Assignment #3

Submitted on: 14 June 2025

Completed by: Ridhika Singh, Atharav Sharma, Rasmi Ranjan Sahu, Sparsh Katyal

Contributions: RS wrote the discussion text for Topics ‘3.1’ through ‘3.1.3’ and Topics ‘3.4’
through ‘3.4.4’ and made 2 illustrative figures ‘Fig. 1 & Fig. 2’.

SK wrote the discussion text for Topic ‘3.2’.

AS wrote the discussion text for Topics ‘3.3’ through ‘3.3.3’ and made 2 illustrative figures ‘Fig.
3 & Fig. 4’.

RRS made ‘Flowchart 1’ and wrote the discussion text for Topic ‘3.5’ through ‘3.5.2’

Incognito Blueprints- all rights reserved. Do not distribute.

1
Assignment #3: due on/before 14 June 2024 11:59 PM EST
Create a minimum of 3 figures/flowcharts as per research category below using appropriate
captions.
Caption maximum of 200 words per figure/flowchart.
Font for caption: Times New Roman; Size: 10;

Research type No. of Figure/s Required No. of Flowchart/s Required

Qualitative 2 1

Quantitative- CS 1 2

Figure 1:

Fig. 1: The AI governance sector is anticipated to approach a market size of $16.5 billion by 2033, expanding at a
compound annual growth rate (CAGR) of 25.5% between the period of 2024–2033. Organisations are reorienting
their investment toward AI-based compliance mechanisms. Despite this upward trend, this uncharted territory will
meet the full-scale integration of AI within global data governance structures with a handful of challenges.

Incognito Blueprints- all rights reserved. Do not distribute.

2
Figure 2:

Fig. 2: Data governance in this digital age is a global paradigm-shifting infrastructure, which requires an
all-encompassing framework that honors the rapid growth in technology and innovation, while compartmentalising
particular roadblocks, jurisdictional or nationwide along the way. Through concerted efforts, it can more efficiently
balance the interest of all subjects involved in this exchange. Some factors are depicted above.

Incognito Blueprints- all rights reserved. Do not distribute.

3
Flowchart 1:

Flowchart 1: The global regulatory environment encompasses a wide range of frameworks organisations are
subjected to follow . Here are three such frameworks that monopolise the industry and shape other jurisdictional
standards and regulations.

Incognito Blueprints- all rights reserved. Do not distribute.

4
Figure 3 :

Fig. 3: Comparative Overview of Advantages and Disadvantages in Global Data Privacy Laws.

Incognito Blueprints- all rights reserved. Do not distribute.

5
Figure 4:

Fig. 4: Overview analysis of limitations and challenges in global data governance.

Incognito Blueprints- all rights reserved. Do not distribute.

6
Proceed to writing the results and discussion section for your research. Both the results and
discussion sections should be a minimum of 600 words and should include references and
citations as mentioned in chapter 2.1. Tables are permitted to be used if needed. Please do not
include any figures or illustrations for this section.
Font for assignment: Times New Roman; Size: 12; Alignment: right align

Instructions for submission: follow assignment submission instructions linked here.

Name of heading Description

3. Discussion 3.1 We live in a world where contemporary life is shaped by complex

information technologies. Data is wide and extensive. The growing
dependence on digital technologies and harmonious data transfer
globally has become integral components of modern culture and
commerce. We are drowning in information every second of an hour,
and trying to find our centre at the intersection of technology and
information.
In this era of global connectivity and economic interdependence, this
review illustrates the challenges posed by jurisdictional
inconsistencies and gaps in regulating the exchange of data across
borders.

The exponential rise in Multinational Corporations (MNCs), online

services and transnational supply chain accentuates the pressing need
for effective and standardised rules to abide by. To this end, the
pervasive interconnection surfaces a multitude of risks, challenges and
struggles for businesses, policymakers and researchers alike.

