German Marshall Fund convenes global task force to promote trusted data sharing

The working group will be chaired by Karen Kornbluh, former OECD Ambassador and Senior Researcher and Director of the Digital Innovation and Democracy Initiative at the German Marshall Fund of the United States, and Julie Brill, Chief Privacy Officer and Vice President of Global Regulatory Affairs at Microsoft Corp and former Commissioner of the United States Federal Trade Commission.


With the current digital transformation shaped by the advent of cloud computing, artificial intelligence and the Internet of Things, data has become global infrastructure. The responsible use and reliable flow of data across borders is now essential to the health and safety of modern society and the growth of global economies.

The German Marshall Fund of the United States, in cooperation with American University’s Tech, Law and Security program and with support from Microsoft, is convening an independent global task force comprised of experts from civil society, academia and industry. provide proposals on how to harmonize different approaches to using and sharing global data. Chaired by former Organization for Economic Cooperation and Development (OECD) Ambassador Karen Kornbluh and Microsoft Julie Brill, Chief Privacy Officer and Corporate Vice President, the objective of the Global Taskforce will be to explore common elements of existing proposals and identify viable paths towards a harmonized regime that allows data to flow in a reliable, secure and rights-protecting manner.

The seamless data flow across the world unlocks immense benefits for society. Data enables the efficiency of our supply chains, helps address the rise of cyber threats such as those we saw in the war in Ukraine, supports trade and trade, responds to natural disasters and plays a vital role in advancing scientific development, especially in data-intensive sectors like healthcare. Furthermore, data transfer contributes more to global GDP than trade in goods, and is projected reach $11 trillion by 2025.

Drawing on the global expertise of the task force members, the German Marshall Fund and the Tech, Law and Security program will develop proposals to achieve progress in three key areas:

  • Standards on Forced Government Access to Data,
  • Commercial interoperable privacy protections, and
  • Data sharing that balances national sovereignty with the need for data flow.

EThese proposals will be editorially independent and will be informed by the diverse viewpoints of working group members.

These are complex issues on which governments must lead. This project will seek to support the efforts of policy makers through independent multi-stakeholder engagement.

Guidance on Mandatory Government Access

The ability to share data across borders is crucial for the protection and security of democratic societies that are affected by massive growth in cybercrime. Businesses and governments need to share information about attacks and vulnerabilities when monitoring malicious threats. And at the same time, individuals expect and deserve to have their fundamental right to privacy protected.

On March 24, US President Joe Biden and European Commission President Ursula von der Leyen took an important step by to agree in principle to a new transatlantic data privacy framework for sharing data between the United States and the European Union. This agreement addresses concerns raised about previous frameworks by addressing both the scope and proportionality of US surveillance activities, as well as creating a more robust redress mechanism for EU citizens who believe the US government has accessed their inappropriately given.

While the transatlantic data privacy framework has yet to be incorporated into a European Commission adequacy decision and approved by EU member states, the agreement demonstrates that the US and EU can jointly create a framework that provides privacy protections and safeguards for data. crucial to the health and safety of society.

More importantly, given the Russian invasion and the war in Ukraine, it is a tangible demonstration that Western nations are embracing their common values, especially in the face of existential threats to those values ​​and the rule of law.

Yet, there remain important areas regulating the free flow of data that need to be explored by democracies around the world, including the adoption of bilateral and multilateral agreements focused on data access and law enforcement retention practices. order, and global standards for appropriate government oversight.

Interoperable commercial privacy protections

The free flow of data and cloud computing offer enormous potential for individuals, organizations and economies to drive innovation and usher in progress that can create a more equitable and prosperous future. However, to deliver on the promise of the cloud, it is necessary to address privacy concerns and to fairly distribute the benefits of data-intensive technologies like artificial intelligence and non-personal data.

The current process for determining if and how data should flow between nations is hampered by divergent privacy regimes and burgeoning rules regarding access to non-personal, commercially valuable industry data. Efforts to share data transparently are hampered by complex legal requirements that favor large companies. In addition, today’s policy makers must also develop a thorough understanding of foreign data protection laws, as well as modernize domestic laws in new areas such as automated decision making.

An example of an effort to solve this problem came with the recent announcement by the US government of a Global Forum on Cross-Border Privacy Rules (CBPR). In collaboration with other countries, including Canada, Taiwan, Japan, the Philippines, the Republic of Korea and Singapore, the objective of the CBPR Forum is to support the free flow of data by establishing an international certification system based on existing Asia-Pacific economic cooperation. Cross-Border Privacy Rules.

To help support interoperable privacy protections and facilitate a level playing field for organizations of all sizes, the The global working group will examine ways in which multilateral standards, technical data transfer tools, assessment mechanisms and other systems can incentivize policy makers to raise standards while supporting cross-border data flows.

Balancing national sovereignty with reliable data flows

Data localization the measures are multiplying as countries impose the storage and processing of data in their geographical jurisdiction. These data residency requirements have sometimes arisen out of fears that national human rights protections could be compromised if the data were subject to rules in other jurisdictions, as well as a desire to direct the flow of data. to stimulate local economic growth. In other cases, localization is a tool to facilitate local surveillance and censorship. A study found that global data location metrics quadrupled in just four years, and accumulated location metrics are expected at will cost the EU €1.3 trillion in growth by 2030. Additionally, in key developing markets, research has shown that data localization reduces GDP gains of the Internet of Things deployment by more than half.

Striking the right balance is crucial to encourage more data sharing in open and constructive ways that benefit economies around the world, while maintaining the substantial safeguards necessary to protect privacy and other fundamental rights.

As the working group develops proposals for answer complex questions about government access, commercial privacy, and national sovereigntythis project will build on the positive momentum from a range of initiatives such as the OECD guidelines for cross-border data flows and his ongoing work on government access to data; the commitments of the G7 and the G20 aroundFree data stream with confidence;» the CBPR Forum; and Paris Call for Trust and Security in Cyberspacean agreement recently endorsed by the United States and the European Union, which joined 1,200 government and private sector signatories, including Microsoft.

The Global Working Group will kick off this important work by meeting later this spring, and the project will publish independent proposals on these priority areas in spring 2023.

Comments are closed.