from the would-be-fun-to-watch-if-only-it-weren't-secret dept
For the European Union, that's a hugely sensitive issue. Under data protection laws there, personal data cannot be sent outside the EU unless companies sign up to the self-certification scheme known as the Safe Harbor framework. However, in the wake of Snowden's revelations about NSA spying in Europe, the European Parliament has called for the Safe Harbor scheme to be suspended. If that happens, the only way that US Internet companies could comply with the EU Data Protection Directive would be to hold personal information about EU citizens on servers physically located in Europe. But it is precisely that kind of requirement the leaked TISA position seeks to forbid:
Article X.2: Local ContentAnother section would stop countries from imposing any restrictions on data flows:
l. Subject to any conditions, limitations and qualifications set out in its Schedule, no Party may, in connection with the supply of a service by a service supplier, impose or enforce any requirement; enforce any commitment or undertaking; or, in connection with the supply of a service through commercial presence, condition the receipt or continued receipt of an advantage on compliance with any requirement:
(a) to purchase, use or accord a preference to:
(iii) computing facilities located in its territory or computer processing or storage services supplied from within its territory;
Article X.4: Movement of InformationIt comes as no surprise that the US is pushing for the unhindered cross-border flow of all data, including personal data: it's what both the USTR and US companies have been demanding for a while. But it's going to be hard to get the European Union to agree to such a direct attack on its privacy framework. The European Commission has publicly stated that TISA will not undermine the EU's data protection laws. Moreover, just a few hours after the TISA leak was published, the EU politician with responsibility for TISA in the European Parliament, Viviane Reding, tweeted as follows:
No Party may prevent a service supplier of another Party from transferring, accessing, processing or storing information, including personal information, within or outside the Party's territory, where such activity is carried out in connection with the conduct of the service supplier's business.
As @EP_Trade Rapporteur on #TiSA, I'll oppose any provision undermining right to data privacy: competition by the rules, not for the rules!With such entrenched positions on both sides, it's hard to see how any kind of compromise will be possible. The imminent battle between the US and the EU on this key issue in TISA will doubtless be fun to watch; what a pity it will happen in secret, behind closed doors.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+