Do We Need a Digital Bretton Woods?

Frances G. Burwell

McLarty Associates & Atlantic Council

The development of the Internet, and thus of the digital world, has had a transformative effect on the global economy. The transatlantic economy has been at the forefront of that shift. Prior to the 1990s, that economy was about trade in goods, with some services and investment on the side. Market access was the name of the game, and the General Agreement on Tariffs and Trade (GATT)—and later the World Trade Organization (WTO)—was the key institutional mechanism for managing this economy. Today, the digital economy is the fastest growing component of the global economy, encompassing the transfer of digitally enabled services, goods ordered online, and global investment by tech companies providing services all over the world. For the United States and Europe, the issues are no longer about soybeans or hormone-fed beef, but rather about data transfers, cloud services, and algorithms.

In recent years, this shift has been accompanied by another change: the reawakening of economic nationalism. Governments have struggled with shifts in trade and productivity and the unevenness of the distribution of benefits. As a consequence, the once dominant consensus that greater, more open trade is always good has been eroded. The impact on some elements of the labor force—including in the United States and Europe—had caused many governments and political actors to question the established assumptions, even as they grew concerned about the concentration of semiconductor manufacturing in very few countries. This trend was then exacerbated by the Covid-19 pandemic, which exposed numerous vulnerabilities in supply chains, from protective medical equipment to vaccine components. The Russian invasion of Ukraine demonstrated significant dependencies in energy, food, and critical minerals. The invasion also reinforced the view—already gaining traction because of predatory Chinese economic practices—that the global economy could no longer be run under a singular uniform rulebook.

The United States and its European partners have struggled to find a path forward together in this new world. Differing views on China and divergent approaches to regulation, along with other factors, have pushed them farther apart. The United States and EU have always been competitors as well as partners, but as the consensus around trade fell apart, the partnership element of their relationship seemed to suffer more.

For many in the trade world, one possible—and possibly desirable—answer would be to restore and reinvigorate the traditional multilateral arrangements, especially the WTO and its dispute settlement mechanism. In the short term, however, this is very unlikely given the lack of interest in the WTO demonstrated by the Biden Administration to date. Even if the United States was enthusiastic, recent history demonstrates that the WTO is not strong enough to ensure compliance by those who question its basic tenets. Reforming the WTO is not irrelevant, but we should acknowledge the futility of admitting everyone to the WTO clubhouse and trusting that they will adopt the norms and rules of an open trading system. Moreover, that old clubhouse was not built to address many of the dilemmas and conflicts presented by the digital economy of the 21st century.

Instead, we should build a democratic digital community, based on the sharing of sovereignty between like-minded governments. It should be a system that will allow competition to flourish in normal times but provide solidarity in a crisis. It should include mechanisms for resolving disputes between the partners, but also enough protections to make their economies resilient in a more hostile, geopolitical world. It must also address the importance of values in a digital economy, where social media and new technologies can directly affect millions of individuals.

Such an effort will face multiple challenges. First will be designing the shape of this new community. We should not press for a global institution, as these take years to negotiate and are likely too rigid for the fast-evolving digital economy. More suitable would be a network of varied agreements and arrangements, some binding and some voluntary. Second, and perhaps most important, will be identifying who will be in this community of like-minded countries. The short answer is there will be a hefty dose of self-selection: those governments willing to sign up to certain conditions and assessments and to abide by agreed dispute resolution mechanisms can join the club. But there is unlikely to be one “club.” For a community based on a network of arrangements, there will be varying members in each accord. Most likely, there will be a core group of governments that adheres to most of the network, and in time, they may coalesce into a more organized structure.

This new democratic digital community will also be challenged by the complexity of the issues and the different domestic regulatory regimes developing to deal with them. Some potential community members, such as the European Union, have begun to create a comprehensive and rigorous regulatory space (some would say too rigorous and limiting). Others, like the United Kingdom and Japan have sought to regulate some areas while providing flexibility; whether they can sustain that medium path is unclear. Others, like the United States, have been slower to regulate and generally assumed that existing rules would be adequate for the digital economy. Finding common ground between these different approaches will not be easy.

Moreover, the complexity of the issues and the different priorities among potential community members will also present serious obstacles. The digital issues likely to be at the core of a democratic digital community are: privacy and management of personal data; disinformation; cybersecurity; rules for “trustworthy AI” and other emerging technologies; and the management of non-personal, “industrial” data. For each of these issues, the main goals of the community should be the protection of citizens, the resilience of systems and infrastructure, and removal or avoidance of barriers between community members. The ultimate goal would be a digital market as open as possible and backed by democratic values.

