Trade Law and Privacy Law Come Together
I think it is cool that at my law firm, Hogan Lovells, we have a former Ambassador from the EU to the U.S. and a former U.S. Trade Representative; but in my years at the firm, I never have had a chance to do any work with them.
Likewise, I work just down the hall from lawyers in our international trade group, and up to now, my interactions with them in my role as a leader of our Privacy and Information Management practice have been mostly social.
But all of that is about to change.
Privacy and trade will soon be considered as linked issues, as an investigation has begun at the United States International Trade Commission (USITC) that will examine the impact of privacy regulations on digital free trade and as the negotiation of a EU-U.S. Free Trade Agreement soon will begin—a negotiation that inevitably will look at the issue of the compatibility of privacy laws on both sides of the Atlantic, and that likely will put data protection harmonization on the negotiating table.
For years, some in the privacy community have wondered when privacy regulation will be examined as a potential trade barrier.
Now we know the answer—and now is the time.
USITC Begins an Investigation of Digital Free Trade
In January, at the request of the U.S. Senate Finance Committee, the USITC instituted investigation No. 332-531, “Digital Trade in the U.S. and Global Economies, Part I,” for the purpose of preparing the first of two reports requested by the Committee. The first report will examine U.S. and global digital trade and “notable barriers and impediments to digital trade.” For the purposes of the report, the Commission is defining `digital trade'' to encompass commerce in products and services delivered over digital networks, including software, digital media files (e.g., e-books and digital audio files) and services such as data processing and hosting. The report will also examine how other industries, such as financial services and retailing, make use of digital products and services for production and trade.
The USITC’s second report will, among other things, examine the effect of notable barriers and impediments to digital trade on selected industries and the broader U.S. economy.
To get the ball rolling, a public hearing in connection with these investigations will be held on March 7th at the USITC building in Washington, DC beginning at 9:30 a.m. Thereafter, the USITC will receive written submissions from interested parties.
I am slated to testify at the USITC hearing in March, and I hope to frame the issues for the Commission by laying out these questions:
- How can data protection and privacy be achieved without unnecessarily interfering with digital trade?
- How should privacy and data protection rules be evaluated in light of the goal of digital free trade? Are there specific aspects of regulation that are likely to present impediments to digital free trade?
- How can interoperability and mutual recognition of privacy/data protection frameworks be achieved, and will the EU rules on the “adequacy” of other nations’ privacy frameworks and the proposed GDPR, and specific aspects of it, interfere with the goal of interoperability and mutual recognition?
The Stage is Set for Negotiation of an EU-U.S. Free Trade Agreement
In his 2013 State of the Union Address, President Obama called for a EU-U.S. Free Trade Agreement, which would be the biggest trade agreement in history, and negotiations are expected to begin later this year. A major issue that the United States expects to be addressed in the negotiations is how to achieve mutual recognition and interoperability of the privacy/data protection schemes. What that means, practically, is how the U.S. can convince the EU to recognize the American privacy framework as “adequate,” thus allowing the free flow of data across borders and, more generally, how to harmonize the distinct approaches to privacy protection on the respective sides of the Atlantic so that multi-national businesses can operate smoothly in all jurisdictions.
The launch of the free trade negotiations could have an impact on the current consideration of the draft General Data Protection Regulation in the EU.
The EU, on the other hand, already is seeking to exclude data privacy issues from the scope of the negotiations. Franz Obermayr, an Austrian member of the European Parliament, reacted to the notion of a free trade agreement by asking the Commission the following question:
In the area of data protection, the European and American approaches could hardly be more different, whether regarding access to bank data or to data in ‘clouds’. Furthermore, there are some laws in the U.S. which appear very dubious to Europeans, such as the Foreign Intelligence Surveillance Act (FISA) which allows the US authorities to exercise a high degree of surveillance. There is also the subpoena procedure, whereby U.S. authorities can force businesses to release data, and in which the protection of EU citizens is not clearly regulated. The U.S. administration is also evidently keen to access Twitter profiles and similar data. Given that the use of the Internet plays a key role in an increasing number of areas of daily life, and that frequently several undertakings are involved in providing a given service, in a transatlantic internal market, it would become even harder to guarantee European data protection standards. What measures does the Commission propose to take in this area?
Likewise, the German DPA Peter Schaar recently posted an item entitled “Transatlantic Free Trade Zone? But only when the U.S. provides improved data protection!”.
The last time the U.S. and the EU truly saw “eye to eye” on privacy and cross-border data access was in the year 2000, when former EU Ambassador Hugo Paemen, now one of my colleagues at Hogan Lovells, helped negotiate the now widely-used EU-U.S. Privacy Safe Harbor.
The initial reactions this time to the upcoming negotiations over a free trade agreement suggest that there will be tough talks ahead.
And for me, my interactions with the former ambassadors and trade lawyers in my firm will be far more than merely social.
About the Author
Christopher Wolf leads the global privacy practice at Hogan Lovells US LLP and has practiced privacy law since the earliest days of the discipline. Wolf also is the founder and chair of the Future of Privacy Forum. He was the editor and lead author of the first PLI treatise on privacy law and is a frequent author and speaker on privacy and data security issues. Wolf was the first privacy lawyer to testify before the Senate Judiciary Privacy Subcommittee and is a member of a group advising the OECD on the OECD privacy guidelines.
Wolf is a cum laude graduate of Bowdoin College and graduated magna cum laude Order of the Coif from the Washington & Lee University School of Law. He participated in the general course at the London School of Economics. Following law school, he clerked for U.S. District Judge Aubrey E. Robinson Jr. in Washington, DC. He has practiced law for 32 years. Wolf is active in charitable organizations and serves on the boards of the Anti-Defamation League, WETA Public Broadcasting, Food & Friends (a social services agency), the George Washington University Hospital and Young Concert Artists.