A Introduction
Pantha rhei (‘everything flows’) turns out to be a very fitting metaphor for how terabytes of digital data rush through the network of networks. Attributed to the philosopher Heraclitus panta rhei connotes that change is the fundamental essence of the universe.Footnote 1 Data flows are the undercurrent of digital globalization that transforms our societies. How data flows will likely underpin digital services in a not so distant future is vividly described in Anupam Chander’s contribution (Chapter 5) in this volume. Data’s liquidity tends to undermine outdated regulatory formations and erode the paradigms that used to underpin a society’s conventional right to self-governance.Footnote 2 Everything is in flux.
Human rights do however remain valid currency in how we approach planetary-scale computation and accompanying data flows. As we enter ‘the age of digital interdependence’, a UN expert panel urges ‘new forms of digital cooperation to ensure that digital technologies are built on a foundation of respect for human rights and provide meaningful opportunity for all people and nations’.Footnote 3 Today’s system of human rights protection, however, is highly dependent on domestic legal institutions, which unravel faster than the reconstruction of fitting transnational governance institutions. The transnational protection of data privacy is a case in point, which required legal reforms in order not to fall into the cracks between different domestic legal systems. Furthermore, the transnational provision of artificial intelligence (AI) is going to have a bearing on the conditions of human freedom prompting calls for a human rights–based approach to AI governance.Footnote 4
Through the contribution in this volume it emerges that international trade law has successfully co-opted cross-border data flows as a desirable baseline for digital trade. This raises the question how the inclusion of the free flow of data in international trade law would affect the prospects for the transnational protection of human rights. As a stand-alone commitment, the free flow of data namely lacks any normative underpinning and only through the interplay with domestic legal frameworks do human rights become recognized.
In my contribution I argue that the inclusion of cross-border data flows as a new trade law discipline would be opportunistic in light of the morality to protect human rights online. International trade law, which has been criticized for the ‘economization of human rights’,Footnote 5 would subtly reinforce the transformative power of data flows leaving human rights enforcement to domestic institutions which in themselves have been found inferior to deal with the issues at hand. In other words, the opportunity structures offered by international trade law will not advance the construction of a global information civilization that is founded on the respect for human rights. Rather, multilevel economic governance should provide for constitutional pluralism and sufficient margin for experimentation with novel strategies to give effect to human rights in the online context.Footnote 6 I conclude with a plaidoyer for a new quid pro quo in digital trade in which the liberalization of cross-border data flows recognizes better the enhanced need for human rights accountability. This contribution intersects human rights law with international economic law, liberally borrowing from transnational legal theory and Internet governance literature. It advances its arguments through a combination of doctrinal and critical legal research with a certain predisposition to European legal thinking.
This chapter proceeds as follows: after the backdrop has been set, the following section takes a critical look at the construction of the data flow metaphor as a policy concept inside international trade law. The subsequent section explores how the respect for human rights ties in with national constitutionalism that becomes increasingly challenged by the transnational dynamic of digital era transactions. The last section turns to international trade law and why its ambitions to govern cross-border data flows will likely not advance efforts to generate respect for human rights. In the conclusion, the different arguments are linked together to advocate for a re-balancing act that recognizes human rights inside international trade law.
B Data Flow as a Policy Metaphor
Data is the building block of today’s digital economy. As a virtual unit data can represent any type of digital infrastructure, platform, or system, that undergird an infinite range of virtual goods, services, transactions and expressions. Digital supply and value chains are ultimately representations of data which are assembled to perform varying functionalities.Footnote 7 Besides data is exponentially generated from any human and machine activity, which in turn are a key input for machine learning and algorithmic decision-making. Everything that can be expressed in data is inherently liquid because it can be de-assembled, moved across space and re-assembled again.
