A Introduction

Information has always been a valuable as well as often sensitive asset for companies, states and citizens. In this sense, the link between data flowing across borders and the need to protect certain national interests is not entirely new and has been made before.Footnote ¹ In particular during the late 1970s and the 1980s, as satellites, computers and software were profoundly changing the dynamics of communications, the trade-offs between allowing data to flow freely and asserting national jurisdiction became apparent. Echoing concerns of large multinational companies, some states worried that barriers to information flows might hinder economic activities and looked for mechanisms that could prevent the erection of such barriers. Non-binding solutions were found under the auspices of the Organisation for Economic Co-operation and Development (OECD) in the form of principles that sought to balance the free flow of data with the national interests in the fields of privacy and security.Footnote ² Yet, as the OECD itself points out, while this privacy framework endured, the situation then was profoundly different from the challenges in the realm of data governance we face today.Footnote ³ Ubiquitous digitization and the societal embeddedness of digital media have changed the volume, the intensity and, indeed, the nature of data flows.Footnote ⁴

The value of data, as well as the risks associated with data collection, data processing, data use and reuse, by both companies and governments, has dramatically changed. Beyond the flawed mantra of data being the ‘new oil’,Footnote ⁵ many studies point at the vast potential of data as a trigger for more efficient business operations, highly innovative solutions and better policy choices in all areas of societal life.Footnote ⁶ This transformative potential refers notably not only to ‘digital native’ areas, such as search or social networking, but also to brick-and-mortar or physical businesses, such as in manufacturing or logistics.Footnote ⁷ Overall, the implications of big data availability and analytics are multiple and some of them far reaching.Footnote ⁸

Recent enquiries have shown that not only the sheer amount of data and our dependence on it have exponentially increased but also the ways governments assert control over global data flows have changed.Footnote ⁹ Exerting jurisdiction over online matters beyond borders, as exemplified by the seminal French judgment in the Yahoo! case,Footnote ¹⁰ or Internet censorship, as practised by China and many other states,Footnote ¹¹ are well-known examples of control. Yet, the new generation of Internet controls seeks to keep information from going out of a country, rather than stopping it from entering the sovereign state space. Governments increasingly ‘localize’ the data within their jurisdictions for a variety of reasons.Footnote ¹² To be sure, this kind of erecting barriers to data flows impinges directly on trade and may endanger the realization of an innovative data economy. The provision of any digital products and services, cloud computing applications or, if we think in more future-oriented terms, the Internet of Things (IoT) and artificial intelligence (AI), would not function under restrictions on the cross-border flow of data.Footnote ¹³ Data protectionism also comes at a certain cost for the countries adopting such measures.Footnote ¹⁴

At the same time, while it may often be true that higher levels of data protection will amount to a trade barrier, one cannot disregard the legitimate desire of countries to safeguard the fundamental rights of their citizens, public interests and values that matter for their constituencies. The impact of data collection and data use upon privacy protection in particular has been, in recent years, widely acknowledged by scholars and policymakers alike, as well as felt on the ground by regular users of digital products and services.Footnote ¹⁵ The risks have only been augmented in the era of big data, which presents certain distinct challenges to the protection of personal data and, by extension, to the protection of personal and family life.Footnote ¹⁶ Indeed, big data puts into question the very distinction between personal and non-personal data. On the one hand, it appears that one of the basic tools of data protection – that of anonymization, i.e. the process of removing identifiers to create anonymized datasets – is only of limited utility in a data-driven world, as in reality it is now rare for data generated by user activity to be completely and irreversibly anonymized.Footnote ¹⁷ On the other hand, big data enables the reidentification of data subjects by using and combining datasets of non-personal data, especially as data is persistent and can be retained indefinitely with the presently available technologies.Footnote ¹⁸

Big data also puts into question the fundamental elements of existing privacy protection laws, which often operate upon requirements of transparency and user’s consent.Footnote ¹⁹ Equally is data minimization as another core idea of privacy protection challenged, as firms are ‘hungry’ to get hold of more and more data.Footnote ²⁰ These challenges have not been left unnoticed and have triggered the reform of data protection laws around the world, best exemplified by the European Union’s General Data Protection Regulation (GDPR).Footnote ²¹ The reform initiatives are, however, not coherent and are culturally and socially embedded, reflecting societies’ deep understandings of constitutional values, relationships between citizens and the state, and the role of the market, to name but a few.Footnote ²² The striking divergences both in the perceptions and the regulation of privacy protection across nations and in particular between the fundamental rights approach of the EU and the more market-based, non-interventionist approach of the United StatesFootnote ²³ have also meant that conventional forms of international cooperation and an agreement on shared standards of data protection have become highly unlikely.

Against this backdrop of a complex and contentious regulatory environment, data and cross-border data flows in particular have become one of the relatively new topics in global trade law discussions. Many questions have been raised in this context, for instance, whether and how do the existing trade rules apply to data flows? How should they be classified – as a good or a service, and if categorized as a service, under which services sector do they fall? How do we address new trade barriers, such as localization measures? How can we reconcile the free flow of data and countries’ privacy, national security and other public interest concerns? How do we ensure that trade law accommodates the data-driven economy and enables global trade for the benefit of all? Which are the appropriate forum and the decision-making processes for moving the global data economy agenda ahead? Many of these questions are still open and this chapter will not give satisfactory answers to them all. It will nonetheless provide valuable information and insights about the current state of global trade law that may help policymakers down the road. In this sense, the chapter has a two-prong objective: first, it seeks to clarify the interfaces between the data-driven economy and existing trade law; second, and more importantly, it traces the regulatory responses and the emerging legal design in preferential trade agreements (PTAs) with regard to digital trade and data flows in particular.

B WTO Law as Pre-Internet Law

While PTAs are in the spotlight of this chapter, the multilateral forum of the World Trade Organization (WTO) cannot be simply ignored – on the one hand, because it matters in its own right as a set of hard and enforceable rules on trade in goods, services and intellectual property (IP) protection, and on the other hand, because PTAs are in many senses only an addition to these rules. Politically speaking, the failings of the multilateral system on certain issues have prompted action on those issues in the preferential venues and this is particularly evident in the area of digital trade, as revealed later.

The WTO agreements, the fundamental basis of international trade law, were adopted during the Uruguay Round (1986–1994) and came into force in 1995.Footnote ²⁴ Despite some adjustments – such as Information Technology Agreement (ITA),Footnote ²⁵ its update in 2015 and the Trade Facilitation Agreement,Footnote ²⁶ WTO law has not fundamentally changed and is still very much in its pre-Internet state.Footnote ²⁷ One could, of course, argue that laws need not change with each and every new technological invention.Footnote ²⁸ And indeed, the law of the WTO lends credence to such an argument because it is in many aspects, both in the substance and in the procedure, flexible and resilient. WTO law can be qualified as relatively ‘hard’, as it involves deep intervention in domestic regulatory regimes and can impose certain sanctions for breach of obligations.Footnote ²⁹ It is furthermore based on powerful principles of non-discrimination, such as the most-favoured nation (MFN) and the national treatment (NT) obligations, that address all areas of economic life and could potentially tackle technological developments better than new made-to-measure regulatory acts. Many of the rules with regard to the application of the basic principles, with regard to standards, trade facilitation, subsidies and government procurement do also operate in a technologically neutral way.Footnote ³⁰

Another advantage of WTO law that may be highlighted is that despite its high degree of legalization and focus on economic rules, it also permits some flexibilities. One of those relates to the so-called general exceptions clauses formulated under Article XX of the General Agreement on Tariffs and Trade (GATT) 1994 and Article XIV of the General Agreement on Trade in Services (GATS), which allow WTO members to adopt measures that would otherwise violate their obligations and undertaken commitments, under the condition that these measures are not be applied in a manner that would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade. Particularly interesting for this chapter’s discussion on data flows are the possibilities that Article XIV of the GATS may open for maintaining existing and adopting new data restrictions. Article XIV enumerates different grounds as possible justifications and includes two specific categories that are of pertinence for our topic: (a) those relating to public order or public moralsFootnote ³¹ and (b) those that are necessary to secure compliance with laws or regulations,Footnote ³² including such on ‘the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts’.Footnote ³³ Under this provision, it has been argued, for instance, that the rules of the GDPR may be found to violate the obligations of the EU under the GATS.Footnote ³⁴

Finally, in terms of evolution of norms, it can be maintained that the WTO possesses the advantage of a dispute settlement system that can foster legal evolution.Footnote ³⁵ There is strong evidence in the WTO jurisprudence for both the capacity of the dispute settlement mechanism and for the relevance of the Internet in trade conflicts.Footnote ³⁶ The US–GamblingFootnote ³⁷ case is a great example in this context, as it confirmed that the GATS commitments apply to electronically supplied services and clarified key notions of services regulation, such as likeness and the scope of the ‘public morals/public order’ defence under Article XIV of the GATS.Footnote ³⁸

