New TISA Leak: US On Collision Course With EU Over Global Data Flows
from the would-be-fun-to-watch-if-only-it-weren't-secret dept
Although most attention has been given to the Trans-Pacific Partnership agreement (TPP) and the Trans-Atlantic Free Trade Agreement (TAFTA), also known as TTIP, it’s important to remember that a third set of global trade negotiations are underway — those for the Trade in Services Agreement (TISA), which involves more countries than either of the other two. Like TPP and TAFTA/TTIP, TISA is being negotiated in strict secrecy, but earlier this year the financial services annex leaked, giving us the first glimpse of the kind of bad ideas that were being worked on. Now, another leak has surfaced, which reveals the US’s proposals to free up data flows online.
For the European Union, that’s a hugely sensitive issue. Under data protection laws there, personal data cannot be sent outside the EU unless companies sign up to the self-certification scheme known as the Safe Harbor framework. However, in the wake of Snowden’s revelations about NSA spying in Europe, the European Parliament has called for the Safe Harbor scheme to be suspended. If that happens, the only way that US Internet companies could comply with the EU Data Protection Directive would be to hold personal information about EU citizens on servers physically located in Europe. But it is precisely that kind of requirement the leaked TISA position seeks to forbid:
Article X.2: Local Content
l. Subject to any conditions, limitations and qualifications set out in its Schedule, no Party may, in connection with the supply of a service by a service supplier, impose or enforce any requirement; enforce any commitment or undertaking; or, in connection with the supply of a service through commercial presence, condition the receipt or continued receipt of an advantage on compliance with any requirement:
(a) to purchase, use or accord a preference to:
(iii) computing facilities located in its territory or computer processing or storage services supplied from within its territory;
Another section would stop countries from imposing any restrictions on data flows:
Article X.4: Movement of Information
No Party may prevent a service supplier of another Party from transferring, accessing, processing or storing information, including personal information, within or outside the Party’s territory, where such activity is carried out in connection with the conduct of the service supplier’s business.
It comes as no surprise that the US is pushing for the unhindered cross-border flow of all data, including personal data: it’s what both the USTR and US companies have been demanding for a while. But it’s going to be hard to get the European Union to agree to such a direct attack on its privacy framework. The European Commission has publicly stated that TISA will not undermine the EU’s data protection laws. Moreover, just a few hours after the TISA leak was published, the EU politician with responsibility for TISA in the European Parliament, Viviane Reding, tweeted as follows:
As @EP_Trade Rapporteur on #TiSA, I’ll oppose any provision undermining right to data privacy: competition by the rules, not for the rules!
With such entrenched positions on both sides, it’s hard to see how any kind of compromise will be possible. The imminent battle between the US and the EU on this key issue in TISA will doubtless be fun to watch; what a pity it will happen in secret, behind closed doors.