02 January 2016


On Monday, I attended an interesting meeting at the Heinrich Böll Stiftung, in Berlin, with the intriguing title of "re:negotiate (ttip)".  This was valuable for two reasons.  First, because I had a chance to hear the arguments advanced by senior figures in the pro-TTIP world (surprisingly weak, even after all this time), and secondly, because I was asked to talk about "TTIP and global data transfer".  That's not something I've written much about here, so this gives me an opportunity to set down what I learned as I prepared for my session in Berlin.

The official negotiating mandate from the European Commission [.pdf], released recently (but very belatedly), does not mention words like "e-commerce, electronic services, telecommunications providers, cloud computing, data protection" at all, which is pretty extraordinary given their importance.  However, the section covering Trade in Services states:

The aim of negotiations on trade in services will be to bind the existing autonomous level of liberalisation of both Parties at the highest level of liberalisatio n captured in existing FTAs, in line with Article V of GATS, covering substantially all sectors and all modes of supply, while achieving new market access by tackling remaining long - standing market access barriers, recognising the sensitive nature of certa in sectors.

"GATS" is the overarching General Agreement on Trade in Services   The above paragraph would therefore seem to require that all kinds of e-commerce and online services should be covered by TTIP.  The Commission's mandate makes another reference to GATS here:

The [TTIP] Agreement will not preclude the enforcement of excep tions on the supply of services justifiable under the relevant WTO rules (Articles XIV and XIVbis GATS).

That's crucially important, because Article XIV includes the following exception:

nothing in this Agreement shall be construed to prevent the adoption or enforcement by any Member of measures:

(c)      necessary to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:

(ii)     the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts;

That seems to provide the basis for the following statement in the European Commission's TTIP FAQ:

Will TTIP mean US data privacy standards prevailing over or undermining EU standards on the same?

No.  The EU and US have long since recognised that we each regulate data privacy in a different way.  The TTIP negotiations are not the right place to address these differences though.  We have already developed suitable ways of handling transatlantic data flows - for example, the Safe Harbour Agreement.  In addition, we are currently in talks with the US on access to data by enforcement authorities.  The aim is to get an 'Umbrella Agreement' on data protection to strengthen our joint efforts to combat terrorism and serious crime.  These talks will not be affected by the TTIP.

Of course, the Safe Harbour Agreement is a joke.  It basically lets US companies take personal data out of the EU, and do what they like with it by "self-certifying" that they are jolly nice people, and that they wouldn't dream of doing anything nasty with all our data, oh no, sir.  But thanks to Edward Snowden, we now know that once the data is out of the EU and across in the US, the NSA can and do access it freely - which is why the European Parliament's LIBE committee called for Safe Harbour to be suspended.

Leaving that big issue aside, there remains a central question: how exactly will data flows be handled in TTIP?  Despite the soothing words from the European Commission, it is by no means clear that European privacy will be preserved.  That's evident thanks to a US Bill that was proposed last year.  It has the significant title "Digital Trade Act of 2013", and it would have required the US negotiators in all future trade agreements to insist on a number of key demands:

It shall be a negotiating principle of the United States in negotiations for a bilateral, plurilateral, or multilateral agreement, and in multi-stakeholder fora, to seek the inclusion of binding and enforceable provisions that promote and enhance Internet-enabled commerce and digital trade, including provisions--

(1) preventing or eliminating barriers to the movement of electronic information across borders, including by encouraging interoperability of data protection regimes and eliminating barriers to accessing, processing, transferring, or storing information;

(2) ensuring transparency in measures affecting the free flow of information within and across borders;


(4) prohibiting measures that condition market access or other commercial benefits on localization of data, infrastructure, or investment;

(5) prohibiting any country from imposing measures that require an entity to use computing infrastructure or services in that country or otherwise require an entity to access, process, transfer, or store data in the territory of that country;

Those last two are absolutely key, since they would forbid any country that has a trade agreement with the US from passing laws that require local storage or processing of data. Even though the Bill was not passed, all the indications are that the US negotiators will demand precisely these provisions in TTIP.  That's a problem, because one way to improve the privacy of EU citizens would be to require that their personal data is stored and processed in the EU, and to forbid it being sent abroad. 

