The UK government has set out its plans and priorities for the negotiations of a free trade agreement with the US. Here we explain some of the main issues in the digital trade chapters of these deals and outline our positions.
The UK government has published its negotiation objectives for the free trade agreement with the US The document includes Digital Trade measures that could define British regulation of the internet and our online activities for years to come. Our digital rights are being shaped by the economic discussions in this Free Trade Agreement (FTA) with severe impacts on privacy and free expression and association among other rights.
The UK government aims to agree provisions “that facilitate the free flow of data, whilst ensuring that the UK’s high standards of personal data protection are maintained, and include provisions to prevent unjustified data localisation requirements.” The document does not detail how this tension will be solved but explains that the UK will “help shape global rules in areas such as data flows, blockchain, driverless cars and quantum technology”, “maximising the UK’s reach in emerging fields like global data flows and Artificial Intelligence (AI)”.
The government is also committed to promoting “appropriate protections for consumers online and ensure the Government maintains its ability to protect users from emerging online harms.”
The US published its negotiating objectives for a deal with the UK a year ago, with concrete demands and objectives honed through constant negotiation on trade on a variety of fronts. The UK government has admitted that the existing US trade deals will form the starting point for discussions.
Below we outline some of the key elements of the Digital Trade agenda that can be found in those trade agreements signed by the United States, our concerns with these proposals and our premiminary recommendations.
Placing the regulation of the digital sphere under the trade banner creates a fundamental problem of democratic oversight because trade treaties generally give disproportionate power to the executive.
The UK government does not have a published trade negotiation policy. The default role for Parliament over trade deals appears to be the Ponsonby Rule, which sets out that “the power to make treaties is a Prerogative power vested in the Crown”, with the texts presented to Parliament for ratification for a mere 21 days. The problem of having such a short period for ratification is compounded by trade negotiations being clouded in utmost secrecy.
Trade primacy and dispute resolution
Technology regulation - including platforms - could be undermined by trade enforcement by providing companies a very strong tool to sue the UK for any policy that they believe damages their interests. In December 2019, the taxi app Uber started proceedings to sue the Colombian government under the arbitration system in the Colombia-US Trade Promotion Agreement, after a local court found that the company had violated competition rules and ordered it to cease operations.
Trade is unique in international law in its self-enforcement mechanisms. If a country is found to have created unfair advantages to favour local industries, the other country in the dispute is allowed to bring some form of retaliation to compensate. In most cases this will happen through import tariffs, but not exclusively.
A recent high profile example is the dispute between the US and the EU over airplane subsidies to Airbus, where the US has been allowed to impose punitive tariffs on $7.5bn of European goods. The twist is that retaliatory tariffs do not have to be applied to the same sector - aviation in this case. The US has slapped a 25% tariff on £1bn imports of Scottish whisky.
Investor State Dispute Settlement (ISDS)
Outside of WTO tribunals, for example bilateral trade and investment treaties like the UK-US FTA currently under discussion, there are other problems to face up to: Investor-state dispute settlement tribunals (ISDS). These ISDS tribunals allow companies to sue governments, like in the Uber case discussed above.
ISDS tribunals are widely criticised for being expensive, secretive, and staffed with corporate lawyers, overall favouring companies over governments regulating in the public interest. In March 2019, the Joint Committee on Human Rights of the UK Parliament published a report on international agreements that raised ISDS as a “particular area of concern”. The committee found evidence that the ISDS mechanism discourages government from introducing regulatory measures to protect human rights, labour rights and health.”
As a general principle, the regulation of the internet and online platforms should not be restricted in such a manner. The UK in particular will be in a difficult position vis a vis the US to enforce any digital trade dispute. ISDS should not be included in any UK trade deal.
What is being proposed?
Digital trade agreements contain clauses that ban any restrictions on the “cross-border transfer of information, including personal information, by electronic means” in the conduct of a “covered” business. This means any US online service could object to any UK law or regulation that stops data from their prospective UK customers being sent to the US.
The agreements can contain an exception regime, for government measures that are “necessary to achieve a legitimate public policy objective”, as long as these exceptions don’t form an “arbitrary or unjustifiable discrimination or a disguised restriction on trade” and are not “greater than are necessary to achieve the objective”.
Who is driving the free flow of data agenda and why?
These measures are mainly driven by the US to support the unrestricted global data flows towards the internet giants of Silicon Valley that currently dominate the global Internet outside China and Russia.
Governments of developed countries generally support these measures because they perceive that lack of access to cloud computing would disadvantage their country, and generally nobody wants to be left out of the global digital market.
Why is this a problem?
The US lacks meaningful general privacy protections in the commercial sector, particularly for foreigners outside the general protections of their Constitution. Agreeing to unrestricted data flows to the US would put the UK in a double bind that could jeopardise data flows to and from the EU with severe consequences for businesses and citizens. The official UK position is to seek an adequacy agreement with the EU.
Plenty of legal scholars believe that if the UK and the US enable a completely free flow of data between the two countries in a trade deal, this will likely create problems for the UK to simultaneously keep similar arrangements with the EU in continuity of the GDPR regime.
The exceptions regime for public policy objectives is ill-defined and hard to implement. Modern digital trade deals may also include a generic section on data protection, which sounds good in principle, but in practice can do more harm than good by presenting lower privacy standards as acceptable choices.
What is the solution?
The UK should only sign agreements on a free flow of data with countries that provide good data protection to a similar standard to the domestic regime. One way to do this would be through the application of adequacy decisions modelled on the GDPR regime. Another approach would be to apply a common international standard such as Convention 108 of the Council of Europe.
What is being proposed?
Data localisation covers several overlapping but distinct issues. The most obvious aspect of data localisation is forcing companies to store the data locally, or in some cases to set up a local outfit. The provisions in the latest digital trade agreements ban countries from forcing companies to “use or locate computing facilities in that Party’s territory as a condition for conducting business” in the country.
