How the USMCA falls short on digital trade, data protection and privacy
Washington Post | 3 October 2018
How the USMCA falls short on digital trade, data protection and privacy
By Michael Geist
Michael Geist holds the Canada research chair in Internet and e-commerce law at the University of Ottawa.
The United States-Mexico-Canada Agreement (USMCA) is more than just an updated version of the North American Free Trade Agreement. With the inclusion of a digital trade chapter, the deal sets a new standard for e-commerce that seems likely to proliferate in similar agreements around the world. Negotiators have touted the benefits of addressing modern forms of commerce, but the reality is that the USMCA’s digital trade chapter raises many concerns, locking in rules that will hamstring online policies for decades by restricting privacy safeguards and hampering efforts to establish new regulation in the digital environment.
Digital trade provisions are a relatively recent addition to the free-trade world, but they have quickly coalesced around a common approach. Starting with the Trans-Pacific Partnership (since renamed the Comprehensive and Progressive Agreement for Trans Pacific Partnership with the U.S. exit last year), e-commerce or digital trade chapters have cropped up in large agreements such as the USMCA and little-known ones such as the recent Singapore-Sri Lanka trade agreement.
The chapters invariably include foundational principles such as certainty in electronic contracting, the validity of electronic signatures, nondiscriminatory treatment of digital services, and restrictions on imposing customs duties on digital products transmitted electronically. So long as the provisions foster greater certainty for online trade, the chapters reflect well-established conventions and should be embraced.
The more problematic provisions, however, focus on the rules associated with data, where much of the value in digital trade lies. For example, the USMCA includes rules that restrict data localization policies that can be used to require companies to store personal information within the local jurisdiction. Jurisdictions concerned about lost privacy in the online environment have increasingly turned to data localization to ensure their local laws apply. These include the Canadian provinces of British Columbia and Nova Scotia, which have data localization requirements to keep sensitive health information at home that may be jeopardized by the agreement.
The digital trade chapter also bans restrictions on data transfers across borders. That means countries cannot follow the European model of data protection that uses data transfer restrictions as a way to ensure that the information enjoys adequate legal protections. In fact, with the European Union adopting even higher standard privacy rules earlier this year, countries could find themselves caught in a global privacy battle in which Europe demands limits on data transfers while the USMCA prohibits them.
The data localization and data transfer rules may erode efforts to safeguard privacy, and many other provisions represent a lost opportunity to establish higher standards. Indeed, as the United States touts high standard intellectual property protections in its trade agreements, it seemingly opts for low standard digital trade protections.
For example, the USMCA has a requirement to maintain anti-spam rules and online consumer protection laws. However, neither provision contains any specificity, meaning the requirements can be met without effective measures. The same is true for personal information protection requirements, which call for a legal framework to protect the personal information of users of digital trade, but buried in a footnote is an acknowledgment that merely enforcing voluntary undertakings of enterprises related to privacy is sufficient to meet the obligation.
The provisions related to net neutrality similarly miss the mark. In fact, while the TPP specifically references net neutrality, the USMCA just establishes “principles on access to and use of the Internet for digital trade.” None of the principles comes close to a comprehensive approach to net neutrality, and the provision falls well short of established laws in Canada.
An imperfect digital trade chapter would ordinarily mean little for global e-commerce. Yet the USMCA chapter builds on the TPP and effectively entrenches the approach as the model for digital trade in agreements worldwide. In fact, it seems likely that the same provisions will be used in multilateral instruments, including efforts at the World Trade Organization to establish similar e-commerce rules.
In doing so, a chapter that has never been subject to public scrutiny or debate, fails to reflect many global e-commerce norms, and may ultimately restrict policy flexibility on key privacy issues will have been quietly established as the go-to international approach. Before the USMCA sets the standard to be used around the world for decades, there needs to be a renewed effort to ensure it meets the needs of a far broader array of businesses, consumers and domestic policymakers.