The EU and 22 other countries are closing in on a huge deal to liberalise trade in services. One of the few pending issues in this Trade in Services Agreement (TiSA) is the question of how to make sure trade deals do not overrule citizens’ right to privacy. All eyes are on the EU now, as it is expected to table its long awaited position on e-commerce during the next TiSA round in early November. This proposal is very likely to be mirrored in the much bigger trade deal currently being negotiated between the EU and the US (TTIP).
Consumer organisations are not opposed per se to the flow of data, as long as the privacy rights of all EU citizens are protected. The problem is that, by definition, data flows include personal data. The countries negotiating TiSA with the EU have very different data protection laws. They do not necessarily match the level of protection that is expected in the EU. Data protection is a fundamental rights issue and is regulated by specific data protection laws, most notably the upcoming EU General Data Protection Regulation which contains a full chapter on international data transfers. That is why rules on data flows should not be part of trade agreements.
No trade deal should put EU rules on data protection and fundamental rights at risk.” David Martin, BEUC.
Last week, BEUC and the Center for Digital Democracy (CDD), Transatlantic Consumer Dialogue (TACD) and European Digital Rights (Edri) brought together key decision makers at an event hosted by Viviane Reding, a Member of the European Parliament, to find a solution to this crucial problem: how can we safeguard data protection in free trade agreements?
The starting point of the discussion was the presentation of a study we commissioned about whether current privacy safeguards in the EU would be safe in trade deals. The conclusions of the researchers from the Ivir institute of the University of Amsterdam are unequivocal: the safeguards are not solid enough, the EU needs to reinforce them.
Data protection rules cannot be traded away
The positions among participants couldn’t be farther apart. On the one hand the European Parliament, BEUC and other NGOs called for “a comprehensive, unambiguous, horizontal, self-standing and legally binding provision excluding EU data protection law from TTIP and TiSA”. This is what the European Parliament is asking for in both TTIP and TiSA recommendations. In practice this means that the EU would remain able to protect the privacy of its citizens regardless of commitments made in trade agreements. This Parliament’s red line will be condition the final vote on both agreements. If it is crossed, the European Parliament is likely to veto the agreements.
The European Parliament recommendations on TTIP and TiSA are crystal clear.” MEP Jan Albrecht
At the other end of the spectrum, the European Commission and the services industry think it’s necessary to include rules on data flows in TiSA and TTIP. Such rules, they say, should allow data to be transferred more easily outside of the EU. Both believe that existing data protection safeguards are sufficient to protect EU citizens.
The current safeguard is 21 years out of date. The Ivir study demonstrates that it is not a sufficient tool to really secure EU citizens’ privacy.
Needless to say that the Commission and the Parliament positions are quite far apart.
If we take commitments on cross-border data flows in TiSA we must raise the bar on data protection”, MEP Viviane Reding.
However, we know that time is of the essence. The TiSA negotiations are advancing rapidly, with other countries setting the rules while EU decision makers are trying to find a solution among themselves. That is why during this debate in the European Parliament, some MEPs, BEUC and other NGOs have proposed a fall-back option: if rules on data flows are in the end included in TiSA and TTIP, current data protection safeguards in the agreements absolutely need to be improved.
A compromise is only possible if the Commission agrees to improve the current safeguards
The ball is now in the European Commission’s court. It is finalising its position on cross border data flows and wishes to propose it to the other TiSA negotiating countries in two weeks’ time. The question is: will the Commission make a proposal that meets the bar set by the EU’s own data protection rules and citizens’ expectations for modern free trade agreements?