Data Governance Regulation in the G20

A Systematic Comparison of Rules and Their Effect on Digital Fragmentation

Report Image

This report provides a systematic comparison of domestic data governance regulation across the G20 members. It covers rules on data protection, cross-border data flows, and data localisation. The analysis focuses on heterogeneity between domestic regimes, implied fragmentation risk, and international cooperation initiatives.


Johannes Fritz, Tommaso Giardini

Date Published

07 Nov 2023

When data rules diverge, digital trade suffers. Diverging data regulations hamper digital trade. This report analyses differences in G20 members' data governance rules across 45 dimensions.

Main findings include:

  • Significant heterogeneity exists in data flow and sanction regulations, less so in data processing rules.
  • “Fragmentary by design" policies such as data localisation pose direct risks. But subtle differences in nondiscriminatory policies also hamper international trade.
  • Compliance costs, legal uncertainty and liability risks drive "bottom-line fragmentation". Firms may exit markets due to unintentional policy spillovers.

Suggested policy priorities:

  • Clarify ambiguous rules at home. Learn from partners abroad. Domestic regulators should develop clear, interoperable data rules and share best practices internationally.
  • Forge interoperability through mutual recognition and shared principles. Trade negotiators should build bridges between regulatory regimes through mutual recognition, internationally accepted certification and data standards as well as shared principles.

The first part of this report provides an in-depth comparative analysis of regulatory approaches to data governance across the G20 members. Along 45 dimensions, it compares regulations on data processing, data flows including localisation and transfers, as well as sanctions. This systematic comparison aims to pinpoint areas of regulatory heterogeneity that may hinder digital trade.

The report's second part then summarises the state of data governance rules in each individual G20 member. It provides an overview of major policy developments and enforcement highlights to deliver rich context. In addition, these summaries cover secondary legislation and country-specific regulations that go beyond the systematically compared 45 dimensions.