Privacy and Big Data as a Matter of International Trade

The Internet is a field where the community of reference, advocating for democratic participation, is only partly linked to the territory, and mostly thinks of itself as an a-territorial collectivity. Moreover, due to the key infrastructural and economic value of the World Wide Web, netizens are not the only ones to claim decisional powers. Other actors are involved, such as other States, corporations of the Internet and many forms of sectorial and territorial international organisations. So, clearly State powers cannot exercise the traditional internal and external sovereign authority. Firstly, such matters often exceed the national jurisdiction: neither the players nor the infrastructure of the Web are located in a single territory. Secondly, sometimes the online word questions the States’ monopoly of the legal force. In the digital environment new “functional” private powers have emerged,[1] which, due to their economic position, are able to hold peer-to-peer relationships with States and impose their rules on a plurality of Internet users on a global scale.

This situation was highlighted when a European State established an ambassador in Silicon Valley to deal with the relationships with “over the top” Internet businesses. However, other instances show that such actors are considered as allies in the enforcement of internal sovereignty, rather than average components of civil society. One case is national security, which will be better described below. But it is well known that States seek the cooperation of social networks to secure national elections. This is exemplified in the way they reacted to the danger represented by foreign “trolls” meddling with electoral campaigns in the US, or to Cambridge Analytical scandal, which revealed that politicians are able to target their constituents in an individualised way through social networks.11 Eventually, pending the imminent EU parliamentary elections, the first regulatory reaction to the latter distortion of public sphere was Facebook’s self-regulation. The company decided to enact transparency measures on paid advertising, by creating archives of information concerning the sponsored campaigns and their financers. Moreover, the corporation gave its own political direction to the measures, by forbidding paid political advertising from abroad. In the context of this research, it is interesting to notice how such provision tries to reinforce the exclusion of foreigners from the political community. Even, in the EU context it would wrong-foot Europe’s attempt to legitimise its institutions through the creation of a single transversal political sphere, giving a true European meaning to the parliamentary vote.

Such examples give a sufficient account of the novelty of the Internet as a regulatory field. The huge debate on Internet Governance is a clear indicator of the fact that offline government cannot be immediately taken as a model for digital issues.

New technologies create unprecedented horizons for the territorial and material expansion of digital freedom. Moreover, as mentioned, the Web is a new kind of space, where many enclosures are virtually avoidable, because many digital goods, as data, information or source codes, are non-rival in nature.

This does not necessarily mean — as some scholars claim — that the Internet will become the “heaven of self-regulation”.[2] On the contrary, such a regime would fuel inequalities, leaving the digital field to the “law of the jungle”. On the other hand, the fact that rules are needed — in order to ensure the equal protection of fundamental rights — should not necessarily entailed a “Westphalian model”, embodied by a network of agreements among national governments. Indeed, the peculiarity and novelty of the Web has triggered a creative effort to set patterns of co-regulation on a transnational scale, able to meld the guarantees of public intervention with the flexibility and sectorial efficiency of self-regulation. For example, many hybrid theories have been conceived, which would entrust Internet Governance to transnational qua-si-private cooperatives and international organisations, to the market order or to the technical community, designing communications protocols and software.

Pending these discussions, currently the most noticeable leaps towards global harmonisation of rules and the participation of an international civil society seem to happen, paradoxically, in the regulation of economic matters.

The Internet is an increasingly important issue in trade law. Regarding big data, for example, as more business models and practices move onto the digital platform and data becomes increasingly shared and exchanged on an international scale, its relationship with international trade intensifies. Since data are gathered, digitised, stored and moved on a truly global basis by a multitude of parties, restrictions and regulations concerning data directly affect global trade.

Therefore, market needs have been the engine of many experiments in international regulation, which are perhaps the most successful, in terms of bindingness and the involvement of stakeholders.

Normative harmonisation is required by global trade because differences among law systems give rise to strong incentives to restrain the circulation of commodities. Indeed, if safeguards are not homogeneous, each State seeks to apply its own rules and so protect fundamental rights according to its own balancing decisions. For example, foodstuffs that can be legally commercialised in their Country of origin might be prevented from being sold in another State, if the latter has stricter norms for human health.

