Cybersecurity & Tech Foreign Relations & International Law

Transatlantic Digital Trade Protections: From TTIP to ‘Policy Suicide’?

Kenneth Propp
Friday, February 16, 2024, 12:37 PM

In abandoning long-held tenets of digital trade, Washington is broadly aligning with the EU’s belief in greater room for regulation of Big Tech.

A computer keyboard. (Source: Chief Photographer, OGL v1.0OGL v1.0, via Wikimedia Commons)

Published by The Lawfare Institute
in Cooperation With
Brookings

When the United States and the European Union began negotiations a decade ago on an envisaged Transatlantic Trade and Investment Partnership (TTIP), they projected a chapter specifically addressing digital trade as a major component. By 2016, TTIP negotiations had stalled—including over digital trade—and were abandoned. With that failure went any hope of a binding transatlantic agreement on three main goals—protecting free data flows, limiting data localization, and safeguarding software source code from foreign inspection.

Since then, the U.S. government’s enthusiasm for promoting and protecting digital trade in other settings has waxed and waned. The latest sign of diminishing ambition came in the fall, when the United States took off the table proposals in WTO (World Trade Organization) e-commerce negotiations and acknowledged a pause in work on digital issues in the Indo-Pacific Economic Framework (IPEF). 

The change in position at the WTO and IPEF has prompted sharp public accusations that the United States no longer is interested in international digital trade policy leadership, and is in effect ceding the field to China. It runs contrary to a long-held U.S. position, dating back to the Clinton administration, favoring free data flows as recently restated in the 2022 Declaration for the Future of the Internet.

The less-explored transatlantic—rather than transpacific—implications of this shift are also worthy of attention. U.S. trade policy appears to be converging with the EU position that the autonomy of U.S. tech giants should be restricted. In some respects, it may even go so far as to undercut Europe’s efforts to embed a more modest set of digital trade protections in international law. The U.S. moves reflect a degree of convergence with the EU on digital trade policy, but also pose questions of their future alignment. 

The Rise and Decline of Digital Trade Protections in U.S. International Agreements

Global data flows first drew attention in the 1980s in the context of international efforts to codify privacy protections. During that decade, the Organization for Economic Cooperation and Development (OECD) and the Council of Europe (COE) adopted international privacy instruments that noted the counterbalancing benefits of free data flows. 

In 1994, the General Agreement on Trade in Services (GATS), part of the Uruguay Round of trade negotiations, put binding protections in place against local barriers to cross-border data flows. The GATS adapted disciplines found in the General Agreement on Trade and Tariffs (GATT) in relation to trade in goods—non-discrimination obligations, limited exceptions, including for privacy protection, and binding dispute settlement. Although digitally supplied services were then only emerging on a wide scale, GATS parties did make binding commitments with respect to a variety of computer-related services and financial information services. The GATS Telecommunications Annex also contains a provision on free flow of data in that sector. 

The Clinton administration made minimizing restrictions on electronic commerce a U.S. policy priority, part of its broader “internet freedom” agenda. Jack Goldsmith has distilled two core principles at the heart of the U.S. regulatory approach: commercial non-regulation and combating censorship abroad. A recent book by Anu Bradford, “Digital Empires,” building on Goldsmith’s scholarship, describes the U.S. regulatory model as “market-driven,” as opposed to Europe’s “rights-driven” approach and China’s “state-driven” one.

Over the past two decades, the United States set about embedding digital trade protections in its free trade agreements. Its two most ambitious initiatives were TTIP and a counterpart Trans-Pacific Partnership (TPP). After President Trump withdrew the U.S. signature from the TPP, the other parties rechristened it the Comprehensive and Progressive Trans-Pacific Partnership (CPTPP). The CPTPP retains in large part from the TPP an electronic commerce chapter that ensures cross-border data flows, and it restrains data localization and the forced transfer of source code as well. 

Digital trade negotiations proved successful for the United States in more limited geographic contexts. The 2020 U.S-Mexico-Canada Free Trade Agreement (USMCA) contains a robust chapter on this subject, including protections for free data flows, limits on data localization, and safeguards for source code. The U.S-Japan Digital Trade Agreement, also concluded during the Trump administration, is similar in content to the USMCA chapter. 

The Biden administration initially pursued a similar digital trade agenda in two settings. It started negotiations with a group of Asian countries toward an Indo-Pacific Economic Framework (IPEF), and it continued inherited talks on e-commerce under WTO auspices. 

The United States initially wanted the IPEF’s digital “pillar” to contain provisions on “trusted and secure cross-border data flows.” But in March 2023, the Department of Justice and the Federal Trade Commission wrote to the Office of the U.S. Trade Representative (USTR) to express concerns that the IPEF’s proposed digital trade chapter could negatively affect “enforcement and the development of sound antitrust laws.” In the fall, Washington indicated publicly that it wished to postpone further work on this component of the framework. 