Despite what companies like Google and Facebook would have us believe, that wouldn't stop them providing their services here in the EU.  It would simply mean that all EU personal data would be held and processed in the EU, with other data necessary for the services being brought in from the US, say, rather than the other way around.  The Internet's symmetry makes that trivially simple, so to claim that it is impossible to work under this conditions is absurd.

In cases where personal information like physical addresses needs to be sent outside the EU so as to allow the delivery of goods, say, such information could be provided by using Vendor Relationship Management (VRM) systems, that allow users to retain full control of their personal data, while granting highly specific access to parts of it.  Indeed, developing VRM is a huge opportunity for the EU, and should be actively promoted irrespective of its usefulness in the context of TTIP.

Another meeting on TTIP took place yesterday, organised by the S&D group in the European Parliament.  That party's position is absolutely crucial for TTIP: without its support, TTIP will probably not be passed.  So it was no surprise that the new Commissioner for Trade, Cecilia Malmström, appeared here and gave her first official statement on the trade agreement.

Actually, it's stretching it to call it a "statement", because that would imply it had any content.  Instead, it was an extended set of comforting platitudes that boiled down to the same kind of self-certification used in the Safe Harbour agreement.  In other words, it was little more than empty promises that everything would be OK, just don't worry your pretty little heads about it.

One of the most worrisome parts came in the brief and superficial questions and answers that followed her words.  In it,  Malmström tried to allay growing fears about ISDS - which the French government has said it will not accept in TTIP - by pointing to the recently-concluded CETA agreement with Canada.  She claimed that the new and improved ISDS chapter there shows, once more, that there was nothing to worry about, etc. etc.

Of course, ISDS is such a technical area that is hard for most of us to evaluate that claim.  Fortunately, the indispensable Corporate Europe Observatory has carried out a detailed analysis of ISDS in CETA, and found that far from addressing the problems, it actually makes them worse:

In response to these widespread concerns the European Commission and the Canadian government have become increasingly defensive, and have begun a misleading propaganda drive. Their strategy: to appease the public by downplaying the risks of investment arbitration and to divert attention from the fundamental problems of the system by focusing on cosmetic reforms.

But a closer look at these “reforms” in the final CETA text (see Annex 2) shows that they will not “prevent any abuse of the investment protection rules and investor-state dispute settlement systems,” as the European Commission claims. On the contrary, CETA’s investor rights are arguably even more expansive than those in agreements such as NAFTA – most notably by protecting investors’ “legitimate expectations” under the so-called “fair and equitable treatment” clause and on investor-state disputes with regard to financial services (see Annexes 1 and 2). This is not surprising: the “reforms” are an echo chamber of what the business community has proposed to re-legitimise investor-state arbitration while leaving its problematic core intact.

The Annexes referred to provide detailed rebuttals in non-technical language of claims that ISDS has been improved in CETA.  Here's a sample. First, what the European Commissions claims:

Final award: A tribunal can award “only” monetary damages or restitution of property (Chapter 10, Article X.36). According to the EU this means that an order of a tribunal “cannot lead to the repeal of a measure adopted by Parliaments in the Union, a Member State or Canada.”

And here's what that actually means in practice:

This won’t stop governments from “voluntarily” repealing measures when a major lawsuit has been filed or threatened by a deep-pocketed company. Examples of such regulatory chill include the watering down of environmental controls for a coal-fired power plant when Germany settled a claim by Swedish energy company Vattenfall (see Box 2 on page 6) and New Zealand’s announcement that it will delay its plain-tobacco-packaging legislation until after Philip Morris’ claim against Australia’s anti-smoking rules has been resolved. This chilling effect on government regulation is arguably the main function of the global investment regime.

This latest report from Corporate Europe Observatory is an important contribution in the fight against the misleading comments being made by pro-TTIP politicians, both at the European and national levels.  They know that ISDS is in trouble as the public find out more about it, and are trying to fob people off with the promise that things will be better in TTIP, building on the claimed improvements present in CETA.

But there are no real improvements, just some textual fig leaves to give the appearance that concerns have been addressed.  If the European Commission and pro-TTIP politicians like David Cameron really want to save TTIP from massive rejection by the European public - the Stop TTIP petition has now reached 912,000 signatures - the only way to do that is to remove ISDS from TTIP, CETA and the new EU-Singapore free trade agreement completely.  Nothing else will do.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

No comments: