Cross border data flows play a critical role for effective cybersecurity risk management and the decision by the Office of the United States Trade Representative (USTR) to remove its support for policies in the World Trade Organization (WTO) E-commerce Joint Statement Initiative is in opposition with positions the U.S. government has taken for decades. The Coalition to Reduce Cyber Risk (“CR2”) reaffirms the critical importance of cross border data flows for cybersecurity risk management.

USTR’s decision to withdraw support for disciplines that promote data flows and protect against data localization measures is in direct conflict with earlier commitments made by the Biden administration. The administration had stated it wanted to build a connected economy and pursue “standards on cross-border data flows and data localization … in order to ensure small and medium sized enterprises can benefit” from a rapidly growing digital economy. The decision also reverses support for such positions across Democratic and Republican administrations going back decades.

Prohibitions on data flows not only undermine digital trade directly, but they also inhibit the ability of security professionals to secure the digital ecosystem and the broader economy. This in turn will have a damaging impact on the broader digital economy because, as stated in the United States-Mexico-Canada Agreement (USMCA), “threats to cybersecurity undermine confidence in digital trade.”  

As digital connectivity expands, so does our reliance on the security of technology that we use to manage our critical infrastructure. In our whitepaper, “Better Connected: How International Data Flows Enable Stronger Cybersecurity” we elucidate through case studies how the promise of a safe and secure digital ecosystem is premised upon data flows that support cybersecurity activities. These include:

• Preventing Credential Harvesting Attacks & Account Compromise
• Supply Chain Attack Recovery
•  Financial Sector Fraud Prevention
•  Ransomware Attack Recovery
•  Responding to War & Geopolitical Conflict
•  Supporting Enterprise Risk Management

While the U.S. will remain beholden to earlier trade commitments that agree to foster data free flows, this decision marks a stark change in policy that will undermine U.S. leadership in the global digital economy and enable other countries to establish barriers to data flows. Without strong commitments in the WTO, it will be challenging to combat data localization requirements in other countries, enabling them to establish erect trade barriers to U.S. firms more easily.

Meanwhile, in the absence of a clear U.S. position backing the free flow of data at the WTO, the U.S. risks undermining its leadership on critical cybersecurity policy processes taking place around the world and will embolden authoritarian digital governance models favored by states like China and Russia. The U.S. risks placing American businesses at a disadvantage to their international counterparts, while rolling back decades of progress towards ensuring a more open, free, and secure internet.

CR2 and its members encourage the U.S. Government to reverse its recent decision and reaffirm its support for cross border data flows in a public statement or press release as soon as possible. Doing so would reassure all stakeholders, including small and medium sized enterprises, and foreign counterparts, who have expressed significant concern about these developments.