The EU’s new General Data Protection Regulation (GDPR) recently went into effect. You have probably received emails regarding your data resident on email servers and applications. And while the media focus has also remained on data concerns with Facebook and other personal data, the impact of the GDPR on developing countries has received little attention. Their exports of data-based services rely on the free flow of data across borders. Strengthened regulation can make international data transfers more difficult. And traditional trade rules and regulatory cooperation cannot resolve this conflict.
Our recent paper describes and assesses three types of responses to this challenge. In addition, in a recent VoxEU column we argue that the way forward would be to design trade rules that reflect the bargain struck in the EU-US Privacy Shield. Data destination countries would promise to protect the privacy of foreign citizens in return for source countries promising not to restrict data flows. And in an opinion piece for the Indian Express we discuss privacy challenges particularly for developing countries like India.