3.1.1 Legal Frameworks:

After examining the current legal frameworks that govern the

regulation of cross border data flows, we found a dynamic
paraphernalia designing the system. It comprises diverse conventions,
agreements, and treaties.

This comprehensive instrument aims to build a cohesive foundation

for the international economy to function in accordance. The aim is to
provide an international framework that keeps this growing domain of
data governance in check.

Incognito Blueprints- all rights reserved. Do not distribute.

7
 Each international law enforcement is established to address particular
aspects of data regulation and shape policies worldwide.

Overview of Key Data Governance Frameworks

1.​ Budapest Convention: It is the first international treaty, also

known as the “Convention on Cybercrime”, which is laser
focused on mitigating cyber crimes and fostering harmony in
the national legislation.
2.​ General Data Protection Regulation : It stresses upon
individual rights, transparency, and consent. It also subjects
organisations to stringent penalties and hefty fines in case of
noncompliance. It has a global reputation for being the gold
standard of regulatory systems. [X]
3.​ The United Nations: It has been playing a quintessential role
in stimulating cooperation through multiple initiatives. For
instance, the ‘UN Group of Governmental Experts on
Developments’ in the Field of Information and
Telecommunications.
4.​ The World Trade Organisation: It addresses the trade related
issues in transnational data transfer.
5.​ The Organisation for Economic Cooperation and
Development (OECD) : It defines the principles that shape
both, member and non-member nations’ data policies and
protection strategies.
6.​ PIPL (China) : It is centred around national security and
security of individual information. [X]
7.​ U.S. State Laws (e.g. CCPA) : It is a composition of
jurisdiction specific and state level regulations and legislations.
Such as the California Consumer Privacy Act (CCPA) which
emphasises on consumer rights undertaking a self-regulatory
framework. [X]
8.​ Japan and South Korea : Japan’s Act on the Protection of
Personal Information (APPI) and South Korea’s Personal
Information Protection Act (PIPA) are both notable for their
stand on transparency and localisation. These laws are
designed to make room for innovation alongside individual
privacy. [X]

3.1.2 Impact on Market Access and Business Strategies

Incognito Blueprints- all rights reserved. Do not distribute.

8
 The inconsistent and fragmented nature of these frameworks that
currently govern data creates significant barriers and challenges for
organisations operating on a global scale. For instance, GDPR’s
Brussels effect takes precedence because of its extraterritorial
application and impedes companies outside the EU. Given the
importance of the EU consumer market for multiple MNCs, they
persuade their national authorities to adopt EU standards and avoid
being at a competitive disadvantage to their domestic counterparts.
While, PIPL’s focus on data localisation curtails cross border data
flow. [X] [X]
A vast majority of US businesses, particularly tech firms, battle with
compliance issues stemming from the lack of a comprehensive data
privacy law, since they function on multiple jurisdictional applications.
[X]

3.1.3 Are Innovation and Privacy Mutually Exclusive?

The incessant friction between leveraging data for technological

advances and fulfilling the requirements and privacy regulations is a
strategic dilemma. AI driven enterprises’ effort to navigate restrictions
on data collection and processing while maintaining a competitive
edge is going to intensify in the face of scrutiny and innovation.
Additionally, the world is becoming more privacy conscious by the
day, thus, transparency and accountability in AI infrastructure will
further convolute compliance efforts. [X]

3.2 Overview of Strategic Framing and Competitive Response to

Global Data Privacy Regulation

Privacy regulation has entered a new phase where it is no longer a

mere compliance, and risk management issue, it is at the center of
corporate governance, risk strategy, and competitive advantage in the
global data economy. Thus, in terms of navigation and compliance,
this study empirically considers how multinational companies frame
privacy risks, and their legal obligations to regulators, through their
public disclosure practices and decision-making frameworks. This
research draws on cross-jurisdictional cases and regulatory
frameworks. We establish a synthesis that brings together the
comparative interpretive policy framework, corporate risk vocabulary,

Incognito Blueprints- all rights reserved. Do not distribute.

