1. Introduction
The recent Communication from the European Commission (Commission) rightly acknowledges that ‘[I]n the digital era, promoting high standards of data protection and facilitating international trade must … necessarily go hand in hand.’Footnote 1 This document was the result of heated debates on how to reconcile the European Union's (EU) fundamental rights approach with both the protection of privacy and personal data and cross-border (personal) data flows essential for the flourishing of international trade.
It is easier said than done. Personal data have a dual nature. Like a coin, data can be viewed from two sides: as a trade commodity and as an asset with societal value. The tension between the two sides lies at the heart of conflicting regulatory areas – economic welfare and the protection of fundamental rights. While some international standards, namely those of the Organisation for Economic Co-operation and Development (OECD) and Asia-Pacific Economic Cooperation (APEC) and some countries such as the US emphasize the economic component of personal data, the EU's legal protection of personal data is rooted in human rights. The Charter of Fundamental Rights of the European Union (Charter) protects both the right to privacy (Article 7) and the right to protection of personal data (Article 8) as fundamental rights.
How one defines the above-mentioned ‘high standards of data protection’ differs markedly depending on the normative rationale for the protection, a matter too often overlooked in EU political debates. Protecting privacy and personal data for the sake of enhancing consumers’ confidence in electronic commerce – that is, economic regulation – and the protection of such data as a fundamental right (and of value in themselves) is not the same when viewed normatively,Footnote 2 yet the Commission's Communication justifies the goal of promoting high standards of data protection, as follows: ‘[A]s commercial exchanges rely increasingly on personal data flows, the privacy and security of such data has become a central factor of consumer trust.’Footnote 3 While building consumer trust in electronic commerce is an important policy goal, this article demonstrates that economic-based regulation leads to a lower level of protection than an approach rooted in fundamental rights.
It is conceivable that there is a risk that EU rules on transfer of personal data to third countries could be challenged and found non-compliant with EU's international trade commitments. In this context, the failure to distinguish between the two normative goals is a problem because international trade law's accommodation of privacy and personal data regulation undermines the autonomy of states to pursue a fundamental rights approach. Ultimately, these mechanisms subordinate the public policy goal of protecting privacy and personal data to the goal of trade liberalization. These claims are based on the analysis of the General Agreement on Trade in Services (GATS) – the core legal framework of multilateral trade in services – and post-GATS free trade agreements (FTAs) concluded by the EU, namely the 2000 EU–Mexico economic partnership agreementFootnote 4 complemented by the 2001 EU–Mexico Joint Council Decision implementing this agreementFootnote 5 (collectively referred to as ‘Agreement with Mexico’); the 2003 EU–Chile association agreement;Footnote 6 the 2012 EU–Central America association agreement;Footnote 7 the 2011 EU–Korea free trade agreement;Footnote 8 the 2012 trade agreement between the EU, Colombia, and Peru;Footnote 9 the 2014 EU–Singapore free trade agreement;Footnote 10 and, last but not least, the 2016 EU–Canada Comprehensive Economic and Trade Agreement (CETA).Footnote 11 The article also refers to draft texts of Trade in Services Agreement (TiSA).Footnote 12
As already noted, the EU fundamental rights approach to the protection of privacy and personal data is anchored in international human rights. Can a human rights argument be brought into an international trade law dispute to defend the autonomy of the EU to maintain the existing framework of transfers of personal data to third countries? Not really. Neither public international law nor international trade law provide for adequate mechanisms to balance trade liberalization objectives against non-economic human rights concerns in the context of the trade law dispute settlement mechanism.
It is true that in the hierarchy of EU law, as follows from the landmark 2008 Court of Justice of the European Union (CJEU) Kadi I case, international law is situated below EU primary law – the Charter and the founding Treaties – that enshrines the fundamental rights underlying the EU legal order.Footnote 13 Furthermore, the EU legal order does not afford direct effect to multilateral trade agreements, such as the GATS, and the decisions of the WTO adjudicating bodies.Footnote 14 As a result, international trade agreements and decisions of trade law adjudicating bodies cannot automatically invalidate or override any provision of both EU primary and secondary law (such as the EU Data protection directive (DPD)Footnote 15 and the General Data Protection Regulation (GDPR)Footnote 16). Nevertheless, non-compliance with international trade law commitments may still lead to EU's liability under public international law and its well-established pacta sunt servanda (Latin for ‘agreements must be kept’) principle.Footnote 17 Therefore, the mechanisms protecting the autonomy of the EU legal order do not give the EU a license to enter into international trade agreements with which it will not be able to comply.
The founding EU Treaties require that the negotiation and conclusion of international trade agreements be guided by the universality and indivisibility of human rights and fundamental freedoms, respect for human dignity and principles of the United Nations and international law.Footnote 18 To remain faithful to this requirement, the EU should maintain its autonomy to protect privacy and personal data as fundamental rights, not just as instruments to generate consumer's trust. Inspired by recent developments in labour standards, environmental protection, and sustainable development in post-GATS FTAs, this article suggests a clear path forward. That said, the purpose of this article, however, is not to argue that the EU should export its privacy and data protection framework to other nations.
The article builds on available literature on WTO lawFootnote 19 and its interaction with international human rights law.Footnote 20 It also relies on a body of research covering the various facets of the EU right to privacy and data protection.Footnote 21 This article coincides with ongoing negotiations of TiSA and of the EU-Japan Economic Partnership Agreement. It thus aims to be a timely contribution to the academic and policy debate. In both cases, the EU had not, as of this writing, formulated its position on cross-border data flows and high standards of the protection of personal data in this connection.
2. Dual nature of personal data and conflict of regulatory goals
2.1 Tensions between dignitary and economic aspects of personal data
There are two ways to look at personal data, namely from an economic perspective and from an individual rights perspective. In economic terms, personal data are both a commodity and an ancillary factor of production of goods and services, perhaps best described as a digital currency. Personal data have undoubtedly become a traded commodity: there are new markets for brokers to acquire, store, process, and sell personal data.Footnote 22 In their ancillary role, personal data act as an input in several production processes. For example, data on the creditworthiness of individuals affect the provision of financial services, such as lending,Footnote 23 and assist a business in fine-tuning a good or service, such as computer games, to consumer needs in order to increase revenue per user.
Yet personal data are distinct from other types of information because of their inextricable link to the data source: individuals. Within the EU, those individuals’ right to human dignity ‘must be respected and protected’.Footnote 24 Human dignity is said to be the basis of all fundamental rights and is thus part of all fundamental rights guaranteed by the Charter.Footnote 25 Put differently, the right to privacy and the right to the protection of personal data may be viewed as integral parts and key instantiations of the protection of human dignity guaranteed by the Charter.Footnote 26
In a broader societal context, personal data thus have intrinsic value beyond the economic value attributed by the market and so does the value of the right to protect personal data. Data have a societal dimension that exceeds the value to particular individuals whose data may be compromised. Personal data protection is a ‘social structural imperative in a democracy’.Footnote 27 Hence, in an era of ‘surveillance capitalism’,Footnote 28 characterized by the unprecedented accumulation of personal data by IT companies, what is at stake, beyond individual rights, are the principles of ‘the sanctity of the individual and the ideals of social equality, the development of identity, autonomy, and moral reasoning; the integrity of contract, the freedom that accrues to the making and fulfilling of promises; norms and rules of collective agreement; the functions of market democracy; the political integrity of societies; and the future of democratic sovereignty’.Footnote 29
2.2 Conflict of regulatory goals and fragmentation of data protection standards
According to regulatory theory, regulation pursues either economic or social (non-economic) goals, and in some cases both.Footnote 30 Although there is not always a clear borderline between social and economic regulation, the primary aim of economic regulation is typically the correction of market failures, such as negative externalities or reduction in the quality or quantity of public goods. In contrast, non-economic regulation pursues interests not directly related to the production of commodities. It often aims to protect ‘community values’.Footnote 31 On a par with safety, health, and environmental issues, protection of fundamental rights is a high example of the protection of such values. This ‘goal’ – and the normative foundations of the legal provisions meant to achieve it – often predetermines both regulatory design and methods. The regulation protecting privacy and personal data can be seen in both dimensions.
From an economic perspective, the protection of privacy and personal data is a key building block of consumers’ trust in suppliers and more generally of their confidence in electronic commerce. Trust is an important component of contractual relationships in general, and perhaps even more so in electronic transactions, which imply a higher degree of impersonality. Trust meets all the criteria of a public good.Footnote 32 It is non-exhaustible in the sense that in consumer transactions the exploitation of the trust of consumers by one service supplier does not leave less trust for others. It is also very costly to prevent service suppliers who do not invest in trust from exploiting it. As a public good, trust becomes the kind of valuable and vulnerable resource the production of which cannot be fully left to, or supplied by, the market.Footnote 33 Accordingly, rules protecting privacy and personal data with this purpose in mind are economic in nature, as their primary aim is correcting a market failure and the supply of a public good. This stands in sharp contrast to the protection of privacy and personal data as fundamental rights, because such protection is not instrumental to some other goal.
The next step is to recognize that the goal of privacy and personal data protection predetermines the desired optimal level of protection and the design of the regulatory framework. If the goal is economic and instrumental, then it is justified only to the extent necessary to generate and preserve consumers’ trust (bottom-up regulatory design). If the protection is granted for its own sake as independent normative significance, the level of protection will tend to be higher (top-down regulatory design) than the level that is necessary to advance social welfare from the welfare economics perspective.Footnote 34 Shavell illustrates the point by the following example: ‘if promise-keeping is granted independent significance, more promises will be kept than would be best if the goal were to keep promises only to advance individuals’ utilities, and whatever utility-based measure of social welfare one endorses will likely be lower than it could be’.Footnote 35 Furthermore, trust is a subjective notion. It is not the objective level of control over personal data, but rather the perceived level of control that affects users' personal data sharing practices. For example, empirical research on Google My Account privacy dashboard shows that ‘perceived transparency of the provider Google has significantly positive effect not only on the users’ trust in the [Google My Account] but also in Google itself’.Footnote 36 Users' trust does not seem to be linked to Google's actual data processing practices that are neither transparent nor verifiable.
The dependence of the regulatory design on its underlying objective can be demonstrated by juxtaposing the non-binding privacy and data protection standards adopted by the OECD and APEC on the one hand, and the Additional Protocol to Convention 108 and the EU on the other hand. Within those, the rules most affected by the normative goal are those on cross-border transfer of personal data to third countries.
The comparison of rules on cross-border transfer of personal data suggests that legal regimes protecting privacy and personal data as a fundamental or human right tend to be more protective. Simply put, the higher the weight afforded to economic interests in the regulation of privacy and data protection, the lower the standard for permissibility of cross-border data flows to countries not adhering to the relevant standard. From the perspective of international trade law, economic regulation of privacy and data protection is thus less trade restrictive than regulation driven by fundamental rights concerns, precisely because one of the aims of economic regulation in this area is to protect only as much as is necessary to achieve the instrumental objective of generating a sufficient amount of trust for the system to operate. It is bottom up because it starts from a theoretical level at which there is no protection and increases just enough to achieve the stated objective. Conversely, the starting point of public policy regulation is top-down: a high level of protection, which can be lowered only to the extent necessary to safeguard competing interests.
2.2.1 Instrumental protection of privacy and personal data
An example of economically driven international privacy and data protection principles is provided by the OECD 2013 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.Footnote 37 These are an updated version of the 1980 OECD Guidelines, the first international non-binding standards – the most influential and geographically widespread of the kind.Footnote 38 The Guidelines were driven by the fear that privacy regulation would be used for protectionist purposes, rather than the individual rights concerns.Footnote 39 Their 2013 revision subordinated the regulation of transborder flows of personal data to economic needs even more than the previous set by adopting a risk-based approach.Footnote 40 The primary purpose of this economic approach is to keep restrictions on such flows to a minimum. The framework of the 2013 Guidelines is based on the accountability principle, which requires that ‘a data controller remains accountable for personal data under its control without regard to the location of the data’.Footnote 41 Then the 2013 Guidelines require as a general rule that a member country refrains from restricting transborder data flows of personal data between itself and another country, as long as (a) such other country substantially observes the Guidelines or (b) a continuing level of protection consistent with the Guidelines is ensured by sufficient safeguards, including effective enforcement mechanisms and appropriate measures put in place by the data controller.Footnote 42 This amply demonstrates the difference between instrumental and fundamental rights approaches. The 2013 Guidelines clearly start from a degree of very low (even non-existent) protection and allow members to increase it only as much as is necessary and require that any restrictions to transborder flows of personal data introduced by domestic legislation be proportionate to the risks presented.Footnote 43
The 2005 APEC Privacy Framework,Footnote 44 as well as its recently updated 2015 version,Footnote 45 also treats personal data protection as a potentially harmful restriction on cross-border data flows.Footnote 46 This Framework governs cross-border transfers of personal data under a general principle of ‘accountability’Footnote 47 that does not expressly allow restrictions of cross-border flow of personal data to jurisdictions that lack protection for personal data. Instead, it renders the original collector of personal data accountable for compliance with the original data protection framework, regardless of the organizations and locations to which the personal data are subsequently transferred.Footnote 48
2.2.2 Protection of privacy and personal data as intrinsic values
The right to privacy has been protected as a human right for more than half a century. It is enshrined in Article 12 of the 1948 Universal Declaration of Human Rights (UDHR), Article 17 of the 1966 International Covenant on Civil and Political Rights (ICCPR), and Article 8 of the European Convention on the Protection of Human Rights and Fundamental Freedoms of 1950. The right to the protection of personal data, although not explicitly mentioned in these instruments, has, in the context of private and family life, been included in the scope of the human right to privacy through interpretation.Footnote 49 The 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and the 2001 Additional Protocol to the Convention safeguard the right to the protection of personal data in the broader sense, irrespective of the private and family life context. As is evident from the Preamble, the Convention aims both to protect privacy and to ensure the free flow of information. Yet, the protection of fundamental rights prevails because the primary goal of the Convention is to ‘secure … respect for … rights and fundamental freedoms, and in particular … right to privacy, with regard to automatic processing of personal data’.Footnote 50
Following the Council of Europe legal tradition, the EU guarantees both the right to privacy and a sui generis right to the protection of personal data independent of the right to privacy, in Articles 7 and 8 of the Charter, respectively. These fundamental rights constitute a part of EU primary law and are thus considered constitutional principles. Explanations of the Charter reveal a close relationship between the two rights including their common roots in the international human rights system. Article 7 of the Charter builds on Article 8 of the ECHR,Footnote 51 which is itself rooted in UDHR.Footnote 52 Explanations of Article 8 refer, inter alia, to Article 8 of the ECHR and to Convention 108 as sources of inspiration. This fundamental rights approach is implemented in the DPD, and in the GDPR that will supersede the DPD in May 2018.