Yet, plainly assuming that the WTO’s ‘adaptive governance’Footnote ³⁹ works will be flawed. Indeed, there are many reasons to question it and be rather sceptic about the match between the existing WTO rules, their implementation and evolution, and contemporary digital trade. Apart from the current political context, which may prevent new and forward-looking rule-making,Footnote ⁴⁰ there are important hindrances in applying the GATS in the digital environment. In particular, the GATS commitments are based upon old pre-Internet classifications of services and sectors, and these have become increasingly disconnected from trade practices.Footnote ⁴¹ For instance, as the WTO law presently stands, it is unclear whether previously unknown things, such as online games, should be categorized as goods or services (and thus whether the more binding GATT or the GATS apply). Provided that no physical medium is involved and one decides consequently to apply the GATS, the classification puzzle is by no means solved: Online games, for instance, as a new type of content platform, could be potentially fitted into the discrete categories of computer and related services, value-added telecommunications services, entertainment or audiovisual services. One may also be unsure when there is an electronic data flow intrinsic to the service whether to classify this flow separately or as part of the traditional services.Footnote ⁴² Classification is by no means trivial,Footnote ⁴³ as each category implies a completely different set of duties and/or flexibilities for the WTO members. If online platforms and the services they offer were to be classified as computer services, for example, states would lack any wiggle-room whatsoever and would have to grant full access to foreign services and services suppliers and treat them as they treat domestic ones – because of the high level of existing commitments under the GATS of virtually all WTO members.Footnote ⁴⁴ On the other hand, were online games classified as audiovisual services, most WTO members would have the policy space to maintain and adopt restrictive and discriminatory measures.Footnote ⁴⁵ The evolutionary interpretation of schedules of specific commitments, as affirmed in China–Audiovisual Products, while a positive development, does not necessarily help much to achieve legal certainty in such situations.Footnote ⁴⁶ Neither does the finding that the GATT and the GATS are not mutually exclusive.Footnote ⁴⁷

The classification dilemma, as particularly critical for digital trade, is an illuminating example of this state of paralysis but by far not the only one. Many other issues, although discussed in the framework of the 1998 WTO Work Programme on Electronic Commerce, have been left without a solution or even a clarification.Footnote ⁴⁸ For instance and as a minimum for advancing on the digital trade agenda, there is still no agreement on a permanent moratorium on customs duties on electronic transmissions and their content.Footnote ⁴⁹ Against the backdrop of pre-Internet WTO law and despite the recent reinvigoration of the e-commerce negotiations under the 2019 Joint Statement Initiative,Footnote ⁵⁰ many of the disruptive changes underpinning the data-driven economy have demanded regulatory solutions outside the ailing multilateral trade forum. States around the world have used in particular the venue of preferential trade agreements to fill in some of the gaps of the WTO framework, clarify its applications and beyond that, address the newer trade barriers and accommodate their striving for seamless digital trade. Quite naturally for developments in preferential trade, the framework that has emerged as a result and now regulates contemporary digital trade is not coherent. It is neither evenly spread across different countries, nor otherwise coordinated. Indeed, it is messy and fragmented both with regard to the substantive rules and the agreements’ membership.

In the following section, the chapter provides an overview of the developments in PTAs in the last two decades in the area of digital trade governance. The information stems from our own dataset TAPED: Trade Agreement Provisions on Electronic Commerce and Data,Footnote ⁵¹ which ran a detailed mapping and coding of all PTAs that include chapters, provisions, annexes or side documents that directly or indirectly regulate digital trade. In the subsequent section, we look at the new rules on free data flows and their design across different PTAs. We then analyze in more detail the most sophisticated template for digital trade rules that we have so far – that of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and some subsequent developments in the United States–Mexico–Canada Agreement (USMCA). In the final section, the chapter offers some thoughts about the current state of global digital trade law and the prospects of governing data flows.

C Evolution of Digital Trade Provisions in PTAs

I Overview and Some Emerging Trends

From the 347 PTAs agreed upon between 2000 and 2019 and reviewed in TAPED, 184 PTAs have provisions related to digital trade.Footnote ⁵² The largest number of provisions is found in e-commerce and intellectual property chapters; overall, the provisions remain however highly heterogeneous, addressing various issues ranging from customs duties and paperless trading to personal data protection and cybersecurity. The depth of the commitments and the extent of their binding nature can also vary significantly. For instance, if one looks at the top countries that have entered into PTAs with e-commerce provisions,Footnote ⁵³ the European Union occupies the first place with Singapore, yet it is only in the very recent EU PTAsFootnote ⁵⁴ that there is a dedicated chapter on e-commerce and some substantive provisions – beforehand e-commerce provisions were only few, part of the services chapters and limited to mere GATS-level commitments and cooperation pledges.Footnote ⁵⁵

Putting the digital trade provisions along a chronological line, it is evident that the inclusion of provisions in PTAs referring explicitly to electronic commerce is not a recent phenomenon, although it has evolved significantly in the past eighteen years. The first e-commerce provision dates back to the 2000 Free Trade Agreement (FTA) between Jordan and the United States.Footnote ⁵⁶ Almost at the same time, New Zealand and Singapore agreed upon the Closer Economic Partnership Agreement (CEPA), including an article on paperless trading. Two years later, the Australia–Singapore FTA (SAFTA), concluded on 17 February 2003, was the first PTA to have a dedicated chapter on e-commerce. At the moment of this writing, specific provisions applicable to e-commerce can be found in 109 PTAs, mostly in dedicated chapters (79) (for details, see Table 1.1). The last eight years have witnessed a significant increase in the number of agreements with digital trade provisions. As shown in Figure 1.1, digital trade provisions are, on average, included in more than 68 per cent of all PTAs that were concluded between 2010 and 2019 and despite the fall in agreed upon deals, more of them include digital trade provisions. The rise in the total number of PTAs with such norms is driven mainly by bilateral PTAs: 84 per cent of total PTAs since 2000 and involves both developed and developing countries.Footnote ⁵⁷

Table 1.1. PTAs concluded with digital trade provisions per year (2000–2019)

Year	Total PTAs	WTO notified	Digital trade provisions	E-commerce chapters	% PTAs with digital trade provisions
2000	20	8	2	0	10.00
2001	23	12	2	0	8.70
2002	26	8	4	0	16.00
2003	30	10	6	3	20.69
2004	29	14	6	6	21.43
2005	17	10	5	4	33.33
2006	26	13	7	6	31.82
2007	20	13	4	4	29.41
2008	24	27	9	6	40.91
2009	23	21	6	3	19.05
2010	14	18	5	3	50.00
2011	19	15	2	2	18.75
2012	8	20	3	3	33.33
2013	14	22	9	6	64.29
2014	14	12	10	7	88.89
2015	10	10	6	5	50.00
2016	11	14	7	5	71.43
2017	6	18	3	2	33.33
2018	9	7	9	10	100.00
2019	4	0	4	4	100.00
Total	347	272	109	79

Figure 1.1. Evolution of PTAs with digital trade provisions (2000–2019)

Among the PTAs with digital trade provisions, it is evident that the number and level of detail have also increased significantly over the years, as depicted in Figure 1.2. In 2019, 13 is the average number of provisions found in e-commerce chapters of PTAs, with an average number of 2,527 words (see Table 1.2).

Figure 1.2. PTAs with digital trade provisions: average number of articles and words

Table 1.2. PTAs with e-commerce chapters: average number of provisions and words (2000–2019)

Year	Total PTAs	E-commerce chapters	Average number of articles	Average number of words
2000	20	2	1	91
2001	23	2	1	838
2002	25	4	4	168
2003	29	6	8	395
2004	28	6	6	606
2005	15	5	5	541
2006	22	7	6	801
2007	17	5	7	753
2008	22	9	7	606
2009	21	4	5	606
2010	10	5	3	313
2011	16	3	3	318
2012	9	3	3	233
2013	14	9	7	640
2014	9	8	8	1,073
2015	10	5	8	842
2016	7	5	10	1,390
2017	6	2	2	357
2018	10	10	12	1,697
2019	4	4	13	2,527

At the moment of writing, the Singapore–Australia Free Trade Agreement (SAFTA), updated in 2016, is the PTA in force with the highest number of provisions in an e-commerce chapter (19 in total), with 2,997 words. As of 2020, the USMCA would overtake SAFTA, as the current text of its Digital Trade chapter has also 19 articles but comprising 3,206 words. The new dedicated digital trade agreements go well beyond: the US–Japan Digital Trade Agreement has 5,346 words, and the Digital Economy Partnership Agreement (DEPA) between Chile, Singapore and New Zealand contains 10,887 words.

D Substantive Developments in Digital Trade Governance

As evident from the earlier overview, the regulatory environment for data flows has been substantially shaped by PTAs. The United States has played a key role in this process and has sought to endorse liberal rules in implementation of its ‘Digital Agenda’.Footnote ¹²⁹ The agreements reached since 2002 with Australia, Bahrain, Chile, Morocco, Oman, Peru, Singapore, the Central American countries,Footnote ¹³⁰ Panama, Colombia and South Korea, all contain critical WTO-plus (going above the WTO commitments) and WTO-extra (addressing issues not covered by the WTO) provisions in the broader field of digital trade. The emergent regulatory template on digital issues is not however limited to US agreements but has diffused and can be found in other FTAs, as evident from the earlier overview. Singapore, Australia, Japan and Colombia have been among the major drivers of this diffusion but as earlier mentioned, the issues covered and the levels of legalization may still vary substantially.Footnote ¹³¹

Key aspects of digital trade are typically addressed in (i) specifically dedicated e-commerce chapters; (ii) the chapters on cross-border supply of services; and (iii) the IP chapters. The electronic commerce chapters show by far the most substantial evolution over time – moving from less to more binding and from a mere compensation for the lack of progress in the WTO towards new (and partially innovative) digital trade rule-making. In the former sense, they have included a clear definition of ‘digital products’, which treats digital products delivered offline equally as those delivered online, so that technological neutrality is ensured. The chapters also recognize the applicability of WTO rules to electronic commerce, and establish a permanent moratorium on duties on the import or export of digital products by electronic transmission. Critically, the e-commerce chapters, especially those of US-led agreements, ensure both MFN and NT for digital products trade; discrimination is banned on the basis that digital products are ‘created, produced, published, stored, transmitted, contracted for, commissioned, or first made available on commercial terms outside the country’s territory’ or ‘whose author, performer, producer, developer, or distributor is a person of another party or a non-party’.Footnote ¹³²

The e-commerce chapters do also include rules that go beyond the WTO and next to provisions on IT standards and interoperability, cybersecurity, electronic signatures and payments, paperless trading and e-government, the rules on data flows are the most illustrative example in this context. In the following two sections, we look more closely at the most advanced template for digital trade chapters endorsed by the CPTPP and slightly further developed by the USMCA, including also some remarks on the dedicated US–Japan Digital Trade Agreement.

