Reuters | 9 February 2018
EU moves to remove barriers to data flows in trade deals
by Julia Fioretti
The European Union will seek to break down barriers to the flow of data between businesses in future trade deals, as it tries to promote a more digital economy while also protecting privacy.
Cross-border data flows are key to most businesses. These can include moving around employee information, sharing credit card details for online transactions, and identifying people’s browsing habits to serve them targeted advertisements.
The EU has drafted provisions, seen by Reuters, to be inserted in future trade agreements which tackle protectionist measures by third countries restricting the flow of data. They should also ensure that the bloc’s strict data protection rules will not be undermined.
In addition, the articles on data flows and data protection will be excluded from any investment court set up as part of a trade deal to settle disputes, ensuring that data protection issues will be under the jurisdiction of the EU’s highest court.
“Cross-border data flows shall not be restricted between the Parties by ... requiring the localization of data in the Party’s territory for storage or processing,” the provisions say.
They also prohibit the requirement that businesses use specific computing facilities in a country’s territory.
A number of countries have introduced measures forcing companies to store data on local servers, prompting warnings from the technology industry that such moves only serve to balkanise the internet.
Russia said last year that it would block Facebook unless the social network complied with a law requiring websites that store the personal data of Russian citizens to do so on Russian servers.
Data protection is a fundamental right in the EU and therefore cannot be the subject of negotiation in trade deals. But the growing digitalization of the economy has prompted the EU to look at how it can foster data flows without compromising privacy.
The EU normally looks to facilitate commercial data flows by recognizing a third country’s privacy framework as equivalent to that in the bloc, meaning businesses can easily transfer and store data overseas.
Only 12 currently meet the standard, and the United States had to negotiate with Brussels for over two years to be granted so-called “adequacy” status.
The EU is negotiating a data transfer deal with Japan which it hopes to conclude this year.
“These horizontal provisions — once included in future trade and investment agreements — will for the first time provide for a straightforward prohibition of protectionist barriers to cross-border data flows, in full compliance with and without prejudice to the EU’s data protection and data privacy rules,” the European Commission wrote in a letter to a member of the European Parliament on Friday.