Table of Contents

Deepening concerns about digital authoritarianism have led many observers to posit a stark contest between democracy and autocracy that will shape the governance of technology and data.1 In this reckoning, the world’s democracies are said to have open approaches that rely on market mechanisms. By contrast, the world’s autocracies, this thinking goes, privilege the role of the state and aim to strengthen its capacity to harness all data, both public and private.

But this binary framing elides the extent to which democracies have developed diverse approaches. Some democracies, especially in Asia, have adapted policy and regulatory features that deepen and extend the reach of the state. Some democracies, again especially in Asia, have developed data governance regimes that reflect the unique features of their institutions and political cultures.

Evan A. Feigenbaum
Evan A. Feigenbaum is vice president for studies at the Carnegie Endowment for International Peace, where he oversees research in Washington, Beijing, and New Delhi on a dynamic region encompassing both East Asia and South Asia.
More >

It is important, therefore, to dig into this diversity, especially at a moment when there is a growing focus on data policy at both the international and national levels. This intensifying focus on data is being driven by several factors, including

  • the growing power of multinational cloud services companies, such as Amazon Web Services;
  • the extraordinary amounts of data being collected by social media platforms;
  • the growing importance of the Internet of Things in many sectors of the global economy;
  • widespread fears around the world that citizens’ data are being siphoned off for the benefit of foreign companies;
  • the essential role that data used for contact tracing and quarantine restrictions played in mitigating the impact of the coronavirus pandemic; and
  • excitement around new applications of artificial intelligence (AI), especially machine learning, which will benefit companies and countries able to generate, manage, and remix gigantic stores of high-quality data.

Amid this growing focus on data, the world is not fracturing into just two spheres—an autocratic Sinosphere dominated by China and an open, democratic sphere centered on the transatlantic West. Instead, third countries, many of which are consolidated democracies, are influencing debates about data policy, the business models of technology firms, and regulatory frameworks. If these countries can collaborate, leverage the power of open standards and open-source software, and demonstrate new approaches to digital development, they could become leaders in their own right as the next phase of the data economy unfolds.

Michael R. Nelson
Mike Nelson is a senior fellow in the Carnegie Endowment’s Technology and International Affairs Program, which studies the implications of emerging technologies, including digital technologies, biotechnology, and artificial intelligence.

This volume highlights some of the alternative models that have originated in two major Asian democracies, India and South Korea (hereinafter Korea). It compares these two countries’ distinctive approaches through case studies that demonstrate just how much more complex the world will be than the commonplace prediction of a battle between U.S.- and Chinese-centric approaches.

This volume is a sequel to a 2021 study, The Korean Way With Data, a multichapter deep dive into three critical aspects of Korea’s distinctive experiences with data: data resilience, data localization and privacy, and online authentication and data access control. This follow-up volume extends and expands that earlier stream of work by explicitly comparing Korea’s experience in two areas—open data and cross-border data governance—with that of India, a leader in software and information technology (IT) services.

Bluntly put, to those who believe that the world faces a stark or binary choice between transatlantic-centered democratic models or China-centric authoritarian ones, this volume should be an eye-opener. Like the 2021 volume on Korea, this study demonstrates that additional players are leading the way in several key respects. Both India and Korea are consolidated democracies, and neither of them is simply emulating U.S. or European experiences. Instead, they are pioneering their own approaches, mixing and matching elements of their unique democratic institutional frameworks with national requirements and policies derived from distinctive political cultures.

To be sure, progress on data governance in both India and Korea has been uneven. Their stories are by no means simple ones. For example, this volume shows that different agencies in the governments of each of these countries have conflicting policy goals and, when their preferred policies have collided, it has proved almost impossible to develop a clear, consistent vision and strategy. The result has been inadequate investment; stalled-out projects; and missed opportunities to share, combine, and use data to solve problems in the Indian and Korean public and private sectors.

