Broken data protection in EU trade agreements

The study “Trade and Privacy: Complicated Bedfellows? How to achieve data protection-proof free trade agreements” is remarkable. On the one hand it shows, beyond doubt, that the EU fails to sufficiently protect personal data in its trade agreements. On the other hand, one of the safeguards it recommends could leave our personal data more vulnerable. Monique Goyens, Director General of The European Consumer Organisation (BEUC), commented:

It’s unacceptable that the EU’s privacy and data protection rules could be challenged through trade policy.

UPC and ISDS: who would have to pay the damages awards?

Investment lawyer Pratyush Nath Upreti argues that investors will be able to use investor-to-state dispute settlement (ISDS) to challenge decisions of the Unified Patent Court (UPC). [1] Investors could for instance use a Dutch bilateral investment treaty to challenge UPC decisions. Upreti identifies Dutch investment treaties as suitable for treaty shopping and warns for more frivolous IP litigation in investor-to-state dispute settlement. This raises a question. Who would bear the litigation costs and damages awards?

FFII comments on TTIP human rights assessment

ECORYS has published a draft human rights assessment (sustainability impact assessment) on the trade agreement being negotiated between the EU and the United States (TTIP). Today the Foundation for a Free Information Infrastructure (FFII) has sent an email to ECORYS noting issues regarding intellectual property rights, investor-to-state dispute settlement (ISDS / ICS), data protection, and openness. Footnotes per section, text continues after footnotes. Intellectual property rights

The word “ACTA” does not appear once in the draft report. ACTA analysis has shown that intellectual property rights enforcement may seriously threaten fundamental rights at various levels.

CETA: ISDS and data protection

This is the fourth in a series of blogs on the EU-Canada trade agreement (CETA) and data protection. In earlier blogs we saw that under the CETA text Canada can give our personal data related to financial services, transfered to Canada, a lower protection than under the standard set by the Court of Justice of the EU in the Safe Harbour ruling. This is relevant as Canada is a member of the “Five Eyes”, a group of countries committed to (suspicionless) mass surveillance. We also saw that CETA does not allow data protection measures based on a higher data protection standard than agreed in CETA. Textual shortcomings especially become clear in conflict situations.

CETA ISDS not conform European Parliament resolution

In February 2016 the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA). This final draft includes an investment chapter with investor-to-state dispute settlement (ISDS). ISDS is one of the most controversial elements of proposed EU trade agreements as it gives foreign investors the right to challenge government decisions outside local courts. The ISDS section in CETA is based on the 12 November 2015 ISDS proposal for TTIP. According to Germany’s largest association of judges and public prosecutors (original in German) and the European association of judges the adjudicators would not be independent.

CETA will harm our privacy

This is the third in a series of blogs on the EU-Canada trade agreement (CETA) and data protection. (Prior blogs: CETA and mass surveillance, CETA places itself above EU Charter of Fundamental Rights)

In this blog I will show CETA provides less data projection than the EU Charter of fundamental rights. Under CETA article 13.15 the EU has to allow cross border data transfers to Canada; the related data protection standard is not compatible with the Court of Justice of the EU (CJEU) Safe Harbour ruling. Chapter 13 Financial Services, article 13.15 Transfer and processing of information, page 103, reads:

“1. Each Party shall permit a financial institution or a cross-border financial service supplier of the other Party to transfer information in electronic or other form, into and out of its territory, for data processing if processing is required in the ordinary course of business of the financial institution or the cross-border financial service supplier.

CETA places itself above EU Charter of Fundamental Rights

This is the second in a series of blogs on CETA and privacy. (blog one: CETA and mass surveillance)

The draft EU-Canada trade agreement CETA contains a general exception that is supposed to be a safeguard for policy space. However, this safeguard places CETA above the Charter of Fundamental Rights of the EU. CETA final draft Chapter 28 Exceptions, article 28.3 (2), page 212, reads:

“For the purposes of Chapters Nine (Cross-Border Trade in Services), Ten (Temporary Entry and Stay of Natural Persons for Business Purposes), Twelve (Domestic Regulations), Thirteen (Financial Services), Fourteen (International Maritime Transport Services), Fifteen (Telecommunications), Sixteen (Electronic Commerce), and Sections B (Establishment of investments) and C (Non- discriminatory treatment) of Chapter Eight (Investment), subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between the Parties where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary:
(a) to protect public security or public morals or to maintain public order; 31
(b) to protect human, animal or plant life or health; 32 or
(c) to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:
(i) the prevention of deceptive and fraudulent practices or to deal with the
effects of a default on contracts;
(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts; or
(iii) safety.” (emphasis added)

Measures the EU would take to protect the public interest can go against CETA (“nothing in this Agreement”).

CETA and mass surveillance

In February 2016 the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA). Before that the Court of Justice of the EU in October 2015 invalidated the Safe Harbour framework that allowed the transfer of European citizens’ data to the United States. The Court confirmed that cross border data transfer frameworks need robust privacy safeguards. However, during the legal scrub the European Commission did not make the CETA text compatible with the Court’s Safe Harbour ruling. This incompatibility exposes our privacy to interference.

EU consultation on IP enforcement; FFII submission

The European Commission has launched a consultation on the intellectual property rights enforcement directive (IPRED). The European Digital Rights initiative (EDRi) explains:

“Injunctions, internet blocking, blackmailing of individuals accused of unauthorised peer-to-peer filesharing — the so-called IPRED Directive has been very controversial. Now, the European Commission has launched a consultation on the Directive (…) The consultation is of great importance not only to those working on copyright or ‘intellectual property rights’ in general, but in fact crucial to anyone using the Internet.” Indeed! EDRi has prepared a very helpful answering tool.

CETA: Who pulled the plug on the right to regulate?

The European Commission published the text of the draft EU-Canada trade agreement (CETA), which includes an investor-to state dispute settlement (ISDS) section. According to an Inside U.S. Trade’s World Trade Online article Canada succeeded in “changing the language from the EU’s TTIP proposal in a way that sources on both sides of the debate agreed would provide less protection for governments against challenges by investors.” The article reports that U.S. Chamber of Commerce’s Sean Heather argued that the CETA changes to the right to regulate show that the Canadian government rejected the EU’s previous approach. However, an alternative explanation is possible. A few weeks earlier the commission published the text of the EU-Vietnam agreement.