So, one of the really interesting questions is the relationship between modern trade agreements and data rules, and if we’re to go back a number of years ago, there was no relationship. But, they’ve gradually changed as the economy has changed to a whole series of other regulatory issues and, most recently, is trade agreements have tried to also focus on digital commerce and digital trade.
So, there are two types of data controls or data issues that we see appear in the trade agreements — one is known as data localization and the other has to do with data transfers. When we talk about data localization, the idea is that countries may require that certain data be retained within their local jurisdiction, in other words, localized. And so, the idea there is that unless you require that the data be stored and retained within the jurisdiction, there’s certainly a prospect or a possibility that that data may go elsewhere and the ability to assert some of your rules, whether privacy or security rules, may be lost.
When it comes to data transfers, that speaks to potentially creating limits on, naturally enough, transferring data outside of the jurisdiction. And the most obvious and well-known example has to do with the European Union (EU), which long ago established rules around the ability to transfer data from the EU, from any of the EU member-states, to a third-party country. And what they said was that you could only do so if one of those third-party countries had privacy rules in place, or data protection rules in place, that they felt met an “adequacy standard.”
What we’ve started to see in agreements like the TPP, are real limitations on the ability of any country within the TPP to either set limits on data transfers or to require that certain data be localized. In other words, create real restrictions on the ability for countries to assert the kinds of rules that many have been asserting, actually, for some time.
The other, I think, real challenge and it speaks to the substance of the provision, is that there are good arguments for ensuring that we’ve got free flow of data. I think many recognize that an open internet and free flow of information across borders is incredibly important from an economic perspective, it’s important from, I think, a pro-democracy perspective, a basic human rights perspective to ensure that people have access to the information of their choice and limitations on that can, in many respects, be a real problem.
And so, the challenge becomes how do we reconcile that? I think a lot of it lies in how we start interpreting these agreements. If we’re going to be able to ensure that we can craft a real balance between, on the one hand, ensuring that we’ve got the promotion of an open internet and, at the same time, enough policy space, enough wiggle room, in a sense, to ensure that we can also safeguard things like privacy and security.