E Conclusion

The era of big data has ushered in new challenges for global trade law. Policymakers are faced with the extremely difficult task to match the existing, largely analogue-based, institutions and rules of international economic law with the dynamic, scruffy innovation of digital platformsFootnote ¹⁷⁴ and data that flows regardless of state borders. At the same time, and this only makes the task more taxing, it is evident that the regulatory framework that will be chosen will have immense effects on innovation and the fate of the data-driven economy,Footnote ¹⁷⁵ as well as on fundamental rights beyond the province of the economy, such as the protection of citizens’ privacy. Despite the importance and the urgency of finding appropriate governance solutions, global trade law has not undergone a radical overhaul so far and legal adaptation has been slow and patchy, as this chapter showed. PTAs have become the preferred venue, where digital trade rules have been adopted – on the one hand, so as to compensate for the lack of progress under the umbrella of the WTO and on the other hand, and more importantly, so as to create new rules that address new trade barriers, such as data localization measures; new and pressing concerns, such as the acute need to interface trade and personal data protection mechanisms, and overall, to provide a regulatory environment that is conducive to the practical reality of digital trade and that provides a level of legal certainty for all actors involved. It has been the chapter’s objective to provide a better understanding of this newly emerged governance landscape by tracing broader developments and trends, by looking in particular at the data-related rules across PTAs and analyzing more closely the most sophisticated templates of e-commerce chapters so far, as found in the CPTPP and the USMCA.

The understanding of the existing rules on digital trade and their evolution over time is absolutely essential for future attempts of individual states and of the international community to grapple with the digital challenge. It may be important also for other governance actors, such as companies, think tanks, non-governmental organizations and even individual citizens who wish to more actively engage in the rule-making processes in trade agreements, which by definition tend to be behind closed doors and with little to none stakeholder involvement.Footnote ¹⁷⁶ The experience gathered in PTAs may also be invaluable for the ongoing reinvigorated efforts in the WTO to reach an agreement on electronic commerce, as well as in new bolder deals that go beyond existing commitments and look at a range of emerging issues, such as digital identity, AI, electronic invoicing and open data, such as those covered under the DEPA.

As a final thought, one may stress that the data economy has placed higher demands on regulatory cooperation.Footnote ¹⁷⁷ As the complexity of the data-driven society rises, enhanced regulatory cooperation seems indispensable for moving forward, since data issues cannot be covered by the mere ‘lower tariffs, more commitments’ stance in trade negotiations but entail the need for reconciling different interests and the need for oversight. In this context, while the paths for engaging in and advancing regulatory cooperation would ideally be followed in the multilateral forum,Footnote ¹⁷⁸ preferential trade venues can serve as governance laboratories. The way forward may be truly bright but remains highly (and perhaps unfortunately so) dependent on the role that the key players, the United States, the EU and China, are willing to assume.

A Introduction

Innovation in information and communication technology (ICT) has been one of the key drivers of economic globalization. As a result, the volume of goods and services and, therefore, cross-border data flows have been increasing at an exceptional speed. The World Trade Organization (WTO) and its members have early on realized the importance of establishing global rules for guiding these processes. Already at its Second Ministerial Conference in 1998, the WTO adopted the Declaration on Global Electronic Commerce and called for the establishment of a work programme on e-commerce. The work programme has been implemented by four of the WTO’s bodies which have regularly reported on the developments,Footnote ¹ and the General Council has periodically reviewed the progress of the programme. Based on the minutes of the meetings of the General Council, Figure 2.1 maps the number of interventions by WTO members related to the topic of e-commerce. The data shows important variation in terms of attention given to the topic over time. After a substantial interest on e-commerce–related issues in the late 1990s and the early 2000s, the preoccupation with the topic dropped dramatically from 2003 until around 2011. Overall attention has only picked up again in the past few years. In preparation for the Eleventh Ministerial Conference (MC11) in Buenos Aires in December 2017, e-commerce was back on the table and the subject of many of the interventions made in the General Council.

Figure 2.1. Interventions on e-commerce in the WTO General Council, 1995–2018

Source: Authors’ illustration based on the WTO General Council meeting minutes (WT/GC/M/1-WT/GC/M/174) available on the WTO website.

Following intensified discussions, seventy-six WTO members issued a joint statement on e-commerce during the World Economic Forum meeting in Davos in January 2019 in which they ‘confirm [their] intention to commence WTO negotiations on trade-related aspects of electronic commerce’, ‘seek to achieve a high standard outcome that builds on existing WTO agreements and frameworks with the participation of as many WTO Members as possible’ and ‘continue to encourage all WTO Members to participate in order to further enhance the benefits of electronic commerce for businesses, consumers and the global economy’.Footnote ²

Notwithstanding the newly found interest in e-commerce topics at the multilateral level, we observe that the WTO has been rather passive in its approach to address the data-related changes in the world economy. If regulatory solutions have been promoted, it was mostly driven by unilateral or extraterritorial approaches by the main trading powers. Given the absence of progress in rule-making in the WTO for some time now and a growing set of unilateral policies, the negotiators of preferential trade agreements (PTAs) have themselves attempted to shape the rule book for the twenty-first-century world economy – rules that would address needs resulting from an ever more integrated and data-driven economy. The first PTA that had an electronic-commerce provision was the Jordan–US PTA in 2000 and the first data flow provisions go back to the Korea–US PTA concluded in 2007. So, these types of provisions are a rather recent phenomenon in trade agreements, but it clearly shows that WTO members have shifted the venue for rule-making from the WTO to the world of PTAs starting in the early 2000s.Footnote ³

This chapter focuses on data-related provisions in PTAs and explores trends and patterns over time. We attempt to map clusters and models that have emerged. Related to this, we also focus on who the ‘rule-makers’ are in this regulatory area. If PTAs are best understood as ‘laboratories’ for global rule-making, we investigate in this chapter which governments are pivotal in pushing regulatory ideas and templates.

The chapter is organized as follows: first, we provide a short discussion of the literature that provides the backbone and rationale for the data collection. We then present particular indicators aggregated from the data that attempt to capture various salient dimensions of data flow–related provisions in PTAs. This is followed by an enquiry into the trends over time using these indicators, exploring the rule-makers’ roles through both text-as-data analyses and manual coding of data-related design features. Finally, we graphically explore bivariate relationships that speak to potential explanations why we would expect to see variation in PTA design in this domain. The chapter concludes by outlining possible next research avenues in the area of digital trade governance.

B A Look at State of the Art

Various strands of literature in international relations and political economy provide the backbone for collecting and analyzing PTA design features – some of them address general debates regarding the move towards more law, the relationship between multilateralism and regionalism or on rule-making versus rule-taking, the role of diffusion and debates specific to data flows and regulatory responses. We have mapped some of these debates in this chapter.

The call for more fine-grained information on the content of international agreements has been around for quite a while. Both the legalization as well as the rational design literatures provide useful guidance for choosing the types of design features to focus on.Footnote ⁴ Both literatures develop indicators and propose measures to account for treaties’ scope, degree of obligation as well as flexibility features. In particular in the trade literature on PTAs, various indicators have been further developed – such as with regard to the depth of an agreement which captures the degree to which measures may lead to increased market integrationFootnote ⁵ or with regard to various types of flexibility tools which allow for legally imposing barriers, normally for a limited period of time.Footnote ⁶ These conceptualizations are also insightful when mapping data flow provisions as part of PTAs.

Another strand of literature to which this chapter speaks is the work on regime complexity, which is usually defined as a set of non-hierarchical overlapping institutions.Footnote ⁷ The universe of PTAs with over one thousand agreements, where all WTO members are participating actors, serves as an interesting laboratory of how regime complexity affects the behaviour of states both in collaborative and conflictive fashions. Linked to the concept of regime complexity is the emerging attention given to diffusion drivers and effects,Footnote ⁸ which asks the essential questions of why states sign PTAs; what the role of competition with other trading nations is; how learning and mimicking from neighbouring countries impact the decision to engage in PTAs, or whether PTA signature and the treaty commitments are a result of coercion by powerful states that aim to have their templates and models reflected in as many treaties as possible. Both, the regime complexity theories and diffusion theories, provide strong testimony to how international treaties are interdependent and serve as a cautionary note of analyzing single agreements in isolation of other treaties. Within the study of international institutions and international trade, additional debates have emerged, focusing on the groups of countries that promote their own rules (‘rule-makers’) and the ones that are on the receiving end of global regulation (‘rule-takers’). This chapter focuses on the conditions under which rules diffuse using a mix of methods, including textual analyses.Footnote ⁹

Finally, research on trade and data flows can build on the work that has zoomed in on the relationship between the promotion of liberalization and a government’s objective to protect public interests. While the early trade literature focused on various linkages, such as trade and human rights and trade and environment,Footnote ¹⁰ more recently the concept of optimal protection of individual rights related to data protection has become more central. Following the old idea of ‘embedded liberalism’,Footnote ¹¹ we are interested in how liberalization in data flows related to trade and services goes hand in hand with governments’ demands for flexibility or escape instruments to protect citizens’ interests in terms of privacy, and therefore pursuing social goals.

C Design Dimensions and Related Concepts

In recent years, research on trade agreements has made substantial progress by unpacking the various design features in PTAs to explore variation across treaties.Footnote ¹² We follow this work by zooming in on data-relevant provisions. The data presented below is based on seventy-four single variables focusing, on the one hand, on the electronic commerce chapters and, on the other hand, on data-relevant provisions in other PTA chapters, including services, intellectual property rights and specific rules on ICT, data localization and similar content. The data is then aggregated to produce a number of indicators measuring various key dimensions derived from the earlier literature discussion. In the following, we briefly describe the different concepts and the types of variables that we draw upon to construct these.

