Vrijschrift Blog | 26 October 2015
Privacy and ISDS after Safe Harbour invalidation: Singapore FTA
The Court of Justice of the EU should assess whether the trade agreement with Singapore is compatible with the EU Treaties and Charter of fundamental rights before it enters into force.
This is important as the trade agreement would
- expose our privacy to interference,
- expose the EU to damages awards,
- compromise the independence of our data protection authorities, and
- compromise the effectiveness of the Court of Justice of the EU.
The European Court of Justice has invalidated the Safe Harbour agreement that allowed data transfers to the US. This raises the question whether the draft EU-Singapore free trade agreement — which allows data transfers — is compatible with EU fundamental rights.
Challenge data transfers
Singapore reportedly has a high level of surveillance.  Using the legal remedies the Court prescribes in its Safe Harbour judgment citizens can challenge data transfers to Singapore, claiming Singapore’s domestic law and its international commitments do not ensure a level of protection essentially equivalent to that guaranteed within the European Union.
If competent authorities suspend data transfers to Singapore, Singapore could, after conclusion of the trade agreement, initiate arbitration against the EU and Singaporean investors could start investor-to-state dispute settlement (ISDS) cases.  There is a risk that arbitration tribunals would find suspension of data transfers in violation of the agreement. First, the trade agreement would leave ground to argue that the EU applied a higher standard on data transfers than agreed.  Second, the general exception does not provide an effective safeguard for domestic policies.  In only two of 45 WTO cases states successfully invoked a similar Gatt article XX or GATS article XIV general exception. 
ISDS tribunals can award damages including expected profits and interests; this would put pressure on the authorities competent to suspend data transfers and compromise their independence.  Lack of impartiality of the ISDS mechanism provided by the trade agreement would increase the EU’s exposure and further compromise the independence of our authorities. 
The Court’s effectiveness
The agreement would also undermine the Court’s effectiveness. After termination of the agreement the investment chapter would continue to be effective for a further period of twenty years.  If the Court would invalidate parts of the investment chapter of the agreement, for instance because the Court finds it compromises the independence of our data protection authorities, the negative effects on the EU would continue for twenty years.
On compatibility of ISDS with the Treaties see also: http://www.clientearth.org/health-environment/health-environment-publications/legality-of-investor-state-dispute-settlement-under-eu-law-3020
The European Commission has asked the Court whether the EU has exclusive competence to conclude the trade agreement. The European Parliament should broaden the question to the Court to include compatibility of the trade agreement’s standard for data transfers and its enforcement mechanisms with the EU Treaties and Charter. 
See also ClientEarth’s blog and study on legality of ISDS.
 "[B]y U.S. standards, Singapore’s privacy laws are virtually nonexistent" http://foreignpolicy.com/2014/07/29/the-social-laboratory/ ; Singapore is not a party to the International Covenant on Civil and Political Rights https://treaties.un.org/pages/ViewDetails.aspx?src=TREATY&mtdsg_no=IV-4&chapter=4&lang=en
 Complainants could for instance invoke EUSFTA Chapter 9 article 9.4.2 (c) "manifestly arbitrary conduct"; article 9.6 in conjunction with Annex 9-A "the impact of a measure or series of measures is so severe in light of its purpose that it appears manifestly excessive", or not "legitimate" http://trade.ec.europa.eu/doclib/press/index.cfm?id=961
 EUSFTA Chapter 8 article 8.54 "appropriate safeguards" versus CJEU Safe Harbour paragraph 74 "essentially equivalent to that guaranteed within the European Union"; furthermore tribunals could read EUSFTA article 8.54 in the light of article 8.57(4) "international standards of data protection", a low standard http://trade.ec.europa.eu/doclib/press/index.cfm?id=961 and http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=en&type=TXT&ancre=
 Chapter 8 article 8.62(e)(ii) with chapeau, based on GATT article XX and GATS article XIV; complainants could for instance claim that the measure is (a) an arbitrary discrimination against the other Party where like conditions prevail, as (some) EU member states and third states have a high level of surveillance as well; (b) an unjustifiable discrimination against the other Party where like conditions prevail, as data localisation would favour EU companies; (c) inconsistent with the provisions of this Chapter, referring to articles 8.54 "appropriate safeguards" and 8.57(4) "international standards of data protection"
 See, generally, Public Citizen https://www.citizen.org/documents/general-exception.pdf
 See, generally, Steve Peers on case law on the independence of data protection authorities http://eulawanalysis.blogspot.co.uk/2014/04/the-cjeu-confirms-independence-of-data.html
 On EUSFTA’s ISDS section, see Van Harten http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2613544 and FFII https://blog.ffii.org/seven-things-you-should-know-about-eu-singapore-isds/
 EUSFTA, Chapter 9, article 9.9, url at footnote 2
 On compatibility of ISDS with the Treaties see also: http://www.clientearth.org/health-environment/health-environment-publications/legality-of-investor-state-dispute-settlement-under-eu-law-3020