Unlike the approach adopted in the OECD and APEC principles, EU rules on the transfer of personal data to third countries are based on the so-called ‘prohibition with derogations’ approach. Under both the DPD and GDPR, transfers of personal data to third countries can occur without restrictions only if such third countries ensure an adequate level of personal data protection,Footnote 53 which is assessed on a country-by-country basis. In the words of the CJEU ‘adequate’ means ‘essentially equivalent’ to the level of protection of fundamental rights and freedoms guaranteed by the Charter and the DPD.Footnote 54 A country is recognized as ensuring an adequate level of protection only after an assessment of its legal and administrative mechanisms of personal data protection by the European Commission.Footnote 55 If the assessment results in a positive finding, the Commission issues a legally binding ‘adequacy decision’.Footnote 56
A completely different fate awaits transfers to third countries where the level of personal data protection has not been assessed by the Commission, or where the assessment resulted in a negative finding.Footnote 57 Transfers of personal data can lawfully occur to such countries only subject to ‘appropriate safeguards’ of data controller or possessor (for example, adequate safeguards with respect to the protection of privacy and personal data given by the controller (such as standard contractual clauses), binding corporate rules (BCRs) that provide a legal basis for cross-border transfers of personal data within multinational companies), or limited derogations (such as unambiguous consent of the data subject or the performance or conclusion of a contract with, or in the interest of, the data subject).Footnote 58
2.2.3 Fragmentation of international privacy and data protection standards
The conflict of regulatory goals has led to a fragmentation of privacy and data protection standards and rules across the globe. Before these conflicting goals can be reconciled or bridged, harmonization seems almost impossible.Footnote 59 In addition, there is no international intergovernmental organization explicitly mandated to create unified international privacy and data protection standards.
The problem the lack of harmonization creates in the context of international trade law is the absence of a single reference point – a unified international privacy and data protection standard – that parties to free trade and investment agreements could refer to and promise each other to uphold in spite of their trade liberalization commitments. International trade inevitably embraces digital commerce and the facilitation of cross-border data flows. Therefore, the risk is that, given the economic object and purpose of international trade law, an economic approach to privacy and personal data protection supported by influential international organizations, such asthe OECD and APEC, will enter the public international law scene through the back door of international trade law. This could undermine fundamental rights approaches to privacy and personal data protection. The section below demonstrates that while in its most recent trade agreements the EU tried to inject more privacy and data protection provisions, they do not fully accommodate the normative foundations of privacy and data protection in the EU.
3. Relationship between rights protecting personal data and international trade agreements
The EU privacy and data protection framework is rooted in the human right to privacy. While it is true that international trade law cannot directly modify international human rights norms, scholars have suggested that it can do so indirectly by limiting the states’ power to regulate in a manner supportive of human rights.Footnote 60 In other words, it constrains the possibility to protect human rights on the national level.Footnote 61 Human rights treaties are often formulated in a very general manner, leaving a wide margin of appreciation to member states, and leading to wide variations in means of implementation and application at the national or regional level. International trade law then creates limiting windows for the states to implement human rights obligations and pursue national policy objectives.
3.1 The right to regulate
The autonomy reserved for parties to FTAs to maintain and enforce measures to pursue national policy objectives, including privacy and personal data protection, is often referred to as the ‘right to regulate’.Footnote 62 This right to regulate can be compared with Dworkin's hole in a ‘doughnut’ – a metaphor he coined to explain the concept of discretion. The hole only exists ‘as an area left open by a surrounding belt of restriction’.Footnote 63 In making commitments in international trade agreements, parties to such agreements give up some of their sovereignty and constrain their power to regulate within their national borders. This is the dough in the doughnut. The remaining regulatory autonomy is thus reduced to a hole in the doughnut of international trade norms.
As the WTO Appellate Body explained in one of the most recent rulings, the right to regulate in international trade law has two facets: the right to regulate in accordance with the trade liberalization commitments on the one hand, and the right to regulate notwithstanding such commitments, on the other.Footnote 64 It is only in the second context that the right to regulate counterbalances the primary goal of the GATS to achieve ‘progressively higher levels of liberalization of trade in services.Footnote 65
By contrast, some FTAs concluded by the EU after 2010 give more space to the right to regulate. For example, the FTAs with Korea and Singapore mention the right to regulate not only in the preamble, as is the case in the GATS, but also contain an article on the right to regulate in the body of the agreement. However, this greater focus does not necessarily result in granting the parties greater autonomy to regulate in violation of their trade liberalization commitments. The right to regulate is limited either by requirements of ‘necessity’ of adopted measures to achieve certain public policy objectives and their ‘consistency’ with trade obligations, as in the FTA with Singapore,Footnote 66 or by a ‘necessity’ requirement and a requirement that such ‘measures not constitute a means of unjustifiable discrimination or a disguised restriction on international trade’, as in the FTA with Korea.Footnote 67
3.2 Interfaces between the right to regulate to protect privacy and personal data in international trade agreements
A broad right to regulate appears in FTAs in three different ways. First, it may be indirectly injected in the interpretation of flexible provisions used in the formulation of non-discrimination commitments, such as most-favoured nation treatment (MFN) and national treatment. A number of scholars have suggested that EU rules on transfer of personal data to third countries that depend on the adequacy assessments by the Commission could violate one or both of these obligations.Footnote 68 Second, specific provisions concerning the protection of privacy and/or personal data may be qualified as instantiations of the right to regulate. Third, the right to regulate may be seen as incorporated in general exceptions. All such interfaces tilt the privacy and personal data protection towards economic regulation.
