When data flows across borders: Aligning international trade law with internet policy objectives

Abstract

With the rapid digitalisation of the economy, cross-border data flows have become essential for the functioning of different sectors of the economy, including the digital services industry. However, governments often restrict cross-border flows through various laws, regulations, policies and administrative measures (or ‘data-restrictive measures’) to achieve internet-related policy objectives such as regulating online content, protecting online privacy of internet users, and cybersecurity protection. These measures typically interfere with the architecture of the internet and the technical protocols/designs of digital services, resulting in economically and technologically inefficient outcomes. Further, as data-restrictive measures constrain cross-border supply of digital services, they constitute trade barriers, and therefore may violate provisions of the General Agreement on Trade in Services (‘GATS’) of the World Trade Organization (‘WTO’).

This thesis investigates how GATS applies to data-restrictive measures and whether its rules can balance trade and internet policy objectives. It first highlights the complementary relationship of the three fundamental principles of internet governance applicable to cross-border data flows, namely internet openness, privacy and security. It then proposes a theoretical framework whereby GATS can be aligned with these three principles to support both an open and predictable framework for digital trade and robust internet policies. The thesis applies this framework to three common types of data-restrictive measures, namely online content regulation measures, privacy-related data-restrictive measures, and cybersecurity-related data-restrictive measures.

This thesis finds that GATS can be thoughtfully applied and interpreted to align with principles of internet openness, privacy and security. For example, commitments of Members in their GATS Schedules of Commitments can be interpreted in a technologically neutral manner to facilitate both trade liberalisation and internet openness. Further, GATS obligations on non-discrimination, domestic regulation and market access (subject to Members’ relevant commitments and exemptions) generally facilitate an open market for cross-border data flows, thereby supporting internet openness. Finally, under GATS exceptions, Panels can distinguish protectionist data-restrictive measures disguised as cybersecurity/privacy/content regulation measures from measures genuinely necessary to achieve these objectives. To conduct a holistic assessment of data-restrictive measures under GATS, Panels should use both legal and technical evidence, including relying on internet technical and policy expertise.

However, the extent to which GATS aligns with the principles of internet openness, privacy and security is constrained by the lack of multilateral consensus on internet policy issues and the somewhat outdated architecture of GATS. Therefore, in addition to interpreting existing GATS provisions more meaningfully, this thesis proposes a multi-pronged approach to further strengthen alignment of GATS with internet openness, privacy and security. This approach requires: meaningful use of GATS provisions on transparency and mutual recognition; introducing reforms in WTO law to incorporate relevant disciplines on cross-border data flows; and exploring options outside traditional multilateral mechanisms including developing a non-binding WTO declaration on data flows and facilitating stronger regulatory cooperation on data governance in relevant international/transnational institutions. This thesis concludes that although international trade agreements such as GATS cannot resolve all challenges pertaining to data flows, they can and should play a more proactive role in balancing trade and internet policy objectives.