of data, especially when it comes to import-export trade.7

Consumers are, in fact, concerned about online privacy and data protection. In a survey of 4,000 U.S. and U.K. consumers by identity management firm Gigya, 68 percent of respondents said they don’t trust that brands handle their personal information appropriately.8 And yet, research from the United Nations and others points out that stricter data protection legislation can have a potentially negative impact on cross-border trade, particularly for small-to-medium enterprises (SMEs) – even as the list of countries embracing such legislation increases.9,10

Why Countries Enact Data Protection Laws

According to Privacy Laws & Business, an independent U.K. privacy law information service, 120 countries have now enacted data protection laws with at least thirty more countries in the process of ratification.11 Between 2015 and 2017 that number increased by 10 percent, despite concerns over the possible negative impact of restrictive data laws.12,13

One driving motivation for rising new data protection measures is a perceived loss of control over how and when personal data is collected and used by citizens the world over.14 In fact, 25 percent of North American online shoppers cite personal or financial data security concerns as a primary barrier to participating in cross-border e-commerce; 30 percent cite concerns about identity theft or fraud.15 Their concerns are not unfounded. According to LexisNexis research, E-commerce fraud increased in 2016 on both domestic and international transactions, but cross-border sales were 2.5 times more likely to fall victim to successful fraud attempts than domestic-only channels.16,17

As a result, government officials across the globe are looking to extend the reach of long-standing consumer protection laws into the new frontier of e-commerce for cross-border trade. However, the effectiveness of those laws has been called into question, particularly in light of numerous examples of disregard or deception.18 A notable example comes from the Federal Trade Commission, which brought action against 13 companies that falsely claimed to comply with the U.S.-EU Safe Harbor Framework, which allows certified-compliant companies to move customer data across borders for internationtal trade.19 The companies agreed to settle.

The EU’s reformed General Data Protection Regulation (GDPR) looks to deter such cases of non-compliance with significant fines for companies in any country that conduct business with EU citizens.20 Maximum fines can reach 4 percent of global revenue or €20 Million - whichever is higher.21 The GDPR goes into effect May 25, 2018.22

What are the Potential Negative Implications of Data Protection Laws on Global Import-Export Trade?

The World Trade Organization’s General Agreement on Trade in Services (GATS) allows for cross-border trade restrictions that enable “the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts.” However the mandate specifies that “such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services.”23

The problem is, data protection laws risk potential “unjustifiable discrimination” by creating insurmountable economic barriers to entry for developing countries. Thirty percent of countries do not have any data protection policies in place,24 and while global powers like the U.S. have had decades to shape and adhere to data security restrictions with trade partners, many developing countries struggle with understanding, modeling, and enforcing appropriate protection measures.25 The result can be damaging for companies in developing economies unable to pass appropriate legislation or absorb the initial cost of bringing their data storage policies into compliance with global mandates.26

There’s also the cost of non-compliance, particularly as it relates to the GDPR. While stricter fines conceivably benefit the consumer by pressuring global businesses to take action or else risk a hefty fee, those fees may be so exorbitant as to have a lasting financial impact. A recent survey conducted by Veritas of 900 companies across eight countries showed 21 percent feared fines for non-compliance with the GDPR could lead to layoffs and 18 percent believed the fines could be significant enough to put them out of business.27 When combined with the fact that nearly half (47 percent) of global companies fear they won’t meet qualifications28 and only 6 percent of U.S. multinational companies have completed the preparation process,29 the implications of GDPR non-compliance warrant concern.

But that’s not to say global businesses want to completely eliminate data protection laws. But businesses generally advocate for minimalist data protection measures that protect fundamental consumer rights without putting undue restriction on individual businesses in regards to compliance or surveillance.30 More restrictive measures, such as data localization laws, can be cost prohibitive;31 and extra steps in the purchase process to secure customer data can change consumers’ purchase plans.32

The Takeaway

Countries and import-export businesses face a complex struggle to provide adequate protection of citizens’ data, while at the same time eliminating barriers to cross-border trade – and not erecting new ones.

Zack Andersen - The Author

The Author

Zack Andresen

Zack Andresen is a business technology writer based in Brooklyn, NY, but currently traveling the world with his wife and son. Learn more at ZackWrites.com.