In social theory ‘flow’, ‘fluidity’ or ‘liquidity’ are used as a metaphor to connote how circulation and velocity forge a new kind of information or network society.Footnote 8 According to Castells, contemporary society is constructed around flows: ‘flows of capital, flows of information, flows of technology, flows of organizational interaction, flows of images, sounds, and symbols. Flows are not just one element of the social organization: they are the expression of processes dominating our economic, political, and symbolic life’.Footnote 9 Sociologist Deborah Lupton, by contrast, criticizes that writers on digital technologies rely on liquid concepts when discussing the circulation of digital data.Footnote 10 For Lupton, ‘[t]he apparent liquidity of data, its tendency to flow freely, can also constitute its threatening aspect, its potential to create chaos and loss of control’.Footnote 11 Lupton nevertheless resolves that such conceptions can help making sense of the phenomenon. It must be conceded that the recourse to the data flow metaphor should not divert from analyzing actors, the epistemology and affordances of concrete sociotechnical systems.Footnote 12 Globalization researchers, however, consistently use the cross-border movement or flows of persons, capital, goods and services as a conceptual lens, which is currently complemented by data flows. It is precisely the circulation of data which underpins the processes that lead to the reconfiguration of the spatial organization of social relations and transactions that characterize globalization.Footnote 13 A 2016 report by the McKinsey Global Institute proclaimed that globalization had entered ‘a new era defined by data flows’.Footnote 14
A powerful coalition of international and intergovernmental organizations, including the G7 and the G20, the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), among others, have intensified their work on promoting cross-border data flows as an international economic policy principle. For instance, following the initiative of Japan’s government on ‘Data Free Flow with Trust’, the 2019 G20 Osaka Leaders’ Declaration states:
Cross-border flow of data, information, ideas and knowledge generates higher productivity, greater innovation, and improved sustainable development, while raising challenges related to privacy, data protection, intellectual property rights, and security. By continuing to address these challenges, we can further facilitate data free flow and strengthen consumer and business trust. In this respect, it is necessary that legal frameworks, both domestic and international, should be respected. Such data free flow with trust will harness the opportunities of the digital economy.Footnote 15
While the statement correctly reflects the unabated tension between cross-border data flows and domestic legal frameworks, it falls short of identifying common strategies that would mitigate this tension and thereby forging trust in legitimate cross-border data flows. The endorsement of ‘Data Free Flow with Trust’ perfectly encapsulates the influential narrative of innovation, growth and development associated with cross-border data flow while leaving the intricacies of protecting human rights and societal values to domestic institutions that are themselves increasingly contested in an interdependent world. From the perspective of domestic public policy, the cross-border flow of data more fittingly compares to a maelstrom that potentially erodes constitutionally guaranteed rights and societal values.
C Human Rights Do Not Flow Easily across Borders
Adopted over seventy years ago, the Universal Declaration of Human Rights (UDHR) protects a canon of universal and indivisible human rights the interpretation of which evolves with the time.Footnote 16 Already twice the UN Human Rights Council has affirmed that human rights must be protected offline and online regardless of frontiers.Footnote 17 International human rights law is addressed to states which are bound to respect and uphold the obligations in their domestic legal system. Whereas international human rights law can take different levels of commitment from non-binding to binding, its enforcement overwhelmingly takes place at the domestic level.Footnote 18 ‘The multilevel human rights constitution’, as Ernst-Ulrich Petersmann explains, ‘remains embedded into national constitutionalism as protected by national and regional courts’.Footnote 19 Human rights thus wield universal protection from their geopolitically fragmentated implementation by states. This construction has largely been workable in an offline and static world where different jurisdictions could coexist by the intuitive demarcations of territoriality. In the age of digital interdependence, however, interferences with human rights frequently take a transnational dynamic. According to Julie Cohen, domestic protections for human rights that are built on outdated regulatory formations have begun to fail comprehensively.Footnote 20 Different trends, such as the intermediation of human transactions by digital platforms, and strategies that would outsmart national legal frameworks have been held responsible for the sad state of affairs.Footnote 21 From the outset the Internet-mediated sphere has attracted much libertarianism and utopism,Footnote 22 but in hindsight too little concern about the impeding policy and regulatory challenges online.
I Who Should Be in Charge of the Internet?
In its infancy the Internet has attracted utopian ideas of a free and borderless cyberspace, a human-made global commons in the service of an international community of users. Famously, John Perry Barlow in his ‘Declaration of the Independence of Cyberspace’ called on governments of the world to leave the Internet and its users alone.Footnote 23 Another proposal was to transform cyberspace into an international commons and to root Internet governance in international agreements. Analogies to Hugo Grotius’ 1609 dissertation ‘Mare Liberum’Footnote 24 have been offered to extend a similar regime to the Internet as is practiced today in international maritime law and space law. Despite gigantic efforts to nourish international multi-stakeholder Internet governance up to this point, this approach has never gained sufficient authority to actually deliver tangible outcomes.Footnote 25 The upshot is that the protection of individuals’ human rights online has never been uploaded to a supranational level.
