On 8 July, the EU and U.S. launched the first round of negotiations on a free trade agreement – the Transatlantic Trade and Investment Partnership (TTIP) – in Washington, D.C. The trade relationship between the European Union (EU) and the United States (U.S.) is the largest in the world, with the exchange of goods and services across the Atlantic totaling more than $2.2 billion on a daily basis. TTIP represents a unique opportunity for the EU and the U.S. to work together to define future global rules and standards on a variety of issues facing the increasingly global economic landscape, including effectively harnessing digital commerce and balancing data-privacy concerns.
The Internet, and its effects on the global economy, is one of the key themes to emerge in the early TTIP talks. Innovation and new platforms for content distribution, communications and commerce are increasingly driving international trade and breaking down traditional barriers to trade. To this point, electronic commerce represents 10 percent of growth in GDP in the world’s most developed economies in the last 15 years. In the United States, innovation in the digital economy is most visible representing an estimated 30 percent of global Internet revenues.
The rapid growth of the Internet ecosystem has produced a demonstrated change in behavior and the way people, businesses, and governments collect, share, and use personal and other data. Trade issues associated with digital commerce can be complex. Electronic commerce and online services produce significant amounts of personal data that is often anonymized, aggregated, stored, and sold for advertising or other purposes. However, there are concerns about de-anonymization of data and sensitive information. This information can, with or without the knowledge or consent of the parties involved, cross international borders. In addition, the economic efficiency of cloud computing provides and its obvious infrastructural enhancements enable businesses, as well as governments, to utilize resources more productively and to further drive economic growth and prosperity. Balancing the issues of consumer privacy with the promotion of the development of the next innovative applications will be essential for advancing a framework that may also be expanded to address global 21st Century technological advances.
Complicating the start of the TTIP negotiations was Eric Snowden’s revelations of top-secret security information surrounding the U.S. Government’s online surveillance tactics (known as “PRISM”). PRISM certainly spotlighted the differing U.S. and EU approaches to data-privacy. A former French counterterrorism judge, Jean-Louis Bruguière, appropriately summarized the differences when he said: “For Americans data privacy is a matter of consumer law; for Europeans it’s a fundamental right.”
Indeed, the European Union currently defines information privacy as a fundamental human right for all EU citizens. The 1995 Data Protection Directive establishes basic safeguards across the EU for data protections, including providing for restrictions on data transfers to countries that lack “adequate” protections as determined by EU standards. In January 2012, the EU Commission introduced a data-privacy regulation that seeks to streamline the 28 national laws passed under the 1995 Data Protection Directive and ultimately promote a European digital single market that affords citizens with more control over their personal information. Meanwhile, in the United States individual privacy is protected through a sectoral approach that utilizes constitutional guarantees, federal and state statutes, and regulations. While the United States has not been deemed a country having “adequate” protections by the EU, the EU provides for a “safe harbor” framework that allows U.S. companies and entities to avoid interruptions in their business dealings with the EU and prosecution by Member State Data Protection Authorities. Currently, the U.S.-EU “safe harbor” policies are enforced by the private sector in the United States. As Europe tightens its data-privacy provision, this practice could be re-evaluated or the whole program eliminated.
The United States, like Europe, is also dealing with public outrage related to Snowden’s revelations. Perhaps somewhat reassuring to U.S. citizens was President Obama’s statement that PRISM “does not apply to U.S. citizens and it does not apply to people living in the United States.” Last week, however, the House narrowly defeated an amendment to defund PRISM’s metadata program. This week, the Senate Judiciary Committee will hold a hearing to examine strengthening privacy rights and yet balancing national security needs. President Obama’s aforementioned statement does not similarly reassure those living outside of the United States. Moreover, Europeans also probably find it disconcerting that much of the world’s Internet traffic is routed through the United States.
With the first round of TTIP negotiations in Washington largely focused on structural and organizational issues, the second round of negotiations – to be held the week of 7 October in Brussels – is expected to be the start of substantive discussions on issues of concern, such as data-privacy. At a minimum, the “safe harbor” framework provides for a starting point in likely TTIP discussions that will seek to address new data-privacy concerns brought into the spotlight. Snowden’s revelations may ultimately afford the EU with a stronger hand when negotiating data-privacy issues and perhaps other digital commerce issues under TTIP. As such, those companies with specific digital commerce and data privacy issues or concerns should have a strategy in mind for approaching both U.S. and EU TTIP negotiators. Patton Boggs’ Trade and Policy practice group is well positioned to advise those seeking to influence the TTIP negotiations and helping to find common ground on data-privacy issues.