When Policies Collide

An important theme that links both the 2021 and 2022 volumes is that disparate agencies in a fragmented bureaucracy can lead to disparate policy goals. The two chapters in this volume by Korean authors (along with a chapter in The Korean Way With Data, by Nohyoung Park) highlight inconsistencies and points of conflict and competition across the Korean bureaucracy in Seoul.2

At international fora such as the Group of 20 (G20), Korea’s Ministry of Foreign Affairs has worked hard to forge agreements to facilitate cross-border flows of data. The ministry’s efforts have been supported by the Korean Ministry of Economy and Finance, which strives to maximize opportunities for Korean firms that want to provide data-driven services to customers and companies around the world. But at the same time, Korea’s national security agencies have blocked the export of certain types of map data and other data that they judge could be used by North Korea or other adversaries to attack South Korea. These security-focused agencies fret not just about physical attacks but also malicious hacks and information warfare (including disinformation). Meanwhile, Korea’s financial regulators and various government agencies tasked with protecting the privacy of Korean citizens’ personal data are leery about allowing foreign companies to store and process Korean data in other countries, particularly in countries with inadequate, unclear, or poorly enforced data protection regulations.

The situation is quite similar in India. The country’s Ministry of Electronics and Information Technology has championed the cause of a “borderless” digital world so that Indian firms can move data easily across borders and better serve their customers, no matter where they happen to be located.3 But as Smriti Parsheera shows in her chapter in this volume, there are many barriers to realizing this Indian vision for cross-border data. As in the case of Korea, these obstacles include objections from India’s privacy regulators, who are developing Indian data protection rules that could block the export of Indian citizens’ personal data to other countries.

Even more serious are the demands of Indian law enforcement agencies, which want access to data to conduct criminal investigations and ensure regulatory compliance. These agencies fear that if Indians’ data are stored overseas, whether in corporate databases, social media platforms, or cloud computing centers, they will struggle to gain access to the data they want.

But India and Korea do diverge in one respect: in India, these arguments from law enforcement often seem to win the day. In Korea, by contrast, national security concerns have had a much greater impact on outcomes and policies than the concerns of law enforcement have.

The Need for Digital Leadership

Interestingly, in both India and Korea, digital policy sits atop the list of national priorities. That is why both countries’ governments are tackling digital and data-related issues at the highest possible level. India’s Prime Minister Narendra Modi made the Aadhaar biometric identity project, which has given hundreds of millions of Indians a form of digital identification, a personal priority. Similarly, in the 2022 Korean presidential election, the major parties’ candidates debated the topic of digital identity (and the failures of earlier national efforts). This is not typical of most countries today. This provides yet another reason why Korean and Indian efforts to craft digital policies deserve much more attention globally than they have hitherto received.

Countries whose presidents and prime ministers take the lead on policy decisions related to the digital economy often force competing ministries to forge a consensus. These countries end up with a huge advantage in helping data-intensive industries compete. Ultimately, these countries tend to fashion new e-government solutions, foster machine learning, and enable new, data-driven business models.

Just take Estonia, a much smaller economy than either India or Korea: it has benefited hugely from the digital leadership shown by former president Toomas Hendrik Ilves, who became an internationally respected champion for e-government and cybersecurity policy.4 In the United Kingdom, former prime minister Tony Blair’s personal involvement in promoting e-government helped break through bureaucratic barriers that hindered agencies online, and the work of the Tony Blair Institute for Global Change is helping current leaders go digital.5 In the United States, some have argued that the early successes of former president Bill Clinton’s administration in promoting the commercial internet, which made the U.S. government a leader in using the World Wide Web and in fostering e-commerce, owed much to the powerful role played by the White House (and especially by then vice president Al Gore).6 Gore and the White House took on a very high-profile role in crafting all-of-government strategies for the internet.7 White House events, high-profile speeches, public relations campaigns, and demonstration projects (such as the White House’s first website) also helped to highlight the need for proactive digital policies.8 More recently, former president Barack Obama’s personal participation in digital initiatives led him to be labelled the “Digitizer in Chief” and the “Geek-in-Chief.”9

Today, in most countries, there is even more potential for digital innovation but less digital leadership. The result has been conflicting policies promulgated by different agencies that can discourage innovators and risk-takers in both the private sector and the government bureaucracies. These players want to offer new tools and online services but fear running afoul of government regulations regarding data protection, export controls, surveillance requirements, cybersecurity, and more. From a global perspective, the Indian and Korean experiences highlighted in the four chapters that follow are standouts.