9
 and compliance and navigation strategies, to assess how corporations
confront legal fragmentation related to data privacy.

A primary observation is that firms no longer view privacy as just a

formality of the law but disposition it as also a reputational, financial,
and operational issue. We think this transition occurs, at least in part,
due to firms viewing data governance as a material risk to investor
confidence, customer loyalty, and regulatory exposure, or statute. For
instance, in public reporting, firms such as Microsoft and Apple
position privacy leadership as a means of building trust and not just
regulatory adherence [x].

Secondly, companies that are proactive about aligning with high

standards of privacy (for example, CCPA, GDPR, etc.) leverage that
alignment as a market differentiator. We argue this is a strategic way to
position oneself, generally, because trust is now a competitive
currency in privacy-sensitive industries. Cisco's (2023) Data Privacy
Benchmark Study reported that 96% of organizations stated that
investments related to privacy provided measurable benefits to the
business, (for example trust, innovation, and efficiency).

Finally, the compliance strategy has shifted toward anticipatory rather

than reactive. We think this is due in part to emerging laws like the EU
AI Act and global interoperability projects like the Global CBPR
Forum which ask firms to develop governance systems that would
enhance the foundations of compliance, and be flexible and
forward-looking.

In summary, what we are thinking—that privacy risk framing is

increasingly composed and strategic—is based on why we are
thinking: regulatory intensity, consumer expectations and reputational
dynamics intersect to move privacy from compliance issue to a
conduit for international competitiveness.

3.3 Global Data Governance Discussion with a Focus on

Challenges, Limitations, and Comparative Perspectives
The high increase in cross-border data flows, projected to hit 180
zettabytes by 2024 (UNCTAD), has led to a shift in data governance

Incognito Blueprints- all rights reserved. Do not distribute.

10
 from a technical matter to a question of international politics, trade,
and strategic approaches. The regulations governing data continue to
rely on national borders and domestic approaches, despite data being a
worldwide asset which is subject to security failures and privacy
concerns. The absence of a regular global framework is putting
multinational companies at considerable legal dangers, increased
expenses, and unequal levels of protection which is contributing to
worldwide failure of security measures. Companies worldwide are
facing complex regulations which are directly influenced equally by
political factors and privacy concerns. This section looks at various
frameworks' challenges, advantages, and relative disadvantages.
​
3.3.1. Challenges in Global Data Governance​
The main barriers in Global Data Governance include lack of
multilateral agreements, different regulations, and lack of full-scale
implementation.

1.​ Fragmented Regulation: UNCTAD (2023) reports that over

60% of countries need comprehensive data privacy, resulting in
inconsistent implementation. ​

2.​ Data Localization: Short-term solutions like customization of

their data practices for each nation, raises infrastructure costs
and limits operational efficiency of companies.​

3.​ Enforcement Loopholes: Frameworks such as GDPR have

extraterritorial authority but are confined to a particular zone,
leading to restricted worldwide applicability.​

4.​ Political Influence: National & public interests play a very

central role in creating and amending regulations, such as
China's state-centric approach compared to the EU's
rights-focused model, leading to global power disparities being
prominent in this ideological imbalance. .

3.3.2. Advantages and Disadvantages of Key Frameworks with

reference to Global Data Privacy Laws

Incognito Blueprints- all rights reserved. Do not distribute.

