Recent digital trade agreements and digital chapters of free trade agreements that provide for a high level of obligations require member states to ensure free cross-border transfer of data, prohibit member states from requiring the installation of computer-related equipment in their territory and ban member states from requiring source code and algorithm disclosure to the operators. On a separate track, states have enacted or amended laws to protect personal information and data. Many regulate the cross-border transfer of personal data and require foreign operators to comply with strengthened regulations. However, such legislation includes rules that may conflict with the laws of the digital trade agreements. Based on empirical evidence, this paper examines how (1) privacy and data protection legislation and (2) measures taken by importing countries against business operators as part of data governance, in particular regulations requiring disclosure of source code or algorithms, are governed under digital trade agreements.