Broken data protection in EU trade agreements

The study “Trade and Privacy: Complicated Bedfellows? How to achieve data protection-proof free trade agreements” is remarkable. On the one hand it shows, beyond doubt, that the EU fails to sufficiently protect personal data in its trade agreements. On the other hand, one of the safeguards it recommends could leave our personal data more vulnerable. Monique Goyens, Director General of The European Consumer Organisation (BEUC), commented:

It’s unacceptable that the EU’s privacy and data protection rules could be challenged through trade policy.

European Commission publishes Privacy Shield

The European Commission has published its Privacy Shield decision together with a Communication. The Privacy Shield will govern the transatlantic commercial flow of personal data from Europe. The European Commission follows up of its previous Safe Harbour decision that was turned down by the European Court of Justice in its Schrems decision. The core of Privacy Shield is hidden in provision 61:

(61) In the light of the information in this section, the Commission considers that the Principles issued by the U.S. Department of Commerce as such ensure a level of protection of personal data that is essentially equivalent to the one guaranteed by the substantive basic principles laid down in Directive 95/46/EC

Earlier published drafts of the document stated “as a whole”. Unpublished Commission drafts previously unlawfully obtained by Politico.eu and made available to their paid subscribers also contain the “as such” wording.

UPC and ISDS: who would have to pay the damages awards?

Investment lawyer Pratyush Nath Upreti argues that investors will be able to use investor-to-state dispute settlement (ISDS) to challenge decisions of the Unified Patent Court (UPC). [1] Investors could for instance use a Dutch bilateral investment treaty to challenge UPC decisions. Upreti identifies Dutch investment treaties as suitable for treaty shopping and warns for more frivolous IP litigation in investor-to-state dispute settlement. This raises a question. Who would bear the litigation costs and damages awards?

FFII comments on TTIP human rights assessment

ECORYS has published a draft human rights assessment (sustainability impact assessment) on the trade agreement being negotiated between the EU and the United States (TTIP). Today the Foundation for a Free Information Infrastructure (FFII) has sent an email to ECORYS noting issues regarding intellectual property rights, investor-to-state dispute settlement (ISDS / ICS), data protection, and openness. Footnotes per section, text continues after footnotes. Intellectual property rights

The word “ACTA” does not appear once in the draft report. ACTA analysis has shown that intellectual property rights enforcement may seriously threaten fundamental rights at various levels.

CETA: ISDS and data protection

This is the fourth in a series of blogs on the EU-Canada trade agreement (CETA) and data protection. In earlier blogs we saw that under the CETA text Canada can give our personal data related to financial services, transfered to Canada, a lower protection than under the standard set by the Court of Justice of the EU in the Safe Harbour ruling. This is relevant as Canada is a member of the “Five Eyes”, a group of countries committed to (suspicionless) mass surveillance. We also saw that CETA does not allow data protection measures based on a higher data protection standard than agreed in CETA. Textual shortcomings especially become clear in conflict situations.

CETA ISDS not conform European Parliament resolution

In February 2016 the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA). This final draft includes an investment chapter with investor-to-state dispute settlement (ISDS). ISDS is one of the most controversial elements of proposed EU trade agreements as it gives foreign investors the right to challenge government decisions outside local courts. The ISDS section in CETA is based on the 12 November 2015 ISDS proposal for TTIP. According to Germany’s largest association of judges and public prosecutors (original in German) and the European association of judges the adjudicators would not be independent.

CETA will harm our privacy

This is the third in a series of blogs on the EU-Canada trade agreement (CETA) and data protection. (Prior blogs: CETA and mass surveillance, CETA places itself above EU Charter of Fundamental Rights)

In this blog I will show CETA provides less data projection than the EU Charter of fundamental rights. Under CETA article 13.15 the EU has to allow cross border data transfers to Canada; the related data protection standard is not compatible with the Court of Justice of the EU (CJEU) Safe Harbour ruling. Chapter 13 Financial Services, article 13.15 Transfer and processing of information, page 103, reads:

“1. Each Party shall permit a financial institution or a cross-border financial service supplier of the other Party to transfer information in electronic or other form, into and out of its territory, for data processing if processing is required in the ordinary course of business of the financial institution or the cross-border financial service supplier.

CETA places itself above EU Charter of Fundamental Rights

This is the second in a series of blogs on CETA and privacy. (blog one: CETA and mass surveillance)

The draft EU-Canada trade agreement CETA contains a general exception that is supposed to be a safeguard for policy space. However, this safeguard places CETA above the Charter of Fundamental Rights of the EU. CETA final draft Chapter 28 Exceptions, article 28.3 (2), page 212, reads:

“For the purposes of Chapters Nine (Cross-Border Trade in Services), Ten (Temporary Entry and Stay of Natural Persons for Business Purposes), Twelve (Domestic Regulations), Thirteen (Financial Services), Fourteen (International Maritime Transport Services), Fifteen (Telecommunications), Sixteen (Electronic Commerce), and Sections B (Establishment of investments) and C (Non- discriminatory treatment) of Chapter Eight (Investment), subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between the Parties where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary:
(a) to protect public security or public morals or to maintain public order; 31
(b) to protect human, animal or plant life or health; 32 or
(c) to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:
(i) the prevention of deceptive and fraudulent practices or to deal with the
effects of a default on contracts;
(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts; or
(iii) safety.” (emphasis added)

Measures the EU would take to protect the public interest can go against CETA (“nothing in this Agreement”).