3.2.1 Flexible terms in non-discrimination commitments (‘likeness’, ‘no less favourable’, ‘like circumstances’)
Non-discrimination commitments concerning trade in services are embodied in the GATS. The MFN obligation (GATS Article II) requires that WTO members treat services and service suppliers of other WTO members in a manner ‘no less favourable’ than ‘like’ services and service suppliers of any other country. National treatment (GATS Article XVII)Footnote 69 requires that ‘like’ foreign services and service suppliers receive a ‘treatment no less favourable’ than domestic services and service suppliers of the WTO member. The two-prong test for establishing a violation of the MFN and national treatment obligations is essentially the same:Footnote 70
• comparison of service and/or service supplier to determine whether they are ‘like’, and
• comparison of the treatment of a service and/or service supplier of a complaining WTO member to see if it is ‘less favourable’ than treatment of a ‘like’ service and/or service supplier from another country (MFN) or domestic service and/or service supplier of the WTO member accused of violation (national treatment).
In most of the EU's bilateral post-GATS FTAs, the wording of non-discrimination commitments corresponds to the GATS. A few recent agreements depart from this formula and instead refer to ‘like situations’Footnote 71 or ‘like circumstances’.Footnote 72 The terms ‘likeness’, ‘like circumstances’, ‘like situations’, and ‘no less favourable’ are not defined in the relevant FTAs and are interpreted on a case-by-case basis.Footnote 73
WTO adjudicating bodies play a key role in the application and interpretation of fundamental principles of international trade law such as MFN and national treatment.Footnote 74 Therefore, the discussion below focuses on the WTO approach, which may apply to other FTAs using similar terminology.
1. Squeezing out the ‘aims and effects’ test. WTO case-law shows that both ‘likeness’ and ‘no less favourable’ function as purely economic tests. Successive attempts to include consideration of regulatory aims within the determination of the violation of non-discrimination commitments through these terms – the so-called ‘aims and effects’ approach – have so far proved unsuccessful.Footnote 75 Firmly rejecting this test, the WTO Appellate Body argued that ‘likeness’ was a purely economic test that aims to determine the existence of a competitive opportunity between the goods from a purely economic perspective.Footnote 76 In the same vein, the legal standard of treatment ‘no less favourable’ does not ‘contemplate a separate and additional inquiry into the regulatory objective of, or the regulatory concerns underlying, the contested measure’.Footnote 77 The only factor is whether a measure at issue modifies the conditions of competition to the detriment of services or service suppliers of any other Member.Footnote 78 The rationale is that public policy objectives that could potentially justify non-compliant measures are more appropriately addressed in the context of relevant exceptions.Footnote 79 This has key implications for the EU: for the purposes of testing EU rules on transfer of personal data to third countries under the non-discrimination commitments, it is irrelevant under WTO law that the different treatment of services and service suppliers from third countries aims to prevent circumvention of the EU data protection framework backed by fundamental rights.
2. Relevance of privacy and data protection in the economic test of ‘likeness’. The ‘likeness’ requirement is an objective criterionFootnote 80 that boils down to the assessment of the competitive relationship between services or service suppliersFootnote 81 through the prism of a market-based analysis reflecting the circumstances of each particular case.Footnote 82
Unless the complaining party manages to make a prima facie case that the compared services and service suppliers are the same in all respects (except for their origin of course),Footnote 83 the assessment of ‘likeness’ will be based on an illustrative list of four interrelated criteria developed in the context of trade in goods and applicable mutatis mutandis to trade in services. One of those four criteria is consumers' tastes and habits or consumers' perceptions and behaviour in respect of the products in question.Footnote 84 The application of this criterion to services requires an assessment of the extent to which consumers perceive and treat the compared services as alternative means of performing particular functions in order to satisfy a particular want or need. It could be argued that the level of personal data protection is a characteristic that directly affects the consumers’ perception of services and suppliers. Consumers presumably treat services and service suppliers affording different levels of personal data protection not as alternative means of performing the same function. Hence, the level of personal data protection could constitute one of the characteristics relevant for the assessment of ‘likeness’. Accordingly, services and service suppliers originating from countries affording different levels of protection would not be considered as ‘like’. There are some indications that in the business-to-business context the level of personal data protection is already a characteristic affecting competitive relationships between services and service suppliers.Footnote 85 However, the question of whether the same is true in the business-to-consumer context remains unresolved. Some empirical studies skeptically observe that consumers’ concerns about privacy and data protection are actually not reflected in consumers’ actions and do not manifest in their choices (the so-called ‘privacy paradox’).Footnote 86 This skepticism is itself subject to several critiques.Footnote 87
3.2.2 Specific provisions on the protection of privacy and personal data
Provisions related to the protection of privacy and (or) personal data appear in three instances in WTO instruments: in provisions counterbalancing liberalization obligations in telecommunications and financial services sectors, and in the Article XIV(c)(ii) general exception that will be discussed in section 3.2.3 below. Post-GATS FTAs include similar provisions in chapters on electronic commerce.
1. Telecommunications and financial services. Under article 5(d) of the GATS Annex on Telecommunication:
[n]otwithstanding [paragraph 5 (c) containing an obligation to provide access to public telecommunications infrastructure] a Member may take such measures as are necessary to ensure the security and confidentiality of messages, subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade in services. (further referred to as the ‘confidentiality of messages provision’.)
A privacy and data protection-related provision in Financial Services sector is included in Article B.8 of the 1994 Understanding on commitments in financial services (Understanding) to counterbalance the provision on the free flow of financial information included in the same provision, as follows:
Nothing in this paragraph restricts the right of a Member to protect personal data, personal privacy and the confidentiality of individual records and accounts so long as such right is not used to circumvent the provisions of the Agreement.
Compared to the Annex on Telecommunications and the Understanding, most post-GATS FTAs concluded by the EU reveal an evolution of provisions mentioning privacy and personal data. Furthermore, unlike the GATS, most newer FTAs contain a chapter on electronic commerce that mentions privacy and personal data protection.Footnote 88 This section explores whether such evolution and additional provisions bring a qualitative change to the protection of privacy and personal data in the context of international trade law.
Before doing so, it is worth noting that these developments in the formulation of FTA provisions on privacy and personal data are, in most cases, not accompanied by an enhancement of trade liberalization commitments. This absence of an obvious counterpart raises the question whether and in which way these new and additional provisions affect the protection of privacy and personal data as fundamental rights and the balance between these fundamental rights and trade liberalization.