Faulty Metaphors Can Lead to Faulty Policies

But, of course, leadership does not mean that presidents and prime ministers must delve deeply into the arcana of data management and technical standards for them to shape digital policy. In many cases, their most important contribution can simply be to share a vision for how information technology and the data it generates, collects, combines, and analyzes can benefit the citizens they govern and the countries they lead. Simply put, savvy national leaders can explain how to think about the digital future.

But unfortunately, too many policymakers have adopted faulty metaphors and models that only confuse their countries’ thinking about data. The most obvious example is the frequent statement that “data is the new oil,” which was popularized by a 2017 cover story in the Economist.10 While it is certainly true that data is valuable like oil, in many ways this analogy is not only not useful but is even downright harmful.11

For one thing, comparing data to oil implies that data is a commodity to be sold and consumed. But data is not, in fact, a finite good that, like oil, is traded and shipped back and forth. Indeed, unlike oil and other commodities, it is simple to replicate and share data, increasing its use and value. The idea that data is a “fuel” for the digital economy is leading too many policymakers to assume that countries should hoard the data produced within their borders.12 Even more misleading is the idea that data is “currency,” implying that data should be either tightly controlled or traded, like a national currency, rather than shared jointly.13

What, then, is a better model? A simple one is that data is actually more like air or water than like either oil or currency.14 Like air, for example, data can be viewed as something that should be allowed to flow freely, transcending national borders. That is because air, like data, can be used and reused for many different purposes by many different people. It can be polluted like the air, but it can also be cleaned. This approach to thinking about data—as air rather than as oil or a currency—works particularly well when addressing scientific data, such as environmental data, since researchers all over the world need it.

But water is another useful metaphor because for most data, there are reasons to place some limits on its use and flow. Reasons to do so can include data protection and privacy, national security, copyright enforcement, assuring commercial advantage, and others. In these cases, a different analogy can be used. Instead of flowing freely like air, such data should be treated like water.15 After all, almost all the world’s water circulates freely in oceans, rivers, lakes, and atmospheric clouds or is locked in cold storage in ice sheets and glaciers. But some of the world’s water is captured in reservoirs, filtered, and piped to customers. And some water, usually from underground aquifers, is then bottled, branded, and sold.

For policymakers who want to put some limits on data, this water analogy works quite well. It effectively conveys how important data is to life in the digital age and how leaders need to work to ensure more clean data are made available to more people. Treating data like water makes it clear that not all data is the same or has the same value and, most importantly, that data is something—like water—that can be reused and remixed.

Key Choices for Policymakers

The critical top-level issue for policymakers wrestling with data policy is whether to try to create a single overarching approach to data management or instead to take a more federated approach.16 To extend the water metaphor a bit further, the choice policymakers face is whether to have a single unified national water utility that serves every home, or instead to encourage the formation of multiple local water companies and home-based wells that operate within a broad regulatory framework.

In their chapter in this volume, Indian authors Rahul Matthan and Shreya Ramann explain how the Indian government is promoting a Data Empowerment Protection Architecture (DEPA) to consolidate data sets throughout the Indian government and beyond. But in Korea, as Taewoo Nam shows in his chapter, the government has encouraged hundreds of companies to work with different ministries to find new, useful ways to apply the data they collect. These two Asian democracies have thus arrived at two very different approaches.

From our perspective at least, the Korean approach that Nam describes is much easier to implement when companies are permitted to take full advantage of the many cloud service providers that can give even small or medium-sized companies access to powerful data storage, machine learning tools, and cybersecurity services. These were previously only available to large IT firms. But because many of these services are now provided by American or Chinese companies, countries that lack homegrown cloud services providers fear that foreign countries will not adequately protect the data they process. In the Chinese case especially, there are national security concerns that come into play because Beijing has an intrusive approach to data generally.17

As the following chapters make clear, law enforcement agencies, including those of India, are especially concerned that they will not be able to access the data they need to catch and prosecute criminals if that data is stored in data centers controlled by companies overseas. In the United States, similar concerns led to the Clarifying Lawful Overseas Use of Data Act (or the CLOUD Act), which specifies how foreign governments can request data from U.S.-headquartered cloud service providers.18 But countries like Korea and India have not yet been able to benefit from this U.S. legislation.

There have, therefore, been calls in Korea and India for more data localization, motivated by both governments’ desire to protect citizens’ privacy and by India’s aspirations to enable greater data access for law enforcement surveillance.