In relation to big data, the applicable law often depends on the localisation of information. This means that regulatory differences incentivise governments to keep data sets within their territory.[3] For instance, the General Data Protection Regulation (or GDPR) of the EU forbids personal information to be transferred to third Countries that do not ensure an “adequate” level of protection (Articles 44—47). Moreover, that “adequacy” has been interpreted in a rigid way by the EU Court of Justice. Indeed, the judge in the Schrems decision reads the requirement as imposing an “essentially equivalent” level of protection. Thus, in this case the absence of equivalence between regulatory systems impedes the transfer and selling of data.

To address such issues, a vast range of Free Trade Agreements (FTAs) has taken place, with the aim of building common rules and so removing barriers to trade. This kind of regulation is not “neutral” or merely “technical”, but has an impact on the reciprocal coexistence of fundamental rights: the process of harmonising disciplines is also a decisional process, which chooses a discipline, and so sets its own balance among the different fundamental and economic rights involved. In other words, despite its economic ratio, it has to be recognised as a real coercive juridical system, which could be considered to be the anticipation of a new paradigm of Internet governance.

This is particularly evident in the latest wave of FTAs (including, e.g., the Comprehensive Economic and Trade Agreement (CETA) and the Transatlantic Trade and Investment Partnership (TTIP)), which are only a species of the broader genus of Free Trade Agreements, but seem to be particularly emblematic in this case because they attain a very advanced institutionalisation of the international Statebusiness cooperation. Within the material competence of such Agreements, it is also possible to find issues related to Internet Governance, and particularly to data. Thus, these topics are becoming subject to a fully original juridical order, whose objectives, procedures and actors are different from the establishment of traditional constitutional States.

This is particularly evident if one takes as an example the negotiations over data flows in Trade in Services Agreement (TiSA), a FTA in course of negotiation, seeking to minimise non-tariff barriers to the international trade in services. [4] This case is interesting because its geographic scope is exceptionally broad: it would involve 23 Parties — including the EU — accounting for about 70 percent of international trade in services, and it is conceived as an open Treaty, susceptible to be integrated in the World Trade Organisation (WTO) framework, in case a critical number of WTO Members would adhere.

As to the aims, TiSA — differently from other forms of regulation — is built around the central value of free trade, and so its whole structure is crafted to favour this principle over others. In juridical terms, this is translated into a straightforward mechanism of rule-exception to address all the conflicts between economic and fundamental rights. Namely, free trade — and so free flow of data — is stated as a general overarching principle, while basic freedoms, where ensured, are provided as an authorisation for the Parties to derogate the Treaty. This is not secondary, because, according to the juridical science, exceptional rules have a narrow application, that should be punctually justified and cannot be interpreted extensively or analogically. On the contrary, general rules can only be set aside when they are expressly excluded.

This settlement is radically opposite to democratic Constitutions, where personality rights — and not free trade — are “fundamental” and so enjoy an “assumption of maximum extension”, which is to say that freedoms are applied in all instances, unless an exception is clearly provided by the law, is apt to pursue an equally fundamental principle and is necessary and proportional to the benefit provided . In other words, the rule-exception mechanisms appear completely specular to each other: TiSA overturns the value given to the personal sphere in democratic orders, and places trade as the general principle, while relegating rights to narrow exceptions.[5]

In practice, the possibility of enacting the aforementioned Articles 44—47 GDPR would actually be doubtful under the TiSA regime, because every implementing act would have to strictly fit the language of the Article 1-9 derogatory clause. Namely, data protection measures must not be a ‘means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services’, must be ‘necessary’ and ‘not inconsistent with the provisions of this Agreement’. This is a threat for privacy, and confirmation of this comes from the jurisprudence under Article XX of General Agreement on Tariffs and Trade and Article XIV of General Agreement on Trade in Services, the wording of which is similar to the Article 1-9 of TiSA. Indeed, in some decisions the exercise of the State authority to legislate in favour of fundamental values has been ruled unlawful.

Contents, as described above, are linked to the procedures followed. Traditionally, in democratic Constitutions, the identification of a balance among fundamental rights is strictly reserved to representative organisms — and Parliaments above all — acting through public procedures, regulated by an overarching fundamental Charter. Moreover, oversight powers are entrusted to independent organisms, and primarily to the judiciary, usually burdened by obligations to motivate their decisions and means of appeal.

