A wave of digitization is sweeping aside old business models, empowering citizens by increasing government transparency and enabling not-for-profits and other organizations with social agendas to make progress on some of the biggest challenges facing humankind today.
Like the agrarian and industrial revolutions that preceded it, the data-driven Networked Economy has the potential to generate a new wave of innovation, global economic and employment growth, and international trade.
But this promise is predicated on the free flow of data/information across global networks and there is a growing awareness that these efforts could stall unless we can find a way to strike a balance between data protection, privacy and security, and address what some are calling the emerging trust deficit.
This trust deficit impacts three main groups – individual citizens, businesses and governments – and it has come to the fore now for three main reasons: Edward Snowden’s revelations about government surveillance activities, cyber attacks mounted by cyber criminals, ‘hactivists’ and state-sponsored ‘cyber spys,’ and the growing pervasiveness of the cloud and cloud-based data storage (although cloud storage is often more secure than local storage.)
Individual citizens are most concerned about data privacy, particularly in the wake of the Snowden disclosures. But public confidence in the ability of companies to protect the personal data they collect online has also been eroded by the steady drumbeat of stories about security breaches at major retailers, financial institutions and other organizations.
In both the US and Europe, the emerging ‘trust deficit’ has been highlighted by research studies that show people feel they have lost control of their private information. Companies meanwhile, worry about the theft of valuable intellectual property and about the growing costs of securing their IP and networks in the face of determined efforts by cyber criminals and others determined to steal data, or disrupt their operations.
Just as importantly, company leaders are worried that heightened concerns about privacy, data security and surveillance, will affect their reputations and their ability to do business in a digital economy lubricated by the frictionless exchange of data.
In the Networked Economy, companies depend on data analytics and the reliable and unrestricted data flow of data across national boundaries to enhance efficiencies, improve product performance and reliability, and to develop and deliver new and innovative products and services.
However the revelations about government surveillance practices have dented citizens’ and businesses’ confidence in the safe, protected flow of data, and led to calls in some European countries in particular, for the “localization” of data (restricting its transfer and storage to a particular geography.)
But given the benefits of open data flows, such restrictions would impose a high price on companies, and ultimately, consumers. In most cases, new encryption techniques provide a far more effective alternative to data localization and ensure better data security and data protection.
In some cases, governments may impose data localization requirements not to protect data but to protect domestic technology firms from foreign competition. The real danger is that such measure could launch a new era of economic protectionism, hampering economic growth and reducing GDP in Europe by up to 1.1 percent, according to one study.
So what is to be done? Europe should lead by example and establish a fully-functioning digital single market, in which data can be transferred without restrictions and that is fully open to global networks. (SAP’s vision is of a European Data Space where it should not matter in which Member State data is stored and processed.)
The digital single market should be open to non-European providers and should permit the transfer of data to third countries, provided they also implement data protection standards at least equivalent to those in the EU. In order to ensure the free flow of data across national boundaries including those in in emerging markets such as China, Brazil or India, Europe, the US and other partners also need to work towards global agreements that protect the legitimate data protection and privacy rights of citizens.
Ideally, IT providers including SAP, would be able to serve customers in Europe with just one data center. Europe would realize the significant scale economies of cloud computing and European start-ups and smaller vendors in particular, would benefit as they could grow their business faster in a harmonized market.
But realizing this vision requires action: first and foremost, data protection rules need to be harmonized in Europe (and elsewhere.) Currently in Europe, companies have to deal with 28 different national implementations of the European Data Protection Directive (and additional regional directives in some countries such as Germany and Austria because of their federal structures.)
At SAP for example, that means it can take several months to finalize a contract with European customers due to complex and divergent data protection rules. In addition, data flows within the EU are still hindered by other horizontal or sector-specific regulation and practices, for example in public services, banking or healthcare. What is needed is a thorough review of existing data localization policies and practices in the EU.
As countries on both sides of the Atlantic continue their transformation into digital economies, the envisaged Transatlantic Trade and Investment Partnership must include strong provisions that enable the free flow of data, which could serve as a template for other global agreements.
Europe and the US must sort out their differences on surveillance and data protection issues. Both sides need to clarify under what circumstances and how governments should be able to access personal data and establish transparent oversight procedures. In addition, we need to strengthen the Safe Harbor agreement that facilitates the transfer of personal data between the EU and the US. These measures are urgently needed to regain trust in the digital economy and fully unleash its potential benefits for business and citizen alike.