11
 Each framework offers unique benefits and regulations, but also
presents structural and political drawbacks.

1.​ GDPR (EU):

●​ Advantages
Strong consumer rights and corporate accountability.
Global benchmark for many non-EU nations to align with it for
trade.​

●​ Disadvantages: ​
The context of extraterritorial scope and the intricate
enforcement of these laws are controversial.​
High costs make it harder for SMEs to comply, leading to
imbalance in maintaining national security and further
prompting legal breaches.​

2.​ PIPL (China):

●​ Advantages​
Emphasises digital sovereignty and quick national rollout.​
Centralised enforcement reduces ambiguity.​

●​ Disadvantages​
Restrictions on data transfer abroad deter foreign businesses.​
Risks of governmental control, state monitoring, and unclear
application. ​

3.​ U.S. State Laws (like CCPA which are in limited states):
●​ Advantages​
Regulations and safety protocols that are both
commerce-oriented and inventive​
They offer effective customer opt-outs and portability.​

●​ Disadvantages​
Lack of a national standard causes fragmentation at the state
level.​
Global operators become discouraged due to inconsistent rights
across jurisdictions. ​

Incognito Blueprints- all rights reserved. Do not distribute.

12
 3.3.3. Limitations and Legal Unbalance in Different Systems

All three laws are insufficient to achieve worldwide harmonisation,

despite their advantages. The UN Digital Economy Report (2022)
states:

●​ GDPR: Strong influence but lack of efficiency and universal

enforceability.​

●​ PIPL: Effective at domestic level, but interferes with

international business operations.​

●​ US Laws: Adaptable but disjointed, deficient comprehensive

and well-organised standards.

Additionally, the lack of a legally binding multilateral framework to

resolve this issue results in instability, security threats, mass data
leaks, and a failure to protect privacy globally. Moreover, laws from
dominant powers are frequently adopted by smaller countries, which
favours one country over another and leads to bias, prompting unfair
digital economies, which promote security threats and legal lapses.

3.4 A Small Window Into the Future of Global Data Governance

The steep rise in the volume of global cross-border data flows which is
predicted to exceed 200 zettabytes by 2025, underlines the gravity of
dynamic governance standards in the contemporary international
business ecosystem. [x]
The challenges posed by inconsistent regulations, EU’s GDPR and
China’s PIPL will negatively impact the business operations.
These data flows are providential to several facets of the global
economy, ranging from international finance, supply chain
management, and digital marketing therefore requiring an all-inclusive
and harmonised semblance of structure.
Albeit, the current frameworks set the stage for smooth business
cycles and secure individual privacy, but infringe the capacity of
organisations by subjecting them to multiple stages of compliance,
data collection, processing and transmission. With data being the “new
oil” of businesses, the existing literature clearly states that they are
grappling with an enormous undertaking to stay afloat in the market,
often having to hone their models and operational procedures. [X]

Incognito Blueprints- all rights reserved. Do not distribute.

13
 Companies have discerned a pattern of how data management is
withdrawing from a “gather with consent” mechanism to one, where
businesses have to account for the data handling every single step
through operational activities.
One such prevalent challenge is the ill-conceived requirements that
defeat the purpose of restoring harmony, ultimately leading to
compliance burdens and operational inefficiencies.

Companies are disillusioned with the system because they have to

tailor their approach and implement different policies for different
jurisdictions, subsequently reinforcing their financial deficiencies
because of increased costs and complexity.
Concerns around information sovereignty have exacerbated ‘data
residency’ worldwide. The divide between data subjects and data
processors disjoints the infrastructure as individuals lack the resources
and knowledge to exercise their rights to protect their privacy.

As Park, Kietzmann, and Killoran (2025) explain, companies need to

comply with not only local regulations but actively establish
transparent communication channels as to how the employee data is
being used. It is about globally practising consistent methods to
protect employee autonomy and establish ethical standards for data
use. [X]

This asymmetry is gravely pronounced because of the emerging

technologies, like artificial intelligence (AI) and machine learning
(ML), where intricate algorithms and data processing techniques
amount to obscure ways in which personal data is employed.

We believe a multifaceted approach that hones in technological, legal

and organisational strategies together will administer an environment
that is not akin to a maze. Our analysis suggests fostering international
cooperation and collaboration among regulators, industry stakeholders,
and policymakers to develop a sustainable and more cohesive and
malleable data governance framework.

