Cross-border Data Flows: the Choices for Europe | Institut Montaigne

Search for a report, a publication, an expert...

Home
Europe
Cross-border Data Flows: the Choices for Europe

Authors

François Godement

François Godement

Special Advisor and Resident Senior Fellow - U.S. and Asia

François Godement is Institut Montaigne’s Special Advisor and Resident Senior Fellow – Asia and America. He is also a Nonresident Senior Fellow of the Carnegie Endowment for International Peace in Washington, D.C. and was, until the summer of 2024, an external consultant for the Policy Planning Staff of the French Ministry for Europe and Foreign Affairs

Viviana Zhu

China analyst, former Research Fellow, Institut Montaigne’s Asia Program

Viviana Zhu was Research Fellow at Institut Montaigne until January 2023. Prior to that, as Coordinator of the Asia Program of the European Council on Foreign Relations (ECFR), Viviana was responsible for event coordination, reporting, and research support.

Europe is confronted with a threat and a challenge on cross-border data flows, within a fragmenting digital world. The threat is posed by authoritarian China, seeking to assert state-access to data while maintaining connection to global data flows. The challenge is posed by the digitally predominant US, whose market lead and first-mover advantages constrain the growth of European domestic challengers. In this context, debates around European digital sovereignty have gained ground, particularly as national and European policy-makers balance competing interests of free flow efficiency and protection of their data from other state actors.

Multilateral efforts to regulate cross-border data flows have stumbled, facing questions of enforcement, mutual distrust, and systemic differences. From the EU’s GDPR, to China’s cybersecurity and data protection legislation and India’s ‘fence-sitting’, to multi-state agreements such as DEPA, governments and other actors are increasingly opting for national or at best plurilateral solutions. With case studies of China and India as well as a focus on cloud and infrastructure issues, this policy paper takes stock of a rapidly evolving international context. From the analysis of the various facets of this debate and of existing arrangements, ten lessons for regulating cross-border data flows are drawn.

In all this, what should the EU do? The strength of its common market and renowned “Brussels effect” in exporting regulatory norms are unquestionable assets. But facing this threat and challenge, Europe must go further. The EU’s steadfast commitment to data privacy sets it at odds with others, including the US, as well as challenges Europe’s objective of maintaining mutual data access with international partners. As such it must step up its domestic capabilities with a common European digital space and mobilize greater funding for innovation. Skilled education, immigration, and competition policies, avoiding overregulation, adopting our own extraterritorial instruments are all more practical than a rush to tech sovereignty.

Likewise – whether through transatlantic compromises or proposals such as that of Japan’s Data Free Flow with Trust now at the G7 – international cooperation is key. To guarantee open data flows while upholding data security and protection, policymakers must act now, with the risk otherwise of accelerating the fragmentation of the digital arena.

Download

Policy Paper
(63 pages)

Executive Summary
(5 pages)