Could Euro Zone’s GDPR serve as a Multilateral Regulatory Framework on Cross-border Data Flows?

Abstract

In a rapidly evolving world with increasing disruptive technologies, multiple stakeholders across nations, industriesand sectors are confronting growing societal demands about the need for ethics and regulatory frameworks on crossborderdata flows (CBDFs). What does this mean and how to get started? These and many more are pressing questionsfacing policy-makers in multilateral forums with the aims of addressing recent quantifiable impacts of digital trade—atrade dimension comprising the global exchanges of emerging technologies, e.g., data flows, e-commerce, in late twentyand early twenty first centuries. While trade agreements and regional regulatory frameworks have intended to dictateprinciples, norms and rules for several concerns around CBDFs, institutional efforts for setting up an inclusive, multilateralframework are still lacking in the policy arena. With this motivation, the present paper illustrates the case ofEuro Zone’s General Data Protection Regulation (GDPR) as the most comprehensive legal instrument up to date thatmight potentially guide initial policy discussions around the so needed multilateral regulatory and ethical frameworkon CBDFs.