“I fully agree with that,” was the response by Antonio de Lecea, Minister of the EU Delegation to the United States. IBM’s Steve Stewart had just expressed the view that an EU –US trade agreement resulting from the negotiations on the Transatlantic Trade and Investment Partnership (TTIP) would be an effective place to create a good template for binding rules on cross border data flows.
Stewart added that it would be possible to use the GATs framework in understanding how to have data flow principles in a trade agreement like TTIP while still respecting the right of sovereign countries to set their own privacy rules. He noted that this framework allowed countries to set their own privacy regimes, but contained a restriction that the implementation of privacy laws should not amount to a disguised restriction on trade and that enforcement had to be the least restrictive of trade possible.
At this point de Lecea expressed his agreement, and noted that it was important that trade agreements incorporate the ideas of proportionality and necessity. He added that for Europe privacy amounts to protection not protectionism.
The occasion was a public discussion on October 22 hosted by the Brookings Institution on the release of their report on transatlantic data flows. Steve Stewart and Antonio de Lecea joined International Trade Commission Commissioner Meredith Broadbent and Brookings study author Joshua Meltzer in a spirited discussion of the extent of the electronic relationship between the world’s two largest economic communities.
This shared understanding between business representatives and the EU on how to incorporate data flow principles and privacy in a trade agreement is significant. Several years ago the US and the EU signed an agreement on non-binding principles governing trade in information and communications technology. Incorporating something like these principles seems like an achievable goal for the TTIP. They would have to be made binding and extended to sectors of the economy outside ICT, but they embody the right policy.
Another limitation on the ICT principles is that they exempted data protection from their scope. But the GATs framework shows us how to integrate privacy and data flow provisions in a trade agreement.
These principles might not be absolutely essential to permit the continued flow of data between the US and Europe. But they have the virtue of clarity. And they send a good message to the rest of the world, where countries including China, India, Russia, Vietnam, and Malaysia have either proposed or adopted data localization rules, despite WTO commitments that indirectly forbid this. Making data flow principles explicit in TTIP would send the message that the US and the EU intend to keep their markets open for data flows and the rest of the world should too.