April 2023
Digital Policy Forum Japan[1]

　Since our inception in September 2021, the Digital Policy Forum Japan (DPFJ) has made several recommendations[2]. On the occasion of the G7 Summit (May 2023) and G7 Digital & Technology Ministers’ Meeting (April 2023) being held in Japan, we propose a collection of policies aimed at promoting global cooperation in shaping digital policy, based on the fundamental belief that G7 collaboration in digital policy initiatives will greatly contribute to building a robust global data-driven society.
　The term “data-driven society” refers to a problem-solving society that addresses various socioeconomic challenges by developing and operating big data analytic tools and solutions based on them. In order to build a problem-solving society amidst rapid population decline and strict fiscal constraints, it is critically important for Japan to improve the three elements of data quantity, quality (granularity), and fluidity.
　The Japanese government’s DFFT (Data Free Flow with Trust) proposal at the G20 Osaka Summit (June 2019) and other occasions embodies this concept, but discussions for realizing DFFT have reached the stage where they should shift from “general to specific”. Therefore, we should simultaneously engage in:
　(1) Promoting data sharing to increase data volume;
　(2) Strengthening data security to improve data quality; and
　(3) Developing international cyberspace rules to enhance data fluidity
　At the same time, we should advance the:
　(4) Assessment of international digital agreements to ensure international consistency for items (1) to (3).
　Taking into account the global recovery from the COVID-19 pandemic and the ongoing catastrophic war in Ukraine as well as the utilization of AI that is currently being discussed globally, it is necessary to always bear in mind the principles of “a user-centric digital society without a reset button” and “digital technology based on the premise of peaceful use” for the long-term benefit of humanity, which is composed of diverse values and stakeholders.

(1) Promoting data sharing

　First, it is necessary to accelerate the establishment of institutional frameworks for data sharing. For example, the European Commission is considering the enactment of the Data Act that promotes the sharing of a wide range of data, such as IoT-generated data, in addition to the Data Governance Act (to be applied from September 2023) to enhance data fluidity. In Japan, we also need to consider policies that enhance data fluidity and the growth of prudent data intermediaries. In particular, the expansion of related markets for data intermediaries is effective in making the economic value of data, an intangible asset, measurable.
　Concurrently, we should deepen our examination of the ecosystem of data access, including the appropriateness of generating and accumulating sensitive data, the way access rights to such data are granted, and the rational differences in data sharing during normal and emergency situations.
　At the same time, with regard to imposing competition laws on platform operators (such as Tech Giants), it is necessary to widely introduce ex ante regulations based on the characteristics of data to complement current competition laws that are mostly established in reaction to issues that crop up. This will prevent data monopolization by platform operators and ensure a competitive market environment[3]. In this regard, it is important to consider the international consistency of policies and international cooperation handling by competition authorities, as the markets for businesses related to big data are cross-border. Moreover, in content distribution where platform operators often have a dominant position, a more diverse set of content can be made available by making various data, including metadata, accessible and well-maintained.
　Furthermore, we should aim for a more extensive data-driven urban management by constructing interconnected smart cities through true standardization that ensures interconnectivity for smart cities being developed across the country. Specifically, we should: aim for cost reduction and security enhancement by using cloud infrastructure to provide common services in smart cities; encourage private sector solutions by allowing the use of APIs (Application Programming Interfaces); and enhance urban management simulation capabilities by synchronizing smart cities with the metaverse.

(2) Strengthening data security

　In a data-driven society, ensuring the quality of data, specifically its integrity, is one of the key challenges. If data is tampered with during its circulation, it can lead to social and economic confusion through widespread malfunctions. Thus, there is an urgent necessity to establish a policy for trust service providers that provide proof of the data owner’s integrity, records of the data transmission time and proof of non-tampering (timestamp), and delivery confirmation (e-delivery).
　Moreover, to ensure data security, it is necessary to consider new institutional frameworks such as the introduction of a third-party certification (registration) system for data intermediaries and the use of blockchain technology for initiatives that maintain reliable records and data supply chains as well as prevent tampering.
　Furthermore, efforts to counter disinformation, which directly relates to the quality of data (information), should be strengthened through public-private collaboration. Countermeasures against disinformation should primarily be carried out by the private sector, considering the principles of freedom of expression and prohibition of censorship. Therefore, it is desirable to adopt a co-regulatory approach in which the government establishes fundamental guidelines in collaboration with the private sector for the activities of fact-checking organizations and platform operators. Based on these guidelines, fact-checking organizations and interested parties should voluntarily develop, operate, and disclose their own operational rules, and then evaluate their performance afterward to determine whether revisions to the guidelines are necessary.

