TISA Proposes New Global Rules on Data Flows and Safe Harbors
Since the Trans-Pacific Partnership Agreement (TPP) was signed and its text released earlier this year, preventing the passage of that agreement through Congress during its upcoming lame duck session has become a top priority. But there's another secretive trade agreement lurking out of sight and out of mind, which is also scheduled for completion this year: the Trade in Services Agreement or TISA, which contains many provisions that are a virtual copy-and-paste out of the TPP's Electronic Commerce chapter.
EFF was recently in Geneva in the wake of the last round of TISA talks, and another round is coming up next week. The entire agreement is due to be finished by the following month. Whether this goal can be achieved depends largely on whether the United States and the European Union can reach an accord on the US proposals for TPP-like language that guarantees the free flow of data across borders, and a prohibition on local data storage requirements.
Data Flow Rules: a Threat to Privacy
The fear on Europe's side is that "free flow of data" is code for "avoiding Europe's strong data protection regulations by treating them as trade barrier." Two weeks ago, former Vice President of the European Commission Viviane Reding succinctly expressed this in a tweet, “Nothing in trade agreements should prevent the EU from maintaining, applying and reinforcing its data protection regulation.” European civil society groups have expressed themselves even more strongly in a joint letter that has been released today [PDF], with EFF's support:
Fundamental rights must be respected and not negotiated upon. Therefore, data flows–which refer to transfers of individuals' personal data–must not be part of trade agreements. Trade negotiations are not suitable for shaping rules affecting fundamental rights and the rule of law in a democratic society.
The letter goes on to demand that if rules on free flow of data are included in TISA, there should at least be an exception that completely exempts personal data protection regulations from the scope of the agreement, without the need to prove that those regulations are consistent with other parts of the agreement, and without susceptibility to legal challenge under the agreement.
Intermediary Safe Harbors: The Right Idea in the Wrong Place
Even as European groups and privacy advocates are urging caution in what is included in TISA, US-based industry groups are urging the US Trade Representative (USTR) [PDF] to go further than ever before to “create a new framework that promotes cross-border trade in digital services, protects the free and open internet, and encourages the free flow of information.”
There are good ideas in the framework. One of the key proposal is a measure that creates a liability safe harbor for Internet platforms. In conversation with the USTR last week, EFF established that the proposal is broadly consistent with CDA 230, the provision of US law that protects platforms from liability for content provided by their users, while also authorizing them to voluntarily block and screen any such content that they consider in good faith to be offensive. Like CDA 230 the scope of the proposed TISA provision would not extend to copyright or trademark infringements, nor to criminal issues.
EFF supports the CDA 230 model and would be happy to see similar safe harbor protections extended around the world. However, the proposal doesn't resolve the more fundamental problem: the use of a secretive trade negotiation as the vehicle for delivering such protections. The objectives of trade agreements are explicitly economic, and there are many other important non-economic values and interests that need to be considered when developing rules around Internet content.
Unfortunately, we can't rely on industry groups to advance those interests. While there an overlap between the economic interests of US-based Internet platforms in making their services available in foreign markets, and the interests of Internet users worldwide in having unfettered access to Internet services of their choice, we don't see the same level of overlap when it comes to protecting the personal data of Internet users worldwide, or in protecting other rights and interests of users that lack commercial value.
We cannot leave it to big tech companies speak for the Internet. But users don't get a seat at the trade negotiation table. EFF supports safe harbors for intermediaries, but we want to be able to have an open conversation about any rules on this or other Internet-related topics that our representatives are making in their citizens' names. Since the closed and industry-dominated process of trade agreements such as TISA doesn't allow this to happen, we can't support such agreements, despite the few positive provisions they may contain.