Certain measures by the European Union do not with sufficient certainty meet the legal tests from free trade law to be excepted. This is the finding of a new study by researchers from University of Amsterdam’s (UvA) Institute for Information Law. The study on trade and privacy, which was commissioned by three European consumer organisations and one US digital rights organisation, was presented to the European Commission yesterday.
The EU is not only a world leader in international trade but also a spearhead, by international standards, in the legal protection of privacy and personal data. Today, the processing of individuals’ personal data is inextricably intertwined with the ordinary conduct of business and cross-border trade in services. While divergent data protection standards can affect cross-border trade in services, such regulations are important to buttress consumer trust in electronic commerce and online transactions.
New generation free trade agreements pursue the ambitious agenda to liberalise services further and to introduce new free data flow commitments in some sectors. Even when it cannot overturn EU law, free trade agreements should not become a venue for challenging the EU approach to the protection of personal data. Just recently, for example, the EU adopted the General Data Protection Regulation, which will become law in 2018 throughout Europe.
The study, which was coauthored by Kristina Irion, Svetlana Yakovleva and Marija Bartl from UvA’s Faculty of Law, identifies critical issues where EU data protection law and free trade agreements may risk running into conflict. This will put to test the robustness of the standard exceptions, which can be found in virtually all free trade agreements today, to justify EU practices.
The study finds that certain EU measures do not with sufficient certainty meet the legal tests from free trade law to be excepted. In parts this is due to certain trade-conforming conditions in free trade agreements, which set a high threshold.
Irion: ‘Not only is there a need to update trade rules for the digital economy and cross-border data flows. From an EU perspective, it is also necessary to upgrade the exception for privacy and data protection in order to make them fit for purpose in next generation free trade agreements.’
In other parts it is due to EU actions, which would likely not perform against a strict standard of regulatory consistency. Interestingly, the study uses the EU-US “Privacy Shield”, which is due to be formally adopted these days, as one of the examples in which the EU could be blamed for not adhering to its commitments of equitable treatment it entered into with free trade agreements.