Simultaneously, the Westphalian nation state that derives sovereignty and jurisdiction from territory has been contested as ‘an ordering device for the borderless Internet’.Footnote 26 Cedric Ryngaert and Mark Zoetekouw are looking at ‘community-based systems’ as jurisdictional alternatives to territory which would better respond to the peculiar nature of the Internet as a ‘borderless, prima facie, non-territorial phenomenon’.Footnote 27 Correspondingly, Francesca Bignami and Giorgio Resta expect that ‘the social interactions fostered by borderless digital communications should give rise to a common set of moral commitments that will gradually replace those of the nation-state’.Footnote 28 It somewhat resonates with how large user-backed digital platforms frequently invoke their community in matters that affect platform governance.Footnote 29 Lee Bygrave highlights the peculiar contribution of contract law to manage large numbers of users across countries and legal systems via terms of service, for example.Footnote 30 Whereas transnational private law could achieve private platform governance from the inside, it does not compare to an external human rights–based governance framework.
II Reactive Jurisdictional Claims
Legal thinking moreover diverges over the question whether online activities and Internet transactions should be treated as distinct from jurisdictional claims based on geographical location.Footnote 31 To Hannah Buxbaum, conflicts about jurisdiction are a strategy where ‘claims of authority, or of resistance to authority’ are made by actors to advance a particular interest.Footnote 32 The beneficiaries of a global reach for that matter reflexively push back jurisdictional claims from countries where the recipients of online service are based. Frequently technology-based arguments are invoked to deny the existence of a sufficient nexus for jurisdiction and the applicability of rules interdicting certain behaviour.Footnote 33 Joel Reidenberg intriguingly warns that this in turn would disable states from effectively protecting their citizens online.Footnote 34
Not being set in stone domestic legal institutions are reactive to the very context they are embedded in. The transnational protection of data privacy is a case in point to illustrate the crucial role of domestic legal frameworks in upholding human rights. When it became apparent that the regulation of domestic businesses no longer suffices to govern cross-border data transactions, legislators as well as courts resort to the external application of domestic laws. The European Union’s General Data Protection Regulation (GDPR)Footnote 35 is a prominent example for this legal technique that refocuses the territorial scope of application to organizations that are not established in the Union as long as they collect and use personal data of individuals who are inside the Union.Footnote 36 Likewise the California Consumer Privacy Act (CCPA) applies to businesses around the whole world as long as they reach out to California residents.Footnote 37 This is how after some backlog domestic legal institutions tweak jurisdictional concepts in their quest for asserting domestic rules which would still resonate with public international law.Footnote 38
Predictably, such reactions are bound to run into an impasse about their effectiveness or legitimacy depending on from whose perspective one wishes to look at a particular issue. As a result, the international order now faces additional challenges, such as overlapping claims of authority and the transnational export of rules. Inquiries from the field of transnational data privacy also have shown that the extraterritorial reach of domestic rules may be overly formalistic and not matched with corresponding enforcement powers.Footnote 39 In their quest to overcome the enforcement fallacy domestic authorities are increasingly turning to governance by platforms deputizing ‘multinational corporate data intermediaries to carry out and enforce their orders’.Footnote 40 Yet, asserting domestic human rights regardless of jurisdiction, citizenship and location of data with the help of powerful digital platforms further entrenches the power of private economic interests over the conditions of human freedom.Footnote 41
D International Trade Law Laying Claim to Free Data Flows
The flow of data crucially undergirds the organization of international production, trade and investments into global value chains (GVC).Footnote 42 Activating international trade law for cross-border digital trade issues can be seen as ‘forum shopping in global governance’,Footnote 43 where trade venues are traditionally more conducive to economic interests than for that matter the multi-stakeholder Internet governance fora.Footnote 44 What is more, since trade rules on e-commerce could not advance under the auspices of the World Trade Organization (WTO), a number of countries have turned to preferential trade agreements instead, be they bilateral, regional or plurilateral.Footnote 45
The United States has been the key force behind efforts to proliferate its digital trade agenda through international trade law, albeit with a mixed record.Footnote 46 On the one hand, a new generation of mega-regional trade agreements that were negotiated between the United States and like-minded countries incorporate a new set of digital trade rules that introduce horizontal provisions on the free flow of data, such as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP)Footnote 47 and the United States–Mexico–Canada Agreement (USMCA).Footnote 48 On the other hand, the liberalization of the cross-border flow of data has been controversial in negotiations for the EU–US Transatlantic Trade and Investment Partnership (TTIP) and for a multilateral Trade in Services Agreement (TiSA), which both stalled in 2017 over uncertainties over the stance of the incoming US administration under President Trump.
