Page 27 - Proceedings of the 2017 ITU Kaleidoscope

P. 27

Challenges for a data-driven society

Republic of Korea signed a Free Trade Agreement and countries shall speed up the process of data-related
provided for the rules of cross-border data flows in the legislation and accelerate the development of big data
Chapter of Electronic Commerce, agreeing that the Parties technology and industry without prejudice to data security
shall endeavor to refrain from imposing or maintaining and the data right.
unnecessary barriers to electronic information flows across
borders. In 2014 and 2016, the United States twice submitted 3.1. Promote the formulation of harmonized
electronic commerce proposals to the WTO, both mentioning international rules
free cross-border data flows.
On the other hand, after the PRISM Incident in 2013, in order
to protect personal data, prevent foreign surveillance and Almost every country has to face legal challenges arising
from big data development, and many countries and regions
safeguard national security, the EU, Russia and more and
more other countries began to tighten the restriction of cross- have already published data-related legislations. However,
due to different national interests, historical conditions and
4
border data flows and adopt their own data enactments. The
EU Data Protection Directive 1995 and the General Data other circumstances, such national data regulations tend to
vary widely and even contradict to each other. In the
Protection Regulation (GDPR) 2016 all explicitly prohibit
data transfer to a country without adequate regulations on meanwhile, international regulations which are relating to
data ownership, data exchange and other issues arising from
data privacy protection. In 2014, Russia amended the
Federal Law on Data Protection and the Federal Law on big data development are lacking. In light of varying national
regulations and the lack of unified criteria, international
Information, Information Technology and Information
Protection and established the rule of localized storage of organizations have an important role to play in formulating
uniform principles and rules to provide guidance and
Russian data, requiring that personal data of Russian citizens
must be stored at servers within the territory of Russia. reference for national legislations. For instance, in 1980, the
OECD published the Guidelines on the Protection of Privacy
In China, the general rules for the cross-border flow of data and Trans-border Flows of Personal Data , proposing eight
5
have been regulated by the Cybersecurity Law, Credit principles about personal information protection, which have
Reporting Industry Regulation and other related laws and been incorporated into many national enactments. The ITU
regulations. According to the Cybersecurity Law, personal has been concerned with big data development from the
information and important data which is made or collected perspective of the telecommunication industry, and in
during the operation of critical information infrastructure particular, it has been committed to formulating technical
must be stored in China. If it is necessary to transfer it outside criteria for big data. In 2013, the ITU published a technical
of China for business purposes, the safety assessment must observation report, titled “Big Data: Big Today, Normal
be carried out in accordance with the measures made by the Tomorrow” 6 , pointing out challenges for big data
Cyberspace Administration of China in conjunction with the development. In August 2015, ITU published the
relevant departments of the State Council. In accordance Requirements and Capabilities for Cloud Computing Based
with the Credit Reporting Industry Regulation, the credit Big Data, the first set of big data criteria. At present, given
reporting agencies must arrange, preserve and process the absence of international regulations on big data, the ITU
information collected within the territory of China. Besides, shall pay close attention to the development of big data and
data on personal finance or health information, as well as timely formulate relevant international rules, and especially,
data produced in Internet publishing and Internet rental must as the most important international organization in the area
be stored in China. of telecommunication, the ITU shall promote technological
In the future, maintaining the balance between security and and industrial development in cross-border data flows,
development and between national data sovereignty and free jurisdiction over cloud computing and other areas that
cross-border data flows will be a key issue to be resolved by require collaboration and consensus among national
the international society. authorities.

3. FUTURE ACTIONS 3.2. Maintain the balance between security and
development
In the face of legal challenges arising from big data,
countries and international organizations across the world The international society has a consensus on deepening
shall take active measures to handle them, seek lawful paths development of big data. However, due to the flow,
to resolve relevant legal obstacles and promote the overall development and usage of large amount of data, security
development of the data-driven society. Internationally, risks arising from big data aggravating. The existence of
international organizations can publish unified rules to guide mass data in itself will result in greater risks of data attacks
the formulation of national data regulations. Domestically, and leaks. Moreover, given the large amount of data, once a

4 See Chander, Anupam and Le, Uyen P. Data Nationalism [J], Emory 6 See https://www.itu.int/dms_pub/itu-
Law Journal, 2015，64(3) PP677-740. t/oth/23/01/T23010000220001PDFE.pdf, last visit in Aug 23, 2017.
5 See http://www.oecd.org/sti/ieconomy/
oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldat
a.htm last visit in Aug 23, 2017.

– 11 –

22 23 24 25 26 27 28 29 30 31 32