The CETA contains both an obligation to provide access to the public telecommunications infrastructure similar to that in the GATS Annex on Telecommunications and a counterbalancing provision. Available drafts of the TiSA follow the same pattern.Footnote 89 In contrast, most other post-GATS bilateral FTAs of the EU only contain a confidentiality of messages-type of provision that acts as a stand-alone provision rather than a counterbalance.Footnote 90 In addition, all EU bilateral FTAs formulate this provision not as an exception, as is the case in the GATS Annex on Telecommunications, but as a positive obligation (shall). For example, according to Article 15.3(4) of CETA:
Further to Article 28.3 (General exceptions), and notwithstanding paragraph 3, a Party shall take appropriate measures to protect:
(a) the security and confidentiality of public telecommunications transport services; and
(b) the privacy of users of public telecommunications transport services,
subject to the requirement that these measures are not applied in a manner that would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade. (italics added)
In all cases, the ability or obligation of parties to take measures to ensure the confidentiality of messages is constrained by certain limitations. In the GATS Annex on Telecommunications, these limitations resemble the two-tier test of general exceptions. CETA and other bilateral FTAs contain two types of limitations all of which are milder that those in the GATS Annex on Telecommunications. Under CETA, the confidentiality of messages provision applies ‘further to’ the general exception, and only requires that measures that the parties shall take be ‘appropriate’, which is ostensibly a milder version of the ‘necessity’ test envisaged in general exceptions. Both CETA and the Association agreement with Central America – similar to the chapeau of the GATS general exception – require that measures taken under this provision should not be ‘applied in a manner that would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade’.Footnote 91
Similarly, post-GATS FTAs exhibit a dynamic in the counterbalancing provisions in the chapters on financial services. While the wording of obligations on free flow of financial information remains constant,Footnote 92 provisions on the protection of privacy and personal data have evolved. Unlike the Understanding, where the provision on the protection of privacy and personal data is formulated as a reservation (‘[n]othing in this paragraph restricts the right … to protect’), the provisions in bilateral FTAs are all formulated as a positive obligation to adopt or maintain safeguards to protect privacy and data protection.Footnote 93 For example, under Article 13.15(2) of CETA
Each Party shall maintain adequate safeguards to protect privacy, in particular with regard to the transfer of personal information. If the transfer of financial information involves personal information, such transfers should be in accordance with the legislation governing the protection of personal information of the territory of the Party where the transfer has originated.
Provisions on the protection of privacy in CETA and other post-GATS FTAsFootnote 94 have become more elaborate as compared to the Understanding. They require that the adopted measures protecting privacy and personal data be ‘appropriate’ or ‘adequate’. Some of the provisions, including that of CETA,Footnote 95 also explicitly refer to the necessity of protecting privacy and personal data in the course of its transfers. CETA also requires that such transfers should be governed by the law of the party where the transfer has originated.
The Understanding requires that the right of WTO members to protect personal data, personal privacy, and the confidentiality of individual records and accounts ‘not [be] used to circumvent the provisions of the Agreement’.Footnote 96 In contrast, most relevant FTAs do not impose any limitations on the provision on the protection of privacy and personal data, which arguably leaves more policy space to domestic regulators.
The relevant provisions in those chapters sometimes also mention a commitment to human rights conventions and international standards in the area of privacy and data protection. In particular, the FTA with Korea confirms the commitment of the parties to protect the fundamental rights and freedom of individuals and explicitly refers to the UDHR, the 1990 UN Guidelines for the Regulation of Computerized Personal Data Files, and the OECD 1980 Guidelines.Footnote 97
To sum up, privacy and data protection related provisions in the chapters on telecommunications and financial services of post-GATS FTAs are formulated as positive obligations. In some cases, they also contain more flexible limitations than the GATS, which seems to increase the autonomy of members to pursue their public policy objectives. Nevertheless, a more nuanced analysis paints a less positive picture, as these provisions still remain normatively subordinate to trade liberalization commitments. Even when there is no explicit requirement that relevant safeguards not restrict trade in services or not constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade, parties are not excused from non-compliance with trade liberalization obligations. Put differently, if a provision does not explicitly put the privacy and data protection safeguards above or at least on equal normative footing with trade obligations, the former are subordinated to the latter, given the object and purpose of FTAs. Therefore, the obligations to adopt privacy and data protection rules included in the FTAs still do not give a true license to violate the parties’ trade liberalization commitments and, should this violation occur, can only be justified under a general exception. Moreover, these provisions are often vague. Given the fragmentation of standards on privacy and data protection and the absence of a single reference point, the interpretation of terms such as ‘adequate’ or ‘appropriate’ have no precise obligational content. In most cases, these provisions are also detached from normative foundations, except for the agreements with Mexico and Korea that provide a direct link to human rights.
2. Electronic commerce. None of the chapters on electronic commerce of post-GATS FTAs contains material obligations relating to information flows. Rather they include a provision that recognizes the importance of the free flow of information on the Internet.Footnote 98 Whether an express provision on cross-border data flows should be included in TiSA or FTA between the EU and Japan (currently under negotiation) is the subject of a heated debate. A proposed horizontal obligation on free cross-border flows of information for all electronic commerce transactions is included in the draft TiSA. It prohibits parties to ‘prevent a service supplier of another Party from transferring, accessing, processing or storing information, including personal information, within or outside the Party's territory, where such activity is carried out in connection with the conduct of the service supplier's business’.Footnote 99
As a rule, chapters on electronic commerce contain several provisions on the protection of personal data. An example of the first type of provision is paragraph 4 of Article 8.57 ‘Objectives [of electronic commerce]’ of the FTA with Singapore:Footnote 100
The Parties agree that the development of electronic commerce must be fully compatible with international standards of data protection, in order to ensure the confidence of users of electronic commerce. (italics added)
Although this provision is formulated as an obligation, its added value is minimal because the reference to international standards of data protection – due to their fragmentation – does not imply any particular level of data protection. Only the relevant provision in CETA clarifies that in protection of personal data the parties must comply with international standards adopted by organizations of which both parties are members.Footnote 101 This limits the set of standards to the OECD and UN Guidelines, as Canada is not a party to Convention 108, and member states of the EU are not members of APEC. Since both OECD and APEC standards pursue an economic rather than a broader normative goal of protecting personal data, this reference makes clear that the respective provision adopts the instrumental (economic) protection of personal data. More importantly, those provisions explicitly state the normative purpose of adhering to data protection standards as ensuring consumers’ confidence. As Wunsch-Vincent rightly noted, such provisions indicate an increasing recognition of data protection as a necessary condition for spurring international trade,Footnote 102 not its societal value as a fundamental right. It is thus not surprising that none of the provisions in the electronic commerce chapter mentions the protection of privacy guaranteed by international human rights.
Finally, another type of provision on the protection of personal data is often contained as a stand-alone but a purely aspirational norm. It requires that parties ‘shall endeavour, insofar as possible, and within their respective competences, to develop or maintain, as the case may be, regulations for the protection of personal data’.Footnote 103
3.2.3 General exception
The general exception is the only clear manifestation of the right to regulate that allows a state to adopt measures inconsistent with its relevant trade liberalization commitments. In order to be justified under GATS Article XIV, a measure has to meet one of the material requirements set forth in paragraphs (a)–(e) and the chapeau of this Article. The material requirements most relevant in relation to EU privacy and data protection framework are laid down by paragraph (c)(ii), which reads as follows
Subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by any Member of measures …
(c) necessary to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to …
(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts.