D Describing Trends and Patterns in Digital Trade Governance

In this section we discuss briefly the evolution of PTAs over time. We provide some descriptive statistics based on the indicators developed earlier, derive a better idea about who the rule-makers are and explore a number of bivariate relations which are suggestive about potential interdependence between design features, but also between treaty content and domestic practice.

The first agreement referring to electronic commerce was signed in 2000. Therefore, we deal with a rather novel issue area for trade regulation. There are no observations prior to 2000 while discussions within the WTO had been going on for a while. This is suggestive to the possibility that governments have prioritized the multilateral arena while then slowly turning to PTAs either because of lack of progress in the WTO (see Figure 2.1), or because of learning effects and development of various government strategies and potentially implicit models. Figure 2.2 shows the steady increase of e-commerce provisions, e-commerce chapters and provisions on free data flow both in absolute numbers and relative to the number of PTAs signed per year.

Figure 2.2. The evolution of e-commerce and data flow regulation in PTAs, 2000–2018.

Source: Authors’ illustration based on the TAPED database. The TAPED database traces all data-relevant norms in trade agreements and is available at https://unilu.ch/taped. See also M. Burri and R. Polanco, ‘Digital Trade Provisions in Preferential Trade Agreements: Introducing a New Dataset’, Journal of International Economic Law 23 (2020), 187–220.

In total, we have identified ninety-nine PTAs that have at least one data-related provision. Table 2.1 provides the summary statistics for the different indicators outlined earlier and confirms the notion of considerable heterogeneity among PTAs.

In the following figures, we zoom into a selection of indicators and illustrate their evolution over time. Figure 2.3 shows the Scope1 indicator, which captures the number of words related to the regulation of e-commerce and data flows. The median and range of the count of words varies considerably over time. We also observe a number of outliers, including Jordan–Singapore 2004, the Central European Free Trade Agreement (CEFTA) in 2006 and Australia–Japan 2015. The latter one is an outlier for that year but is following an upward trend. We also observe large variation in the years 2016–2018.

Figure 2.3. The Scope 1 indicator, 2000–2018.

Source: Authors’ illustration based on the TAPED database.

In Figure 2.4 we show the second scope indicator, based on the number of provisions related to the regulation of e-commerce and data flows. Again, we observe that scope increases; however, this does not occur gradually. In most years, we notice a considerable range of provisions as well as a number of outliers. Compared to other PTAs signed in 2006, CEFTA has only few provisions related to the regulations of e-commerce and data flows. In 2007, the same is true for the PTA between Japan and Thailand. In contrast, the Panama–US PTA in 2007 includes a rather large number of provisions on this topic. The PTA between Colombia and Costa Rica presents the top outlier in 2013, the PTA between Central America and the European Free Trade Association (EFTA) the bottom outlier. Malaysia–Turkey and Canada–Ukraine present the two outliers in 2014 and 2016, respectively.

Figure 2.4. The Scope 2 indicator, 2000–2018.

Source: Authors’ illustration based on the TAPED database.

Over time, we also detect an increase in the depth (Data Flow Facilitation) indicator (Figure 2.5). Following the above trend, the 2006 CEFTA agreement and the 2007 Japan–Thailand PTA indicate substantially shallower commitments than other agreements in these respective years. The outlier PTAs having substantially deeper commitments in 2013 than other agreements signed in that year are Colombia–Costa Rica as well as Colombia–Panama, most likely inspired by their commitments in one of their recent trade agreements with a rule-maker. In 2015, we observe in Mongolia’s first ever PTA with Japan also deeper commitments in terms of data flow facilitation.

Figure 2.5. The depth indicator, 2000–2018.

Source: Authors’ illustration based on the TAPED database.

Turning to our flexibility indicator (Figure 2.6), we observe that already between 2004 and 2008 PTAs included higher levels of flexibility. Again, CEFTA presents the outlier in 2006, which is not surprising as it also scored low on scope and depth. The bottom outlier in 2015 is the PTA between Canada and Ukraine, which might be explained by the low trade flows in goods and services with substantial data content between the two countries. The top outlier in the same year is the PTA between Australia and Singapore, which could be a result of two countries with usually deep agreements.

Figure 2.6. The flexibility indicator, 2000–2018.

Source: Authors’ illustration based on the TAPED database.

E Of Rule-Makers and Central Actors

The previous sections discussed the various indicators and illustrated their variation over time. In this section, we take a closer look at the signatory countries. In total, eighty-two countries (counting the EU as one actor) are involved in the ninety-nine PTAs which have data flow–related provisions since 2000. As illustrated in Figure 2.7, there is considerable heterogeneity in terms of the number of PTA partners by signatory and the degree of scope measured by the number of provisions. Since 2000, the EU has signed eighteen PTAs with thirty-eight partner countries and, on average, included twenty-three provisions on e-commerce and data flows. Mongolia (MGN) has only signed one PTA (with Japan). In this PTA, however, there are forty provisions on e-commerce and data flows. The United States has signed fewer agreements than the EU, but on average their scope is substantially higher. We also observe that the average scope of agreements with European countries is significantly lower than treaties with countries of the Americas. Oceania is also above average in terms of scope. Finally, African signatories of PTAs are not yet addressing data flow–related provisions. This is surprising given the potential of e-commerce for developing countries.

Figure 2.7. The Scope 2 indicator and the count of PTA partners.

Source: Authors’ illustration based on the TAPED database.

To illustrate this network of PTAs, we combine the average Scope 2 indicator and the count of PTA partner countries for each signatory country and represent this in Figure 2.8 using instruments of network analysis. In this network, the size of each country is proportional to its weighted centrality. That is, the size of each country is proportional to the product of the number of PTA partners and the average number of provisions on e-commerce and data flows included in all its PTAs. The width of the links is proportional to the number of e-commerce and data flow provisions in a given PTA. Figure 2.8 highlights that there are some countries that are central to this PTA network and therefore potentially influential in diffusing certain regulatory models on e-commerce and data flows. The European Union, the United States and Singapore stand out, but also other countries, such as Australia, Canada or Mexico, are pictured as central actors.

Figure 2.8. The network of PTAs regulating e-commerce and data flows.

Source: Authors’ illustration based on the TAPED database. Note: Blue-Asia, White-Americas, Red-Europe, Green-Oceania.

To investigate the patterns that can be graphically observed in the earlier network, we zoom into the subset of PTAs that have not only at least one provision on e-commerce and data flows but a full chapter. Out of the ninety-nine PTAs signed since 2000, seventy-two have a chapter related to e-commerce and data flows. Seven of these PTAs are signed between Latin American countries and only available in Spanish, leaving us with sixty-three PTAs that are available in the English language. Since Singapore and Australia renewed their 2003 PTA in 2016, we only include the latter PTA in this analysis – leaving us with a subset of sixty-two PTAs.

Relying on text-as-data analysis, we compare these sixty-two PTA chapters in the English language to detect potential patterns, more precisely, by employing the plagiarism software WCopyfind to measure the textual overlap between the PTA chapters. The programme allows for a number of refinements. We follow the convention to use a minimum of six consecutive identical words for a match.Footnote ¹⁷ All punctuation, outer punctuation, numbers, letter case and non-words are ignored. It should be pointed out that WCopyfind only reports the PTAs that have a minimum of matches between PTAs. In our case, the PTAs between Jordan and Singapore (2004), Canada and Jordan (2009), the Eurasian Economic Union (EAEU) and Vietnam (2015) and between Canada, and the Ukraine (2016) appear to have too little overlap with the other PTAs and were consequently dropped by the programme.

The heat map (Figure 2.9) provides a number of interesting insights. In terms of interpretation, the map colours the squares darker, the higher the textual overlap between the e-commerce and data flow chapters of two respective PTAs is. In Figure 2.9, the PTA chapters are hierarchically clustered, meaning PTAs are grouped together into clusters. The clusters and their PTAs are fairly distinct from each other and the PTAs within a cluster are broadly similar to each other. Figure 2.9 suggests that there are five main clusters. The top right cluster indicates that the United States and Singapore take similar approaches when designing their e-commerce chapters. This is likely to be the case because they have signed a PTA with one another in 2003. Out of the eighteen PTAs that are identified to be in this cluster, the United States and Singapore have signed eleven and seven, respectively. Interestingly, their PTA partners overlap only partly. While the United States and Singapore both have PTAs with South Korea and Panama, the other PTA partners are distinct. It is also interesting to note that Singapore already signed its PTAs with South Korea and Panama in 2005 and 2006 respectively, while the United States only signed its agreements with the two countries in 2007. The second PTA cluster can be found in the centre of Figure 2.9. These six PTAs appear to be following the Australian approach. Indeed, Australia is a signatory of five of these PTAs; the sixth PTA is between New Zealand and Thailand in 2004. Down and to the left is the third distinct cluster of PTAs. Out of the seven PTAs identified to be in this cluster, Canada has signed six. Somewhat surprisingly, the 2011 PTA between South Korea and Peru seems to follow a similar approach to the Canadian PTAs in this cluster. Figure 2.9 also shows that the Comprehensive Economic and Trade Agreement (CETA) between the Canada and the EU is closer to previous Canadian agreements than to EU agreements (the cluster at the bottom left). The second last cluster includes the Trans-Pacific Partnership Agreement (TPP, 2016) and the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, 2018), as well as a number of other agreements that the (CP)TPP members have signed. Interestingly, the e-commerce chapter of the recently negotiated agreement between the United States, Mexico and Canada (USMCA, 2018) is also found to be very close to the (CP)TPP. The last cluster in the bottom left corner of Figure 2.9 includes recent agreements by the EU. Overall, the text-as-data analysis presented helps detect the small group of countries which seem to be the rule-makers in the area of digital trade.

