🖤 Donations of all sizes power our public service journalism Give Now
How countries around the world shape their data policy
Sep 25, 2023

How countries around the world shape their data policy

Gillian Diebold, an analyst with the Center for Data Innovation, explains that governments are addressing privacy in different ways while designing their policies around advancing their national interests.

It’s impossible to quantify the volume of data generated by citizens around the world. Make no mistake, though — data has become a commodity to the companies that monetize it. At the same time, governments are making laws around how to protect it, who can access it and even where to store it.

These choices are guided by how leaders think data can advance their national interests, according to Gillian Diebold at the Center for Data Innovation, who just wrote an analysis on the subject. She spoke with Marketplace’s Lily Jamali about data policies in China, the United Kingdom, the European Union, Singapore and India and how they compare.

The following is an edited transcript of their conversation.

Gillian Diebold: On one end of the spectrum would be China, and they are using data to kind of exert social control. And you know, obviously, that also includes economic nationalism and data protection and using data as an economic resource. And India is not really quite as interested, I would say, into the social control aspect, and they kind of take the more Western view of consumer privacy. And they do have different policies that protect consumer privacy, but at the same time, they also have this sort of interest in [the] nonpersonal and data as kind of a development resource. So that would be the second bucket, would kind of be the countries that are using data as a development resource. And so, you know, I would say that China kind of falls in that bucket a bit. And then Singapore is an interesting case because they do care a lot about protecting citizens’ personal data. But at the same time, they also care about business’ ability to use that data. So they’ve done a lot of work on protecting privacy, but then enabling things like anonymization of that personal data so that enterprises can kind of use it. And then the U.K. is probably a little bit removed from those. But at the same time, they’re also thinking about things like data sharing for financial services. But I wouldn’t say that they’re in kind of a development bucket, right? They’re just kind of in this, maybe the innovation bucket, we could call it, saying that they want growth, but they also do want some of these more Western digital rights, you know? And then the EU is on the farthest end in which they kind of stand alone in terms of the way they’ve currently crafted their regulations to be pretty restrictive for outsiders. And in some ways, it loops back around and the Venn diagram could also connect China and the EU in terms of sort of limiting outsider, as in, you know, not from that country or region, access to that data. They do kind of represent this spectrum and kind of illustrate just how much gray area there kind of is here and how we can’t really classify data policy as one thing or another.

Lily Jamali: Yeah, there’s so much overlap here. I mean, just looking at the U.K., you say that they are trying to boost economic competitiveness while protecting data privacy of their citizens. Those two goals can ostensibly feel like they’re at odds.

Diebold: Right, you can’t just kind of go full steam ahead on privacy, sort of like the EU is doing, and then backtrack and be like, wait, we’re not growing, we need to do X, Y and Z, you know. And so the U.K. is really trying to do a little bit more of a slower, a more balanced approach, you know, to regulation. They’ve kind of put out a few different pieces on sort of what they call a pro-innovation approach to digital technologies because I think what happens is that a lot of countries, they go full speed ahead on one side of the spectrum, right, of privacy or innovation, let’s say, although they’re not quite at odds. They kind of pick one lane to stay to. And the U.K., interestingly, and I think it’s a good thing, is really trying to drive in both lanes at once. And while that’s really hard, it’s probably the best outcome overall because it doesn’t kind of put them into a corner and kind of in terms of their commitments.

Jamali: Why did it seem like the right time to do an analysis like this, looking across the globe and understanding how different countries are using data from their citizens?

Diebold: So the G7 is led by Japan right now. And they have something called Data Free Flow With Trust. So a lot of people in the tech policy world are kind of thinking about, you know, the importance of data and data flows as a whole. And a lot of countries are enacting different things called data localization policies, you know, that kind of restrict the storage of data to an individual country. There’s been a trend of countries sort of thinking about this. And then other Western countries are sort of supporting the free flow of data. And at the same time, no one is necessarily taking a look at kind of all the different options. And then I would also say, just from my policy perspective, you know, people in U.S. Congress are pretty interested in learning from these other cases. And so this report is also kind of just meant to lay out the menu of other things that could be done and should be done, frankly, beyond just privacy. Because if there’s not, theoretically, the political will to do privacy legislation right now, there’s still other really important things that can be done in this data policy space.

Jamali: Well, it’s worth noting that you didn’t include the U.S. in your report because you say it lacks “a clear and consistent national approach to key data policy issues,” data protection topping that list of issues. Talk to me about how the U.S. is a little bit of an outlier in terms of coming up with a coherent policy here.

Diebold: Yeah, it’s really interesting. You know, we have a lot of conflicting policies a lot of the time. You know, we don’t have one comprehensive national privacy law, we instead have this sort of patchwork of states taking sort of conflicting approaches, which makes it a little bit difficult for businesses to operate and kind of be in compliance with that. And then another thing is that we do have certain so-called comprehensive strategies. There is something called the Federal Data Strategy that does exist. But then there hasn’t really been any work, and most people in the policy world, they’re just kind of waiting here for an update. We are kind of, in some ways, despite being one of the most developed nations on Earth, we really are at kind of a blank slate for data policy as a whole. And in a lot of ways even we’re kind of jumping ahead and kind of worrying about leadership on [artificial intelligence] and AI policy. And that’s really important as well, obviously. But, you know, data is the fundamental, and so we’re still kind of even lacking that. The U.S. has a lot to learn from these other countries and the policies that they’ve put forth, and hopefully, you know, eventually we can adopt some of them.

Jamali: And so maybe that’s a good note to end on. I mean, what do you think about how U.S. data policy should be shaped based on what you’ve learned?

Diebold: Yeah, I mean, I think what’s really important is to kind of try and take that two-lane approach, you know. You don’t want to only focus all your energy on privacy, especially because we kind of seem to be hitting a wall. And while again, I think it’s pretty universal at this point [that] we need comprehensive privacy legislation, we should also be working on, you know, strategies for data sharing, data flows across borders. But I think if we get bogged down in privacy, you know, we’re not leading on that, and we can’t because other countries already have the privacy legislation. So I think it would be more fruitful, frankly, to focus our efforts on these other types of policies.

More on this

You can read more of Diebold’s analysis here.

While there’s a noticeable absence of a federal consumer data strategy in the U.S., states have been crafting and passing their own data laws. They’ve mostly been focused on protecting consumer privacy.

The International Association of Privacy Professionals has a tracker of states that have passed, or proposed, data privacy legislation and when those laws take effect.

So far, 12 states have legislation specifically on consumer privacy, but most states have no such law on the books.

The future of this podcast starts with you.

Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.

As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.

Support “Marketplace Tech” in any amount today and become a partner in our mission.

The team

Daisy Palacios Senior Producer
Daniel Shin Producer
Jesús Alvarado Associate Producer