India in particular has benefited from Indian IT firms that process data for companies around the world. In the past, India has permitted the free movement of data across its borders, but pending domestic legislation would reverse these more open practices.19 Similarly, in Korea, arguments for and against localization are becoming more pronounced, as Kyung Sin “KS” Park documents in his chapter in this volume. The few studies that have assessed the economic impact of data localization requirements have found that limiting cross-border data flows can significantly slow gross domestic product (GDP) growth.20 How governments decide to balance economic benefits against other factors will help to define the future of the data economy. Park makes an important argument that the free flow of data should also be viewed as a human rights issue since citizens want to be able to choose which companies control and protect data about them and which governments might be able to access that data.

But this will require them to think differently and adopt some new approaches. One particularly exciting new model for data governance involves data unions or data cooperatives, an idea being promoted by U.S. computer scientist Sandy Pentland and his colleagues at the Massachusetts Institute of Technology among others.21 A data cooperative functions like a bank or credit union, but rather than handling and distributing money, it stores and shares data about individual users. The key to making this model work is that the cooperative is contractually obligated to users or users’ organizations to protect and use data about an individual or group for that party’s own benefit. The most important impact of this approach is that it would enable a very distributed data architecture, where data would not need to be pooled in a few data oceans controlled by just a small handful of companies.

The following chapters highlight the digital policy challenges governments are facing, and why these challenges are becoming increasingly complicated and ever more important. Indian and Korean experiences, models, and struggles can help digital policymakers around the world, especially in other raucous democracies, design their own governments’ data policies.

Implications for Internet Governance

The main focus of this volume is what is happening in India and Korea at the national level and what other national policymakers can learn from their experiences. But there is another dimension to the volume—namely, how these models could influence debates in international fora about the future of the internet.

Internet governance is a broad term encompassing the full range of decisions, large and small, made by governments, corporations, standard-setting bodies, and users that affect how the internet operates and evolves.22 For years, diplomats, technology policymakers, corporate representatives, and others have debated how these decisions are made and whether more international coordination is needed. Thousands of international meetings have been held, and an extensive literature has developed about these choices.

Today, these debates about internet governance are more important than ever. A key question is whether the internet will continue to be an open, global network connecting users everywhere or whether it will fragment into national and regional networks as governments exert more influence over how it is designed and how it is used.23 A new and broader debate has also emerged about digital policy. Rather than just focusing on the networks that connect internet users to the applications they wish to use, the data and equipment attached to the internet, such as smartphones, Internet of Things devices, data centers, and cloud computing facilities are also drawing attention.

This growing attention is reflected in debates about international data governance, data sovereignty, and “the datasphere.”24 The secretary general of the United Nations (UN), António Guterres, has been promoting “digital cooperation,” which builds on the work of the Internet Governance Forum and various UN agencies and offices but extends far beyond merely shaping the Internet and how it functions.25 Much of the UN-related work Guterres has promoted focuses on data policy and the need to make high-quality data more available to more people for more purposes (with a special emphasis on fulfilling the UN’s Sustainable Development Goals).

Placing more of a focus on data and how it can be applied could help remove the barriers that prevent innovators in countries around the world from developing and experimenting with new online services. This includes a wide array of activities ranging from conducting life-changing and life-saving research to helping workers be more productive and energy-efficient and making lives safer and more secure. But in most countries, data policy has been an overlooked backwater. Unlike politically fraught issues like online privacy, hate speech on the internet, or disinformation and the polarization it causes, discussions about making government data more available or about cross-border data flows simply do not generate headlines. Worse, there are no easy answers to these policy questions because different types of data require very different types of treatment.

Most governments (including those of India and Korea) have no clear and singular focal point for data policy decisions. Internationally, there is similarly no such body as a World Data Organization (and most, including us, would argue against any such idea). Instead, there are many different intergovernmental organizations and scientific organizations that tackle different pieces of this data puzzle. At the highest level, for example, the G20 has added cross-border data flows to its agenda, not least through the late Japanese prime minister Abe Shinzo’s push at the 2019 G20 Osaka Summit for “data free flow with trust.” Abe’s initiative led to the emergence in 2021 of the G7’s Digital Trade Principles, which aim to remove barriers to the sharing of data across national borders.26 But notably, one of the two countries at the heart of this volume—India—refused to sign up for Abe’s Osaka initiative.

