Data Sovereignty
Data is central to any digital development strategy, including for e-commerce. In the digital 21st century, data holds the key to innovations, to the development of ever-more sophisticated software and algorithms, and to more efficient technologies, products and services. How to access, control, and utilise data generated within the region for its own benefit – exercising data sovereignty – is perhaps the greatest challenge, yet one that is not addressed in the Pacific E-commerce Strategy.
Many activities have parallels in the non-digital economy. The critical difference is not the digital technology itself, but the role of data and adding value to it. A major driver for adding value to data is the “network effect” – the more users on the platform and the more they interconnect with each other.
The “market” for data is opaque and unorthodox: the sources provide their data (and their exposure to advertising), usually unwittingly, as the price for using online services “for free”.
As a platform generates exponentially more data, the algorithms become more sophisticated. They may be used in-house or packaged and onsold to third parties such as advertisers and marketers, political pollsters, manufacturers or service providers.
As UNCTAD observes, most data generated in the digital ecosystem is controlled by major technology corporations from the US and China and flows to servers and digital hubs in countries of their choosing. In practice “free flow of data” is a one way data flow that deepens development asymmetries.
A recent Swiss government report observes how the data generated through the dynamic network effect is harnessed by dominant “proprietors” to squeeze out digital competitors who lack access to equivalent sources of data and opportunities to add value.
The power of data
Information and ideas have an intrinsically public quality. The UNCTAD 2021 report emphasises the tension between proprietary approaches to data and the ability to harness data for social and public purposes, and that innovative strategies are needed to address this tension. As the UNCTAD report states, “The notion of data as a “public good” may also provide an important approach for alliances of countries and development-oriented organisations to come together to support cross-border data sharing”.
Most e-commerce chapters in trade agreements exclude “information held or processed by or on behalf of a party” from the rules, including on the location and control of data; but that exclusion may not cover hybrid situations where public private data are combined.
Data collected from purely private sources can also be important to inform public policy and development decisions, but would fall outside that protection. An example is what some call the “datafication” of food production.
These risks can be mitigated when local enterprises control their data and pool it to support digital innovation and digital development. This form of digital self-determination requires access to data and locally informed software development, skills and investment, realistically operating through regional cooperatives.
Data as a public good
Data protection regimes
Data protections within a robust system of data governance are integral and indivisible aspects of a Pacific digital development strategy and its sub-set of e-commerce.
Some developing countries like India have adopted data sovereignty as a national policy that treats non-personal data that is sourced locally as a national asset to be harnessed for digital development to counter the digital divide.
The United Nations Rapporteur on the right to privacy has recognised indigenous data sovereignty and indigenous data governance as integral to the UN Declaration on the Rights of Indigenous Peoples, where data is understood as the repository of indigenous peoples’ collective spiritual essence and identity that they have a duty to protect.
All of these meanings have some resonance for Pacific Island Countries. But their goals and rules for data protection must be shaped by the Pacific’s cultural norms, customary laws, identity and social relationships. That regime needs to be developed at the same time as the digital infastructure, platforms and payment systems, not after the fact. And it must not be constrained by trade in services commitments in PACER-Plus and the WTO, or digital trade rules and trade in services in future agreements.
These risks were brought home in the report of New Zealand’s Waitangi Tribunal in late 2021. The Tribunal found the e-commerce chapter of the TPPA breached the Crown’s obligations to provide active protection to mātauranga Māori (Māori knowledge), the essence of Māori identity, control of which is guaranteed to Māori under Te Tiriti o Waitangi. The TPPA’s rules on data and source codes, especially, would constrain New Zealand’s future ability to adopt a Tiriti-based Māori data sovereignty and Māori data governance regime. Despite that finding, New Zealand has adopted similar rules in subsequent agreements.
It is unrealistic to expect Pacific Island Countries to address these challenges at a national level. While a regional approach is more feasible, and provides more scale and leverage to design a regime that is fit for purpose, it is still resource intensive, requires capital investment and training, and must respect national sovereignty. It also assumes that individual countries are not fettered by free agreement commitments or succumb to pressure from donors to adopt their preferred data governance regime. Other parts of PANG’s report looks to experiences elsewhere to identify possible alternative ways forward.