Sources

1. “Why the Global 1% and the Asian Middle Class Have Gained the Most from Globalization,” Harvard Business Review; https://hbr.org/2016/05/why-the-global-1-and-the-asian-middle-class-have-gained-the-most-from-globalization
2. “The Internet, Cross-Border Data Flows and International Trade,” Brookings Institution; https://www.brookings.edu/wp-content/uploads/2016/06/internet-data-and-trade-meltzer.pdf
3. Measuring the Information Society Report 2016, International Telecommunications Union; http://www.itu.int/en/ITU-D/Statistics/Documents/publications/misr2016/MISR2016-w4.pdf
4. PayPal Cross-Border Consumer Research 2016, PayPal; https://www.paypalobjects.com/digitalassets/c/website/marketing/global/shared/global/media-resources/documents/passport-citation.pdf
5. WTO Focus Group 1: MSME’s and E-Commerce, Final Report, September 2016, International Chamber of Commerce; https://cdn.iccwbo.org/content/uploads/sites/3/2016/09/WTO-Business-focus-Group-1-MSMEs-and-e-commerce.pdf
6. “Cross-Border Data Flows: Where Are the Barriers, and What Do They Cost?” Information Technology and Innovation Foundation; https://itif.org/publications/2017/05/01/cross-border-data-flows-where-are-barriers-and-what-do-they-cost
7. Ibid.
8. 2017 State of Consumer Privacy and Trust, Gigya; http://www.gigya.com/resource/report/2017-state-of-consumer-privacy-trust/
9. Data protection regulations and international data flows: Implications for trade and development, United Nations Conference on Trade and Development; http://unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf
10. “Global data protection privacy laws 2017: 120 national data privacy laws, including Turkey and Indonesia”, Privacy Laws & Business; https://www.privacylaws.com/Publications/special_reports/
11. Ibid.
12. Ibid.
13. “Cross-Border Data Flows: Where Are the Barriers, and What Do They Cost?” Information Technology and Innovation Foundation; https://itif.org/publications/2017/05/01/cross-border-data-flows-where-are-barriers-and-what-do-they-cost
14. Ibid.
15. PayPal Cross-Border Consumer Research 2016, PayPal; https://www.paypalobjects.com/digitalassets/c/website/marketing/global/shared/global/media-resources/documents/passport-citation.pdf
16. 2016 LexisNexis True Cost of Fraud Study, LexisNexis; http://images.solutions.lexisnexis.com/Web/LexisNexis/%7B1e0c03f9-95c3-4dc3-81aa-aa6f24260c07%7D_2016_True_Cost_of_Fraud_Report.pdf?elqTrackId=23232655253b47a3b5d8f59c9d1f5c9a&elqaid=2567&elqat=2&utm_source=Triggermail&utm_medium=email&utm_campaign=New%20Campaign&utm_term=BII%20List%20Payments%20ALL
17. “Fraud Hits International Online/Mobile Channels Even More Than Domestic-Only,” LexisNexis; http://images.solutions.lexisnexis.com/Web/LexisNexis/%7Bea06dc2b-058c-4557-a9e6-8345908dff19%7D_InternationalInfographic.pdf?elqTrackId=b78c8c472a814aeaa932d497d3209407&elqaid=2567&elqat=2&utm_source=Triggermail&utm_medium=email&utm_campaign=New%20Campaign&utm_term=BII%20List%20Payments%20ALL
18. Data protection regulations and international data flows: Implications for trade and development, United Nations Conference on Trade and Development; http://unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf
19. “Thirteen Companies Agree to Settle FTC Charges They Falsely Claimed To Comply With International Safe Harbor Framework,” Federal Trade Commission; https://www.ftc.gov/news-events/press-releases/2015/08/thirteen-companies-agree-settle-ftc-charges-they-falsely-claimed
20. State of the Industry: Information Security - North America 2017, Shred-it; https://www.shredit.com/getmedia/d2961e82-58ac-4845-8ace-cf37ba8f0997/Shred-it_State-of-the-Industry-Report-2017-NA.aspx?ext=.pdf
21. “Frequently Asked Questions about the Incoming GDPR,” General Data Protection Regulation; http://www.eugdpr.org/gdpr-faqs.html
22. “GDPR Portal: Site Overview,” General Data Protection Regulation; http://www.eugdpr.org/
23. “General Agreement on Trade in Services,” World Trade Organization; https://www.wto.org/english/docs_e/legal_e/legal_e.htm#services
24. Data protection regulations and international data flows: Implications for trade and development, United Nations Conference on Trade and Development; http://unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf
25. Ibid.
26. Ibid.
27. Veritas 2017 GDPR Report, Veritas; https://www.veritas.com/content/dam/Veritas/docs/reports/gdpr-report-en.pdf
28. Ibid.
29. “Pulse Survey: US Companies ramping up General Data Protection Regulation (GDPR) budgets,” PwC; http://www.pwc.com/us/en/increasing-it-effectiveness/publications/gdpr-readiness.html
30. Data protection regulations and international data flows: Implications for trade and development, United Nations Conference on Trade and Development; http://unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf
31. “Cross-Border Data Flows: Where Are the Barriers, and What Do They Cost?” Information Technology and Innovation Foundation; https://itif.org/publications/2017/05/01/cross-border-data-flows-where-are-barriers-and-what-do-they-cost
32. Data protection regulations and international data flows: Implications for trade and development, United Nations Conference on Trade and Development; http://unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf

Make International Payments

Back to top