Our data is not for trade
Trade, and the people who negotiate trade agreements, fundamentally misunderstand data, privacy and data protection. Over the last decade trade agreements have started to address issues related to digital trade - but those agreements have privileged corporate interests, aiming to liberalise cross-border data flows (including of personal data) and to restrict States' ability to mandate the disclosure of source code and algorithms for auditing or inspection.
What is the problem?
This approach creates several problems:
Provisions liberalising international data flows treat privacy and data protection regulations as trade barriers, allowing corporations for cross-border data transfers without regard for rules that guarantee minimum data protection standards. These rules harm the right to privacy, and already existent agreements and rules around these issues, such as the Convention 108, the GDPR, or other national data protection laws that provide for personal data transfers only to adequate jurisdictions.
Restrictions for States to prevent public disclosure of source code and algorithms, which severely interfere with efforts to make products and services more transparent and accountable, including how algorithms are increasingly being used to make decisions that affects people's lives.
Exceptions being discussed to allow for the implementation of privacy legislation or regulatory oversight, are extremely difficult to implement in reality, because of the high requisites to implement them under international trade law, and also because of how these provisions are drafted, creating a distinction between mandatory rules ('shall', 'must') and facultative ones ('will aim to', 'will endeavour'), where the first have much more practical importance than the latter.
On top of all of that, these provisions will turn digital trade into a race to the bottom, where countries would compete to have less restrictive data protection frameworks and present their lax regulation as a reason to conduct business in them. Ultimately, digital trade regulation has the potential to hinder existing and future human rights and data protection law and keep shifting the power balance towards corporate interests.
What is the solution?
Consider fundamental rights, including the right to privacy, as the starting point for digital trade discussions. We need a system where our data flows within our control and alongside our rights, not a data wild west. Without this approach, some solutions can create even further problems, like creating data localisation rules, which under the guise of protecting data, end up facilitating the exploitation of that data by local governments and corporations.
State negotiators should be fully aware of the consequences and impacts of their negotiations, including how digital services works and its effects on people's lives. There is a lot of talk about how 'data is the new oil', but in many cases the technical understanding of negotiators on economic or technical issues is deficient, and we need to solve that.
Advocacy around digital rights should include digital trade issues. In many cases, civil society advocates in the field of human rights and technology focus too much on certain discussions, mostly related to internet governance and human rights, without paying enough attention to other forces that are shaping the global debate.
Trade policy making should be more transparent. Many trade policy proposals come directly from those who benefit the most from them - global corporations. Governments and International bodies work closely with them to identify their needs and craft trade policy, often in negotiations that are secretive and closed from public scrutiny and input.
Independent studies should address the impact of current proposals on both human rights and development issues: Many of the policies being discussed in trade agreements will impact digital development and human rights for decades, and yet there is not enough technical and independent research backing the claims being made. Digital trade is being sold as a fix-all to the problems surrounding digital development, which is not only misleading but also highly damaging to those same countries and the people who live in them.
What PI is doing
At Privacy International we have been involved in several international data protection instruments, ranging from those with regional scope such as the GDPR, to some multilateral ones that have global scope like Convention 108, conducting advocacy around cross-border data flows, data localisation, algorithmic transparency, and other related issues.
We work with partners from all over the world to engage in national efforts to approve data protection laws, whilst also supporting and engaging with our partners to raise human rights issues related to digital trade issues.
On global trade issues, we are members of a coalition to engage with trade negotiators and corporations to address human rights issues related to digital trade, in venues such as the World Trade Organisation (WTO) or the United Nations Conference on Trade and Development (UNCTAD).