These international efforts to focus more attention on data policy should continue and should motivate both developed and developing countries to clarify the mishmash of national policies that affect how data are handled, shared, and used. International organizations have a critical role to play in showcasing how individual countries, like India and Korea, are taking steps to enable their citizens and companies to unleash the power of data. These multilateral and multinational groups, both formal and ad hoc, can push back against policies and models that would prevent that.

Open Data

The first two chapters on open data feature Rahul Matthan and Shreya Ramann on India’s experience and Taewoo Nam on Korea’s. Both countries are making access to government data a high priority and have legislation ensuring that government agencies share data that can be safely made public. But precisely how this legislation is implemented will determine the course through which many innovative and new applications of that data develop. Nam’s chapter shows that in Korea, hundreds of companies are already using government data sets. In India, meanwhile, Matthan and Ramann delve into a growing debate on access to and the use of nonpersonal data, a critical ingredient for machine learning tools.

What is ultimately important is that policies for government data (and the infrastructure built to provide access to such information) offer models for access to other types of commercial and consumer data in safe, secure, and reliable ways. But unfortunately, some government data protection and data localization regulations could unintentionally severely hinder the development of these new approaches.

India’s DEPA architecture is designed to improve inclusivity and allow those most in need to access online services but also have broader oversight on consent. Matthan and Ramann show that since data storage is cheap, Indian and foreign entities can amass vast volumes of it. But this data is siloed and usually only available to those who have harvested it, while the Indian citizens to whom the data pertains have almost no say in its use. Indian data policies, they argue, aim to deal with both challenges, not just by minimizing privacy risks and potential misuse of data but by giving individuals practical means to access, control, and share their data for their own benefit. They describe regulatory and technological advances being made in India, especially around DEPA, and how such models can be used to build on data governance initiatives around the world.

For his part, Nam addresses three main issues in Korean open data policy governance: institutions, policies, and organizational capacity. In all three areas, he sees progress but finds some flaws in the country’s current approach. One example is a regulatory framework that divides responsibility among diverse ministries with different approaches. This arrangement, he says, becomes even more complicated once local governments enter the mix. Public and private data cannot be easily integrated since they fall under different bureaucratic jurisdictions that functionally overlap but remain institutionally divided.

Likewise, Nam argues, Korea simply does not provide well-defined criteria for success to guide the wide variety of actors who use and leverage data. As a result, many corporate data users in the country complain about the low value of open public data while even government employees lack a substantial understanding of what data-driven administration means and why it is important for the public sector, much less the country’s corporate and academic sectors.

Cross-Border Data

The next two chapters turn to cross-border data, pairing up Smriti Parsheera on India’s experience with “KS” Park on Korea’s. These two chapters are anchored by the pivotal roles these two countries play in the global ecosystems that require rapid and secure international sharing of confidential business data. They explore how each country has sought to manage the delicate balance between localization and internationalization.

Some proposals for data localization, often motivated by governments’ desire to protect citizens’ privacy or to enable law enforcement surveillance, can hinder this free flow. For example, India has, in most cases, allowed for the free movement of data across its borders, but pending domestic legislation would hamper these more open practices. Similarly, in Korea, arguments for and against localization are becoming more pronounced. The few studies that have assessed the economic impact of data localization requirements have found that limiting cross-border data flows can significantly slow GDP growth—a tricky challenge for India and Korea at a time when both countries face growing domestic and global economic headwinds.27

Parsheera begins with the central contradiction India faces: the country has reaped significant benefits from being digitally connected and following an open market policy, but the country is also grappling with the challenges posed by data monopolization, barriers to lawful access, and limitations on the effective enforcement of laws, rules, and regulations in the digital sphere. India aims to transition from a user to a controller in digital markets and, to this end, it has leaned on technological self-reliance combined with frequent assertions of “digital sovereignty.”28

As in Matthan and Ramann’s chapter on open data, Parsheera traces a fragmented and often contradictory Indian institutional and policy landscape. But beyond the domestic sphere, she also explores whether and how international instruments like the Budapest Convention could be useful to New Delhi. India is not a signatory to the convention, a binding multinational treaty that comprehensively addresses both cyber crimes and the gathering of electronic evidence of noncyber criminal activity.