Figure 2.9. A heat map on text-as-data analysis of e-commerce and data flow chapters in PTAs.

Source: Authors’ illustration based on PTA texts collected for the TAPED database.

F Zooming in on the Rule-Makers

In this section we compare these rule-makers by focusing on the number of provisions (Scope 2) and differentiate these provisions in terms of their legal language and overall ‘bindingness’. The legal language provides clues as to whether we expect more or less obligation based on words such as ‘should’, ‘shall’, or ‘may’. We differentiate between high and low obligation. Figure 2.10 provides an overview for five identified rule-makers (United States, EU, Australia, Canada and Singapore). The figure shows the average and maximum count of total provisions, as well as the average and maximum count of that have a high level of bindingness. The maximum scores might be more intuitive to interpret as countries potentially do not negotiate in their future agreements commitments below the ones already agreed upon.

Figure 2.10. Dot plots for the indicators.

Note: In the figure on non-discrimination provisions, High(max) is equal to All(max) for Australia, the EU, Singapore, the United States and others, which is why only the All(max) indicator is shown.

Source: Authors’ illustration based on the TAPED database.

For scope and depth, we observe that for the so-called rule-maker group, roughly half of all commitments are phrased in legal terms that suggest high obligation. In terms of the average and maximum values for scope and depth, the EU scores lower than the other rule-makers as well as other countries. We observe a similar pattern for the flexibility indicator. Of the rule-makers, it is in particular Singapore which includes a considerable number of flexibility-related provisions. For the indicator related to consumer protection, we in particular detect that Singapore and Australia agree on legal language that signals higher obligation and therefore allows for stronger rights to protect individuals. The non-discrimination provisions are overwhelmingly commitments which come with high obligation based on the reading of the legal language. By contrast, when we turn to regulatory cooperation, we observe that the legal wording signals rather low levels of obligation, therefore these features of the treaties are practically not enforceable in case of disagreement among PTA members.

G Exploring Explanations for Treaty Design

In this section we provide graphical descriptions of a number of bivariate relations to address potential explanations for variation in PTA design. The first group of graphs (Figure 2.11) addresses the question as to whether PTA design is largely endogenous; in other words, many of the design features are related to each other, as suggested by some authors. We focus on the depth variable and explore how this is correlated with other indicators. First, we see that scope and depth are highly correlated, which is not surprising. PTAs that are paying more attention to data-related issues are also deeper. Second, deeper agreements are also going hand in hand with PTAs that advocate regulatory cooperation. This could also be interpreted as negotiators are forward-looking, promising to engage in regulatory discussion to accompany the rapidly changing regulatory environment. Deeper agreements are also more flexible, and provide for more consumer protection rights and non-discrimination clauses.

Figure 2.11. The depth in relation to the other indicators.

Source: Authors’ illustration based on the TAPED database.

Another set of explanations can be situated at the domestic level and relates to a different set of questions: To what degree are domestic policies mirrored in international law commitments? Are countries using international law as a commitment device to bring about domestic regulatory change or are we rather witnessing a screening effect in which commitments largely reflect domestic practice suggesting some cheap talk in relation to signing agreements?Footnote ¹⁸

To address such questions, we discuss how PTA design relates to domestic digital policies. We rely on the recently published Digital Trade Restrictiveness Index (DTRI) by the European Centre for International Political Economy (ECIPE). The DTRI covers a range of fiscal, establishment, data and trading restrictions related to digital trade for sixty-four economies worldwide. The index ranges between zero and one, where zero indicates a fully open digital economy and one indicates a virtually closed digital economy. Between the TAPED database and the DTRI, we have an overlap of thirty-one countries.Footnote ¹⁹ Figure 2.12 illustrates how our main indicators relate to the DTRI. All indicators are negatively correlated with the DTRI.Footnote ²⁰ As for those indicators that are about scope, depth and various obligations, a negative correlation casts doubts about prima facie evidence that a commitment story is at play here. More interesting are downward trends for flexibility and consumer protection; countries with lower restrictions aim for more flexibility. This would rather suggest that these countries aim to keep policy space in this area, whereas countries with higher restrictions paradoxically demand less flexibility providing some support for the idea of a commitment device. Overall, we also observe that the rule-makers, with the exception of the EU, are substantially above the trend lines.

Figure 2.12. PTAs and digital trade restrictiveness.

Source: Authors’ illustration based on the TAPED and the DTRI databases.

H Conclusion

Data flow provisions have entered the universe of PTAs in the past fifteen years, although, only a third of all PTAs have commitments related to this area. This chapter presented a number of indicators related to PTA design and has mapped the design evolution over time. Letting the data speak, we discovered a number of leading actors (rule-makers) and sets of overlapping models of treaties based on textual analysis. However, we seem to be at the beginning of a period where data-relevant provisions will only increase in importance as many classic trade and trade-related provisions, such as tariffs, become relatively less important.

What are the next steps in understanding design and design variation in the domain of digital trade? First, research may explore explanations to account for variation in design based on political economy models and arguments rooted in the international relations literature; for instance, what roles do commitment concerns or power asymmetry play in agreeing upon new rules? Which interest groups are pivotal for pushing new rules? How does the competition between exporter interests and consumer protection interests define government positions entering into PTA negotiations? Second, research should pay more attention to the evolving competition among models that are being developed, in particular starting with the CPTPP and how this will affect the creation and promotion of other models, such as that of the EU. Are these models complementary or are they creating regulatory barriers? Related to this, it can be asked how leading promoters of models use PTAs to diffuse their preferred models and what the impacts on non-PTA members are when they negotiate PTAs. It would be also pertinent to explore to what degree new domestic initiatives, such as the EU General Data Protection Regulation, impact on PTA design and push for updating existing PTAs.Footnote ²¹

Finally, the following questions need to be raised: What is the impact of these commitments on state behaviour? How do they assist in creating new domestic policies and laws on the role of data in trade and how do they inhibit government action to restrict trade in light of consumer protection concerns? Also, more generally, how do these commitments directly or indirectly impact trade flows in goods and services and investment-location decisions for firms with large data components in their business models?

A Introduction

Movement of data across borders is central to today’s economy: it enables people to instantly connect with each other, companies to do business smoothly and governments to offer new, more efficient services to their citizens. The Internet has fundamentally changed what, with whom and how trade is conducted, and today virtually all cross-border transactions make use of the Internet or some digital component.Footnote ¹ The exponential growth in data being exchanged cross-border is not set to slow down.Footnote ² Yet, cross-border data flows are also raising both economic and political concerns related to the concentration of data, data sovereignty, privacy, law enforcement, and national security. This has posed the question of whether countries should insist that companies process data within their jurisdictions, and already many countries have enacted restrictions on the transfer of data across borders.Footnote ³

The enactment of these measures has been a topic of hot discussions across the world. On the one hand, there are actors arguing that data should flow freely and that any restriction creates unnecessary costs for businesses and the economy while also limiting the freedom of expression of people online.Footnote ⁴ On the other hand, certain stakeholders argue that these measures are legitimate to protect important policy objectives, such as privacy and security.Footnote ⁵

These discussions are not new. In fact, already in the 1980s, some companies started to worry about the potential trade-restrictive impact of new policy measures affecting the use and transfers of data justified under the rationale of national security and privacy. Yet, the debate is still open today with claims by the business community that restrictions on the transfer and use of data (both personal and non-personal) are put in place without a proper analysis of the trade-inhibiting effects and with little guarantee that security and privacy concerns are actually addressed.Footnote ⁶

The discussions on the trade-restrictive impact of data policies have intensified in the past years with the increasing importance of data flows for trade. As stated by the Swedish National Board of Trade, today ‘trade cannot happen without data being transferred from one location to another’.Footnote ⁷ Restrictions on the movement of data in practice affect not only firms in the digital sector, but in virtually any sector of the economy.Footnote ⁸ In fact, firms of all sizes and across all sectors use data.Footnote ⁹ This is even more the case considering that data per se does not have much intrinsic value, but rather acquires it when processed (often along with other data) and used to offer services, improve business efficiency or take management decisions. Therefore, it does not surprise that restrictions on data flows are perceived by companies as trade restrictions.Footnote ¹⁰ Former European Trade Commissioner Malmstrӧm also notably stated that ‘restrictions on cross-border data flows inhibit trade of all kinds: digital and nondigital, products and services. We cannot just pretend that this doesn’t exist, or that data has nothing to do with global trade’.Footnote ¹¹

While companies have advocated the removal of data policies and the free flow of data across borders, it is yet not clear how different types of data policies impact trade, and some governments have also argued that certain policies would rather support trade by enhancing consumers’ confidence.Footnote ¹² This chapter addresses the question by looking at whether data policies create a distortion on trade in services. It does so by providing a summary of the main empirical evidence on the costs of restrictions on cross-border transfers of data and domestic restrictions on the use of data. The latter category is also included in the analysis because domestic restrictions on the use of data could have an indirect impact on trade as a result of lower productivity for local firms and limited access to innovation.

The first category of restrictions on cross-border transfer of data deals with all measures that raise the cost of conducting business across borders. These measures either mandate companies to keep data within a certain border or impose additional requirements for data to be transferred abroad. More specifically, these measures include bans to transfer data abroad, local processing requirements, local storage requirements, and conditional flow regimes.Footnote ¹³ The common feature of these measures is that they create ‘thick’ digital borders between countries. The second group of data policies relates to the use of data domestically and includes all measures that impose certain requirements for firms to access, store, process, or more generally make any commercial use of data within a certain jurisdiction. These measures apply to both local and foreign firms alike and include data retention requirements, administrative requirements, such as the need to prepare a Data Privacy Impact Assessment (DPIA) and to hire a Data Protection Officer (DPO), data breach notifications to government authorities, and the requirement to provide government with direct access to personal data.

