Why regulating cross-border digital trade is tricky

During the pandemic, many more people around the world ditched brick-and-mortar stores to order stuff online and have it delivered to their doorstep. And the trend isn’t going away.

But the convenience of getting almost anything you want with a few taps of your phone doesn't mean it's easy for the companies selling you the goods or services — or for the governments weighing the need for new rules to regulate cross-border e-commerce.

What is cross-border digital trade? While there's no commonly accepted definition, the OECD says it's "digitally enabled trade in goods or services, whether digitally or physically delivered."

It covers e-commerce transactions between buyers and sellers located in different countries, where (normally) different digital trade rules apply. The lack of universal legislation can make it harder than you'd think to buy and sell digitally when the product — even data flows — is of foreign origin.

Most experts agree there should be rules to govern cross-border digital trade, but the devil is in the details. Free marketers believe red tape should be kept at a minimum for e-commerce to flow seamlessly from, let's say, a small carpet maker in the Middle East to customers in Europe.

But what if that small business uses an online selling platform that collects data in a way that conflicts with a country’s privacy laws? Or if the manufacturer uses chemicals banned by the destination country? What if the online transaction is powered by a server located in China that won’t allow an audit for local tax collection?

One of the thorniest debates is over data protection, where Europe is leading the way. Ever wonder why so many websites ask if you want to accept their cookies? Cookies help companies learn more about you – and especially how to appeal to you. But in Europe, they are considered personal data. So if companies do business in the EU, which (arguably) has the world's most advanced online data protection law, cookie consents are a must.

The bloc’s General Data Protection Regulation gives EU residents the right to demand all the data any firm has collected on them. Failure to consent can mean big trouble.

The flip side is that while this is a great way to keep Big Tech from stealing your data, non-EU small businesses that sell to the EU can find the GDPR too onerous because they rely on third-party data to find customers. Some are even opting out of the EU market altogether to avoid the requirement.

So, what's the best way forward? Ideally, a global system would create a level playing field for small businesses to get a fair shot at expanding their overseas customer base but stop them from collecting buyers' data and selling it to third parties. To be effective, though, it would need to have a broad consensus, be easy to implement, and have teeth so bad actors could be held accountable.

But if we've learned anything from the experience of the World Trade Organization in trying to settle disputes between the US and China, it’s that enforcing trade rules will be anything but easy.