This theme links Parsheera’s chapter to Park’s because he, too, notes Korea’s absence from the Budapest regime. He argues that Seoul is thereby denying itself a useful pathway to pursue its interests. Indeed, Park finds much fault in Korea’s localization discourse and policy. He argues that the assimilation of international arrangements and instruments could enable Korean policymakers to realize their policy goals without mandating such data localization. For instance, the Budapest Convention could provide an alternative to time-consuming mutual legal aid treaty processes that require law enforcement agencies to request help from their foreign counterparts. Similarly, while acknowledging concerns about citizens’ privacy as an important policy goal, Park argues that the adequacy process of the European Union’s General Data Protection Regulation or the certification process of the Asia-Pacific Economic Cooperation forum’s Cross-Border Privacy Rules may provide the needed level of protection, no matter where the data may be stored and processed.29

Democratic Diversity

As the four chapters in this volume demonstrate, major Asian democracies like India and Korea are not simply following the lead of the United States and Europe on data governance. Instead, in many areas connecting to both open data and cross-border data, they are pioneering their own unique approaches, which are anchored firmly in their own consolidated democratic institutions.

The goal in this volume is to highlight these alternative models and to compare and contrast their distinctive features. Indeed, like the 2021 volume on The Korean Way With Data, this sequel volume demonstrates that the future will be much more complex than a putative battle between U.S.- and China-centric approaches, much less between democratic and authoritarian approaches. Much can be learned—and some things can be emulated—from the experiences of these two unique and important Asian democracies.


1 See, for example, Adrian Shahbaz, “Freedom on the Net 2018: The Rise of Digital Authoritarianism,” Freedom House,

2 Nohyoung Park, “A Korean Approach to Data Localization,” in The Korean Way With Data: How the World’s Most Wired Country Is Forging a Third Way, ed. Evan A. Feigenbaum and Michael R. Nelson, Carnegie Endowment for International Peace, August 17, 2021,; Kyung Sin “KS” Park, “Korea’s Path to Best Practices for Cross-Border Data Flows,” in Data Governance, Asian Alternatives: How India and Korea Are Shaping Rules and Standards, ed. Evan A Feigenbaum and Michael R. Nelson, Carnegi Endowment for International Peace, August 31, 2022; and Taewoo Nam, “Open Data Policy in Korea,” in Data Governance, Asian Alternatives: How India and Korea Are Shaping Rules and Standards, ed. Evan A Feigenbaum and Michael R. Nelson, Carnegi Endowment for International Peace, August 31, 2022.

3 Smriti Parsheera, “India’s Domestic Priorities and International Positioning on Cross-Border Data Flows,” in Data Governance, Asian Alternatives: How India and Korea Are Shaping Rules and Standards, ed. Evan A. Feigenbaum and Michael R. Nelson, Carnegie Endowment for International Peace, August 31, 2022; and Indian Ministry of Electronics and Information Technology, “India’s Trillion-Dollar Digital Opportunity,” Indian Ministry of Electronics and Information Technology, 2019, 9,

4 Susan Fourtané, “e-Estonia: The World’s Most Advanced Digital Society,” Interesting Engineering, February 24, 2020,

5 Diane Frank, “UK Finds New e-Gov Boss,” Federal Computer Week (FCW), May 27, 2004,; and Akos Erzse and Melanie Garson, “A Leader’s Guide to Building a Tech-Forward Foreign Policy,” Tony Blair Institute for Global Change, March 25, 2022,

6 William J. Broad, “Clinton to Promote High Technology, With Gore in Charge,” New York Times, November 10, 1992,; and “Al Gore and Information Technology,” Wikipedia,

7 Ronald H. Brown, “The Global Information Infrastructure: Agenda For Cooperation,” National Telecommunications and Information Administration, June 1, 1995,; and “The National Information Infrastructure: Agenda for Action,” U.S. Department of Commerce, September 15, 1993,

8 Elahe Izadi, “The White House’s First Web Site Launched 20 Years Ago This Week. And It Was Amazing,” Washington Post, October 21, 2014,

