Cross-Border Data Flows Under RCEP: Striking a Balance Between Security and Competitiveness

RCEP, a free trade agreement among 15 Asia-Pacific countries, offers greater flexibility for data flows than frameworks like the GDPR implemented by the European Union.

This article examines the regulations on cross-border data flows under the Regional Comprehensive Economic Partnership (RCEP), particularly those outlined in its Electronic Commerce chapter (Article 12). In the digital era, data flows are essential for international trade in services like e-commerce and cloud computing, enabling businesses to operate and innovate. While free data flows can enhance a nation’s competitive advantage, they also raise concerns regarding national security. This article argues that RCEP successfully navigates this tension, particularly for developing countries.

First, RCEP is more flexible than frameworks like the General Data Protection Regulation (GDPR) and the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), allowing free data flows while respecting domestic regulations. Second, RCEP’s Non-Reciprocity principle supports developing nations by offering more extended transition periods and fewer restrictions. Lastly, RCEP fills gaps left by the World Trade Organization (WTO), providing more precise rules for digital trade and data flows while aligning with the General Agreement on Tariffs and Trade (GATT) and the General Agreement on Trade in Services (GATS) principles.

RCEP’s Flexibility Compared to Other Regional Cross-Border Data Flow Agreements

RCEP, a free trade agreement among 15 Asia-Pacific countries, offers greater flexibility for data flows than frameworks like the GDPR implemented by the European Union (Zhai, 2024). GDPR emphasizes personal data protection as a fundamental human right and imposes strict rules on cross-border data transfers. In contrast, RCEP adopts a more relaxed approach, enabling cross-border data flows while respecting the domestic regulations of member countries. Articles 12.14(2) and 12.15(2) of RCEP explicitly prohibit data localization as a form of protectionism. However, RCEP allows exceptions to data localization bans for specific reasons such as national security or legitimate public policy (Articles 12.14(3) and 12.15(3)).

RCEP provides flexibility by granting member states autonomy to establish domestic policies related to data within certain limits to ensure compliance with the agreement’s objectives (Wang, 2022). This institutional design reflects a consensus among member countries to balance the urgency of enhancing international trade competitiveness through cross-border data flows with the need to safeguard data as part of national security.

Streinz (2021) notes that RCEP enables China to maintain its internal data restrictions under the guise of national security without facing disputes between member states, which might arise under CPTPP. Furthermore, China’s participation in RCEP, its first agreement involving commitments on data governance, highlights that regulatory flexibility is crucial in encouraging countries to join (Streinz, 2021).

The Principle of Non-Reciprocity: RCEP’s Sensitivity to Developing Countries

RCEP incorporates the principle of non-reciprocity, acknowledging the developmental disparities among member countries. This principle grants less developed countries more time to adapt to RCEP regulations. For instance, RCEP gives Cambodia, Laos, and Myanmar five years to implement specific provisions, with the option of a three-year extension.

Zhai (2024) explains that RCEP embodies Asian values of respecting diversity and promoting sustainable economic development. By adopting this sensitivity through non-reciprocity, developing nations can strengthen their domestic capacities before fully liberalizing cross-border data flows. This collective effort by the member countries enables Cambodia, Laos, and Myanmar to enhance their competitive advantage while maintaining national stability. This approach contrasts sharply with the strict standards of the GDPR and CPTPP, which are driven by the United States and Europe, often needing more regard for the domestic conditions of member states (Streinz, 2021). Additionally, RCEP’s principles of non-discrimination and the prohibition of disguised restrictions further enhance its appeal.

RCEP Bridges WTO’s Gaps

As a regional economic partnership, RCEP provides more transparent and specific digital trade rules than the WTO. The WTO’s efforts to establish e-commerce rules remain limited due to a lack of global consensus (Streinz, 2021). RCEP addresses this gap by regulating cross-border data flows in greater detail while remaining aligned with GATT and GATS principles (Huang & Lei, 2022).

RCEP aligns with WTO principles such as transparency, non-discrimination, and removing unnecessary trade barriers. This alignment is evident in provisions like the “legitimate public policy” clause, which grants flexibility to member countries to protect public interests or maintain order (Huang & Lei, 2022). Moreover, Articles 12.14 and 12.15 of RCEP provide a legal framework for facilitating digital trade without waiting for potentially protracted multilateral WTO agreements.

RCEP’s structure and provisions are influenced by the CPTPP, particularly regarding data localization bans and consumer data protection (Huang & Lei, 2022). Despite differences in enforcement strictness, the overlap in substance between RCEP and CPTPP reflects a trend among nations to balance data as a national security concern with its role as a competitive advantage. By harmonizing frameworks, CPTPP and RCEP help address the “Asian noodle bowl phenomenon” of overlapping regional trade agreements (Huang & Lei, 2022). This alignment also signals the need for WTO to expedite consensus on cross-border data flow regulations.

Challenges

Despite its innovative approach to balancing national security and competitive advantage in cross-border data flow regulations among its member states, RCEP has several areas for improvement. First, its high flexibility may enable hidden protectionism, with member states potentially abusing exceptions to shield domestic industries (Zhai, 2024). Second, regulatory fragmentation among member states could hinder regional digital integration (Wang, 2022). Divergent domestic policies and standards may create obstacles for businesses seeking to operate seamlessly across borders. Third, the lack of robust personal data protection standards in some member countries poses risks to individual privacy (Streinz, 2021). Without strong safeguards, the benefits of cross-border data flows may come at the expense of consumer trust and security. Addressing these gaps will ensure the long-term success and credibility of RCEP’s digital trade framework.

Conclusion

As a regional partnership, RCEP has its challenges. RCEP must address hidden protectionism, regulatory fragmentation, and insufficient personal data protection. However, RCEP deserves recognition for its innovative approach to cross-border data governance, which still needs to be addressed by institutions like the WTO. RCEP’s flexibility and sensitivity to the needs of developing countries make it a model for multilateral governance, balancing national security concerns with the need to enhance the competitive advantages of its members.

Adelia Putri Reza
Adelia Putri Reza
Adelia Putri Reza is an undergraduate student in International Relations at Universitas Gadjah Mada, Indonesia. Adelia is passionate about exploring the intersections of global politics, economic development, and gender, focusing on addressing disparities between the Global North and South.