The WTO e-commerce negotiations, launched in 2017, moved slowly, burdened in part by conflict between the United States and the EU on data flows and privacy protection. Soon after the United States paused the IPEF’s digital talks, it withdrew its support for similar proposals in the Geneva WTO talks.

Neither decision, viewed narrowly, has dramatic trade implications. The United States launched the IPEF primarily to secure advances in resilience and sustainability, rather than to enhance market access. Obtaining binding digital trade commitments of the traditional type was never a major U.S. goal in that setting.

Taking Washington’s more ambitious proposals off the Geneva negotiating table can be seen as a realistic tactical acknowledgment that they had not garnered widespread support. (There was a degree of support among other WTO members, including the EU, for more limited obligations protecting data flows and limiting localization.) The U.S. decision opens the way for the conclusion of a modest agreement on less controversial aspects of e-commerce, such as promoting the use of e-signatures in commercial transactions and other trade facilitation measures. Such an instrument could be announced at the 2024 WTO Ministerial Conference.

The Forces Behind Changing U.S. Digital Trade Policy

These tactical considerations do not fully explain the U.S. shifts in the IPEF and WTO e-commerce talks, though. Other dimensions of evolving U.S. technology policy also play a significant role. In announcing the WTO shift, the USTR said that it was “examining … approaches to data and source code, and the impact of trade rules in these areas.” The Biden administration cited a need for “policy space” to allow domestic policy debates to unfold before resuming international engagement. 

Over the past month, U.S. Trade Representative Katherine Tai has sharpened the critique. She told an Aspen Security Forum audience that the underlying question was whether the private sector or the government gets “to decide or control how freely the data can flow and when it can be restricted, where it needs to be stored and when access is required to disclose source code.” The United States would be “probably committing policy suicide” if it continued to insist upon international trade rules that prejudged the outcome of ongoing national policy debates, including on regulating artificial intelligence (AI), Tai argued. At a Brussels antitrust law conference at the end of January, Tai reportedly suggested that the dominance of tech giants in collecting and transferring data was not necessarily congruent with the U.S. public interest.

A supportive letter from a group of progressive Democratic senators provides additional explanation. U.S. proposals in the IPEF for protecting data transfers “could derail policies to protect consumer privacy and our kids online and to secure data related to infrastructure and other sensitive sectors.” Non-discrimination obligations “could be construed as branding competition policies that apply equally to domestic and foreign firms as ‘illegal trade barriers.’” Protections for companies against compelled source code disclosure “can be read as providing new secrecy guarantees to tech firms that restrict governments from obtaining information on algorithms to systematically enforce against self-preferencing.”  A February 12 follow-up letter from 87 members of Congress reinforced these arguments.

Congressional sentiment on the USTR move is sharply divided, however, as a subsequent letter from a group led by Sen. Ron Wyden (D-Ore.) demonstrated. In their view, the USTR’s decision to withdraw its WTO e-commerce proposals “creates a policy vacuum that China and Russia will fill.” They point to Russia’s use of data-restrictive laws to crack down on dissent and control information, China and Russia’s data localization measures facilitating government access, and China’s conditioning market access on the sharing of proprietary company information.

The USTR’s decision caught other cabinet departments with international trade responsibilities by surprise. At a Nov. 15, 2023, Senate Foreign Relations Committee hearing, State’s Ambassador for Cyberspace and Digital Policy Nathaniel Fick acknowledged that he had learned about the USTR’s move from press reports and that the State Department’s view remained that data should flow freely. In December 2023, the National Security Council belatedly convened a series of meetings, including tech industry stakeholders, to assess the situation and consider future policy. The consequences of the decentralized U.S. approach to international digital policymaking has never been more evident.

Trade lawyers might point out that existing U.S. trade agreements themselves already offer a degree of “policy space” for accommodating new technology policy developments. Article 19.11 of the USMCA, for example, guarantees free data flows among the three states while specifically leaving open room for regulatory measures “necessary to achieve a legitimate public policy objective,” so long as they do not result in “arbitrary or unjustifiable discrimination or a disguised restriction on trade and do[es] not impose restrictions on transfers of information greater than are necessary to achieve the objective.”

Similarly, the USMCA protection against forced source code access (Article 19.16) contains an exception for scrutiny by regulatory or judicial bodies engaged in specific investigations or enforcement actions. This language, based on a U.S. proposal, had been carefully negotiated within the U.S. government by trade officials and financial regulatory agencies. 

These carefully wrought exceptions now evidently provide too little comfort to U.S. policymakers confronted with super-charged domestic debates over tech giants’ alleged anti-competitive behavior and over the need for AI regulation—concerns that do not necessarily relate to trade rules. The Biden administration’s announced pause in negotiating new digital trade disciplines on international data flows also fits thematically with elements of its broader China policy, such as proposals to limit TikTok’s ability to transfer personal data from the United States back to China, and concerns about Chinese generative AI models. The administration will reportedly also issue an executive order aimed at preventing foreign adversaries from obtaining sensitive personal data about Americans that currently is legally accessible from intermediaries such as data brokers.

