In global data regulation, any plan beats no plan

The irony is that while the US may be a regulatory backwater, it is also home to the largest and most powerful technology companies in the world. One might imagine that Washington has devised some standards for its domestic behemoths, but this is not the case. Any prospect for action has been undermined by a combination of political paralysis, corporate capture, and an astonishing lack of congressional understanding about technology.

In the absence of any federal regulations, Washington proffers a series of patchwork measures designed more to check China than to protect American consumers. An executive order from President Joe Biden restricts the transmission of bulk data to China, Russia, Iran, Venezuela or North Korea. The House of Representatives passed a law to ban TikTok unless its Beijing-based parent, ByteDance, agrees to sell TikTok to American buyers, something the Chinese government has categorically stated it will not allow. The fate of this bill in the Senate is uncertain, but Biden has made clear he would sign the measure into law if it reaches his desk.

This piecemeal approach means companies must navigate a complex set of laws and regulations. The absence of national policies raises costs and makes planning and investing more uncertain. Smaller companies which cannot afford a bevy of lawyers and lobbyists are at a profound disadvantage. Creating a more predictable and certain regulatory environment would be in everyone’s interest. Last year, more than 2.6 billion people bought US$6.3 trillion worth of goods online. Today 54% of global trade in services, worth US$3.8 trillion, takes place digitally.

And yet, in the world’s biggest economy, there remain no federal regulations. Into this void comes the EU. Brussels may lack military might but boasts an army of lawyers, tech specialists, and assorted other expert bureaucrats who excel at developing rules that determine how business is conducted. This is known as the "Brussels effect" and it is very real.

For years, US policymakers have grumbled at the array of EU tech regulations. Beginning with the implementation of the General Data Privacy Regulation (GDPR) in 2018, EU measures have slowly but surely been growing in numbers and force. These regulations are detailed and well vetted. In the absence of international rules many see them as the de facto global standard and Brussels as the world’s regulatory epicenter.

Washington’s inaction on data regulation extends into the international space. Once the uncontested leader in promoting market opening for technology companies through negotiations at the World Trade Organization, USTR has reversed course.

In October 2023, USTR stunned WTO members, including the EU, when it dropped its support for a global agreement on cross-border data flows, restrictions on data localization, and the forced transfer of source code. Now, the other 165 WTO members must wait to negotiate rules in these areas while Washington uses its "policy space" to ponder how best to develop domestic regulation which protects consumers and ensures fair competition in data markets. These members might as well await Godot’s arrival.

On 12 February, USTR Katherine Tai defended her position and told the Council on Foreign Relations that the United States must "take steps forward" in regulating data. But no such efforts are on the horizon. The result is that efforts to draw up global data rules at the WTO have foundered. In fact, data rulemaking at the WTO is going backward.

At the Ministerial Conference in Abu Dhabi in February 2024, trade ministers agreed to scrap in two years’ time the one digital trade rule adopted by everyone – a 25-year moratorium on the application of duties to electronic commerce transmissions. By 31 March 2026, the door will open for full-scale taxation of digital trade.

Tai’s endeavors to sustain the moratorium were, at best, half-hearted. The delegation fighting hardest to preserve the moratorium was the European Union. "We were doing the heavy lifting in Abu Dhabi," said one European official. "It was a little strange to have all these guys from Silicon Valley saying ‘Go, Europe.’"

© The Hinrich Foundation. See our website Terms and conditions for our copyright and reprint policy. All statements of fact and the views, conclusions and recommendations expressed in this publication are the sole responsibility of the author(s).