Why trade is not the place for the EU to negotiate privacy

23 Jan 2015 by Margot Kaminski on Trade policy

The European Union and the United States take very different approaches to privacy and data protection.[1] The U.S. regulates by sector, and often relies on market solutions; while the EU ta​kes a holistic regulatory approach.[2] The U.S. prioritises the free flow of information over state intervention; while the EU prioritises the protection of positive individual liberties over information flow.[3] One can understand the differences as a different approach to governance: the EU trusts the government more than the private sector; and the U.S. trusts the private sector more than the government.[4] Yet the global flow of data and services mandates that the two systems interface in some way.[5] The current interface, the EU-US Safe Harbor, has been subject to criticisms from all sides.[6] As negotiations progress over the EU-US Free-Trade Agreement (the Trans-Atlantic Trade and Investment Partnership, or TTIP), it is natural that somebody will propose addressing privacy differences through trade. But several features of free trade agreements make negotiating data protection in the trade regime a very bad idea for the EU.

Argument for including privacy in trade agreements

The basic argument for including privacy in trade agreements is twofold. First, trade agreements attempt to lower barriers between regimes and reduce the friction inherent in conducting transnational business. Thus trade agreements already contain many attempts at regulatory harmonisation, or at least constructing interfaces between regulatory regimes. There is an exception to regulatory harmonisation at the World Trade Organisation that specifically addresses privacy, but a new free trade agreement could negotiate around this exception.[7] Second, trade agreements do involve a more formal negotiating process than, say, the Safe Harbor. If a more extended process leads to consensus building, then perhaps the EU and the US could arrive at a better compromise through trade. Thus, Joel Reidenberg argued in 2000 for an international privacy treaty negotiated at the World Trade Organization, which would allow coexistence of the differing approaches in the short term, and through the negotiating process push towards convergence of privacy norms in the longer term.[8]

EU representatives are rightly sceptical of negotiating data protection in the free trade regime. After the Edward Snowden revelations of the extent of global U.S. spying, the then European Commission Vice-President Viviane Reding threatened that the EU might withdraw from the TTIP negotiations if data protection were put on the table.[9] As negotiations progress, the EU factsheet on services confirms that data protection will not be up for discussion.[10]

But there are indications that the U.S. will want elements of data protection on the agenda.[11] First, new coalitions have formed in the U.S. and transnationally precisely to address privacy in free trade.[12] Second, the negotiating objectives in proposed (but not enacted) U.S. trade legislation include discussion of cross-border data flow and interoperability of regulatory systems,[13] and the Office of the U.S. Trade Representative has made public statements of concern about the creation of a Europe-only cloud.[14] And third, the e-commerce chapters in other U.S. free trade agreements, including the currently negotiated TPP, have addressed cross-border data flow and data localisation requirements.[15]

Why negotiating data protection within a free trade agreement is a bad idea

For three reasons, it is a bad idea for Europeans to negotiate data protection within a free trade agreement. First, trade agreements involve bundling issues. [16] Privacy will get lumped in with many chapters about other areas, like textiles, or food safety. Bundling raises the cost of objection, and makes it less likely that the agreement will fail due to objections over privacy problems. Second, trade agreements ignore or at least heavily deprioritise human rights.[17] The priority in trade negotiations is an economic priority: lowering barriers to trade. This naturally leads to harmonisation, and often deregulation. Because human rights are not a priority, harmonisation can occur at the expense of rights protection.

Third, and perhaps most importantly in the case of the TTIP, the U.S. trade negotiating regime is particularly susceptible to capture by private companies.[18] Trade negotiations are unlike treaty negotiations in the U.S., which more heavily involve Congress and the public. Trade negotiations currently combine extraordinary secrecy (including exclusion from public records laws[19]) with privileged access for private industry advisors to both texts and negotiators. This privileged access, combined with the exclusion of public interest voices and the prioritisation of economic goals, means that the U.S. trade agenda is most likely to directly reflect the interests of U.S. companies desiring privacy deregulation.

As far as process goes, trade negotiations with the United State are the opposite of the gradual consensus-building process Reidenberg envisioned would accompany an international treaty. And negotiating data protection in trade would bias the outcome towards a particular substantive result. Addressing privacy through a trade agreement will most likely result in a deregulatory, U.S.-company-favouring approach to data protection, instead of protecting the rights of individual citizens.

[1] This is obviously a simplification, and there has been recent pushback over whether the regimes are really that different after all. See, e.g., the recent work of Kenneth Bamberger and Deidre Mulligan: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1568385. However, most analysts agree that there are fundamental differences between the U.S. and EU approach to data protection.

[7] See GATS Article XIV(b)(ii): http://www.wto.org/english/res_e/booksp_e/analytic_index_e/gats_02_e.htm#article14A (creating an exception for “the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts”)

[10] http://trade.ec.europa.eu/doclib/docs/2015/january/tradoc_152999.2%20Services.pdf (“Data protection standards won't be part of TTIP negotiations. TTIP will make sure that the EU’s data protection laws prevail over any commitments.”)

[11] I found this analysis particularly helpful for identifying these pressures: http://www.statewatch.org/analyses/no-257-ttip-ralf-bendrath.pdf

[13] https://www.congress.gov/bill/113th-congress/house-bill/3830 (requiring negotiators to “ensure that governments refrain from implementing trade related measures that impede digital trade in goods and services, restrict cross-border data flows, or require local storage or processing of data”, and “where legitimate policy objectives require domestic regulations that affect digital trade… or cross-border data flows, to obtain commitments that any such regulations are the least restrictive on trade, nondiscriminatory, and transparent, and promote an open market environment”)

[14] See: http://www.ustr.gov/about-us/press-office/press-releases/2014/March/USTR-Targets-Telecommunications-Trade-Barriers (“we note the emergence of troubling new and potential barriers to trade including the following measures: The European Union has proposed to create an Europe-only cloud computing network”).

[15] See e.g.: https://www.ustr.gov/sites/default/files/uploads/agreements/fta/korus/asset_upload_file816_12714.pdf Art. 15.8 (“Recognizing the importance of the free flow of information in facilitating trade, and acknowledging the importance of protecting personal information, the Parties shall endeavor to refrain from imposing or maintaining unnecessary barriers to electronic information flows across borders.”); For info on TPP see: http://www.bilaterals.org/?privacy-and-the-e-commerce-chapter#nb1; http://www.ustr.gov/about-us/press-office/blog/2013/march/tpp-21st-century-issues (“USTR negotiator Jonathan McHale spoke to U.S. efforts in e-commerce and telecommunications - speaking specifically to the U.S. objective of ensuring that everyone has a right under trade rules to move information across borders, and also that firms don't have to build servers in every country where they want to do business.”)

[18] Kaminski, Capture of International IP: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2354324 (observing that “the USTR is likely to be captured by private parties through information asymmetry and to negotiate against the public good. Subject matter areas that are subject to collective action problems, such as intellectual property law, are particularly likely to be captured in the USTR”).

Add new comment