2023 Global Data Flashpoints for Businesses
Businesses should watch these global data privacy, security, and policy flashpoints in 2023.
Every organization handles data, from startups and Fortune 500 companies to nonprofits, government agencies, and more. In 2023, here are just some of the global data flashpoints that businesses should watch — for both the opportunities and risks they present. Brought to you by Global Cyber Strategies.
The One-Liner
Disputes at the US-EU Trade and Technology Council, US data policy on China, India’s evolving data protection regime, and digital security questions in Eastern Europe are just some of the global data flashpoints to watch in 2023.
Disputes at the US-EU Trade and Technology Council
The One-Liner: Despite continued interest in — and great opportunity for — US-EU tech cooperation, US-EU economic disputes have put the Council’s efforts on data, standards, and other issues in difficult territory heading into 2023.
The Paragraph: The US and EU launched the Trade and Technology Council (TTC) in June 2021 to coordinate shared action on trade, economic, and technology issues, from AI and 5G standards to export controls and investment screening. Officials repeatedly emphasized the importance of “shared values” in driving tech cooperation, and the TTC was in part designed to continue Obama administration-era discussions that fell apart. While the forum has generated much productive, substantive conversation thus far, the December 5 TTC meeting was overshadowed (even if this was not said in press releases) by European discontent with the US Inflation Reduction Act’s electric vehicle subsidies. Further, Thierry Breton, the European Commissioner for Internal Market, decided to not attend the December 5 meeting — per one Politico source, because of the electric vehicle subsidies, but per others, because he was not invited to the Kennedy Center Honors.
The Flashpoint: Whether the dispute over electric vehicle subsidies has created fractures in the US-EU tech relationship — or simply exposed disagreements on economic policy and protectionism questions — there are many challenges ahead. Although the US and European Commission announced a new Trans-Atlantic Data Privacy Framework in March 2023, and the recent meeting included announcing a few data-related initiatives, US-EU political and economic disagreements could greatly shape data and technology cooperation in 2023.
US Data Policy on China
The One-Liner: The US keeps working to restrict (or attempt to restrict) Beijing’s access to sensitive US data — and 2023 will undoubtedly bring more policies, legislative proposals, and executive branch actions on US-China data entanglements.
The Paragraph: Former president Trump infamously attempted to ban TikTok and WeChat in the US in August 2020, only to have his executive action struck down in court. Nonetheless, some members of Congress are calling for a legislative branch reattempt of the ban. Broadly, there are numerous US federal proposals currently in the works to address security concerns associated with data and the Chinese government, and US government actions impacting companies in this landscape range from bills to regulatory proposals to foreign telecommunications security reviews, foreign investment security reviews, and more. Although often misunderstood in the media and in public conversation, there is also notable and important variation in how different members of Congress and other US policymakers think about the risks of US-China data entanglements — and what they propose to do about it. The more that policy in this area develops, the more these variations could emerge.
The Flashpoint: Both US government and Chinese government actions could constitute a flashpoint in this arena in 2023, one which triggers more policy actions and especially restrictions on US-China data entanglements. That includes, for instance, if the US government institutes a total ban on TikTok in the United States — and if there is another significant, publicized breach or compromise of US persons’ data by the Chinese government or an affiliate.
India’s Evolving Data Protection Regime
The One-Liner: 2023 will be a major period of evolution for India’s new data privacy bill and its efforts to champion a “fourth way” of global data governance.
The Paragraph: India is the second-most populous country on earth, the world’s largest democracy, part of the Global South, and home to a multi-billion-dollar (and rapidly growing) technology sector. Indian policymakers have discussed making India the leader of a “fourth way” of data governance globally in contrast to data governance models established in China, the European Union, and the United States. While India’s parliament withdrew its Personal Data Protection Bill in August 2022 — first released as a draft in 2018 and which, controversially, had numerous data localization provisions — it released a new bill in November. The new data bill maintains that global vision but with some major changes from the previous legislation (including a lessened focus on localization controls).
The Flashpoint: India’s parliament will likely see less pushback to this data bill — it loses many of the old, data localization provisions that drew criticism from businesses and foreign governments — but the debate is far from over. How New Delhi designs its data protection regime will impact the roughly 1.4 billion people living in India and every nonprofit, business, and government organization handling Indian citizens’ data or making policy about it.
Digital Security Questions in Eastern Europe
The One-Liner: Many Western firms have tech and data relationships in Eastern Europe — such as outsourcing software development — but Russian activity in the region poses new questions for businesses assessing their 2023 risk.
The Paragraph: The Putin regime’s all-out war on Ukraine has only made clearer the digital security risks associated with having technology and data entanglements not just in Russia but in Eastern Europe. For example, early in the war, the Belarusian military was already supporting the Russian government in the digital sphere by launching phishing campaigns against Ukrainian targets and spreading disinformation online. Moscow’s intelligence reach into countries like Poland and Hungary; the Russian government’s willingness to physically target technology company employees and contractors (including in Eastern Europe, via partner security services); and Russia’s declining, sanctions-hit economy, among other factors, have driven up the risk that the Russian government attempts to target organizations in Eastern Europe or with points of exposure in Eastern Europe, including through their digital assets, contracting relationships, and more.
The Flashpoint: The digital security risks posed by the Russian government do not stop at Russia’s borders, and terminating business engagements within Russia does not completely safeguard companies against risks in Eastern Europe. New US policy on Russian software could drive more attention to these risks and place pressure on businesses to scrutinize them — driven by such events as the US Army and the Centers for Disease Control and Prevention (CDC) pulling code from a Russian software developer that falsely advertised as American.
The List Goes On
The emerging enforcement of Vietnam’s new data localization requirements, updates to Nigeria’s draft Data Protection Bill, growing Council of the European Union attention to digital supply chain security — the list of possible data flashpoints around the world in 2023 goes on.
Subscribe for more public insights, and reach out on Global Cyber Strategies’ website for a range of custom-tailored research and advisory services.
—
© 2022 Global Cyber Strategies LLC.