European Commission officials have struck a deal that could put a clause guaranteeing international data flows into a trade agreement with 22 countries outside the bloc, including the United States and Australia.
But the Commission is in deadlock over whether to cave to pressure from the US despite criticism that salvaging the pact on services could undermine EU privacy law.
The stakes are high: several countries involved in TiSA, including the United States, have insisted the agreement will crumble if there’s no guarantee that data can travel between trade partners. On top of that, critics and companies in favour of TiSA argue the Commission’s move on data flows could have a domino effect and be copied in other trade agreements.
According to several sources involved in the negotiations, the Commission’s trade and justice units have come up with a compromise that puts a controversial measure to guarantee data transfers into the trade in service agreement, or TiSA, capping off a months-long struggle between EU officials.
One official who took part in the negotiations said the compromise includes a formulation that makes sure the EU’s tough data protection laws can’t be toppled by the trade agreement. EU data protection rules prevent personal data from being transferred to countries outside of Europe if they don’t guarantee equal privacy protection.
“We are very certain our domestic rules and adequacy approach cannot be challenged,” the source said of the new arrangement on data flows.
Negotiators on TiSA have said they want to finish talks on the agreement, which would open up trade in service areas like telecoms and finance, by the end of this year. European Commission officials in charge of negotiating the agreement are scrambling to finalise the clause on data flows and get national trade ministers from the 28 EU countries to give it the green light.
Top officials in charge of the trade deal have been trying to work out a way to guarantee data transfers—but the executive’s justice unit, DG Just, has held up those talks. The unit at first refused to agree to a data transfer clause in TiSA and put off talks with other Commission units over the measure until after it had wrapped up tense negotiations with the United States over Privacy Shield, the EU’s arrangement that allows companies to send personal data to the US. That deal was approved this summer.
One source close to the negotiations said DG Just was “too confident” it could steer the internal talks over data flows.
But now the unit that crafted Privacy Shield and negotiated the EU’s new data protection rules has warmed up to the plan to put a clause on data flows into TiSA. Privacy advocates won’t be happy.
“Data flows should not be part of trade agreements. The parties to this agreement have different approaches to data protection and privacy. It’s not only about the US, you have other countries that have poor data protection standards,” said Maryant Fernández Pérez, an advocacy manager at the NGO European Digital Rights.
Several countries, including Turkey, Colombia and Pakistan are negotiating with the EU on TiSA despite their weaker data protection rules. Campaigners say that should raise alarm bells.
“The focus of trade agreements will not be the protection of human rights, but to protect trade,” Fernández Pérez said.
One source close to the internal Commission talks over the data flow clause in TiSA said DG Just saw the trade agreement as a way for the United States to push through a multilateral deal for digital trade. That would challenge the Commission’s system of approving countries one-by-one to receive data from the EU only after officials have scrutinised their privacy laws.
The new clause in TiSA allowing data to travel between countries has “very strong wording” protecting EU data protection laws “so we can keep doing what we think is right domestically, including on transfers to third countries,” one official said.
But the agreement is hanging in limbo. Several sources told euractiv.com that the Juncker Commission isn’t ready to send the compromise text to member states for approval because top politicians in Brussels are afraid the deal might poke holes in the EU data protection rules that are set to go into effect in 2018.
Officials close to Commission President Jean-Claude Juncker and Vice-President Frans Timmermans insisted that internal discussions over the new data measure are still going on.
The slow pace of the executive’s internal talks over the clause on data flows has frustrated impatient technology companies and service industry associations.
“If TiSA fails because of this issue it’s because of the European Union. The European Union would be accused by the rest of the world of being data protectionist,” said Pascal Kerneis, managing director of the European Services Forum, a lobby group representing service industries, telecoms operators, insurers and other big firms.
Companies in favour of TiSA argue that if the European Commission doesn’t propose a change allowing data to travel to other countries, there will be a chill to digital exports from the EU. Firms that process a lot of data will likely relocate to outside the bloc, they argue.
“This is going to change dramatically if the rest of the world thinks we’re building a fortress because of data protection,” Kerneis said.
Industry associations also warn that it could deal a blow to the other trade deals the EU is negotiating.
An internal memo sent by a large Brussels business association to its members, seen by EURACTIV, said that if the Commission refuses a measure on data flows, that could lead to “blocking any progress in negotiations of TiSA, in EU-Japan, in TTIP, and in most of the other FTA talks”.
MEPs passed a resolution earlier this year that called for negotiators to include an exemption in TiSA that would protect the EU’s tough data protection rules—in case they’re challenged by other countries that call the privacy standard a threat to trade.
Luxembourgish MEP Viviane Reding (EPP), the rapporteur on the trade agreement, told EURACTIV that data protection “is not a trade barrier, but a non-negotiable fundamental right that should in no way be compromised by the forthcoming agreement”. The new EU privacy rules need to be “fully safeguarded” in TiSA, Reding said.
Before she was elected as an MEP, Reding proposed the overhaul of EU data protection law during her tenure as EU justice commissioner.