Repeated efforts to multilateralize digital trade rules through the WTO have not so far yielded tangible outcomes.Footnote 49 Initiated in 1998, the WTO Work Programme on Electronic Commerce has stalled until in early 2019 seventy-six WTO members agreed to launch negotiations on trade-related aspects of electronic commerce.Footnote 50 The resurrection of the e-commerce negotiations, however, takes place during a rather dire crisis of the multilateral forum of the WTO that has left its Appellate Body as a part of the dispute settlement system incapacitated.Footnote 51 The very capacity to adjudicate disputes, however, has oftentimes been referred to as the ‘jewel in the crown’ of the WTO that made it the centre of the rule-based international trading system. The timing of the negotiations seems to support Jane Kelsey’s argument that e-commerce has turned into a ‘proxy battleground for the future of the WTO’.Footnote 52
Absent a broad international consensus in key areas of public interest regulation, already the General Agreement on Trade in Services (GATS)Footnote 53 curtails a member’s regulatory autonomy by subjecting public interest regulation to certain trade-conforming conditions.Footnote 54 The GATS preamble explicitly recognizes the right of a member state to regulate in order to pursue its national policy objectives.Footnote 55 This right to regulate is however confined as follows: a member may adopt a measure that is from the outset not inconsistent with its GATS commitments or, in case of a GATS inconsistent measure, to justify the measure under one of the general exceptions.Footnote 56 Even though the deregulation of services is not the objective of the GATS,Footnote 57 a member’s behind-the-border regulations that aim to afford a high level of protection of human rights run the risk to be deemed protectionist under international trade rules. The EU’s regulatory framework on personal data protection makes for a well-researched example. We have concluded elsewhere that ‘unreservedly committing to free cross-border data flows likely collides with [the EU’s] approach of affording a high level of protection of personal data as is called for by Article 8 of the Charter and as implemented by the GDPR’.Footnote 58
With eminent cross-border trade in AI, individual and societal implications can be critically larger and more pervasive.Footnote 59 The circulation of AI raises the stakes for human rights–based governance given that the technology can be deployed fairly location-independent.Footnote 60 Not only data and machine learning code can be moved across today’s digital ecosystem but the predictive outcomes of an AI system can be applied at a distance.Footnote 61 Societies have diverse set-ups of rights, freedoms and indeed also ethics. Take facial recognition systems, for example, which are the state policy in China but have prompted calls for strict regulation in Western democracies.Footnote 62 Chander rightly notes in this volume that transnational transplants of AI might prove problematic if they do not correspond to the social and legal contexts of the society it interacts with.
The prospect that the first binding framework for the international governance of AI might be international trade law can be frightening unless WTO members retain sufficient margin for experimentation with novel strategies to give effect to human rights in the cross-border context. Susan Aaronson points at the disconnection between efforts to promote the free flow of data and efforts to promote digital human rights at national and international levels.Footnote 63 As trade agreements have gone beyond import tariffs and quotas into regulatory rules and harmonization, Kelsey has criticized that new e-commerce rules impose ‘significant constraints on the regulatory authority of governments, irrespective of their levels of development, and includes matters that belong more to Internet governance, than to trade’.Footnote 64
E Conclusion
Everything is in flux. Cross-border data flows are pervasive and a defining characteristic of the age of digital interdependence. So far, our global information civilization is not founded on a shared commitment to protect human rights regardless of jurisdiction, citizenship and location of data. Engendering respect for human rights remains for the foreseeable future a paramount function of domestic legal institutions which must be reactive to respond to the challenges of cross-border data flows.Footnote 65 We are also beginning to grasp that the challenges for the multi-level governance of human rights are not just about overlapping claims of authority and the transnational export of rules but go to the core of the conditions of human freedom and the democratic constitution of societies.Footnote 66
International trade law is laying claim to the governance of cross-border digital trade and the liberalization of cross-border flow of data. From the domestic protection of data privacy and how data privacy rules may conflict with international trade law, we can draw lessons for the emerging multi-level governance of AI. With respect to AI governance, the EU’s fundamental rights approach holds unique value in an international context where the other major players, like the United States and China, move ahead without paying much attention to these underlying human values. It will be important to critically assess the impact of the WTO e-commerce negotiations on the human rights–based governance of AI before the ‘free trade leviathan’Footnote 67 further restricts the policy choices not only of individual states but also of the EU itself.Footnote 68
Where international trade rules prevail, they should provide for constitutional pluralism and a sufficient margin for domestic experimentation with novel strategies to give effect to human rights in the online context.Footnote 69 This should not be construed as an argument in favour of a uniform interpretation or even a mandate for the positive harmonization of (digital) human rights through international (trade) law.Footnote 70 Yet, trade law should not move ahead in setting the rules for cross-border trade in the era of big data and AI without recognizing the members’ responsibility to take appropriate measures that would ensure that artificial intelligence and overall data governance are fully accountable to domestic human rights frameworks. Identifying strategies and approaches that effectively ground individual interests and societal values in transnational algorithmic systems ought to strike a balance between the rule of law and innovation policy that crucially undergird a robust information civilization.