(3) Developing international cyberspace rules

　The role of nations in cyberspace issues has been discussed in forums such as expert-led United Nations meetings, but there is a significant gap between the positions of the Western Bloc, which believe that existing international rules should be applied to cyberspace as they are, and countries like China and Russia. China and Russia adopt a position that recognizes state sovereignty in cyberspace (cyber sovereignty) and embrace a multilateral approach, where cyberspace rules should be decided by consultation between national governments. In contrast, the Western Bloc take a multi-stakeholder approach, which incorporates the opinions of diverse groups such as governments, industries, academia, and civil society, while adhering to the fundamental principles of “autonomy, decentralization, and cooperation,” considering the history of internet development.
　In the midst of this unresolved disagreement between the two sides, the Russian military invasion of Ukraine broke out. This war has seen the actual deployment of hybrid warfare or simultaneous armed and cyber attacks (including cognitive warfare through the spread of disinformation), highlighting gray zones, specifically the blurred boundaries between peacetime and emergencies, and the issues caused by the absence of international rules in cyberspace.
　While the discord between the two sides is significant, considering the importance of the internet as a shared human asset (public core internet) and the need to avoid a digital cold war-like stalemate between the two sides, it is imperative that like-minded countries, primarily the Western Bloc, strive to ensure international consistency in cyberspace rules. This includes prohibiting data localization, prohibiting state censorship of algorithms developed by private companies, ensuring the transparency of AI algorithms, and explicitly designating infrastructure that should not be subject to cyber attacks from an international humanitarian perspective, such as election systems and nuclear power plants.
　At the same time, not all of these items necessarily need to be regulated by law. Efforts should be made to ensure international consistency in the application of soft laws, such as co-regulation and voluntary industry self-regulation.
　Furthermore, the consideration to introduce active cyber defense has been highlighted as a key topic in the “National Security Strategy” decided by the government in December 2022. In considering active cyber defense, it is appropriate to examine reasonable and effective methods and systems while fully taking into account the principles of international law and clarifying a comprehensive deterrence strategy.

(4) Assessment of international digital agreements

　As outlined above, from the perspective of (1) promoting data sharing, efforts should be made to develop systems for enhancing data fluidity, applying ex-ante regulations to platform operators exceeding a certain size, and building interconnected smart cities.
　Also, from the perspective of (2) strengthening data security, measures such as the development of policies for trust service providers, examination of institutional frameworks for securing data supply chains, and promotion of co-regulation for countering disinformation are required.
　Furthermore, from the perspective of (3) developing international cyberspace rules, efforts are needed in establishing international cyberspace rules by like-minded countries, promoting international consistency of soft laws, and advancing the consideration of active cyber defense.
　Therefore, it is desirable to focus discussions on the above topics, mainly in the G7, and compile the results into (4) international digital agreements as they are agreed upon, implement them as actual DFFT rules, and regularly evaluate their operating performance and make necessary revisions for improvement.
　The initiatives mentioned above are expected not to be limited to the G7, but to also be raised as one of the main themes for expanding dialogue with ASEAN countries and other neighbors. In addition, we strongly hope that effective discussions will continue on interdisciplinary issues such as the economic value of data and data distribution rules, involving industry, academia, and the public sector, through the use of international organizations such as the OECD, and through the formation of neutral organizations and projects based on new public-private partnerships.

End

[1] This proposal is a consolidation, to the greatest extent possible, of discussions held at the Digital Policy Forum Japan (DPFJ). However, there may be cases where the opinions expressed differ from those of individual DPFJ members (initiators and supporters) or the opinions of the organizations to which the members belong.

[2] In June 2022, the DPFJ published a proposal titled “Seven Perspectives for Realizing a Data-Driven Society” https://www.digitalpolicyforum.jp/wp-content/uploads/2022/06/proposal_en.pdf

[3] Services by platform operators are often provided in bundles, and business divisions exceeding a certain number of MAU (Monthly Active User) often record revenue independently, making it worth considering the introduction of a system that discloses the structure of how they utilize user data to provide profitable services. Doing this may give us hints on devising measures to ensure fair competition for platform operators with recognized market dominance, such as limiting the mutual use of personal data between different services or allowing competitors to use data under the same conditions by paying an appropriate price.