In comparison, TiSA shows an outright shift of paradigm. In it negotiations are conducted by different actors, coming from both governmental and private sectors, who do not need to be part of the representative circuit. To be precise, Parliaments are not even able to fully observe and oversee the proceedings, which are kept strictly secret. Nor is it clear what the enforcement organisms and procedures of TiSA are, as they are barely sketched in the latest draft.[6]

So, the vertical form of representative democracy is substituted with the horizon-tality of public-private negotiation, which seeks to legitimise itself through the stakeholders’ participation. However, horizontality does not always mean absence of hierarchy, because, in the absence of constitutional (or quasi-constitutional) guarantees, contracts favour those who have the most bargaining power, which are not necessarily the States. Indeed, in the neoliberal market order, these last are subject to competition as well, because they need to attract investors and buyers, and so try to arrange the most favourable rules for commerce.

This is how the new generation of FTAs were made possible. They are radically divergent not only from traditional constitutional orders, but also from other pieces of international regulation on data protection, such as the Organisation for Economic Development (OECD) Privacy Principles. Therein, the pivotal aim is to impose a set of minimal safeguards for liberties, even if their occasio legis is to foster trust as a precondition of free exchange. On the contrary, FTAs are a negotiating field where some Parties — seeking to access new markets — accept limitations on their demand to safeguard individual rights.

Of course, it is not possible to affirm with full certainty that the model given by the last generation of Free Trade Agreements will be the most successful one in the regulation of this matter. However, the existing examples seem to be a sufficient proof that new forms of public-private regulations are emerging, which act according to market logics and are able to produce binding effects on States on the transnational scale. At first glance, this appears to expand democratic vindications outside the national boundaries.

Now, the real question is whether there are analogous participatory mechanisms which allow people, who are not exponents of strong vested interests, to affect decision-making procedures on a global scale. From the above description, it seems that no such system is available in trade law. In the following section, the research observes if the opposite is true of human rights law.

