Industry worldwide has consistently asked the trade community for binding rules to ensure the flow of data across all aspects of commercial activity. DTN joins the many other industry groups that have emphasized that this must be at the core of the outcome of the JSI.
We believe that what 21st-century commerce needs is not revolutionary, but evolutionary, for the following reasons:
- The General Agreement on Trade in Services’ Annex on Telecommunications, Article 5,1 requires all Members to allow access to all telecommunications and services infrastructure, specifically including the “movement of information across borders,” where necessary “for the supply of a service included in its schedule.”
- This has been confirmed in decisions rendered under the Dispute Settlement Understanding2
- A number of bilateral and plurilateral agreements have created obligations that embody what we are requesting in the JSI.3
What we call upon negotiators to commit to the same obligations provided by GATS on a
horizontal basis, for all economic activity covered by the Agreement.
Data flows and other public policy priorities
We understand that a broad commitment to the flow of data will be accompanied by exceptions or other forms of derogation for public policy priorities – just as they have since the conclusion of GATS in 1994. There are several such areas to consider and we will provide details on how those can be accommodated, however in this statement we shall address just one of the most fundamental: the protection of personal data.
Responsible businesses recognize and value-effective and robust data protection and have routinely said so in public statements.4
We believe that JSI provisions on data protection should include the following elements:
- JSI Parties must implement and/or maintain an effective data protection framework in law that embodies the major elements fundamental to robust data protection frameworks in multilateral and national legal systems: Openness, Collection Limitation, Purpose Specification, Use Limitation, Security, Data Quality, Access and Correction, and Accountability.
- Parties should ensure information about their data protection framework is published for the benefit of both individuals and businesses, and that it is particularly important for such information to help ensure businesses understand how to comply with national rules when trading is increasingly global. This is especially important for MSMEs who by their nature have less resources to spend on legal compliance issues given their size.
- Parties should apply for data protection in a way that does not discriminate between commercial operations of their own businesses vis a vis those of other Parties – or, indeed, to the detriment of natural persons of any Party.
These three provisions feature in bilateral and multilateral trade agreements but often also appear in data protection rules on non-trade-related agreements.5
In addition, we submit for consideration that the JSI should include a further obligation to clarify that all Parties must create or maintain provisions that allow the transfer of personal information between the territory of all Parties while recognizing that it is for data protection authorities to specify the requirements necessary.
Many national data protection systems provide for extraterritorial use of personal information in one way or another – that covering the largest trading bloc, the European Union, is perhaps the most well-known example, with multiple options to facilitate the transfer of personal data.6
Among the good reasons for this obligation are:
- It creates certainty for the industry but also for everyone else. Coupled with the obligations previously described to disclose the essential elements of data protection and compliance required, this will improve transparency for the benefit of everyone.
- It does not diminish data protection in any way. By making explicitly clear that it remains for relevant authorities to define what the requirements are for transfers to take place, each Party retains the same freedom to define how personal information must be protected when it leaves national territory as they do now.
If the JSI can take the best of the three characteristics above, already used in many other agreements, it creates a new ‘floor’ of minimum data protection required in a trade context which can only be of benefit to all Parties’ citizens and industry. Including an obligation to allow transfers creates predictability without impacting national choices on data protection in any way.
DTN has developed examples illustrating one way that the concepts in this statement could be captured in the agreement and we would be pleased to provide that to interested delegations upon request.
Delegations are invited to contact DTN’s Geneva Representative, Nick Ashton-Hart, at their convenience at the details below or by email at firstname.lastname@example.org