Where free flow of data going? PDS installed in Japan and a joint declaration made by Japan and EU to facilitate mutual data flows.
PDS (Personal Data Store) gives us more flexible and transparent control over our own data – using, moving, and deleting. Today, most of our “personal” data is stored and managed by various organizations including governments, IT giants, retails, hospitals, schools, etc. and we have little or no control on our data.
Discussions on PDS drew our attention around 2010 in a context that power was shifting from venders to customers/consumers. Some predicted that CRM was going to be replaced by VRM (Vender Relationship Management).
In Japan, interesting trials are underway. By 2020 foreign travelers who registered their passport data as well as personal data (e.g. allergies and contraindications) to a cloud service will be able to share their data to various service providers such as hotels and retailers. They will enjoy “tell us once” services in Japan. In Maebashi City, citizens are able to store their health data produced at multiple hospitals at a single cloud service so that they can use historical health data at anywhere. These initiatives are mentioned in a revised national growth strategy.
In parallel, rules enabling PDS are being discussed and developed by an association of leading digital companies. There was an argument that the Government should develop rules. But since technologies are evolving so fast and the Government is not fast enough to catch up there was a consensus that the private sector are to lead it.
That being said, the shift may not be happening globally in a simple manner.
EPIC 2014, a flash movie of “Googlezon” entertained us in 2000s. But reality went far beyond our imaginations. Arab spring excited some countries and scared others. “Googlezon” was replaced by a more powerful name, “GAFA” which could control not only media space but real world.
All of these created a trend that nations encourage and enforce data localization. Free flow of data is very critical to digital economy including PDS, but is in danger.
In 2016, China enacted a new cyber security law that forces companies to store not only personal data but “other important business data” (what does it mean?) in China. Other countries such as Germany, France, and Indonesia are on the same move.
In May 2018, EU will implement GDPR (General Data Protection Rules), which will address PDS as well as data localization.
ITIF, a US based technology think tank argues there is no valid rationale for data localization;
- data-localization mandates do not increase commercial privacy nor data secudrity, and
- barriers to data flow undermine firm competitiveness and economic productivity as well as innovation and access to innovative services while jobs created by localizing data center is minimal.
We need to think through these and know differences between myth and truth.
Going back to Japan, it started a dialog aiming to reach an “adequacy decision” between Japan and the European Commission concerning exchanging and protecting personal data. Today (6 July 2017) Japan and the European Commission made a joint declaration which will facilitate mutual data flows leading to the development of digital economy.
Japan is expected to play an important role to harmonize privacy and security rules especially between APEC CBPRs and EU GDPR.