This is the second in a series of blogs on CETA and privacy. (blog one: CETA and mass surveillance)
The draft EU-Canada trade agreement CETA contains a general exception that is supposed to be a safeguard for policy space. However, this safeguard places CETA above the Charter of Fundamental Rights of the EU.
CETA final draft Chapter 28 Exceptions, article 28.3 (2), page 212, reads:
“For the purposes of Chapters Nine (Cross-Border Trade in Services), Ten (Temporary Entry and Stay of Natural Persons for Business Purposes), Twelve (Domestic Regulations), Thirteen (Financial Services), Fourteen (International Maritime Transport Services), Fifteen (Telecommunications), Sixteen (Electronic Commerce), and Sections B (Establishment of investments) and C (Non- discriminatory treatment) of Chapter Eight (Investment), subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between the Parties where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary:
(a) to protect public security or public morals or to maintain public order; 31
(b) to protect human, animal or plant life or health; 32 or
(c) to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:
(i) the prevention of deceptive and fraudulent practices or to deal with the
effects of a default on contracts;
(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts; or
(iii) safety.” (emphasis added)
Measures the EU would take to protect the public interest can go against CETA (“nothing in this Agreement”). However the measures would have to comply with multiple strict conditions. The general exception is based on GATT article XX and GATS article XIV. In only two of 45 WTO cases states successfully invoked a GATT article XX or GATS article XIV general exception. See, generally, Public Citizen. The safeguard hardly provides policy space. 
Regarding privacy, CETA additionally provides that “nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary: (…) (c) to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement (…)”. In other words, EU data protection laws on which measures would be based to protect personal data will have to be not inconsistent with CETA. CETA adds a ceiling to data protection.
From a fundamental rights point of view, the EU can only interfere with fundamental rights in so far as necessary in a democratic society. CETA adds a condition. CETA adds a ceiling. This conflicts with the EU Charter of fundamental rights. Within the EU legal order the Charter supersedes CETA. However, CETA contains two international (supra EU) dispute settlement mechanisms; international arbitrators operate outside the EU legal order. For them CETA may supersede the EU legal order – including the Charter.
This is not just a theoretical issue. In the next blog we will see a conflict between CETA and EU law regarding data protection.
An earlier version of CETA, the September 2014 consolidated CETA text contained less conditions.  Despite the Court’s Safe Harbour ruling the European Commission weakened the safeguard during the legal scrub, while they should have strengthened it.  In parallel, the commission vacated the right to regulate in the investment Chapter.
Next blog: CETA will harm our privacy
 Even “prevent” in the general exception may be problematic. Van Harten: “This language creates significant uncertainty by leaving open the risk of unavoidable liability for the state, at the time of an ISDS award, if ISDS arbitrators decide that the state could have adopted some other measure instead of the impugned one or that the state is not prevented from adopting a measure merely because it must pay compensation for the measure.”
 (mirror) Article X.02: General Exceptions, page 456 (on its website, the commission overwrote the consolidated text with the final draft)
 The FFII had noted similar issues in its 2014 submission to the EU commission ISDS consultation; sections 1.6, 2.2.3, 3.1 and 3.1.1