Characterized by a transparent regulatory system and a laissez-faire type of openness to commerce, Hong Kong is a major international business centre with over 4,000 regional headquarters and offices of leading multi-national corporations that attract significant international data flows (Hong Kong Government, 2021). A technically sophisticated smart city with high levels of internet connectivity (e.g. mobile subscriber penetration exceeds 280 per cent, and the average internet downloading speed ranks among the top three fastest cities in the world) and an extensive external telecommunications infrastructure comprising 11 submarine optical fibre cable systems (providing about 90 TB/s capacity), 20 overland optical fibre cable systems and 11 satellite systems. Hong Kong also boasts of being one of the safest cities for data centres in Asia (Hong Kong Innovation and Technology Bureau, 2020).

Hong Kong's approach to managing cross-border data flows is in line with its approach to commerce – and is based on a ‘by default’ policy of patchwork legislation and FTA commitments. The question is whether Hong Kong can remain thriving with a by default approach or whether it needs a coordinated policy. To answer the question, we must first assess Hong Kong's objectives and its uniqueness.

This chapter examines Hong Kong's ambitions to be a leading business centre, the importance of data to achieving these goals and salient data-flowrelated issues, whether Hong Kong should adopt a coordinated data flow policy and the key points Hong Kong must consider in deciding whether or not to formulate such a policy.

The Ambitions of Hong Kong

Hong Kong is a successful financial gateway to China and a regional, if not global, finance hub, featuring a high degree of liquidity. Home to many financial institutions providing a wide range of financial products and services to local and international investors, Hong Kong is widely viewed as a leading financial centre in Asia. Its legal system is an important ingredient in its success in financial services, with investors and businesses attracted by the security and predictability of the territory's strong adherence to the rule of law. Illustrating these points was Hong Kong's rating in the 2020 Heritage Foundation's Index of Economic Freedom, where the territory ranked 2nd among 186 economies in terms of economic freedom and 15th in the category ‘Government Integrity’, under the heading ‘Rule of Law’ (Heritage Foundation, 2021).

Data is now one of, if not the world's most valuable resource. The dramatic adoption of data-driven applications across economic sectors has made data and the flow of data so pervasive that it has become integral to everything we as members of society do – from conducting our finances to operating businesses to powering the apps we use every day.

Flows of knowledge and technology are at the centre of new networks driving production, innovation and opportunities. Data and its flow across borders are the lifeblood of the internet economy and significantly impacted various industrial sectors and the global economy. The growth of networks has allowed businesses to change how they structure and manage their design, production, marketing, customer support and other processes in order to optimize competitiveness and innovation.

Data is also fundamental to machine learning (ML)-based products and services. While developments such as the internet of things (IoT) and data-driven artificial intelligence (AI) systems will hasten the growing importance of the digital economy, these innovations are both strategic and sensitive due to potential externalities for businesses, governments, non-profits and more generally for society. These externalities generate new forces within industries that alter competitive dynamics, and consequently, result in new strategies and management practices. These strategic considerations have substantial implications for policymakers and regulators (Valavi et al., 2021).

Although data plays an outsized role in the evolution of a country's business and living environment, the breadth and impact of data make it difficult for a nation to ‘regulate’ per se. This is the result of numerous factors, including the growing number of interconnected devices that individually can generate ever-larger amounts of data with each new product line. Generation and application of data are now occurring in ways that had been unimaginable and/or impractical just a few years earlier. Domestic legislatures are not only struggling to catch up with the complexities associated with the technology but also in formulating standards and rules which are effectively targeted and do not result in serious unforeseen consequences. This has proven to be challenging, and trade-offs between, say, privacy and industrial policy or intellectual property (IP) protection and the development of AI must be made.

In August 2021, the Financial Secretary Paul Chan stated that Hong Kong should have a strategic plan for formulating new development directions (Xinhua, 2021). Developing a data governance framework for cross-border data flows that balances competing interests, enables efficient operations, does not stifle business while keeping anti-competitive behaviour in check and is flexible enough to handle future innovations and challenges would be an excellent place to start. But to do so requires awareness of the degree to which systems are interconnected and the implications (and fragilities) of the resulting complex interdependencies and conflicts.

Spotting the predicted effects of data interconnections can sometimes be done with relative ease – for instance, concluding that combining personal data and mining it for behavioural insights and other information could clash with privacy protections is not hard (European Commission, 2021c). On other occasions, the link or the breadth of the link may not be so obvious. This will be the case with Europe's proposed but yet to be ratified Artificial Intelligence Act (AIA), which will place any product that contains AI into prohibited, high-risk and limited categories, prescribing obligations for each category. The AIA will also ban the use of AI for subliminal psychological manipulation as well as prohibit public authorities from using real-time biometric surveillance and building AI-powered social scoring systems. The interconnection, while less obvious, is no less significant with one report suggesting that the AIA could cost the EU €31 billion over the next five years in added compliance and other expenses, deter investment into European AI start-ups, slow the digitization of the economy and encourage a brain drain of European entrepreneurs,data scientists and AI developers to locations with fewer bureaucratic hurdles (Mueller, 202b).

But there was another interconnection the review did not include, that is, how the EU's underlying policy of cooperation with ‘like-minded countries’ who espouse European rules and values (particularly concerning the protection of privacy and personal data) could disadvantage European firms (European Commission, 2020d). These could occur in numerous ways. For instance, there is a real risk that the new restrictions will stif le data f lows from countries the EU does not deem to be satisfactorily ‘like-minded’.