Is the United States Aligning With Europe on Digital Trade Policy?

As the United States steps back from digital trade negotiations, the European Union, by contrast, continues actively to pursue them, especially in Asia.

The e-commerce section of the 2018 EU-Japan Economic Partnership Agreement (EPA), for example, states that neither party may require the transfer or access to source code of a company located in the other’s territory. Japan also pressed in that negotiation for a broad commitment to free data flows, consistent with the CPTPP. The EU rebuffed the demand, agreeing only to revisit the subject at a future point.

In 2023, the two governments agreed to a protocol resolving the question. It safeguards cross-border data transfers by limiting data localization, while allowing non-discriminatory and proportionate measures to achieve legitimate public policy objectives. The text does not, however, protect outbound data flows more broadly. Each party specifically retains the right to determine its own privacy laws, subject to the qualification that it must, as a general matter, allow data transfers that are accompanied by privacy protections, for example, pursuant to contractual clauses. (The EU Data Protection Supervisor has criticized this portion of the EU-Japan protocol for potentially impeding regulators’ ability to require localization in specific circumstances.) 

Also last year, New Zealand concluded a free trade agreement with the EU, containing softer digital trade language. It exhorts the parties to “ensuring cross-border data flows to facilitate trade in the digital economy and recognis[ing] that each Party may have its own regulatory requirements in this regard.”

Japan and New Zealand thus have accepted that the level of digital trade protections they will enjoy with the EU is less than what they enjoy with CPTPP members. Their key concession is effectively acknowledging that privacy measures may, in certain circumstances, impede data flows.

The EU’s more limited view on international data flows—that data localization measures are largely unacceptable but that privacy laws have a broad field to operate—now appears likely to emerge as a broadly accepted international norm. The U.S. decisions to withdraw its data flows and privacy proposals from the WTO and IPEF negotiating forums reinforce this conclusion. As a Financial Times columnist has observed, the Biden administration’s “new stance is closer to the position the EU has long taken — that privacy is a fundamental right, and the ability to regulate it is not to be bargained away in trade deals.” 

In fact, the U.S. moves are even friendlier to the regulatory state than the EU’s digital trade position. For the time being at least, Washington no longer seeks through trade agreements to combat data localization measures or to restrain foreign access to source code. (It does maintain at least a rhetorical commitment to combating “unjustified” data localization measures, as reflected in an October statement by Group of Seven trade ministers.) The EU may find it more difficult to persuade future trade agreement partners of the merits of such constraints, with the United States—their former principal global advocate—now standing on the sidelines.

Indeed, the EU is struggling to understand the motivations for Washington’s shift in digital trade policy. Trade officials in Brussels are wondering whether it is driven by national security considerations, competition policy, or election-year politics. The European Commission confidently believes that its approach to digital trade—narrowly targeting obstacles such as data localization—allows sufficient space to accommodate regulation of privacy, competition, and AI. Consequently, it is unsettling for Brussels to see the U.S. broadly asserting a need for greater regulatory “space.” More dialogue between trade policymakers in both capitals is needed to avoid harm to shared objectives, such as China’s data flow restrictions.

***

Two leading U.S. trade and privacy scholars, in a 2023 article provocatively entitled “Privacy and/or Trade,” suggested that the historic tension between international trade rules and privacy protection, in which the United States and the European Union have been the protagonists, “had reached a crisis point.” Scarcely a year later, the drama appears to be over, at least for the time being. The EU’s view that trade agreements should not significantly constrain privacy protection measures seems to have prevailed. 

More broadly, as the Financial Times commented, it looks “as if the different US and EU regulatory philosophies—laissez faire versus tough privacy protection—are converging somewhat.” Bradford agrees, observing that “as the domestic conversation in the US is becoming more critical of the tech industry … the US may therefore be moving closer to the European rights-driven regulatory model.” Indeed, she points out, “the strongest evidence of the decline of the American regulatory model is that the US itself is now gradually turning away from it.”

The fierceness of the controversy that has broken out in Washington over its changes in WTO e-commerce and IPEF negotiating positions suggests that U.S. policy may yet evolve further. But what has already transpired feels like a fundamental shift. Washington no longer is pressing an aggressive digital trade agenda designed around the strengths of U.S. Big Tech. Rather, its international digital trade policy is taking a back seat to domestic reflection on competition and AI policy. With U.S. digital trade policy in such flux, the United States and Europe will be sorting out the transatlantic consequences for some time to come.


Kenneth Propp is senior fellow at the Europe Center of the Atlantic Council, senior fellow at the Cross-Border Data Forum, and adjunct professor of European Law at Georgetown Law. From 2011-2015 he served as Legal Counselor at the U.S. Mission to the European Union in Brussels, Belgium.

Subscribe to Lawfare