WTO adjudicating bodies apply the general exception on a case-by-case basis. Although this approach presumes some degree of discretion, certain patterns of application of the general exception can be inferred from WTO case law.
The core of the material requirement – the ‘necessity test’ – comprises ‘weighing and balancing’ the contribution of the contested measure towards the enforcement of national laws and regulations pursuing a public policy interest against the restrictive effect of that measure on trade.Footnote 104 The less restrictive the measure, and the greater the contribution, the more likely it is to satisfy the ‘necessity test’.Footnote 105 Notably, the necessity test requires balancing the contribution of the data protection rules to the public policy objective of protecting privacy of individuals against trade liberalization commitments, but not the value of the public policy objective itself.
The necessity assessment often implies consideration of alternative measures.Footnote 106 The prima facie case of the necessity can be rebutted by the other party if it can show that alternative, less trade-restrictive measures were ‘reasonably available’. A less trade-restrictive alternative is considered to be ‘reasonably available’ if it would allow the defending party to achieve the same desired level of protection of the public interest pursued without prohibitive cost or substantial technical difficulties.Footnote 107 Arguably, a measure less intrusive or restrictive on trade is ‘almost always theoretically conceivable and therefore in some sense available’.Footnote 108
Although public policy objectives themselves are not being weighed in the necessity test, the ‘less trade restrictive’ requirement pressures on the means selected to achieve such objectives and, as a result, can ultimately affect the content of those objectives too.Footnote 109 By creating incentives for parties to FTAs to choose the regulatory scheme that is least trade-restrictive, this approach may lead to a ‘race to the bottom’ in public policy regulation. In sum, economic regulation is typically less trade-restrictive than that regulation driven by its own normative concerns.
This analysis suggests that the general exception does not allow full conciliation of privacy and personal data protection as fundamental rights when it comes to rules on transfer of personal data to third countries.Footnote 110 The argument that country-by-country adequacy assessments are ‘necessary’ is rather weak, because a less trade restrictive alternative may be ‘reasonably available’ to the EU. As compared to other economic standards, the EU's approach seems more restrictive of cross-border flow of personal data. The wide acceptance and implementation of other, less trade-restrictive mechanisms to secure compliance with domestic privacy and the data protection framework, not only prove the fact of their existence, but also suggest that they are ‘reasonably available’ to the EU.
The most prominent example of the regime perceived as a less trade-restrictive alternative is the APEC accountability principle to regulate transborder transfers of personal data. Kuner argues that this principle is ‘reasonably available’ to the EU because it preserves the right of the EU to ensure the same level of protection of personal data transferred to a third country and to prevent circumvention.Footnote 111 This economic approach has been adopted by Canada whose privacy and data protection framework has been granted an adequacy decision by the Commission.
4. Limited role of human rights in international trade law
The previous discussion shows that international trade law mechanisms meant to accommodate domestic public policy concerns subordinate such concerns to trade liberalization objectives. When it comes to the protection of privacy and personal data, can international human rights law counterbalance the economic flavour of international trade law? Should normative concerns leading to the protection of human rights not be placed on the same level or even above economic interests of member states in the course of interpretation of such terms as ‘likeness’, ‘no less favourable’, or ‘necessity’? International human rights law plays a negligibly limited role in international trade law. Yet, the relationship between the two ‘is one of the central issues confronting international lawyers at the beginning of the twenty-first century’.Footnote 112
There currently are no mechanisms for balancing different areas of international law. Each area determines the extent to which it is willing to accept the application of rules from other areas. The comparatively greater strength of the international trade law enforcement mechanism (narrowly tailored to pursue trade liberalization goals) contributes to the small degree of deference shown by trade law to human rights.
4.1 Horizontal relationship between international human rights law and international trade law
Unlike national legal systems, international law lacks central legislative and adjudicative bodies. Its fundamental structural characteristic is ‘decentralization without hierarchy’.Footnote 113 Although there are no strict boundaries, international law is conventionally divided into specific areas: human rights law, international trade law, international environmental law, and international humanitarian law, etc. These areas are, theoretically, in a horizontal relationship with each other. Hence, there is no formal hierarchy between the norms of international human rights law and international trade law.
International human rights law and international trade law are both centered around international treaties that create binding legal provisions and institutional structures administering and enforcing such treaties. All international treaties should have the same binding force, and, unless otherwise provided for in the international treaty itself, international treaties in one area should not prevail over others. Only ‘jus cogens’ norms trump treaty provisions.Footnote 114 Although the list of jus cogens is not clearly defined,Footnote 115 the right to privacy and data protection do not currently belong to this domain.Footnote 116
This categorization works well, provided each issue falls in only one area. However, the issue of cross-border transfers of personal data triggers overlapping trade and human rights concerns. In such a situation, the party seeking protection of a certain right often gets to decide to which forum it will use to enforce the right. This matters because a forum applies the rules that created it and gave it competence.
The horizontal nature of the relationship between trade and human rights law is reinforced by fundamental differences in their legal, institutional, and policy cultures that ‘have developed largely in isolation from one another’.Footnote 117 International human rights obligations, although defined in international treaties, are linked to natural lawFootnote 118 and in particular the concept of human dignity. Unlike trade agreements, they do not imply a bilateral exchange of advantages,Footnote 119 but rather aim to recognize individuals’ rights by mutual agreement and protect those rights to the benefit of individuals and not of the parties to such agreement.Footnote 120 By contrast, international trade law is perceived as positive law created by the will of self-interested parties to exchange reciprocal economic advantages and pursue economic profit from the trade liberalization.Footnote 121 This led to the emergence of a certain ‘WTO ethos’ in the interpretation of the WTO Agreements.Footnote 122
Additionally, while the institutional and enforcement structures of international human rights instruments are highly dispersed and administered by various UN institutions, the WTO enforcement system is centralized. It consists of a specialized enforcement mechanismFootnote 123 – a state-to-state dispute settlement system regulated by the Understanding on Rules and Procedures for the Settlement of Disputes (DSU).Footnote 124
4.2 Lack of mechanism to balance international trade and human rights law
Balancing international trade and human rights law can be performed by general public international law, including customary rules of interpretation, or by international trade law. In the latter case, the balancing function is performed in accordance with rules concerning applicable law (trade dispute resolution) and the competence of the adjudicative bodies which influence how such bodies apply and interpret legal norms, whether trade or outside of trade. None of these mechanisms is currently effective.
4.2.1 Limited mandate of international trade law adjudicators to apply non-trade rules
De jure, international treaties from one area do not constitute applicable law in another area, which is normally reflected in the rules governing adjudicating bodies. For example, trade adjudicators do not have explicit jurisdiction to apply rules other than those originating from the trade agreements. Trade dispute resolution bodies are bound by the limited competence granted to them, which does not include coordination on human rights issues.
