The tangled links between national and international data protection regimes, standardization and international trade law

Introduced by Giovanna Adinolfi

Digital issues have been included in States’ trade agenda since the establishment of the World Trade Organization. In the very first years, e-commerce has drawn most States’ attention. The term is usually understood to cover the production, distribution, marketing, sale or delivery of goods and services by electronic means. Since 1998 WTO members have accepted a moratorium on customs duties applied on electronic transmissions.

However, the ‘digital trade agenda’ under the latest preferential trade agreements has been expanded to take into appropriate consideration the challenges to international trade in goods and services coming from technological developments. The growing use of digital equipment as a means for transboundary commercial transactions has pushed States to design new disciplines, with the hard task of finding a balance between different and competing interests: favouring the development of new business models based on the internet or other digital infrastructure; promoting the growth of digital trade; protecting national interests from cyber threats; and properly safeguarding consumers.

In regard to the latter, an emerging issue in trade negotiations concerns the storage of consumers’ data and their transboundary use and transfer. Under the prevailing narrative, a distinction is made between personal data and ‘big data’: the former refers to information related to a specific individual, who may be the one who has taken part in a commercial transaction, while the latter expression is used to refer to huge datasets collected from different sources and platforms and whose use for economic or scientific purposes requires processing. Consumers may transfer information willingly (eg when concluding a contract) or unconsciously (eg purchasing a video or booking a flight on by the Web).

Moreover, the development of information technologies has prompted the adoption (or the renewal) of both national and regional regulations concerning privacy, data protection and cybersecurity. In very general terms, if, on the one hand, the regulation of these aspects – which could have negative effects on certain individual rights and thus raise the need to identify forms of individual or collective protection of the concerned persons – represents an indirect tool for trade promotion or protection, on the other it could also affect some key principles of internet governance, which, in turn, could affect trade.

The relationship between these disciplines and international trade law may be tackled from two viewpoints.

1) The first one takes into account the impact on international trade flows of a strict discipline on privacy and data protection (of both personal and non-personal data) and regulation. According to the United States Trade Representative, data localization barriers may impose unnecessary burdens on trade, in particular when they introduce a ban on cross-border data flows or they require storing data and locating computing facilities within a particular jurisdiction. Consequently, notwithstanding the approval of commitments on non-discrimination or market access, States may still be able to lower the degree of effective trade liberalization by imposing strict burdens on the use of data collected by companies. From this perspective, the need arises to explore whether national disciplines on data protection constitutes obstacles to international trade. The case-study of the EU GDPR will be developed.

2) From a different perspective, the analysis should take into consideration the growing relevance of national and international standards on digital issues and their impact on international trade law. The last decade has been marked by an extensive activity of standard setting bodies in relation to the functioning of the internet. This activity is especially focusing on interoperability, which is becoming a key issue for the digital trade agenda as well. In this context, the analysis attempts to assess the role of national and international setting bodies in the field of international trade law, paying particular attention to standards that may affect trade liberalization. On the one hand, interests of global trade may collide for various reasons with national standards aiming at asserting control over the Internet for cybersecurity goals; on the other hand, though, international standards could provide a viable solution to foster the developments of digital trade. This tension is also to be analyzed through the lens of the principle of technological neutrality.

QIL asked two Italian scholars, Gianpaolo Ruotolo and Alberto Oddenino, skilled in the areas of international trade and data protection, to address the above issues, and possibly to explore new ones.