9 Thomas H. Davenport, “Who Can Succeed Barack Obama as Digitizer in Chief?,” Fortune, April 1, 2016,; and David K. Li, “Obama Is the Geek-in-Chief,” New York Post, April 25, 2016,

10 “The World’s Most Valuable Resource Is No Longer Oil, But Data,” Economist, May 6, 2017,

11 Antonio García Martínez, “No, Data Is NOT the New Oil,” Wired, February 26, 2019,; and Michael R. Nelson, “Internet Myth-Busting,” Intermedia 47, no. 1 (April 2019):

12 Harishankar Singh, “Data Is the New Fuel, AI Is the Accelerator,” IBM Digital Transformation Blog, May 14, 2021,

13 Jane Barratt, “Data as Currency: What Value Are You Getting?” University of Pennsylvania Wharton School of Business, Knowledge at Wharton, August 27, 2019,

14 Howard Ting, “Data Is Like Air—So, How Do You Contain It?,” Forbes, May 11, 2022,

15 Dan Vesset, “Data Is the New Water,” Medium, July 27, 2020, (This post is based on a study on data by IDC and Qlik.)

16 “Centralized Versus Federated: State Approaches to P-20W Data Systems,” National Center for Education Statistics Institute of Education Sciences, October 2012,

17 Ryan D. Junck, Bradley A. Klein, Akira Kumaki, Ken D. Kumayama, and Steve Kwok et al., “China’s New Data Security and Personal Information Protection Laws: What They Mean for Multinational Companies,” Skadden, Arps, Slate, Meagher & Flom, November 3, 2021,; Matt Burgess, “Ignore China’s New Data Privacy Law at Your Peril,” Wired, November 5, 2021,; “Why China’s New Data Security Law Is a Warning for the Future of Data Governance,” Foreign Policy, January 28, 2022,; Yvonne Lau, “Here’s What Beijing’s Sweeping New Data Rules Will Mean for Companies,” Fortune, September 1, 2021,; and “China’s New National Privacy Law: The PIPL,” Cooley, November 30, 2021,

18 U.S. Department of Justice, “CLOUD Act Resources,” U.S. Department of Justice,

19 Anirudh Burman and Upasana Sharma, “How Would Data Localization Benefit India,” Carnegie India, April 14, 2021,

20 Nigel Cory and Luke Dascoli, “How Barriers to Cross-Border Data Flows Are Spreading Globally, What They Cost, and How to Address Them,” Information Technology and Innovation Foundation, July 19, 2021,; and “Restrictions on International Data Flows Have Doubled in Four Years, With Measurable Economic Consequences, ITIF Reports,” Information Technology and Innovation Foundation, July 19, 2021,

21 Alex Pentland, Alexander Lipton, and Thomas Hardjono, Building the New Economy: Data as Capital (Cambridge, MA: Massachusetts Institute of Technology, 2021),

22 A couple of examples are the annual Internet Governance Forum conferences held under the auspices of the United Nations and the digital policy work done by the Organisation for Economic Co-operation and Development. See Internet Governance Forum (IGF), “IGF Annual Meetings Proceedings,” IGF,; and “Internet Policy and Governance,” Organisation for Economic Co-operation and Development, December 9, 2021,

23 Adam Segal and Gordon M. Goldstein, Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet, (New York: Council of Foreign Relations, July 2022),

24 Datasphere Initiative, “About Us,” Datasphere Initiative, This initiative was started by the Internet and Jurisdiction Policy Network.

25 United Nations, “Secretary-General’s Roadmap for Digital Cooperation,” United Nations, May 29, 2020,

26 Anne-Marie Trevelyan and the UK Department for International Trade, “G7 Trade Ministers’ Digital Trade Principles,” Anne-Marie Trevelyan and the UK Department for International Trade, October 22, 2021,

27 Rajat Kathuria, Mansi Kedia, Gangesh Varma, and Kaushambi Bagchi, “Economic Implications of Cross Border Data Flows,” Indian Council for Research on International Economic Relations and Internet and Mobile Association of India, November 2019,

28 “‘India Won’t Compromise Its Digital Sovereignty,’: Ravi Shankar Prasad,” Hindustan Times, June 6, 2021,

29 “What Is the Cross-Border Privacy Rules System,” Asia-Pacific Economic Cooperation, October 2021,