In today’s digital landscape, securing open, trusted data flows while protecting individual consumer data is more important than ever. Legitimate concerns about misuse of personal data present risks that cannot be ignored. By adopting thoughtful policy solutions, governments around the world can achieve both goals of ensuring the free flow of information and safeguarding individual privacy. Drawing on new research from Consumers International, this blog explores how open data flows and strong data privacy protections can coexist, fostering a trusted and innovative digital environment.
Open, trusted data flows underpin secure and efficient digital payments for the benefit of consumers, businesses, governments, financial institutions, and the broader digital economy. In today’s interconnected world, the ability to share and access data seamlessly across borders is crucial for driving economic growth and technological innovations that help secure digital payments and combat fraud.
A 2023 Institute of International Finance (IIF) report illustrates that data localization requirements and other data flow restrictions could hinder fraud mitigation in the payments industry, such as the development and deployment of AI-enabled fraud detection solutions. The report warns that data localization and other data flow restrictions could lead to less effective fraud detection systems or force states to revert to conventional detection methods that are insufficient against sophisticated fraud. According to IIF analysis, restrictive cross-border data transfer rules imposed by even a few countries could reduce fraud modeling data by 10 percent, which could lead to an additional $62 billion in losses from fraud by 2030.
Fraudsters are adept at exploiting new technologies. They use large language models (LLMs) and other types of generative AI to craft increasingly convincing phishing emails and employ voice cloning and deepfakes to access bank accounts and commit fraud. To stay ahead, banks and payments networks must continuously collaborate and modernize. While cross-border data transfer restrictions do not impede fraudsters, they can impede efforts to combat them. By easing restrictions, banks and payments networks can better innovate and outsmart fraudsters.
Open data flows help secure the payments ecosystem and provide consumers with access to global online information, markets, and resources. Variation in the global regulatory landscape – such as localization requirements – threaten these data flows, potentially creating barriers to data transfers and reducing consumer trust and engagement in the digital economy.
To prevent the misuse of personal data, open data flows should operate with adequate safeguards, especially to protect sensitive consumer information in jurisdictions with varying levels of data protection. Regulatory fragmentation across different jurisdictions can also lead to a lack of understanding about how data will be used, resulting in inconsistent experiences for consumers and undermining confidence in sharing personal information.
These risks underscore the need to develop robust regulatory frameworks to safeguard personal data as it flows across borders and clearly defined avenues to address data misuse. New research from Consumers International — "Recommendations for Interoperable & Consumer-Centric Redress in the Event of Personal Data Misuse in International Data-Transfers" — analyzes the current landscape of international personal data transfers (IPDT) and examines the options available to consumers to seek redress if their personal data is misused. Further, the report offers recommendations to diverse stakeholders on how to strengthen consumer rights to maintain and accelerate economic growth.
Examining the current IPDT landscape
Consumers International reviewed four IPDT mechanisms – adequacy decisions, standard contractual clauses, certification, and consent – across five legal frameworks: EU’s General Data Protection Regulation (GDPR), Council of Europe’s Convention 108+, APEC’s Privacy Framework, Standards for Personal Data Protection for Ibero-American Data Protection Network (RedIPD), and Brazil’s General Data Protection Law (LGPD). These frameworks, which touch 39 jurisdictions, were selected based on availability of information, current and future global relevance, regional relevance, diversity, and contextual importance. Using the United Nations Guidelines for Consumer Protection as a reference, Consumers International examines consumer redress options within each IPDT mechanism and legal framework. Based on existing literature, case studies, and interviews with stakeholders, the report identifies challenges in existing consumer redress and opportunities to strengthen options available to consumers.
Consumers International highlights that there is an increasing trend in data misuse, driven by the global nature of digital services and the growing volume of personal data being collected and processed. Simultaneously, addressing data misuse across borders is complex due to differing legal frameworks and enforcement mechanisms. According to Consumers International, current redress mechanisms are often too challenging to navigate and too inadequate for consumers to leverage effectively and seamlessly across different jurisdictions.
Among Consumers International’s recommendations to strengthen consumer redress, there are two that are of key importance for the open data flows that underpin cross-border payments. First, international organizations should continue to ensure compatibility of regulatory frameworks (i.e., regulatory interoperability) in the context of a free and open internet. Mechanisms that can work across borders are essential for providing timely and effective redress for consumers. Regulatory fragmentation across different jurisdictions can severely limit consumers’ ability to effectively leverage redress mechanisms in the event their personal data is misused during a cross-border transfer. An interoperable regulatory environment that provides strong consumer protection is foundational to adopting and implementing effective redress mechanisms. Consumers International emphasizes that collaboration among governments, industry players, consumer organizations, and international bodies is key to creating a cohesive and effective redress system underpinned by regulatory interoperability. This system should be accessible, understandable, and effective for consumers regardless of their location.
Second, regulatory bodies and the private sector should invest in and use technology to facilitate the exercise of rights. Consumers International notes that technological innovation will continue to play a crucial role in protecting privacy and facilitating redress in cross-border data transfers. For example, the report highlights that the Massachusetts Institute of Technology Future of Data Initiative worked with industry to develop OTrace, a traceability protocol that aims to provide consumers with greater visibility into data flows across organizations. Other innovative solutions, including AI-enabled tools, can help facilitate privacy-protective cross-border transfers, empower consumers to manage their data, and enhance the efficiency and transparency of redress mechanisms.
Building a better system for consumer redress
When consumers have greater control over their data and feel assured that their data is protected, they are more likely to leverage digital services. This increased usage, in turn, fuels the growth and dynamism of the digital economy. The Consumers International report further emphasizes the importance of empowering consumers, asserting the need to create a cross-border personal data transfer redress system that earns consumers’ trust and enables safe participation in the digital ecosystem. Digital trade policies have the capacity to support high levels of consumer protection and data privacy while enabling cross-border data flows and, in many instances, provide opportunities for redress in the event of violations. For example, the Australia-Singapore Digital Economy Agreement aims to improve safety and consumer experiences online while ensuring businesses can transfer data across borders without being required to build or use data storage centers in either jurisdiction.
Though such bilateral trade agreements can enable more open data flows, greater multilateral cooperation is critical for promoting global regulatory interoperability. International organizations should continue to pursue more compatible and cohesive regulatory frameworks to ensure free and open data flows. Simultaneously, regulatory bodies and the private sector should invest in and support the adoption of technology to facilitate the exercise of rights and protect consumer data. To this end, diverse stakeholders from across the global public and private sectors should collaborate to operationalize data free flow with trust (DFFT), a concept first introduced by the government of Japan, and subsequently endorsed by G7, G20, and other leaders, to balance consumer trust with open data flows.
The Consumers International report underscores that the DFFT initiative seeks to encourage free data flows while ensuring privacy standards, thereby fostering “a more trusted and interoperable global governance system.” However, the absence of a clearly defined operational framework has historically posed challenges to the implementation of DFFT. To help make progress towards implementation, the Organization for Economic Co-operation and Development (OECD) has convened a global, multistakeholder forum known as the DFFT Expert Community. This forum aims to transition DFFT from theoretical principles to practical implementation. The ongoing work of the DFFT Expert Community presents a promising avenue to facilitate trusted, open data flows that both empower and safeguard consumers.
Open data flows and strong data privacy protections must coexist to enable a thriving digital ecosystem. The successful implementation of open data flows hinges on building consumer trust through transparent practices, robust regulatory frameworks, and innovative technological solutions. By addressing the challenges of data misuse and enhancing redress mechanisms, we can pave the way for a secure and flourishing digital economy.