This blog is part of CGD’s Governing Data for Development project, which explores how governments can use data to support innovation, development, and inclusive growth while protecting citizens and communities against harm. Isaac Rutenberg is a member of the working group that guides the project.
Cross-border data flows increasingly take center stage in the global trade discourse, as digital trade or “e-commerce” chapters have become a regular feature in bilateral trade agreements. The COVID-19 pandemic has sharpened focus on the role of cross-border data flows by highlighting their importance for informing a coordinated global health response and the importance of accessing online services while working from home.
Because most of the global digital economy is driven by technology that is owned and controlled by companies based in rich countries, particularly the United States, data tends to flow away from developing and least developed countries rather than towards them. At the same time, these countries have imported frameworks for regulating the use of data that tend to favor technologies and the jurisdictions within which they are developed. Promoting this trend is the advent of bilateral trade agreements that include clauses that explicitly support this aim within their objectives if not the final text. These trends highlight the need to develop local capacity in developing countries for governing data and the ability of countries to pursue a regulatory environment where cross-border data flows are encouraged but balanced against the right to privacy of individuals.
The United States Kenya Free Trade Agreement, which is still under negotiation, illustrates the dynamics at play. Unlike the 2020 UK-Kenya Economic Partnership Agreement, which reserved negotiations surrounding issues related to intellectual property and the digital economy to a later date, the United States’ negotiation objectives are to influence the intellectual property, digital economy, and data protection landscape of Kenya to the benefit of US companies.
US negotiation objectives would establish a competitive advantage for US firms
The US has stated three main objectives on the issue of cross-border data flows: first, to prevent Kenya from imposing measures that restrict these flows, including by requiring the use or installation of local computing facilities; second, to promote the interoperability of data protection regimes and mechanisms to facilitate cross-border information transfers; and third, to establish rules that prevent governments from mandating the disclosure of computer source code or algorithms. Kenya’s objectives, on the other hand, focus on obtaining a “secure commitment to allow gradual regulations at facilitation of Digital trade in goods and services and cross-border data flow in line with the [Country’s] development agenda in particular contribution of this trade to economic development.”
Putting Kenya’s nascent data protection regime at risk
The local context of the ongoing trade negotiations is important. The Kenyan data protection landscape is still at a nascent stage but it is rapidly evolving, with many similarities to European-style data protection, as well as many of the same vulnerabilities. Kenya’s Data Protection Act (‘the DPA’) was enacted in 2019 and the country’s first Data Protection Commissioner was appointed at the end of 2020, notably after the US-Kenya trade negotiations had begun. The legal infrastructure that will support the DPA is yet to be operationalized and there are a number of regulations that still need to be passed.
Although still evolving, Kenya’s data protection regime does require proof of adequate data protection safeguards in the destination country as a prerequisite to cross-border data transfers. The US-Kenya Free Trade Agreement as currently drafted would undermine this requirement.
What Kenya should focus on in negotiations regarding cross-border data flows
Kenya’s Office of the Data Protection Commissioner needs to act from a position of independence. While free trade agreements are, as a rule, negotiated in secret, we hope that the relevant data protection authorities and experts in Kenya will be engaged in negotiating and concluding the agreement. Their engagement, after consulting with relevant stakeholders, would go a long way in attaining the constitutional principle of public participation. Even though data protection is a new area for Kenya, the county’s rapidly growing digital economy requires the government to remain vigilant. Moreover, Kenya’s DPA is based on the individual’s right to privacy, and any free trade agreement should ensure that this right is preserved.
Melissa Omino is the Research Manager at the Center for Intellectual Property and Information Technology Law (CIPIT), Strathmore University, Nairobi. Isaac Rutenberg is the Director of CIPIT.