B Countries That Impose Stricter Data Policies

Before exploring the empirical evidence on the costs of data protectionism, this section gives a brief introduction on the level of data restrictions imposed all over the world. The indicator used in the analysis is the Data Restrictiveness Index developed in Ferracane et al.,Footnote ¹⁴ which is based on the information available in the Digital Trade Estimates (DTE) database of the European Center for International Political Economy (ECIPE).Footnote ¹⁵

The Data Restrictiveness Index summarizes the level of restrictiveness on data policies in over sixty economies and varies between zero (completely open) and one (virtually restricted) with higher levels indicating increasing levels of data restrictiveness.Footnote ¹⁶ In the analysis, data policies are defined as those regulatory measures that restrict the commercial use of electronic data. The study is limited to those measures implemented at the national or supranational level (such as in the European Union), while other restrictions imposed by local public entities are not taken into account. Data policies are divided into two main categories: (i) cross-border data policies and (ii) domestic data policies, as defined earlier. The data policies implemented in the countries are analysed and aggregated in the Data Restrictiveness Index through a detailed methodology, presented in Section E. The types of measures included in the analysis are listed in Table 3.1, with the respective weights assigned in the analysis, which are estimated based on experts’ input.

The index shows a clear trend of increasing data restrictiveness globally, driven both by raising restrictions on domestic use of data and on transfers of data (Figure 3.1).

Figure 3.1. Data Restrictiveness Index, 2006–2016.

Note: The index covers sixty-four countries representing more than 95 per cent of value-added content of gross exports.

Source: M. F. Ferracane, J. Kren, and E. van der Marel, ‘The Cost of Data Protectionism’, VoxEU, 25 October 2018.

The index shows that Russia, China, and Turkey are the most restrictive countries when it comes to the regulatory environment for using and transferring electronic data (Figure 3.2). These countries are followed by two major European economies, France and Germany, which also show high levels of restrictions on data policies.Footnote ¹⁷ Interestingly, on the one hand, all five countries are relatively large, often with a strong manufacturing base compared to their services activities. On the other hand, small services-oriented economies are found to have a more open regime on data policies.

Figure 3.2. Data Restrictiveness Index, by country (2017).

Source: M. F. Ferracane, J. Kren, and E. van der Marel, ‘The Cost of Data Protectionism’, VoxEU, 25 October 2018.

The analysis only focuses on costs of using and transferring data, while it does not take into account regulatory policies that can support data-intensive activities, such as the existence of a basic framework of data protection and consumer protection for online transactions. Future analyses should take into account these policies to have a full perspective on the ease of using and transferring data in different countries. Nevertheless, the Data Restrictiveness Index is an important step forward in the analysis of the national regimes on data policies and the development of much-needed empirical evidence on the costs of protectionism.

C Empirical Evidence on the Cost of Data Protectionism

The economic literature that discusses the cost of data policies from a trade perspective is scarce.Footnote ¹⁸ This is probably due to the fact that the topic is relatively new. Yet, the lack of in-depth empirical analysis is surprising given the extent to which trade in services today relies on data flows and considering the sizable portion of all trade in services being traded over the Internet. There are two main streams of research on data flows: one looks at the costs of data policies on local companies (mainly in terms of productivity); the other looks at the costs of these policies on foreign companies, and therefore more directly on trade.

The following section presents the empirical evidence on the costs of data protectionism on local companies in terms of jobs, productivity, and Gross Domestic Product (GDP). If data restrictions on the use and transfer of data lead to higher costs for conducting data-intense activities, then they would be detrimental for the development of local companies, impacting their productivity and, in turn, creating trade distortions. The subsequent section presents the empirical evidence on data protectionism and services trade, and therefore on whether data restrictions could create a trade barrier for foreign companies.

I Foregone Gains for Local Companies

A first set of empirical research looks at the costs of data restrictions on local firms. While it has been argued that data policies could support the development of a local information technology (IT) industry by shielding local incumbents from competition, there is no empirical evidence supporting this claim.Footnote ¹⁹ Instead data policies are found to have a negative impact on productivity and GDP.

Some studies look at the impact of data policies on jobs. While strict data policies might lead to the creation of data centres in the country imposing them, the construction of data centres is not expected to create a significant number of jobs. In most cases, data centres contain expensive high-tech equipment that is often imported and creates construction work only in the short term while employing relatively few full-time staff. In fact, the number of jobs associated with data centres has been decreasing sharply, as data centres become more automated.Footnote ²⁰ A 2008 report found that Yahoo, Ask.com, Intuit, and Microsoft hired a total of 180 workers for their facilities – an average of 45 workers per facility.Footnote ²¹ Other media reports from 2011 showed that a massive USD 1 billion data centre Apple built to help power its cloud computing products created only 50 new full-time jobs.Footnote ²² In 2015, the media reported that Apple’s USD 2 billion global command centre in Mesa, Arizona, would employ 150 full-time personnel, and create between 300 and 500 construction and trade jobs.

Another study looks specifically at one policy framework regarding data, the General Data Protection Regulation (GDPR) of the European Union, and its impact on jobs. Christensen et al. use calibration techniques to evaluate the impact of the GDPR proposal on small- and medium-sized enterprises (SMEs) and conclude that SMEs that use data rather intensively are likely to incur substantial costs in complying with these new rules.Footnote ²³ The authors compute these results using a simulated dynamic stochastic general equilibrium model and show that up to 100,000 jobs could disappear in the short run and more than 300,000 in the long term.

Therefore, the establishment of local data centres does not appear to lead to new jobs created in the country. Certain local companies providing data processing services would nevertheless benefit from such measures as they could leverage on a larger pool of data to process.Footnote ²⁴ Yet, the empirical evidence suggests that the higher costs for processing data locally and the consequent loss of productivity in the overall economy would outweigh the benefits accrued to a small set of actors.Footnote ²⁵ When data restrictions apply, local companies are not free to use the most convenient data processing provider globally and have to pay for more expensive or even duplicate services when they transfer data needed for day-to-day activities, for example, for human resources management. The higher costs of data processing are widespread and affect all businesses and consumers that are denied access to certain innovative services. The additional costs have a trickle-down impact on the macroeconomic performance of those countries implementing such rules.Footnote ²⁶

A study by the Leviathan Security Group finds that in many countries, which are considering or have considered restrictions on cross-border transfer of data, local companies would be required to pay 30–60 per cent more for their computing needs than if they used services located outside the country’s borders.Footnote ²⁷ The methodology used by the Leviathan Security Group compares the prices offered by local providers with the cheapest secure alternative option offered worldwide. In Brazil, for example, at the low end for 1-GB-equivalent servers, Microsoft’s price in 2015 was USD 0.024 per hour. The lowest worldwide price for 1-GB-equivalent servers – USD 0.015 per hour – would save Brazilian customers 37.5 per cent on their server costs when compared to a Brazil-exclusive solution. For a 2-GB-equivalent server, a Brazil-located solution would cost USD 0.08 per hour, and the cheapest price globally would be USD 0.03 per hour – a saving of 62.5 per cent. Averaged across the types of servers, a customer located in Brazil would pay 54.6 per cent less by using cloud servers outside Brazil instead of Brazil-located cloud computing resources.Footnote ²⁸ Therefore, it emerges that, while certain local companies would benefit from offering their services to other local companies, overall a vast majority of local companies would incur higher costs for data processing, leading to lower productivity for the economy.

Another set of studies looks at the impact of data policies on productivity of local firms. A study by Bauer et al.Footnote ²⁹ is the first to explore how regulatory policies related to electronic data affect total factor productivity (TFP), albeit at an industry level.Footnote ³⁰ The authors make a first attempt at analysing this linkage econometrically by setting up a data regulatory index using existing indices of services regulation. They look at different types of policies relating to both the use and the transfer of data. The authors calculate the costs of data policies for domestic firms by establishing a link between regulation in data services and TFP at the industry-level in downstream sectors across a small set of countries. They find that stricter data policies tend to have a stronger negative impact on the downstream performance of industries that are more data intense.

A more rigorous assessment of the empirical relationship between data policies and productivity is provided by Ferracane et al.Footnote ³¹ The authors use firm-level TFP data across a set of developed countries and the Data Restrictiveness Index presented in the previous section. TFP is considered the most important factor for long-run GDP growth and it represents the part of economic output accounted for by efficiency and technology. The results confirm that restrictive data policies significantly harm the productivity of firms active in data-intense sectors, especially for local companies in industries and services sectors more reliant on data.

Ferracane et al.Footnote ³² is also the first empirical study to analyse cross-border and domestic data policies separately. Both types of restrictions are found to have a significant negative impact on productivity. Yet, restrictions on the domestic use of data have a marginally stronger impact on productivity compared to policies on the cross-border movement of data. Therefore, measures implemented at the domestic level with the objective to raise trust of consumers on digital services are not found to have any positive impact on productivity of firms and are rather expected to lead to a loss of productivity of local firms. On average, the study predicts that lifting data restrictions would generate a positive impact on the productivity performance of local firms with a TFP increase of about 4.5 per cent across countries (Figure 3.3), with stronger benefits in data-intensive sectors such as retail and information services.Footnote ³³

Figure 3.3. Firm productivity gains from lifting data restrictions, by country.

Source: M. F. Ferracane, J. Kren, and E. van der Marel, ‘The Cost of Data Protectionism’, VoxEU, 25 October 2018.

