It is high time to rethink digital trade policies to fully preserve people’s fundamental rights
Leading consumer and digital rights organisations, members of the Transatlantic Consumer Dialogue (TACD), in the United States and Europe welcome the U.S. announcement to step back from including data flows and source code rules in the Joint Statement Initiative on e-commerce. We call on the EU to take this opportunity to reassess its own digital trade policy and better protect its citizens.
Since 2019, the EU and the U.S. have been negotiating a new rule book for digital trade at the World Trade Organization (WTO) with more than 80 other countries. The stated goal of this joint statement initiative (JSI) is to define global rules to make it easier for consumers and companies to trade online.
A consolidated version of the JSI negotiating text has recently been leaked. After careful analysis, TACD has identified risks for digital rights in the leaked version. Without changes, the final text could undermine the ability of governments to protect personal data and privacy of their citizens. It could also make it very difficult for authorities to protect consumers from bias and discrimination of artificial intelligence systems.
What is the problem for data protection and privacy?
Cross-border data flows are one of the key provisions in these negotiations. The purported objective is to facilitate international data transfers across national borders. It is crucial to consider the broad implications of any cross-border data flows provisions, which could undermine people’s human right to privacy and personal data protections. Failing to do so would defeat another ostensible purpose of these negotiations: to enhance consumer trust online.
Many digital services rely on collecting and processing personal data. At the same time, consumers wish to have control over their personal data. Scandals like Cambridge Analytica and the invasive and constant tracking and exploitation of people’s data have eroded people’s trust in cross-border data transfers. A survey* revealed that 72% of consumers across the globe are concerned about the collection of their personal data by companies online.
After analysing the leaked text of the JSI, we understand that certain countries party to the JSI negotiations are seeking to secure rules to guarantee companies a right to free flow of data across borders. Some of their proposals replicate clauses from trade agreements, such as the U.S.-Mexico-Canada Agreement and the Comprehensive and Progressive Trans-Pacific Partnership. These proposals seek to prioritize unhindered data flows above data protection and privacy. From a consumer and digital rights perspective, the logic should be exactly the opposite: protecting people’s rights comes first.
The risks of including rules on cross border data flows, data protection, and privacy in the JSI would be far greater for citizens’ rights than the economic benefits that can potentially be achieved in a few countries. Instead, countries could adhere to the only binding international treaty on data flows and personal data protection to date: the Convention 108+.
What is the risk regarding artificial intelligence?
The negotiations include proposed rules conditioning who can and cannot have access to source code of software. The source code provision would restrict governments from requiring source code disclosure. This restriction is unnecessary as companies already can rely on protection of their trade secrets and intellectual property rights.
The different proposals in the consolidated text would make it difficult for authorities to require pre-market audits of AI systems to review for discriminatory or anti-competitive practices. They would also prevent civil society organizations and academics from alerting authorities of domestic regulation infringements. For example, this provision would prevent consumer organizations and academics from investigating suspected biases in an artificial intelligence system of a bank, used to assess credit worthiness, and to alert authorities in case of confirmed bias.
Countries participating in the JSI are still in the process of defining their artificial intelligence regulatory framework domestically. Including source code provisions in the JSI is therefore premature. If not defined carefully, it could limit the level of protection governments intend to provide to their citizens.
Time for introspection: towards fairer digital trade policies
We welcome the U.S. administration’s announcement that it will no longer support proposals for rules on data flows and source code in the JSI and encourage the U.S. to continue this position in other international negotiations beyond the JSI. We call on the EU to use the opportunity to follow the U.S.’s lead in withdrawing support to these problematic trade rules on data flows and source code and evaluate its own digital trade policy. This is especially important now as the EU is about to enter into digital trade negotiations with Singapore and Korea, in addition to the JSI talks.
- TACD Work at the Nexus of Digital-Trade
- TACD Policy Priorities for Artificial Intelligence (May 2023)
- TACD urges WTO negotiators not to interfere with digital rights (January 2019)
- TACD welcomes European Commission decision to defend peoples’ privacy in trade discussions (February 2018)
- TACD, BEUC, EDRi: The European Commission rightly decides to defend citizens’ privacy in trade discussions (February 2018)
- TACD and its members urge EU leaders to protect citizens’ data in trade agreements (October 2016)
- EU data protection rights at risk through trade agreements, new study shows (July 2016)
- Trade agreements and data flows: TACD at public hearing of European Parliament (June 2015)
*Survey conducted by Consumers International and the Federation of German Consumer Organization, vzbv for the G20 consumer summit in 2017. This echoes the figures of the CIGI-Ipsos 2019 internet trust survey