APCAC March 20-21 Annual Meeting in Manila Takes Up Cross-Border Data Flows and Cyber Security Concerns

The American Chambers of Commerce in the Asia Pacific Region (APCAC) gather annually to discuss common concerns and develop positions on common issues.  This year, the setting was Manila for two days, March 20 and 21, and KICIS Director Jim Foster joined a panel with GE Asia government relations executive Tom Clark focusing on cross-border data transfers.   Separately, cyber security expert and consultant Mike Mudd presented on the cyber threat in the region and how businesses can respond.

Building a New Coalition in Asia around Internet Governance

KICIS Director Foster placed the issue of cross-border data transfers in the broader context of Internet governance.   He opened with the point that the Asia-Pacific is the fastest growing region in the world and increasingly it is the Internet that is supporting this growth.   China has 600 million users and will soon have a billion.  India is not far behind.  If a defining characteristic of the Internet is scale, the center of the Internet will be Asia.   The challenge is how do we preserve diversity, competition, innovation and choice for the future of the Internet in the Asia-Pacific region?

Foster argued that there is growing awareness of this challenge, but to date regional discussions have not produced desired results despite efforts within ASEAN and APEC to forge common approaches on privacy and security.    He pointed out that, in a period when the principle of a “free and open” Internet is under considerable challenge internationally, close coordination among like-minded nations in the Asia-Pacific region on such questions as privacy, security, net neutrality and standards is essential to preserving the global Internet and its benefits.

He suggested that there is a need to build a new coalition on the future of the Internet in the Asia-Pacific region, including most prominently the US, Japan, Korea, Australia, Singapore and India – countries that are all leaders in the technology field and reflect the diversity of languages, cultures and histories that make this region unique.   Their message should be simple and clear that a market-based approach to Internet governance is necessary to preserve innovation and competition in the Internet Economy in Asia and to counter unilateral assertions of “cyber sovereignty” from China and others in and out of the region.

Data Flows and Asia Cooperation within APEC and TPP

GE’s Tom Clark begin his presentation by observing that the ability to move data across borders will determine the growth of regional financial services and the real economy over the next decade, and is a key element of the Asia region’s future global competitiveness.  Yet emerging technologies such as cloud computing have led to heightened concerns about security, ownership, and privacy.  These issues must be addressed in order for this new technology to flourish.

Clark, who is active in the APEC Business Advisory Committee (ABAC), asked how APEC can balance these concerns with the need to encourage growth in the region.   He explained that financial institutions rely heavily on gathering, processing, and analyzing customer information in order to provide financial services tailored to client needs.

For effective risk management, improved efficiency, and enhanced support of cross-border clients, data processing facilities are often operated on a regional basis through data hubs that depend on cross-border data flows.

Clark argued that the economies of scale that exist in the data hubs yield cost savings that allow firms to purchase and employ state-of-the-art technology to protect the integrity, security, and confidentiality of data. Regional data centers improve service quality and allow financial services providers to maintain consistent processes across regions and worldwide. Such centers provide an “end-to-end” view of data, improving the quality and timeliness of service.

Clark observed that there is a gap between public perceptions and operational reality in the way that business and government treat personal information. Data storage organizations are investing heavily to ensure that data is secure, including in physical and enterprise security.  He maintained that free and open cross-border data flows and new APEC privacy rules are two sides of the same coin.  The ultimate goal of the data privacy initiative is to promote data flows as part of commerce while guarding data integrity.

In this perspective, the APEC Privacy Framework recognizes the enormous potential of electronic commerce to expand business opportunities, reduce costs, increase efficiency, improve the quality of life, and facilitate the greater participation of small business in global commerce.

Similarly, the TPP agreement currently being negotiated among a number of leading Asia-Pacific nations provides an opportunity to establish cross-border data flow trade policies.   Clark noted that TPP provisions will prohibit restrictions on legitimate cross-border data flows; prohibit localization requirements; promote convergence toward international standards; improve transparency; address the legal complexities of cross-border data flows; expand trade in digital goods; and create trade agreements that can adapt as technology changes.

Cooperation on Cyber Security Also Vital

In a separate panel discussion, Mike Mudd, who is associated with Asia Policy Partners and the Open Computing Alliance, outlined the cyber challenges in Asia and the need for a regional response.  He provided important details on the recently announced US Cyber Security Framework, noting its voluntary character and its emphasis not just on detecting threats but in putting together a coherent, effective and rapid response.

Mudd underlined that security is not just about technology.  It is fundamentally about human beings.  He stressed the need for education and capacity building in responding to threats.  Mudd argued that privacy laws that overly restrict data flows harm economic growth without necessarily providing more security.   The key, he emphasized, is to build a framework of “trust” in the Asia region that protects “confidentiality,” secures systems “integrity” and most of all makes data “available.”

Next Steps

US business leaders will be journeying to Washington, D.C. this Spring to present the result of the Manila conference and to coordinate with US officials and Congressional representatives on preparations for this Fall’s APEC meeting in Beijing.  The issues of cross-border data flow, cyber security and the large concern of Internet governance are likely to be included in the recommendations coming from the Asia-Pacific US business community.

Copies of the presentations are below:

Promoting the Free Flow of Data in Asia

APCAC X Border Data March 21

APCAC X Border Data March 21 Cyber Security Mar_2014_Manila APCAC Mudd_ V1 2