Data Transmission: The New International Trade Challenge.

• Author: DiLullo, Samuel

INTRODUCTION

As new technologies are developed, old ones are modified, and technology users grow, business must be careful that its data processes are sufficient to adequately protect data and follows both domestic and international regulations (Telenor group, 2020).

Cross-border Internet bandwidth use grew 45 times larger between 2005 and 2016 and is projected to increase nine times more by 2021 (McKinsey, 2016). Almost 4.54 billion people, encompassing 59 percent of the global population, were active Internet users as of January 2020, with China, India, and the United States ahead of all other countries in number of Internet users (statista, 2020). It is projected that there will be 5.3 billion total Internet users (66 percent of global population) by 2023.

Unfortunately, within this growth of Internet use, a significant number of data breaches have occurred resulting in exposure of private information and such breaches are projected to continue and to multiply in the future (Cisco, 2020).

* 2005-157 million data breaches

* 2013-1 billion breaches

* 2014-500 million at Yahoo and was not revealed until 2016

* 2017-3 billion breaches

* 2018-9 billion at Apollo, a sales intelligence company

* 2019-1.47 billion (statista, 2020)

As digital business expands domestically and internationally, more consumer data will be transferred, but will be at risk. The public is becoming aware of the danger to its personal and professional information and looks to business for secure management of its data. Business, in turn, should aim for national and international cooperation to protect clients' data from a breach.

The challenges that the new digital economy present to the current international trade structure have placed global trade under significant stress (World Trade Review, 2019).

DATA BROKERS

A significant problem to be confronted is the regulation of and protection of information which is collected when individuals use the Internet for both business and personal use. Much of the data is collected and disseminated by Data Brokers who collect, share, aggregate, create, and use consumer profiles containing sensitive personal information. This information can both harm consumers if publicly revealed, but also benefit them if used to provide relevant offers, coupons, and more choices at lower costs when consumers search for products and services using the Internet (Federal Trade Commission, 2014).

Over 4,000 data brokering companies exist today throughout the world to collect consumer data. Acxiom, one of the largest, has 23,000 servers collecting and analyzing data for 500 million consumers worldwide, with up to 1,500 data points per person (WebFX, 2020).

Although, there is concern and extensive discussion about regulating Data Brokers, there is not yet U.S. federal regulation nor international regulation. At the state level, currently only three states in the United States have consumer data privacy laws (NCSL National Council of State Legislatures, 2020).

* Nevada provides the right for consumers to request that the operator not sell the consumer's personal information and the operator must abide by a request. NEV. REV. STAT [section][section] 603A.300-360.

* Vermont requires data brokers to register with the state and specify their practices. VT. STAT. ANN. tit. 9 [section][section] 2430, and

* California recently enacted California Consumer Privacy Act (CCPA) that requires any entity collecting consumers' personal information disclose the information that is collected and how the information will be used CAL. CIV. CODE [section] 1798.100(a)-(c) (West 2020).

U.S. REGULATION

It is imperative that potential harm be mitigated and benefits maximized by appropriate agreed upon regulation both domestically and internationally to protect data transmission and to maximize both societal and economic benefits (Telenor Group, 2018).

Historically, United States legislative protection of personal information has been a hodgepodge of hundreds of laws and regulations at both the federal and state level. There is no single principal data protection legislation in the United States. Beyond the regulated industries context, regulation at the federal level is found in the Federal Trade Commission Act (15 U.S. Code [section] 41 et seq.) (ICGL, 2019)

However, there are a number of federal laws that regulate the collection, storage, and processing of personal data within specific industries, such as the Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB Act)), The Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act (Chorpash, 2020).

Since the 1970s the Federal Trade Commission (FTC) has been the chief federal agency protecting privacy when it began enforcing the Fair Credit Reporting Act, one of the first federal privacy laws (Federal Trade Commission, 2020).

The agency uses law enforcement, policy initiatives, and both consumer and business education to protect consumers' information to ensure that they have the confidence to take advantage of the many benefits of the ever-changing marketplace.

In July 2019, the FTC announced a record-breaking $5 billion penalty against Facebook. The penalty related to allegations that the company violated a 2012 FTC privacy order by deceiving users about their ability to control the privacy of their personal information. In addition to the historic monetary penalty, the 2019 settlement included unprecedented new restrictions on Facebook's business operations and created multiple channels of compliance. The order required Facebook to restructure its approach to privacy from the corporate board-level down and established strong new mechanisms to ensure that Facebook executives are accountable for decisions they make about privacy and subject to meaningful oversight (Federal Trade Commission, 2020).

On April 6, 2020, the FTC concluded a settlement with Tapplock, Inc. concerning FTC allegations that Tapplock deceived consumers by falsely claiming that its Internet-connected smart locks were designed to be "unbreakable" and that it took reasonable steps to secure the data it collected from users. The settlement included additional supervision from the FTC (Federal Trade Commission, 2020). Facebook and Tapplock are two examples of companies who experienced a setback because they violated FTC laws governing data transmission.

In addition to the FTC, various federal agencies regulate data collection and protection. In the financial services context, the Consumer Financial Protection Bureau provides standards pursuant to the Gramm-Leach-Bliley Act (GLB) that dictate how firms subject to their regulation may collect, use, and disclose non-public personal information. The Department of Health and Human Services is responsible for enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Federal Trade Commission and the Department of Justice enforce The Electronic Communications Privacy Act of 1986 (ECPA), which protects wire, oral, and electronic communications while being made in transit and when stored on computers. The ECPA applies to email, telephone conversations, and data stored electronically (U.S Department of Justice, 2019).

In 2018, California signaled a shift in focus when the state enacted the California Consumer Privacy Act (CCPA) previously mentioned. The Act, which entered into force on January 1, 2020, grants users the right to request information about commercial uses of their data, to request the deletion of that data and to opt out of the sale of that data without discrimination. Seventeen other states are considering similar legislation. Outside the United States, numerous countries have either strengthened or are developing data protection legislation inspired by the GDPR (Geddes, 2020).

Since January 2019, Vermont's new data broker law requires annual registration with the state, adoption of comprehensive security and disclose measures, opt-out policies, and credentialing practices. This new law has resulted in at least 121 company registrations, resulting in exposure of an assortment of diverse unknown companies, as well as giants of the industry (Chalk, 2019).

Although there are no regulations requiring the federal and state data protection authorities to cooperate, a number of State Attorneys General have established a multistate task force to pool resources in order to collectively, investigate, litigate and reach settlements with companies that breach the law. Many regulations provide individuals with a private right to bring lawsuits against organizations they believe are violating the law.

U.S. TREATIES/AGREEMENTS

The U.S. has 14 free trade agreements in force with 20 countries: Australia, Bahrain, Chile, Colombia, Israel, Jordan, Korea, Morocco, Oman...