In thinking about how to build such a community, the like-minded democratic governments should look first to the many plurilateral efforts already underway to reduce friction in the digital economy. There are numerous guidelines, declarations, compacts, and even some formal agreements that touch on portions of the digital arena. Ranging from the WTO’s stalled e-commerce accord to the Christchurch Call against terrorist content online and the APEC Cross Border Privacy Rules (CBPR), these agreements can form the basis of a network of arrangements. To be effective in creating a democratic digital community, however, such measures need to be viewed as a comprehensive menu, from which governments can select as many as appropriate. These arrangements must also be linked more effectively to domestic regulation, so that partners—and citizens—will trust that these rules are being taken seriously.

To see the potential and the challenges related to this approach, we can explore two arrangements that should certainly be core to a democratic digital community: Data Free Flow with Trust and the Declaration on the Future of the Internet.

Data Free Flow with Trust

Adopted under the Japanese presidency of the G20 in 2019, Data Free Flow with Trust (DFFT) acknowledges the importance of cross-border data flows to innovation and growth, but also the “challenges related to privacy, data protection, intellectual property rights, and security.” The signatories pledged to address those challenges with the goal of increasing the “interoperability of different frameworks.” Since then, DFFT has been an occasional focus of the G20 and was recently given a boost by Britain’s G7 presidency, which developed a “roadmap” aimed at developing tangible progress. In particular, the UK roadmap aimed to discourage data localization, identify commonalities in regulatory approaches, support an OECD effort on government access to personal data, and work to develop consensus on data sharing in specific sectors. This last was inspired in part by the experience of the Covid-19 pandemic and could include health care, transport, emissions, natural disaster mitigation, and other areas.

Of course, the G20, G7, and OECD do not set national policies; at most they can recommend and present guidelines. The question then becomes whether DFFT can become guidance that ameliorates some of the differences between national regulatory systems and encourages those without such regulation to adopt the minimum standards that would create “trust” among their partners. DFFT will not lead to significant changes in domestic rules, such as the EU’s General Data Protection Regulation (GDPR), but could it lead to a more predictable and harmonized understanding of how data should be treated when transferred out of the EU? As the United States thinks about its own privacy rules (some day!), will they meet the standard of trust that can allow transfers? DFFT might first be elaborated in the less contentious area of non-personal data (although the EU has recently approved the Data Governance Act and is moving forward with its Data Act). Can governments agree on protocols to share relevant data—possibly including that held in the private sector—in the case of shared threats and emergencies?

Declaration on the Future of the Internet

An initiative of the Biden administration, the Declaration was signed by sixty countries (plus the European Commission) in April 2022. Clearly intended to rally democracies to support an open internet in the face of challenges by “techno-authoritarians,” the Declaration calls for “a future of the internet that is an [sic] open, free, global, interoperable, reliable, and secure,” and that respects human rights and reinforces democratic systems. Those signing the Declaration are expected to observe key principles supporting this vision, ranging from protecting human rights online and promoting data free flow with trust to combating cybercrime and protecting individual privacy. For the most part, these are broad aspirational statements, with no specifics on implementation.

However, the principles do establish basic criteria for a democratic digital community. If a government cannot agree to these, that government has no business joining such an effort. For that reason, the United States government is mistaken in focusing its efforts on gaining more signatures. Instead, the partners in the Declaration should consider how to construct benchmarks that would allow assessments of the implementation of these principles; instead of going wider, the Declaration should go deeper. This will not be easy but figuring out how countries with different approaches to online speech, privacy, and network security, can each be judged to have adhered to those principles will be a step forward in building a community. That community will never see identical regulations across such a wide array of issues, but the Declaration can be useful in identifying those who take a democratic approach to online issues, and in providing principles that can guide their regulation as it develops.

A key mechanism in laying the foundation for a democratic digital community could be the U.S.-EU Trade and Technology Council (TTC). Although a bilateral undertaking between the United States and EU, the TTC is laying the groundwork for common understandings about the nature of “trustworthy AI” and how to deal with techno-authoritarians. But these are baby steps. The TTC needs to include more direct discussion of regulatory barriers to cooperation in the transatlantic digital economy. To date, conflicts have been kept apart from the TTC, and that was appropriate when the conflict (such as Airbus/Boeing) predated the TTC by many years. But current regulations coming out of Brussels (and many member states) are likely to raise barriers to transatlantic data transfers (beyond those that already exist) and to participation by U.S. cloud service providers in some sectors of the EU market. The United States and EU do not need to have similar regulatory regimes, but they do need to actively address potential barriers. Without a U.S.-EU understanding on how to ameliorate their differences, there is little hope that a community can be built among many likeminded democracies.