An OECD trade policy working paper has taken a systematic look at a growing—often overlooked—policy trend: the expanding number of domestic measures that affect cross-border access to and sharing of non-personal data (NPD). While debates on data transfers frequently focus on privacy and personal information, the OECD argues that NPD is just as critical for a modern, automated economy, underpinning everything from logistics optimisation and supply-chain resilience to the development and deployment of advanced AI systems.
The paper’s headline finding is the pace of regulatory growth. It identifies 124 measures introduced since 2000 that can shape cross-border NPD flows, with the last decade showing a five-fold increase. Importantly, many measures do not explicitly say “data flow restriction” on the label; instead, they influence cross-border transfers through access, sharing, localisation, compliance, or security requirements that change how data can move in practice.
To “make the problem smaller” and easier to discuss, the OECD proposes a simple typology of measures affecting cross-border NPD:
1) Measures that promote cross-border access and sharing (e.g., frameworks that facilitate voluntary data sharing or expand access to open/public-sector data).
2) Measures that mandate cross-border access and sharing (often involving required access for authorities or regulated data-sharing obligations between firms).
3) Measures that prohibit cross-border access and sharing (including localisation measures and restrictions on transferring NPD abroad).
The mapping suggests the balance of measures is tilted toward requirements that can be trade-frictional if safeguards are weak. The OECD notes that mandated-access measures make up 44% of identified measures and prohibitive measures 39%; overall, measures likely to reduce trade account for 52%. Stated objectives vary widely—most commonly data security (29%) and regulatory compliance (25%), followed by sustainability (10%) and law enforcement (9%), among others—illustrating that NPD governance is being shaped by multiple policy domains, not a single “privacy” logic.
For policymakers and practitioners, the practical value of the paper is its governance lens: it highlights where trust-building safeguards matter most (especially around government access), and it links the domestic rule landscape to parallel developments in trade agreements and other international policy discussions that increasingly touch data, digital trade, and related governance issues.
