(Updated) In the EU – US trade negotiations (TTIP / TAFTA) the US tabled a proposal that would prohibit to require local data storage. If the EU accepts this proposal, the EU would give away an instrument essential to protect privacy.
On 5 March 2014 the Greens/EFA group in the European Parliament organised a meeting on the complex relationship between data protection, the Transatlantic Trade and Investment Partnership (TTIP), and the general context of EU-US relations after the Snowden revelations. (Stream available)
I spoke about why trade negotiations are not a good forum to protect privacy, see below.
During the meeting EU commission trade negotiator Jan-Willem Verheijden said that privacy is not in the EU negotiating mandate. The EU did not table text. The US did table a proposal in the eCommerce chapter, with two elements:
– general proposal on data flows similar to the US – South Korea trade agreement,
– prohibition on parties to require local data storage.
See video, first mention at 42.35, question MEP Martin Köhler and reply at 59.15.
So the problem is that privacy is not on the table in the TTIP negotiations, but data flows are, which brings privacy to the table, while trade negotiations are not a good forum, privacy is not in the mandate and the EU is just reforming its privacy law. How to solve this?
The EU has to keep data flows out of TTIP, and take separate measures. The LIBE report on “US NSA surveillance programme, surveillance bodies in various Member States and impact on EU citizens’ fundamental rights and on transatlantic cooperation in Justice and Home Affairs”, scheduled for a plenary vote next week,
“40. Calls on Member States’ competent authorities, in particular the data protection authorities, to make use of their existing powers and immediately suspend data flows to any organisation that has self-certified its adherence to the US Safe Harbour Principles, and to require that such data flows are only carried out under other instruments and provided they contain the necessary safeguards and guarantees with respect to the protection of the privacy and fundamental rights and freedoms of individuals;”
Suspension of flows of personal data has to be possible. The EU has to be able to say: as long as conditions are not met, personal data can not travel across the border.
When this measure is executed, data will have to temporarily stay on a local server. This amounts to a temporary local data storage obligation, which would be in conflict with a prohibition on parties to require local data storage, unless this falls under a general exception or the right to regulate.
The general rule will become free flow of personal data and the EU may have an exception to protect privacy. Or may not.
And who is going to decide on that? Arbitrators who are trade specialists, not human rights specialists and may find free flows of data more important than privacy. Or worse, investor-to-state dispute settlement tribunals.
The EU would give away an instrument essential to protect privacy. The US wants to undermine our privacy in the TTIP negotiations.
In my introduction I spoke about systemic issues with trade agreements and arbitration which result in the EU losing leverage needed to protect privacy:
Privacy, a trade irritant?
I will say a few things about procedural issues with TTIP. I will show that there are systemic issues with trade negotiations, with the ratification of agreements, and with the interpretation of agreements. There is a serious risk that TTIP will contain badly drafted rules and definitions. The EU will lose leverage needed to protect privacy.
Trade negotiations are not a good forum to protect privacy.
First, negotiators and companies work together to remove obstacles to trade. Companies want free flows of data across borders. For companies, anything that hinders free flows of data, is a trade irritant that should be removed.
Second, trade negotiations take place behind closed doors. Citizens do not have access to draft texts. Companies have more access.
Third, the commission created an expert group of 14 people, half business, half civil society, with greater access to information. This is a step in the right direction. But 7 people can not represent civil society.
The devil is in the details. When texts are secret, it is impossible to give precise feedback. There is serious risk on badly drafted rules and definitions.
After the negotiations are over, the commission will publish a final text. This brings us to the ratification phase.
The ratification phase
The European Parliament only has a yes or no vote. If a human rights impact assessment concludes there are human rights issues, there is no possibility to change the text, there is only a yes or no vote.
Trade agreements are a package, no amendments are possible. The political capital invested in TTIP is enormous. Even if the end result of TTIP is disappointing, the Commission will have to sell it as a success.
And will citizens have all the information after the negotiations? In the case of ACTA, the Anti-Counterfeiting Trade Agreement, the European Parliament International Trade committee kept the legal service’s opinion on ACTA secret.
I requested the opinion. Mr Wieland, vice-president of the parliament, refused to disclose the opinion and explained: “the Union is now under certain obligations concerning due and successful ratification of ACTA.”
I find this incomprehensible. Will Mr Wieland say the same about TTIP?
In the ratification phase there will only be a yes or no vote and the pressure to say yes to TTIP will be enormous. There is a serious risk that badly drafted rules and definitions will slip through.
This brings us to trade agreements that entered into force. I will give an example, the EU – South Korea trade agreement.
EU – South Korea trade agreement
Article 7.50 (e) (ii) of this agreement is similar to GATS article 14 (General Agreement on Trade in Services). It allows to limit trade to protect privacy, as long as there is no arbitrary or unjustifiable discrimination between countries.
Article 7.43 has two obligations. Each party shall permit free flows of data. And each party shall adopt adequate safeguards to the protection of privacy, in particular with regard to the transfer of personal data.
“Adequate” is a weak standard. The trade agreement opens free flows of data, without real safeguards.
There has been an incident with South Korea about free flows of data. The Financial Times reports that banks had to obtain customer consent to transfer data outside Korea. EU commissioner De Gucht criticised this. South Korea then removed the obligation to first obtain customer consent. In other words, Korea removed the trade irritant.
In sum, the EU acts strongly to protect free flows of data, but the trade agreement does not provide strong privacy protection.
This brings us to the last section, the interpretation of international agreements.
Interpretation of trade agreements
In Europe, citizens can test in court laws that harm their privacy. This includes testing the implementation of international agreements. But citizens can not test international agreements themselves. The interpretation of trade agreements happens at a level above the EU, outside the reach of citizens.
If the parties to an agreement disagree over the interpretation, they can use state-to-state dispute settlement. This is an arbitration procedure. The arbitrators are trade specialists, not human rights specialists. They may find free flows of data more important than privacy.
The European Commission wants to add a second arbitration procedure to TTIP, investor-to-state dispute settlement, or ISDS. Like citizens, companies are not parties to international agreements. But investor-to-state dispute settlement gives companies equal standing to states. ISDS gives multinationals the right to sue states before special tribunals if decisions may lead to lower profits than expected. ISDS gives multinationals rights citizens do not have.
Arbitration tribunals consisting of three investment lawyers can overturn decisions of supreme courts. The arbitrators have a perverse incentive, they are paid by the day. The ISDS system is corrupted. If the EU would like to take measures to protect privacy, companies can threaten with huge ISDS claims, which will have a strong chilling effect.
In conclusion, there are systemic issues with trade negotiations, with the ratification of agreements, and with the interpretation of agreements. There is a serious risk that TTIP will contain badly drafted rules and definitions.
Inclusion of free flows of data in TTIP will make privacy an issue to be decided by TTIP dispute settlement tribunals. The EU will lose leverage needed to protect privacy. In addition, investor-to-state dispute settlement may further undermine privacy.