Formulating a policy on cross-border data flows is challenging for several interconnected reasons. The increasing number of devices connecting on the IoT is creating a staggering amount of data, and with every successive product iteration, each device can generate more data. Increased levels of connections breed innovation – for example, data sent across borders by these devices can be mined for valuable customer insights that can, in turn, not only lead to new services or products but could also be combined with other data in innovative applications that had not even been conceived just a few years earlier. And, of course, cross-border communications enable interactions that might result in yet more innovation.

Global interconnections can also breed complexities, and legal, ethical, societal and cultural issues come into play when data crosses borders and standards are not harmonized. Some countries, such as the United States, advocate almost total free data movement with regulation only to the extent necessary. Others, such as China, adopt a model of central control, and companies wanting to do business in China must adhere to their data rules, whether this means restricting certain data from leaving the borders, locating infrastructure within the country or even dictating corporate behaviour (such as prompting companies to suspend plans to list on stock exchanges for fear of infringing ever-changing rules of what data can or cannot leave a country ’s borders) (Gao, 2018; Lim, 2021).

Before a jurisdiction can successfully formulate a policy on data and data flows, it needs to be able to navigate the landmine of converging and crisscrossing objectives. To do so, officials must understand the nature of modern data, what makes data valuable and what makes its management so tricky: that a solid technological infrastructure is important is obvious, that subtle changes in the law may produce unexpected results may not be obvious.

Before delving into the different models of data governance (in Chapter 3) and evaluating frameworks for managing cross-border data (in Chapters 4 and 5), we first need to explain what makes data different from other types of assets and why the sharing of data is so important in the modern global economy.

The internet is global and borderless, but regulators in most jurisdictions attempt to ensure the relatively free flow of data and the maintenance of ‘trust’ in the system. Regulators mostly act independently and without any direction from the international community, resulting, unsurprisingly, in a variety of incongruent and incompatible regulations.

The internet relies on a global flow of data, with a growing number of dataintense digital services, utilizing a high amount of data in their production processes. In many cases, the data cross borders multiple times before the service is consumed (van der Marel and Ferracane, 2021), and regulators must therefore appreciate the necessity of cross-border data flows from a trade perspective (World Economic Forum, 2019). The free flow of data is critical to internet-based services (e.g., cloud computing) and e-commerce and essential to the development of technologies that rely on access to high-quality data that often resides in more than one territory. Cross-border data transfers are also important for less obvious reasons, including cross-border health, investigations and medical emergencies (Moorthy, 2020). An example of the last point is the 2013–2016 Ebola virus outbreak in West Africa where deficiencies in data-sharing mechanisms brought the question of data access to the forefront of the global health agenda (Giles-Vernick, et al., 2016).

Through the development and deployment of these data-reliant technologies and solutions, nations and the companies working within those borders can expect to derive increased economic and social values from crossborder data flows. In fact, the data economy has risen even more rapidly in a COVID-19-disrupted world in its importance for new economic growth opportunities (Casalini et al., 2021).

Both countries and industries recognize the importance of keeping global data flows as unrestricted as possible. As this chapter discusses, most governments are increasingly keen to ensure that their rules of data governance are consistent with those of other countries and have begun negotiating trade agreements to ensure the compatibility of standards. Likewise, companies seeking influence intensely lobby at the domestic and international levels for relatively unrestricted data flows. In establishing policies for cross-border data transfers, governments must also be aware that they can only attract inbound transfers of data and information technologies if people, businesses and other governments trust their system and regulatory framework.

Laws, regulations and policies are important to the flow of data across borders since they create the certainty that enables the smooth conduct of business; in today's fast-paced world, certainty is a valuable commodity. But laws, regulations and policies alone are not sufficient and could be counterproductive. In order to formulate a proper policy on the management of cross-border data – or arguments why a laissez-faire approach may be preferable to an articulated policy framework – governments must understand the nature of data and data flows today. Towards this end, this chapter provides necessary background by exploring the concurrent developments of the explosive growth in data volume, applications for the use of data and the drivers behind these trends.

The Growth (and Growing Importance) of Data

Data is now one of the world's most valuable resources (The Economist, 2017). In today's digitally transformed world where over 2.5 quintillion bytes of data are generated every day, flow of knowledge and technology lies at the centre of new networks driving production and innovation (Holst, 2021). The increasing use of internet of things (IoT) and the growing amount of data generated and flowing across borders are driving substantial opportunities. This is not surprising as more companies are turning into ‘datavores’, making strong use of data and analysis for decision-making and increasingly big data and artificial intelligence (AI) for a range of initiatives and business operations (Bridges, 2015; Bilodeau, 2019).

Unlike conventional assets, data is non-rivalrous – multiple parties can use the same data concurrently without it being used up and data often gains its value from being combined with other data (Coyle et al., 2021) This makes crossborder data flows – which refers to the movement or transfer of information between computer servers across borders – even more important. Cross-border data flows enable people to easily transmit information for online communication, track global supply chains, share research, combine data, provide cross-border services and support technological innovation (Congressional Reporting Service, 2020). Over the past decade, cross-border data flows have increased global gross domestic product (GDP) by 10.1 per cent (Manyika et al., 2016, 10, 76), and by 2018 data flows had already accounted for US$2.8 trillion of global GDP, surpassing the global trade in goods (GSMA, 2018).