To contextualise the magnitude of this gain in productivity, we can compare the results with a study by Iootty and others,Footnote ³⁴ who explored the potential impact of policy reform in services using a similar approach. The predicted TFP gains that these authors obtained from lowering services restrictions are around 3 per cent. The higher gains from reforming data restrictions can be explained by the important role of intangible assets in today’s economy.

Finally, some studies look at the impact of data policies on GDP. Bauer et al.Footnote ³⁵ employ the econometric results on TFP presented earlier in a general equilibrium analysis using the Global Trade Analysis Project (GTAP) to estimate the wider macroeconomic impact. The study measures the impact of data policies on exports, GDP, and lost consumption owing to higher prices and displaced domestic demand. The impact of proposed or enacted data restrictions on GDP is found to be substantial in all seven countries analysed in the study: Brazil (−0.2 per cent), China (−1.1 per cent), EU (−0.4 per cent), India (−0.1 per cent), Indonesia (−0.5 per cent), the Republic of Korea (−0.4 per cent), and Vietnam (−1.7 per cent). If these countries also introduced economy-wide data localisation requirements, GDP losses would be even higher: Brazil (−0.8 per cent), the EU (−1.1 per cent), India (−0.8 per cent), Indonesia (−0.7 per cent), and the Republic of Korea (−1.1 per cent). Yet, from this study it remains unclear whether the effect can be assigned to the cross-border or the domestic component of data policies.Footnote ³⁶

Another study from Manyika et al. of 2016 looks at the contribution of cross-border data flows to GDP and finds that it has overtaken that of flows in goods in the current wave of globalisation.Footnote ³⁷ The study states that data flows today account for USD 2.8 trillion of the total increased world GDP over the last decade, thereby exerting a larger impact on growth than traditional goods trade. Interestingly, this work does not dedicate special attention to the interlinkages that exist between data flows and trade in services but takes the former as being a separate channel that impacts the economy independent from services.

From this analysis, it emerges that data policies are not expected to create new jobs in the local economy nor to develop the local industry in data-intense sectors. On the contrary, it appears that these policies tend to lower the level of productivity of local companies and, in particular, domestic restrictions on the use of data are expected to have a stronger impact on productivity. This is not to say that local governments should remove any domestic restrictions on the use of data. These measures might be necessary for important policy objectives, such as privacy and security. Yet, the governments need to take into account the costs of these measures on local companies when designing and implementing them.

II The Foregone Gains for Foreign Companies

Turning to the impact of data policies on foreign companies and trade in services, the evidence is even more scarce. A study conducted in 2014 by the US International Trade Commission (USITC) looks at a set of restrictions on trade including restrictions on data flows. The study estimates that removing foreign barriers on digital trade would lead to an increase in US GDP of up to USD 41.4 billion.Footnote ³⁸ The econometric model used in the analysis relies on surveys of US firms to identify restrictions to digital trade and to rank countries that enact these restrictions in order to estimate the impact that removing these measures would have on certain sectors and the overall US economy.Footnote ³⁹ Yet, this study looks at a broader set of restrictions than data policies, including policies on platforms and content access.

Earlier work from Freund and Weinhold points to the facilitating role of the Internet on trade in services.Footnote ⁴⁰ The authors state that an increase in Internet penetration by 10 per cent has the effect of increasing the growth of services trade by 1.1 percentage point for imports and 1.7 percentage point for exports. These conclusions are closely related to the question of whether data flows influence trade in services to the extent that restrictions on data can constitute a restriction on the use of the Internet.

In addition to these studies, some scholars have focused more generally on the link between data flows and trade in services. Recent work by Goldfarb and Trefler discusses the potential theoretical implications of data policies on international trade and how these policies relate to the existing models of international trade. Although this discussion is put in a wider context of artificial intelligence (AI), the authors make clear that an expanded AI industry, in which data flows are an important factor, would have clear implications for services trade.Footnote ⁴¹ Similarly, Goldfarb and Tucker point out that privacy regulations may harm innovative activities, particularly in services.Footnote ⁴² They present the results of previous case studies they undertook with respect to two services sectors, namely health services and online advertising. In short, both studies show that there are strong linkages between the effective sourcing and deployment of data, the services economy, and trade in services.

Mattoo and MeltzerFootnote ⁴³ provide anecdotal evidence on the cost of GDPR on Indian firms presenting a survey by NASSCOM-DSCI in 2013.Footnote ⁴⁴ The survey finds that the requirements for cross-border transfer of personal data lead to a significant loss of business opportunities for Indian firms, with nearly two-fifths of the surveyed services exporters claiming lost commercial opportunities of more than USD 10 million and another third estimating a loss between USD 1 million and 10 million.

Ferracane and van der Marel is the first empirical study that investigates more directly the impact of data policies on trade in services and confirms the findings from the NASSCOM-DSCI survey.Footnote ⁴⁵ The authors investigate whether stricter data policies on use and transfers of data inhibit trade in services. The study analyses econometrically whether data policies reduce the imports of services, and in particular whether data-intense services, such as computer services, technical services, intellectual property (IP) rights, and research and development (R&D) services, are affected. For the analysis, the authors rely on the Data Restrictiveness Index presented earlier and a methodology adapted from Ferracane et al.Footnote ⁴⁶ Restrictions on the cross-border movement of data are found to significantly reduce imports of services, while no statistically significant evidence is found regarding domestic data policies. This is unsurprising, as generally restrictions at the border have a direct impact on trade, while domestic restrictions only indirectly impact trade. The analysis predicts that if countries lifted their restrictions on the cross-border flow of data, the imports of services would rise on average by 5 per cent across all countries, with obvious benefits for local companies and consumers, who could access cheaper and better online services from abroad (Figure 3.4).Footnote ⁴⁷ Moreover, if the two most restricted countries – Russia and China – were to remove restrictions on the cross-border movement of data, they would experience a staggering increase of services imports by more than 50 per cent.Footnote ⁴⁸

Figure 3.4. Trade gains from lifting data restrictions, by country.

Source: M. F. Ferracane, J. Kren, and E. van der Marel, ‘The Cost of Data Protectionism’, VoxEU, 25 October 2018.

These numbers amount to a substantial size of foregone gains from trade by putting in place restrictive data policies. To compare, total commercial services exports increased by around 7 per cent in 2017.Footnote ⁴⁹ Most of these trade gains would be seen in data-intense sectors, such as computer services, financial and insurance services, as well as telecom and R&D services.

D Data Protectionism and the World Trade Organization

The empirical evidence presented in this chapter shows that data policies do restrict trade in services. Restrictions that apply to the cross-border movement of data have a more direct inhibiting effect on trade in services, while they also create trade distortions by impacting the productivity of local companies and industries, although to a marginally lower extent than policies related to the domestic use of data. On the other hand, domestic data policies are associated with lower productivity for local firms, and therefore impact trade only indirectly.

Yet, the evidence available is still scarce, especially in relation to the impact of data policies on trade. Ferracane and van der MarelFootnote ⁵⁰ is the first study to delve in-depth into the impact of data policies on trade in services and the findings are in line with the expectation of businesses that indeed these measures reduce imports of services. The analysis predicts that, if countries lifted their restrictions on data (in particular restrictions on cross-border data flows), the imports of services would rise on average by 5 per cent.

Given the relevance of data policies for trade, it is not unlikely that a country could bring a claim before the World Trade Organization (WTO) to challenge certain data restrictions. The debate on whether data restrictions represent a trade barrier that could potentially be challenged at the WTO is, however, still in its infancy.Footnote ⁵¹ It is urgent to undertake further empirical analyses to assess the costs of these measures. This analysis should also focus on identifying which types of data policies are mostly responsible for restricting trade and also investigate whether and how restrictive data policies affect developing countries and their growth potential in the long run.

A WTO dispute could have a profound impact on the way in which the Internet develops and eventually on our society. If a dispute were to arise, the analysis could not prescind from an informed discussion on the necessity of the measures to achieve important policy objectives. While certain data policies might be necessary to protect the privacy of citizens and national security, more research is needed to assess which measures enable countries to best protect these important non-economic policy priorities and which instead create unnecessary costs on the domestic economy and on foreign companies.

The policy implications to take into account when regulating data flows are complex and include, on top of trade aspects, also technical issues related to the Internet architecture and Internet governance, human rights including data privacy and freedom of expression, development issues connected to data sovereignty as well as potentially public order issues connected to the suppression of political dissidents.Footnote ⁵² However, it is not yet clear how data policies contribute to achieving any of these policy objectives and these restrictions risk creating unnecessary fragmentation of the Internet.

The plurilateral discussions currently on-going at the WTO under the Joint Statement on Electronic Commerce Initiative (JSI) might offer a fertile ground for informed discussions that could engage Internet governance institutions and other stakeholders for a better understanding not only of the costs of data policies on trade in services but also on the technical effectiveness of these policies to achieve their desired objective. If anything, countries should be in a position to carefully weigh the negative impact of certain measures in order to strike the right balance between different policy priorities, without creating excessive costs for firms and, eventually, consumers.

The WTO could provide a much-needed arena for a transparent and informed dialogue on data policies, their costs and their effectiveness in achieving certain policy objectives. As stated by Selby, there is a need to ‘distinguish rhetorical claims from underlying realpolitik as to identify potential reasons why it is such a contested policy issue’.Footnote ⁵³ Engaging the relevant stakeholders is indispensable for such an informed discussion to take place, and more empirical research is needed both in relation to the costs of data policies for the economy and on the actual effectiveness of these measures in achieving the desired policy objective. Failure to do so could lead to a fragmentation of rules on data, with consequences that go well beyond trade.Footnote ⁵⁴

E Annex

The data policy index covers those data policies considered to impose a restriction on the cross-border movement and the domestic use of data. The methodology to build on the measures is listed in the Digital Trade Estimates (DTE) database, which is available on the ECIPE website (https://ecipe.org/dte/database/). Starting from the DTE database, these policies are aggregated into an index using a detailed weighting scheme, which looks at the trend of data policies for the years 2006–2016. The database and index are updated with new regulatory measures found in certain countries.