The main example of localisation would be Russia, where concerns over US interference have led to a path of technological self-sufficiency where the country is now ready to be cut off from the global Internet. Some data localisation will always be a feature of data protection. Localisation requirements are common worldwide for financial, health or other sensitive data.
Who is driving the anti-localisation agenda and why?
The ban on data localisation has widespread support among the more developed countries. A 2017 US government business survey saw localisation as the main problem for cross border delivery of services online. The ban is opposed by many developing countries and authoritarian governments, although for different reasons.
The Snowden leaks in 2013 marked a turning point for the realisation that any foreign data stored in the US was fair game for surveillance led many countries, e.g. Brazil, to develop localisation policies. Since then, concerns have continued to grow over the economic dominance of US platforms and the overt use of digital technology as an instrument of US foreign policy. For example, new mobile phones from Huawei soon won’t be able to access Google Play apps, and Venezuela’s creative sector is cut off from leading software tools from Adobe.
Data localisation in some developing countries is portrayed as akin to policies to control natural resources such as oil. India, for example sees the data of their citizens as “a collective resource, a national asset, that the government holds in trust”. Developed nations are in a similar predicament of trying to achieve “Digital Sovereignty”. For example, the EU strategy for data, outlines plans for the creation of “common European data spaces”.
Internet companies also make the technical case that in running global operations it is not efficient to have facilities in every single country, although a level of localisation appears to be efficient. Content delivery networks provide such localisation services for many Internet companies.
Why is a ban on localisation a problem?
This is a thorny issue. The business arguments against localisation have some grounding but we also have to admit that the Internet is too centralised around large companies and richer regions. The nationalist perspective of India and other countries looking for economic justice is unfortunately hard to fully support in its current form from our perspective that privacy is a fundamental right.
There is a very strong argument in favour of some localisation in the need for regulatory access. The US financial authorities have been blocking localisation requirements for financial data in trade deals for many years because during a crisis in that fast moving world, they cannot wait even a few hours to access data.
Unfortunately, the line between legitimate regulation and state abuse is sometimes difficult to demarcate. The localisation policies of authoritarian governments have negative consequences for free expression, privacy and democratic values. From this perspective, the ban on the localisation of data and computing facilities could be supported in a tactical manner by digital rights groups. However, the wider arguments about political power and economic justice around digital technologies complicate the picture and make it difficult to lend unqualified support to these measures.
What is the solution?
The basic building block of any policy on localisation is the protection of human rights and freedoms. From this perspective the pursuit of economic justice and social innovation has to fully comply with the right to privacy among others. Regulators should have access to data in order to protect consumers and society.
Our conclusion is that data localisation is too complex an issue to be included in trade deals and should be part of wider international discussions on global digital development and democracy.
Disclosure of source code and algorithms
What is being proposed?
Digital trade treaties ban governments from requiring the disclosure of source code as a condition of import, distribution, sale or use of software or of products containing software. The latest agreements extend this prohibition to “algorithms expressed in that source code”.
The text in the latest US agreements contains a clause allowing a “regulatory body or judicial authority” to demand the source code or algorithm “for a specific investigation, inspection, examination, enforcement action, or judicial proceeding, subject to safeguards against unauthorized disclosure.”
Who is driving this agenda and why?
The main proponent of these restrictions is the US with the argument that the disclosure of source code and underlying know-how is a form of forced technology transfer. Other developed countries such as Japan and the EU are also fully behind.
The main source of concern about forced technology transfer seems to be China. The current US–China trade war was officially triggered by US allegations of China’s abusive trade practices in forced technology transfer and intellectual property.
Why is a ban on technology transfer and the disclosure of source code and algorithms a problem?
There is consensus that China does indeed obtain source code and algorithms, but these demands are likely already unlawful and just require better enforcement. A generalised ban on the disclosure of source code and algorithms will hamper accountability, limit the space for public policy and harm least developed countries.
There are growing concerns about potential unfairness and bias in life-changing decisions made or supported by the use of algorithms, from credit to court sentencing or migration status. Preventing the disclosure of source code or algorithms would hamper efforts to develop new forms of technological transparency and accountability. The UK GDPR includes a right for individuals in certain circumstances to be informed of the logic of the systems making decisions that significantly affect them.
There are many legitimate public policy reasons for a government to require a foreign company to disclose their technology. Regulators may need to examine technical systems, for example in electronic voting, gambling machines, or car emissions. There are particular concerns for policies supporting open source software.
For developing countries, technology transfer is a central aspect of economic development and global socio-economic justice. The Norwegian oil industry and the Taiwanese textile sector were built through forced technology transfers.
While this issue may not seem critical within a US-UK Free Trade Agreement, given that both countries enjoy comparable levels of technological development, its inclusion in the deal would facilitate the propagation of this idea into other deals.
What’s the solution?
Technology transfer is a necessary element of global development and fighting climate change. The UK government should work to develop fair transfer mechanisms that enable accountability and prevent abuse, instead of promoting a blanket ban on algorithmic disclosure.
- The negotiation of UK FTAs should be conducted with the highest levels of democratic participation, including a greater role for parliament than currently afforded in the law.
- UK FTAS should not include ISDS mechanisms that would allow foreign companies to sue to stop legitimate regulations to protect the public.
- The UK should only sign agreements on a free flow of data with countries that provide good data protection to a similar standard to the domestic regime.
- Data localisation is too complex an issue to be included in trade deals and should be part of wider international discussions on global digital development and democracy.
- The UK government should work to develop criteria for fair technology transfer mechanisms that enable accountability and prevent abuse, instead of promoting a blanket ban on algorithmic disclosure.