We anticipate that changes and developments in current frameworks

and technologies will drive in faster than we can imagine, on the
grounds of emerging technologies, privacy conscious people, and

Incognito Blueprints- all rights reserved. Do not distribute.

14
 unprecedented geopolitical factors. AI, blockchain will convene to
provide both opportunities and hurdles, necessitating policymakers
and regulators to have the foresight to tailor their methods around
surfacing risks and strive for responsible innovation. The parameters
around cross-border data flow is expected to increase scrutiny, with a
greater pressure on data localisation practices thus curtailing free flow
of data beyond borders. This will only go on to fragment the global
data fabric and reinforce additional convoluted barriers. [X]

We recommend a coordinated, multi-layered approach to sustain

coordinated global data rules, which ranges from development of
international standards, adoption of innovative technologies, and
advocacy of regulatory cooperation.

3.4.1 Regulatory Harmonisation

We should strive for establishing a unified global framework based on

shared principles such as individual privacy protection, accountability
and self agency.

1.​ International Cooperation: There is a pressing need for

partnership between MNCs and policymakers to collectively
implement a universal approach to global governance
standards.
2.​ Regional Agreement : Some frameworks such as the
Comprehensive and Progressive Trans-Pacific Partnership
Agreement (CPTPP) and the Regional Comprehensive
Economic Partnership (RCEP) of the member states of
“ASEAN” can be observed as models for other countries to
emulate in order to maintain a stability between data flow and
compliance across all jurisdictions. [X]

A sound unified approach could come to fruition through an

international organisation such as the United Nations or the World
Trade Organisation, while proactively taking the input of government,
businesses, civilians and experts into account.

We should encourage sharing information among nations to further the

mutual acknowledgment and convergence of protection laws. This

Incognito Blueprints- all rights reserved. Do not distribute.

15
 translates into dialogue exchange regarding best practices, and
deployment of common enforcement mechanisms.

3.4.2. Strategic Business Implications

1.​ Compliance Challenges: Only a minority of multinational

companies (less than 30%) manage to accomplish full
compliance with existing standards and regulations, both
locally and internationally, thus jeopardising legal
repercussions and market access.
2.​ Innovation vs. Regulation: Companies often end up
impairing their ability to be at the cutting-edge innovation and
advancement because they are tied between properly utilising
data and adherence to rigorous laws.

3.4.3 Consumer Trust and Competitiveness

1.​ Building Trust : The confidence consumers entrust in data

management can be uplifted by striving for a synchronous
regulatory system, alongside consummating the competitive
nature of the international market.
2.​ Long term Viability: Companies with contingency plans and
an agile approach to new advancements in global data policy
are more likely to thrive in this dynamic market.

Additionally we push forward the idea of adapting to the development

in technology and deploying it for building innovative mechanisms
such as, privacy enhancing technologies and federated learning. It will
not only streamline data processing but mitigate privacy risks
efficiently. We strongly assert that rather than looking for a one size
fits all that works globally and adapts to every nuance, it is of
paramount importance to identify and device synergies between the
varied regulatory systems and new age technical solutions.

3.4.4 Technology Solutions

The amalgamation of next-generation technologies like AI,

Blockchain and cloud computing has immense potential to work to the
advantage of standardising regulatory compliance. While these

Incognito Blueprints- all rights reserved. Do not distribute.

16
 technologies can iron out security and proficiency, they bring a set of
challenges of their own, such as upholding high transparency and
accountability.

●​ Artificial Intelligence (AI) :

AI’s ability to optimize the analytics of datasets, automatics
decision-making, and tailored services has drastically transformed
multiple industries.

However, the incomprehensible nature of its system, where the

algorithms behind decision making might not be easily accessible,
raises questions particularly in context with GDPR’s transparency
centric methodology.