While certain policies on data flows can be legitimate and necessary to protect the privacy of the individual or to ensure national security, these policies nevertheless create a cost for trade and are therefore included in the analysis. The criteria for listing a certain policy measure in the DTE database are the following: (i) it creates a more restrictive regime for online versus offline users of data; (ii) it implies a different treatment between domestic and foreign users of data; and (iii) it is applied in a manner considered disproportionately burdensome to achieve a certain policy objective. Each policy measure identified in any of the categories receives a score that varies between zero (completely open) and one (virtually closed), reflecting their scope and level of restrictiveness. A higher score represents a higher level of restrictiveness in data policies. The data policy index also varies between zero (completely open) and one (virtually closed). The higher the index, the stricter the data policies implemented in the country.

The index is composed of two sub-indexes that cover two main types of policy measures: one sub-index covers policies on the cross-border movement of data and one sub-index covers policies on the domestic use of data. Analysing these two sub-indexes separately provides additional information on whether the impact of data policies on services trade varies depending on the nature of the policies. The full data policy index is measured as the sum of these two sub-indexes. This annex presents in detail the composition of the two sub-indexes. It shows which policy measures are found in each of the sub-indexes and the scheme applied to weigh and score each measure.

The list of measures included in the two sub-indexes is summarised in Table 3.1 presented earlier. As shown in the table, the sub-indexes are measured as a weighted average of different types of measures. The weights are intended to reflect the level of restrictiveness of the types of measures in terms of costs for digital trade. The first sub-index on cross-border data flows covers three types of measures, namely (i) a ban on data transfer or a local processing requirement for data; (ii) a local storage requirement, and (iii) a conditional flow regime. The second sub-index covers policies affecting the domestic use of data, divided in the following subcategories: (i) data retention requirements, (ii) subject rights on data privacy, (iii) administrative requirements on data privacy, (iv) sanctions for non-compliance, and finally, (v) other restrictive practices related to data policies.

The main sources used to create the database are national data protection legislations. Otherwise, information is obtained from legal analyses on data policies and regulations from high-profile law firms and from Stone et al.Footnote ⁵⁵ Occasionally corporate blogs and business reports were also taken into consideration, as they can have useful information on the de facto regime faced by the company when it comes to the movement of data. All sources for each of the measures are listed in the ECIPE DTE database.

A Introduction

The tension between protecting free data flows and protecting goals such as privacy and cybersecurity is vexing Internet and trade policymakers. Laws and regulations hindering data flows across borders (‘data restrictive measures’ or ‘data restrictions’) are often trade restrictive,Footnote ¹ and some of these measures can violate World Trade Organization (WTO) and Preferential Trade Agreements (PTAs) obligations.Footnote ² However, countries can justify these measures under exceptions in international trade agreements that allow governments to implement measures necessary to achieve their domestic policy objectives,Footnote ³ arguably including policies for the stability and security of the domestic Internet.Footnote ⁴ Nonetheless, the inherent contradiction between the globality of the Internet and the (often) inward-looking data restrictive measures creates uncertainties for data-driven sectors.Footnote ⁵

Modern-day digital services, such as cloud computing services, play an important role in facilitating businesses across the global supply chain, particularly by enabling them to expeditiously and efficiently move data across countries.Footnote ⁶ Some experts have even argued that data should be included as a ‘fifth item to the traditional list of issues addressed by trade policy: movement of goods, persons, services, capital, and data’.Footnote ⁷ Yet, a contradictory narrative exists, emphasising the importance of legal checks on cross-border data flows, especially the regulatory advantages of data territoriality, to inter alia ensure privacy, security and ethical use of data.Footnote ⁸

This article adopts a holistic perspective on the relevance of international trade law to data flows by (i) exploring the different regulatory issues pertaining to data flows that directly relate to international trade law; and (ii) recommending a framework in WTO law incorporating legal obligations on cross-border data flows alongside other relevant disciplines that enhance trust in the Internet ecosystem. Many contemporary electronic commerce issues are covered in recent PTAs; however, these PTAs often take different approaches, for example, on issues of cross-border data flows and data protection.Footnote ⁹ In the long run, such varied approaches may lead to fragmented rules on trade in digital services.Footnote ¹⁰ In contrast, the WTO being the only multilateral trade institution in the world, with a membership of 164 countries, is better suited to develop coherent, balanced and representative rules for a data-driven economy, as discussed further in this article. Moreover, electronic commerce–related issues are now more prominent at the WTO, including under the joint statement initiative, providing a timely opportunity to WTO members to develop new and relevant rules on data flows.Footnote ¹¹

This article explores various elements required within the WTO framework to address the policy ramifications of data restrictive measures, focusing on General Agreement on Trade in Services (GATS). However, we acknowledge that our research query is cross-cutting and other issues might be relevant including the alignment of GATS with General Agreement on Tariffs and Trade 1994 (GATT 1994),Footnote ¹² Agreement on Technical Barriers to Trade (TBT)Footnote ¹³ and Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS).Footnote ¹⁴ Further, where relevant, we also refer to applicable electronic commerce rules in different PTAs.

The first section explores the multilayered policy framework governing data flows and cross-border data flows identifying various policy goals typically associated with data restrictions. The following section then explains the trade-related aspects of data flow regulation by focusing on two interconnected topics: (i) the special nature of digital trade and trade in data that makes it harder to apply existing GATS provisions to digital services and (ii) those aspects of data flows that are trade related and, thus, should be addressed in a trade law framework. Finally, the last section proposes a novel WTO framework on data flows by identifying the foundational principles for data regulation and the legal provisions necessary to enable security, predictability and certainty in data flows. This section also discusses the feasibility of implementing this proposal at the WTO.

The article concludes that the WTO framework can and should evolve to accommodate the policy challenges of a data-driven economy, including adoption of binding provisions on free cross-border data flows; prohibition on data localisation; and introducing relevant provisions facilitating business and consumer trust in the digital ecosystem such as online consumer protection, privacy and cybersecurity. This framework should also include provisions centred on the specific needs of developing countries, such as providing them with technical assistance and capacity-building support, as well as facilitating digital inclusion and development. We, however, acknowledge various political constraints in adopting our proposal wholesale at the WTO, given the political sensitivity of the issues involved, and the policy preference of various countries to use PTAs to negotiate rules on data flows. Nonetheless, we believe that the existing WTO framework remains better suited and more relevant in achieving greater balance, coherence and consistency in trade rules on data flows, and that sufficient incentives exist for WTO members to meaningfully engage in reforming WTO rules to make them more relevant to the data-driven economy.

B Regulating Data Flows: A Multilayered Policy Framework

Notwithstanding the economic benefits of free data flows, countries restrict data flows to address various policy concerns. This section first discusses the most common rationales for imposing data restrictive measures, such as privacy and cybersecurity protection.Footnote ¹⁵ It then covers other aspects of data transfer that concern governments, such as illegal and unauthorised data access by foreign countries, trade secrets theft, and consumer risks in electronic transactions. Finally, the section discusses how data restrictive measures can relate to achieving domestic economic development.

C Trade-Related Aspects of Data Governance

The discussion in the previous section indicates the complex, multilayered nature of data governance, and the need for a holistic and multidimensional trade framework on cross-border data flows. While not all governance issues related to data transfers are trade related, certain issues including online consumer protection, cybersecurity and privacy, as discussed later, are necessary to ensure a stable regulatory framework for digital trade. Being atypical of trade agreements, these issues are not explicitly covered in WTO agreements, such as the GATS.

D Devising a WTO Framework on Data Flows

An ideal digital trade framework should facilitate free data flows, digital innovation, and healthy competition in the global digital market without interfering with a country’s right to legitimately regulate the Internet.Footnote ⁹⁷ In this section, we propose a WTO framework on data regulation addressing various trade-related aspects of data flows that fits better into such an ideal digital trade framework. The suggested framework is similar to certain recent PTAs but with specific modifications that adapt to the diversity of the WTO membership. The following first section discusses the foundational principles of data regulation in international trade law, while the subsequent section advances our proposals for reform in WTO law.

E Conclusion

The future of trade in digital services and data entails complex and uncertain policy challenges.Footnote ¹⁵⁵ Thus, balancing different regulatory concerns is fundamental to ensure a coherent and sustainable regulatory framework for data flows. Being the leading multilateral trade institution, the WTO is well placed to undertake several of the required reforms to bring about better balance between promoting free flow of data while protecting a secure and stable regulatory environment for data and addressing commercial interests of consumers and businesses. However, the WTO cannot deal with all pertinent issues related to data transfer, or act on its own. Instead, the WTO needs to reframe its policy approach to engage with more relevant international and multi-stakeholder institutions and develop disciplines that address relevant dimensions of data regulation.

In this article, we recommend a comprehensive framework on data flows that covers a large range of areas that is atypical of most existing international trade agreements. Our recommendations are more comprehensive than the disciplines incorporated in the USMCA and CPTPP. However, as digital trade continues to grow, WTO law will need to respond to new policy challenges arising with increased data flows. In order to do so, WTO members must consider a comprehensive and balanced regulatory framework, where provisions for free cross-border data flows and prohibition on data localisation are complemented with relevant disciplines on online consumer protection, privacy and cybersecurity. Such an approach would facilitate openness as well as business and consumer trust in digital trade. This framework should also include rules addressing the specific needs of developing countries and LDCs to enable their inclusion into the digital economy. Although such a comprehensive framework will require increased participation, goodwill and commitment of countries, particularly under the ongoing joint statement initiative at the WTO, we believe it can eventually be more meaningful and sustainable.