03 May 2018

DIGITALEUROPE Comments on European Commission’s Draft Provisions for Cross-border Data Flows


On 9 February 2018, the European Commission presented the long-awaited proposal for cross-border data flows and trade and investment agreements to the Trade Policy Committee. DIGITALEUROPE, the association representing the digital technology industry in Europe, welcomes the Commission putting forward a proposal for horizontal provisions for cross-border data flows and data protection. At the same time, DIGITALEUROPE is concerned that the proposed provisions in Article B.2 would facilitate and legitimize forced data localization and limit legitimate cross-border data flows through arbitrary and disproportional interventions. As outlined below, the provisions have the potential to significantly hurt the EU’s offensive interests in digital trade. Failing important changes to the proposed text, the EU’s interests would be better served under the existing general GATS rules and exemptions.

1. Need for across-border data flow mechanism

1.1. An opportunity for economic growth

DIGITALEUROPE has long advocated for recognizing the importance of cross-border data transfers in today’sdigital world. As a matter of fact, the EU’s prosperity depends on the competitiveness of the Europeaneconomy, which is linked to the ability of European-based businesses to harness the opportunities of digitization in global markets. Introducing robust provisions on the free flow of data in free trade agreements (hereafter: FTAs) is therefore an essential means for the EU to be a global leader in promoting the protection of personal data and privacy while ensuring open global digital trade that requires predictable rules for in and out data flows across nations and regions.

We have encouraged the European Commission to reaffirm its opposition to digital protectionism and elevate the elimination of forced data localization as a European and global priority along the way. To thisextent, DIGITALEUROPE applauded the adoption of the INI Report “Towards a Digital Trade Strategy” of theEuropean Parliament, expressing a large cross-party support for an ambitious EU Digital Trade Strategy. The INI report illustrates how a right balance can be achieved to enable both digital trade and preserve data protection standards.

DIGITALEUROPE fully agrees that the protection of personal information is of utmost importance to create trust in the digital environment: FTAs should not be used to challenge or circumvent EU privacy rules. Neither the WTO rules nor any modern FTA (including the recently agreed Trans-Pacific Partnership Agreement) pose a challenge to the EU rules. In fact, these existing provisions do recognize protection of privacy as a legitimate purpose for measures, and the European regime has never been subject to challenges e.g. from the GATS. What most recent agreements have tried to do instead is to design broad commitments and narrow exceptions which create a balanced, workable and enforceable mechanism for cross-border data flows.

1.2. Equipping the EU against raising protectionism

For the EU, the reason why such provisions are vital in going forward is the need to provide a means for EU- based businesses and governments to address protectionist measures and forced localization requirements in third countries. Evidence shows how this type of measures have negative impact on GDP, jobs and innovation.1

Restrictive measures, e.g. unjustifiable limitations to cross-border data flows, and forced localization measures in third countries, present significant barriers for European-based companies to expand their IT services in the EU, e.g. distributed cloud services for Industrial Internet, Industry 4.0 or cloud facilities. They illustrate barriers across all industry sectors – not only the digital sector – which risk not to benefit from digitization and the data economy. Unrestricted cross-border data flows in FTAs is thus as much about enabling the flows of personal data and mixed data sets into the EU.2 This would likely lead to increased market-driven inbound data flows to the EU particularly pertinent for Industry 4.0. This type of offensive provision does not exist under the EU acquis while the recent European Commission proposal fails to address the risks identified above. Limitations to unrestricted cross-border data flows expressed in Article B.2 are expressed in an arbitrary and unrestricted manner. The proposal does not provide for any provisions to secure non-personal cross-border data transfers either.

2. An effective toolbox

2.1. Why current existing solutions are not enough

While reciprocal adequacy decisions are welcomed, they do not provide investors with sufficient investment confidence for EU-based data processing beyond the scale of the European market, since adequacy decisions can be unilaterally revoked and cannot address a broader set of digital market access barriers in third countries. Thus, adequacy decisions are complementary to, but never substitutes of, FTA disciplines on data flows.

We are also deeply concerned with the formulation in the EU-Japan revision clause, Article 8.81, (“The Parties shall reassess within three years of the date of entry into force of this Agreement the need for inclusion of provisions on the free flow of data into this Agreement.”)3 as this formulation implies that the very essential need for digitisation of European and Japanese economies and the associated data flows are questioned by this formulation, not only at the point in time of the conclusion of the text but also 3 years later on. Unfortunately, the very recent political agreement on the EU-Mexico FTA includes the same review clause.

The approach the EU is pursuing seems to be out of touch with the size and the speed of progress of the global digital economy witnessed during the last decade as well as expectations going forward. This sends the utterly wrong signal to European-based industries about the European Commission’s true ambitions toharness digitization. Hence, the need for reassessment should not be replicated in any future EU FTA with third countries.

2.2. How the latest European Commission text risks damaging the EU’s interests

For the reason listed above, we have significant concerns about the effectiveness and enforceability of some of the proposed provisions, in particular Article B.2. In fact, Article A establishes the principle of unrestricted cross-border data flows at the same level as the right to protect personal data as defined by Article B, where the text de facto nullifies what is established in the first part of the proposal. Article B.2 articulates the restriction of the right to cross-border data flows in the form of a self-declaratory exception: Suchformulation suggests that, as far as the Party states that the measure’s purpose is to safeguard privacy ordata protection, it is permissible irrespective of its impact on trade or whether it is actually aimed at preserving privacy or data protection. Within the trade context, this type of exceptions is very rare and usually reserved for measures related to the protection of national security.

DIGITALEUROPE is of the opinion that a narrow and more precise exception needs to be defined, in order to be effective. The right balance has to be found between EU law4 and the alignment with well-established trade law principles. The limits to the principle of unrestricted cross-border data flows must not depart from basic and well-established trade law principles for legitimate trade restrictions (e.g. proportionality, non- discrimination, and necessity, as reflected in GATS XIV) as it may lead to an open-ended right to impose unwarranted and possibly disguised protectionism on cross-border data flows.

As a consequence, DIGITALEUROPE would like to ask the European Commission and Member States to improve the proposal to safeguard European privacy standards while securing unrestricted cross-border data flows to harness European-based opportunities of digitization in global markets. This effort should support the European Parliament’s approach to the issue, in particular where the it “calls on the Commission, to incorporate into the EU’s trade agreements a horizontal provision, which fully maintains the right of a party to protect personal data and privacy, provided that such a right is not unjustifiably used to circumvent rules for cross-border data transfers for reasons other than the protection of personal data; considers that such rules and provisions should form part of all new and recently launched trade negotiations with third countries”.

For more information please contact
Back to Digital trade
View the complete Policy Paper
Our resources on Digital trade
30 Apr 2024 Position Paper
Contribution to public consultation on white paper on export controls
09 Feb 2024 resource
The Download: The EU's Economic Security Strategy
10 Nov 2023 resource
Key policies for digitalization during the Spanish Presidency: The AI Act and the Data Act
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.