The DSU does not explicitly delineate applicable law, nor does it explicitly exclude human rights law. Nevertheless, there is an almost unanimous consensus among public international law scholars that, unless other, non-WTO, international agreements are incorporated in or referred to specifically in a WTO agreement, they do not constitute applicable law.Footnote 125 Under Article 3.2 DSU, the purpose of the WTO enforcement system is ‘to preserve the rights and obligations of Members under the covered agreements, and to clarify the existing provisions of those agreements in accordance with customary rules of interpretation of public international law’. Importantly, the WTO adjudicating bodies ‘cannot add or diminish the rights and obligations provided in the covered agreements’.Footnote 126 The WTO adjudicating bodies are thus not competent to determine rights and obligations outside covered WTO agreements, or, in other words, to adjudicate non-WTO disputes.Footnote 127
International human rights law could constitute applicable law in the WTO law as international customary law. Although traditionally the right to privacy is not recognized as an international custom, Zalnieriute, taking a modernist perspective, argues that ‘an international outcry over the mass-spying programmes combined with the GA Resolution on Privacy in the Digital Age and other pronouncements by various UN bodies, as well as the two strongly pro-privacy judgments by the CJEU may suggest that data privacy has attained the status of a binding [customary international law] norm’.Footnote 128 Nevertheless, even if applicable, customary law is likely to be subordinated to the provisions of the WTO agreements, as the WTO dispute settlement mechanism is prone to uphold the norms of its own system as prevailing over other norms in case of a conflict that could not be resolved by interpretation.Footnote 129 The WTO adjudicating bodies tend to apply international customary law only to the extent that it does not conflict or is not inconsistent with WTO agreements.Footnote 130
As a result, non-trade rules are relegated to a minor role in the determination of the outcome of a dispute, regardless of the dispute's non-trade impact.Footnote 131 Given that the WTO Agreements and other FTAs have much stronger enforcement mechanisms than the global human rights system, this creates a significant risk of a de facto supremacy of trade law.Footnote 132 Similarly, most post-GATS agreements provide that rulings of arbitration panels created under the treaties ‘cannot add or diminish the rights and obligations’ provided for in the relevant agreement.Footnote 133 They are, thus, essentially bound to adopt a strict positivist approach as are the WTO adjudicating bodies.
4.2.2 Application of international customary rules of interpretation in international trade law
The Vienna Convention on the Law of Treaties (VCLT) could theoretically be used to interpret trade law with due deference to international human rights law, thus diminishing trade law's de facto supremacy in international disputes heard by trade tribunals. However, this mechanism is currently not performing this function for two main reasons. First, the primary VCLT rule of interpretation prescribes a focus on the object, context, and purpose of the treaty in question. Second, rules of interpretation are applied mostly by trade law specialists. This matters because it is a part of the ‘WTO ethos’ to interpret WTO agreements using a functional (or functionalist) approach, as opposed to a so-called ‘civic’ approach. The functional approach focuses on the specific goal of the treaty. In case of the WTO, it is market integration through elimination of protectionist barriers. A civic approach by contrast would root WTO objectives within wider concerns such as human rights.Footnote 134 The dispute settlement systems created by post-GATS agreements tend to require the same functional approach in the interpretation of the obligations contained in those FTAs.
1. VCLT rules of interpretation. As a rule, provisions on dispute settlement in the WTO Agreement and post-GATS FTAs considered in this article require the dispute settlement bodies to interpret the provisions of such agreements in accordance with the customary rules of interpretation of public international law, codified mostly in Articles 31–32 VCLT.Footnote 135
Article 31.1 of the VCLT holds that
[a] treaty shall be interpreted in good faith in accordance with the ordinary meaning to be given to the terms of the treaty in their context and in the light of its object and purpose.
According to Article 31.2 VCLT, besides the text of the treaty with its preamble and annexes, the context of the international treaty includes:
(a) Any subsequent agreement between the parties regarding the interpretation of the treaty or the application of its provisions;
(b) Any subsequent practice in the application of the treaty which establishes the agreement of the parties regarding its interpretation;
(c) Any relevant rules of international law applicable in the relations between the parties.
Article 32 VCLT refers to supplementary means of interpretation, including the preparatory work of the treaty and the circumstances of its conclusion, to which recourse may be had
in order to confirm the meaning resulting from the application of article 31, or to determine the meaning when the interpretation according to article 31:
(a) Leaves the meaning ambiguous or obscure; or
(b) Leads to a result which is manifestly absurd or unreasonable.
The WTO Appellate Body has interpreted the reference to the customary rules of interpretation in Article 3.2 DSU as a direction to interpret WTO law not ‘in clinical isolation from public international law’.Footnote 136 The International Law Association communicated a similar message in its 2008 resolution No. 5/2008 on International Trade Law – ‘WTO members and bodies are legally required to interpret and apply WTO rules in conformity with the human rights obligations of WTO members under international law’.Footnote 137 As the following sections show, this approach has not been implemented in practice. Efforts on the part of the international human rights community to overcome the separation of human rights and international trade law – indeed the isolationism of the latter – have not been met by a comparable openness of the international trade law and policy community.Footnote 138
2. Ordinary meaning, context, object and purpose. WTO adjudicating bodies derive the ‘ordinary’ meaning of GATS provisions predominantly from the Oxford dictionary and use other interpretation methods to confirm or justify conclusions already reached.Footnote 139 Context, object, and purpose often do play a role in the interpretation of the GATS. However, neither its preamble nor its text contain any reference to human rights. According to the preamble of the GATS, its top priority is the liberalization of trade in services through the progressive removal of trade barriers and the elimination of origin-based discrimination.
There are neither subsequent agreements between the same parties that could serve to clarify the context of the GATS, nor international human rights treaties between the same parties. Non-WTO international agreements to which not all WTO members are parties can be relevant as means of interpretation of the provisions of WTO agreements, unless the opposite is explicitly stated in the agreement.Footnote 140 For example, in US–Shrimp case (1998) the Appellate Body relied on an understanding found in a number of regional and multilateral environmental agreements – not signed by all WTO members – to interpret the term ‘exhaustible’ natural resources for the purposes of the general exception in Article XX GATT 1994.Footnote 141 Although the reference to these international conventions may have allowed the Appellate Body to achieve a dynamic interpretation of the term, some scholars soberly acknowledged that these international instruments were used merely as evidence of a ‘wide agreement on certain facts’ and not as a binding legal norm.Footnote 142
Unlike the GATS, post-GATS instruments broaden the range of considerations that under the VCLT would fall within the scope of ‘context, object and purpose’ of these agreements. For example, in its preamble CETA recognizes the importance of democracy and human rights for the development of international trade and economic cooperation.Footnote 143
3. Supplementary means of interpretation. Under Article 32 VCLT, the context surrounding the conclusion of an international treaty may play a subsidiary (supplementary) role. When national or regional delegates participate in trade negotiations, they bring their countries’ human rights obligations with them which they may want to uphold.Footnote 144 Good faith and pacta sunt servanda being well-established principles of public international law, it would be wrong to assume that any country has concluded or negotiated the WTO agreements knowing or intending to go against their international human rights obligations unless the country in question had specifically mentioned otherwise.Footnote 145
The crucial limitation of this approach is that these agreements play only an auxiliary interpretative role – that is, if one of the conditions listed in paragraphs (a) and (b) of Article 32 is met. Another problem is that human rights are often formulated in broad language and are subject to broad derogations, so that prioritizing international trade objectives to the detriment of human rights does not necessarily lead to its direct violation.