  • [1] Frank Pasquale, ‘From Territorial to Functional Sovereignty: The Case of Amazon’ (, 6 December 2017) 2 Tech Ambassador of Denmark 3 Hannes Grassegger and Mikael Krogerus, ‘The Data that Turned the World Upside Down’ (, 28 January 2017) 4 Anika Geisel, ‘Protecting the European Parliament Elections’ (, 28 January 2019) 5 Lawrence B Solum, ‘Models of Internet Governance’, in Lee A Bygrave and Jon Bing (eds), Internet Governance. Infrastructure and Institutions (Oxford University Press 2009), 55; Eric Brousseau, Mer-yem Marzouki and Cecile Meadel, ‘Governance, Networks and Digital Technologies: Societal, Political and Organizational Innovations’, in Id. (eds), Governance, Regulation and Powers on the Internet (Cambridge University Press 2012), 3.
  • [2] John Perry Barlow, ‘A Declaration of the Independence of Cyberspace’ (, 8 February 1996) 2 Giovanna De Minico, ‘Towards an Internet Bill of Rights’ (2015), 1 Loyola Los Angeles International and Comparative Law Review http://digitalcommons.lmu.edU/ilr/vol37/issl/l, 5-11. 3 Lawrence Lessig, Code. Version 2.0 (Basic Books 2006), 4. 4 United Nations Conference on Trade and Development (UNCTAD), ‘Data Protection Regulations and International Data Flows: Implications for Trade and Development’ (United Nations 2016), 3-4. See also Harsha Vardhana Singh, Ahmed Abdel-Latif and Lee TuthilL ‘Governance of International Trade and the Internet: Existing and Evolving Regulator}' Systems’ (2016) Global Commission on Internet Governance, Paper Series: No. 32, 2.
  • [3] lsE.g. the Brazilian Marco Civil demanded a forced localisation in the Country of all data of Brazilian users that are collected by foreign companies: Lei N° 12.965, de 23 de Abril de 2014, Estabelece Principios, Garantias, Direitos e Deveres para o Uso da Internet no Brasil ccivil_03/_ato2011 -2014/2014/lei/l 12965 .htm. 2 European Parliament and Council Regulation (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ. L 119/1. 3 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner [2015] European Court of Justice, ECLI:EU:C:2015:650 62014CJ0362. See Giovanna De Minico, Costituzione. Emergenza e terrorismo (Jovene 2016), 136-137. 4 Maria Francesca De Tullio and Giuseppe Micciarelli ‘Trade Agreements and Internet Governance: Data Flow and Politics in the TiSA’s Governmental Rationality’, in Meryem Marzouki and Andrea Calderaro (eds), Global Internet Governance as a Diplomacy Issue (Rowman & Littlefield, forthcoming). 5 Giuseppe Micciarelli, ‘CETA, TTIP e altri fratelli. Il contratto sociale della post democrazia’ 6 (2017) 2 Politica del diritto, 257 ss. 7 25 Rory Van Loo, ‘The Corporation as Courthouse’ (2016) 33 Yale Journal on Regulation 8, 554 ss.
  • [4] The content of FTAs negotiations is classified. However, drafts have been partly leaked by civil society organisations (e.g., Wikileaks and Greenpeace) and some Parties’ official positions have been voluntarily released. This research is based on these sources. 2 Jane Kelsey and Burcu Kilic, ‘Briefing on US TISA Proposal on E-commerce, Technology Transfer, Cross-border Data Flows and Net Neutrality’ (2014) Public Services International, 7, 16; Israel Tamir, ‘TISA Annex on Electronic Commerce: A Preliminary Analysis by the Canadian Internet Policy & Public Interest Clinic (CIPPIC)’ (2015), 14-16; Jane Kelsey ‘TiSA: Updated Analysis of the Leaked “Core Text” from July 2016’ (2016) tisa/analysis/201609_TiSA_Analysis-on-Core-Text/201609_TiSA_Analysis-on-Core-Text.pdf, 2. 3 See Article 1-4 and the un-numbered Article between 1-2 and 1-3 of the Core Text, together with Articles 2 and 8 of the Annex on Electronic Commerce. 4 Article 1-9 of the Core Text. 5 Among many, Klass v. Germany, App no 5029/71 (ECHR), para. 42; paras. 66-68, 81. 6 Pierfrancesco Grossi, Introduzione ad uno studio sui diritti inviolabili nella Costituzione italiana (Cedam 1972), 16; Paolo Caretti, Idiritti fondamentali. Liberta e diritti sociali (Giappichelli 2005), 104. 7 Among many, Halford v. the United Kingdom, App no 20605/92 (ECHR), paras. 66-68, 81; European Court of Justice, Digital Rights Ireland Ltd c. Ireland, para. 38.
  • [5] Rolf H Weber, ‘Regulator}' Autonomy and Privacy Standards under the GATS’ (2012) 7 Asian Journal of WTO & International Health Law and Policy, 32-34; Kristina Irion, Svetlana Yakovleva and Marija Bartl, ‘Trade and Privacy: Complicated Bedfellows? How to Achieve Data Protection-Proof Free Trade Agreements’ (2016) Independent study commissioned by BEUC et al., published 13 July 2016, Amsterdam, Institute for Information Law (IViR), 57. 2 Article 1-9, chapeau, Core Text. 3 Article I-9(c), Core Text.- 4 1986 5 1994 6 United States - Measures Affecting the Cross-Border Supply of Gambling and Betting Services [2004] WTO Panel, WT/DS285/R; United States - Standards for Reformulated and Conventional Gasoline [1996] WTO Appellate Body, WT/DS2/AB/R. 7 Cases c-293/12 and c-594/12, Digital Rights Ireland Ltd v Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others [2014] European Court of Justice, ECLI:EU:C:2014:238. Concerning the tool of the appeal: Giovanni Serges, Il principle del “doppio grade digiurisdizione" netsistema costituzionale italiano (Giuffre 1993). 8 Susan Aaronson, ‘Why Trade Agreements are not Setting Information Free: The Lost History and Reinvigorated Debate over Cross-Border Data Flows, Human Rights, and National Security’ (2015) 14, 4 World Trade Review, 678.
  • [6] EU Proposal, TiSA - Dispute Settlement Chapter. 2 Graham Greenleaf, ‘The TPP & Other Free Trade Agreements: Faustian Bargains for Privacy?’ (2016) UNSW Law, Research Paper No. 08, 3; Cristophe Leroy, ‘Existe-t-il un marche du droit public?’ (2016) 100 Petites affiches, 3-4.
< Prev   CONTENTS   Source   Next >