The use of artificial intelligence may lead to grappling with

discriminatory results when not managed properly. [X]

●​ Blockchain
Blockchain Technology’s decentralised and inflexible framework
supports data security but contradicts the general rule of thumb
proposed by GDPR, that is ‘right to be forgotten’. [X]

●​ Cloud Computing
It offers cost effective solutions for storage of data and processing. On
the other side of the coin, it presents compliance challenges in the
context of “Schrems II ruling”, which addresses the gaps in GDPR,
and eventually nullified the EU-US ‘Privacy Shield’. [x] Data
localisation laws further cloud the proper execution of cloud
compliance, as most countries call for local storage of sensitive
information pertaining to their citizens. [X]

3.5 Proposed Solutions

Harmonization of global data privacy laws remains an underlying

concern in the modern digital economy, with current regulatory
fragmentation creating significant challenges to worldwide business
trade .This discussion aims to scrutinize key solutions and their
potential evolution in the long term, analyzing their impact on present
markets, innovation and consumer trust .

Incognito Blueprints- all rights reserved. Do not distribute.

17
 Three possible solutions emerged from our extensive research:

International Regulatory Cooperation and regulatory convergence was

identified as a standardized approach to harmonization [x] .This
involves multilateral (e.g. EU-US Data Privacy Framework–DPF) and
bilateral agreements focused at establishing clear baselines. However,
broader international cooperation is a must. Successful implementation
necessitates creation of common theoretical frameworks across
jurisdictions,monitoring technology for constant enforcement, and
integration of adaptable, locally-tailored legislations whilst retaining
international compatibility.

Technology-based solutions including privacy-protection technologies,

appears to be a practical solution. Technology such as federated
learning and differential privacy can assist businesses in complying
with regulations while leveraging data for innovation .Additionally,
Al-driven compliance processes through automated data audits and
real-time breach detection, reduces the risk of non-compliance.

Research on Adaptive Regulatory Frameworks show that flexible,

adaptive frameworks presents a viable way to reconciling local
demands with global harmonization [x] .These frameworks ought to
contain risk-based assessment methods,conventional review processes
and scalable compliance guidelines.

3.5.1 Potential Implications of Harmonization on

Competitiveness,Innovation and Consumer Trust

Harmonization of global data regulations can enhance innovativeness

and competitiveness and also build consumer trust in dynamic global
markets by improving clarity in regulations and easing cross-border
data flows. Additionally, it enables businesses to invest in new
technologies and also expand, hence lowering costs due to economies
of scale .Although, a standardized approach to this may limit
adaptability, disadvantage smaller enterprises, and hinder localized
innovation .With emerging technologies like AI and blockchain
becoming increasingly complex by the day, it needs resilient and
adaptive governance structures to stay relevant .

Incognito Blueprints- all rights reserved. Do not distribute.

18
 Consumer trust may also be negatively influenced by various
differences in national values and legal frameworks, requiring
continuous international cooperation .A collaborative, well-balanced
strategy that encourages innovation while protecting user rights and
equity is crucial for success.

3.5.2 Evolution of Proposed Solutions in the next 5 - 10 years

Within the next 5 - 10 year timeframe there will be significant

advancements in these proposed solutions, driven by technological
innovation and evolving societal norms .We envision the creation of
increasingly complex privacy-enhancing technology that will allow for
data processing and analysis while protecting the privacy of
individuals.

Federated learning for instance, will possibly become increasingly

common, permitting organizations to collaborate on data analysis
without disclosing sensitive data .We also predict the growth in new
regulatory models that are more flexible and responsive to the
fast-shifting data landscape.

These models will most likely contain key elements of co-regulation

and self-regulation to promote innovation alongside the maintenance
of adequate protection of data privacy and security. We also expect to
see a greater convergence of data protection frameworks across
jurisdictions, driven by international cooperation .This convergence
will minimize the compliance burden for multinational companies and
hence improve cross-border data transfers.
However, the execution of these solutions will of course be faced with
numerous challenges.

Incognito Blueprints- all rights reserved. Do not distribute.

19