4.3 Lessons from balancing between international trade and human rights to labour, environmental protection, and sustainable development
The absence of central legislative and adjudication bodies in public international law makes the creation of a centralized mechanism to balance different areas of public international law implausible. As shown above, customary rules of treaty interpretation do not provide much substantive help in such balancing, largely due to the self-referential approach of trade law.
The issue of balancing non-economic interests and trade liberalization is not new. Therefore, the inspiration for devising a mechanism of balancing the rights to privacy and personal data with international trade law may be derived from progress in the protection of other notable non-economic interests, such as the protection of environment, labour rights, or sustainable development. Although extensive research into this area is beyond the scope of this article, it is useful to highlight certain developments and proposals related to balancing between human rights, environmental protection, and international trade law. Recent research conducted by Reid in the light of EU law suggests that
[i]t is necessary that rather than non-economic interests being integrated into the WTO legal order, the WTO legal order, and conceptualizations of welfare and non-economic interests, should be seen within the wider context of international commitment to sustainable development. Thus, it is necessary to reframe the WTO objectives from that perspective.Footnote 146
She further notes that
[i]nterpreting the WTO rules from the [sustainable development] perspective would move the organization and its rules away from the pursuit of trade liberalization for its own sake. It would allow concerns represented by the non-economic pillars to be seen as equally important and pursued as such. It would require the application of WTO rules to be carried out in this light. As a result, it would add legitimacy to the engagement with non-economic objectives in the interpretation and application of WTO rules … This would in turn reframe the terms of engagement from a question of the extent to which non-economic interests may be accommodated within the trade regime, and thus inherently subordinate the pursuit of trade liberalization, to a more genuinely balanced relationship.Footnote 147
Reid believes that an important precondition of such reconciliation is the existence of a consensus as to ‘the values to be pursued, the extent to which they may be pursued and the means by which they should interact with other interests’.Footnote 148
Similar to the provisions on privacy and data protection discussed above, provisions on labour, environment, and sustainable development contained in the majority of post-GATS FTAs confirm the parties’ commitments to international agreements or standards in this area and recognize the parties’ right to regulate in accordance with such agreements and standards.Footnote 149 Unlike similar references in provisions on privacy, however, these commitments contain a list of international conventions setting out relevant standards. More importantly, unlike provisions on privacy and data protection, safeguards for labour, environment, and sustainable development often explicitly require a ‘high level of protection’, and put these interests above that of liberalization of trade. This requirement is noteworthy because it helps to prevent the so-called ‘race to the bottom’ arguably supported by a requirement that measures be least trade restrictive or compliant with trade liberalization commitments.
For example, under Article 23.2 of CETA,Footnote 150 the parties
seek to ensure those laws and policies provide for and encourage high levels of labour protection and shall strive to continue to improve such laws and policies with the goal of providing high levels of labour protection.
In addition to these provision some FTAs, such as art 13.1(3) of the FTA with Singapore,Footnote 151 include recognition by the parties that
it is inappropriate to encourage trade or investment by weakening or reducing the protections afforded in domestic labour and environment laws.
At the same time, this provision in the FTA with Singapore warns that environmental and labour standards should not be used for protectionist purposes.
The Association Agreement with Central America goes a step further in its Article 291(2) which requires parties
not to waive or derogate from, or offer to waive or derogate from, its labour or environmental legislation in a manner affecting trade or as an encouragement for the establishment.
In addition, paragraph 3 demands that parties
shall not fail to effectively enforce its labour and environmental legislation in a manner affecting trade or investment between the Parties.
These provisions clearly put labour and environmental concerns above or at least on par with trade liberalization. No such hierarchy is present when it comes to privacy and data protection that are currently normatively subordinate to the ultimate goal of trade liberalization. The EU approach of considering those objectives as more than mere adjuncts of electronic commerce development – and instead as fundamental rights – should lead to a different regulatory approach requiring a sufficient degree of regulatory autonomy in trade agreements. The approach suggested by Reid and partially implemented in post-GATS FTAs in relation to the protection of environment, labour rights, and sustainable development suggests a way forward.
There is probably less consensus regarding the value of privacy and personal data protection, than, say, labour or environmental standards. Yet, that absence of such consensus does not make the above-discussed solution impossible. International trade law can be reconceptualized to safeguard the right to determine the scope and meaning of privacy and personal data protection and to effectuate an appropriate regulatory design of their protection.
5. Conclusion
The regulatory space to protect the fundamental rights to privacy and data protection should form a part of all the EU's international trade deals. The European Commission should be empowered to negotiate relevant provisions in negotiating mandates issued by the Council. This has not been the case in relation to the Transatlantic Trade and Investment Partnership (TTIP) and TiSA.Footnote 152 If the EU does not take a firm stand on this issue in international trade negotiations, its autonomy to maintain the current framework of privacy and data protection, and especially the rules on transfers of personal data to third countries, could be challenged under international trade law, thus allowing trade law to pre-empt broader societal objectives.
International trade agreements leave only a narrow policy margin to pursue public policy objectives because regulation must either comply with international trade law or meet the conditions of general exceptions that favour least trade restrictive regulatory designs. The inclusion of personal data protection in the new generation of the EU's FTAs currently reflects only the economic nature of personal data and not its dignitary nature protected as a fundamental right.
The absence of a formal mechanism to balance interests protected by trade law and those protected by human rights law (these two branches of international law on par) means that international human rights law is unable to effectively limit or counterbalance trade objectives in trade-based dispute settlement.
International trade ‘deals’ should safeguard the EU's ‘right to regulate’ to reflect the normative foundations of privacy and data protection and effectuate a regulatory design most adequate to implement the normative goal. At the same time, the EU should continue to resist any attempt to harmonize privacy and data protection through international trade law that risks subordinating such protection to trade liberalization.
The goal of trade liberalization in international trade agreements should be viewed from the perspective of other non-economic interests, in particular human rights, in three ways. First, by stating (as has been done in some post-GATS FTAs) the societal value of human rights and affirming that trade liberalization should not undermine human rights. Second, by emphasizing the freedom of the parties to protect non-economic values as was done in relation to labour standards and environmental protection and sustainable development. Third, by providing trade adjudicating bodies a mechanism to defer to international human rights treaties.