Abstract
With the increased role of data in societies, the interfaces between trade and privacy protection have become multiple and intensified, and raise important questions as to adequate regulatory design that can reconcile economic and non-economic concerns, national and international interests. This chapter is set against this complex backdrop and seeks to provide a better understanding and contextualization of the theme of data protection and its interfaces with global trade law. It addresses this task by looking first at the existing international, transnational, and selected national frameworks for privacy protection and briefly sketches their evolution over time. In a second step, the chapter explores the application of the rules of the World Trade Organization, which are still in a pre-internet state, to situations where privacy concerns are affected. The chapter then looks at the data-relevant rules that have emerged in free trade agreements with a focus on the reconciliation mechanisms that these treaties provide. The chapter concludes with an appraisal of the current state of affairs and some thoughts on the pros and cons of the available legal solutions for reconciling trade and privacy protection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The General Agreement on Tariffs and Trade (GATT) 1947 makes no reference to privacy and most of the free trade agreements up to very recently make no mention of it.
- 2.
- 3.
- 4.
OECD (1980).
- 5.
OECD (2013).
- 6.
- 7.
There are no clear definitions of small versus Big Data. Definitions vary and scholars seem to agree that the term of Big Data is generalized and slightly imprecise. One common identification of Big Data is through its characteristics of volume, velocity, and variety, also referred to as the “3-Vs”. Increasingly, experts add a fourth “V” that relates to the veracity or reliability of the underlying data. See Mayer-Schönberger and Cukier (2013), p. 13. For a brief introduction on Big Data applications and review of the literature, see Burri (2019).
- 8.
The Economist (2017).
- 9.
- 10.
Manyika et al. (2011).
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
Rubinstein (2013), p. 78.
- 17.
Tene and Polonetsky (2013).
- 18.
- 19.
- 20.
See Chander (2016), p. 2.
- 21.
- 22.
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”.
- 23.
The text of Art. 17 is identical with Art. 12 UDHR but the two sentences are framed as separate paragraphs.
- 24.
Diggelmann and Cleis (2014).
- 25.
UN Office of the High Commissioner for Human Rights (1988), para. 10.
- 26.
UN General Assembly (1990).
- 27.
UN General Assembly (1990), para. 6.
- 28.
Art. 8 “Right to respect for private and family life” reads: 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
- 29.
For a comprehensive guide to the jurisprudence, see European Court of Human Rights (2019).
- 30.
See e.g. European Union Agency for Fundamental Rights and Council of Europe (2018), pp. 15–16.
- 31.
OECD (2011), p. 7.
- 32.
OECD (1980).
- 33.
OECD (1980).
- 34.
OECD (2013).
- 35.
OECD (2013).
- 36.
APEC (2005).
- 37.
The APEC framework endorses similar to the OECD Privacy Guidelienes principles: (1) preventing harm; (2) notice; (3) collection limitations; (4) use of personal information; (5) choice; (6) intergrity of personal information; (7) security safeguards; (8) access and correction; and (9) accountability. Greenleaf (2004), pp. 16–18.
- 38.
- 39.
Waters (2009), pp. 74–89.
- 40.
Some scholars have argued that such soft law frameworks are nonetheless far-reaching, as their implemnetation depends on the power of reputational constraints as treaties do. See e.g. Brummer (2011), pp. 263–272.
- 41.
Art. 8 ECHR.
- 42.
Art. 8 “Protection of personal data” reads: 1. Everyone has the right to the protection of personal data concerning him or her; 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified; 3. Compliance with these rules shall be subject to control by an independent authority.
- 43.
European Court of Human Rights (2003) Refah Partisi (The Welfare Party) and Others v. Turkey. App Nos. 41340/98, 41342/98, 41343/98 and 41344/98. Grand Chamber Judgment of 13 February 2003.
- 44.
- 45.
See e.g. Brown and Korff (2014).
- 46.
Court of Justice of the European Union (2014) C-131/12.
- 47.
Court of Justice of the European Union (2015) C-362/14, [hereinafter Schrems I].
- 48.
Art. 5 GDPR specifies that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency); collected for specified, explicit and legitimate purposes (principle of purpose limitation); processing must also be adequate, relevant and limited to what is necessary (principle of data minimization); as well as accurate and, where necessary, kept up to date (principle of accuracy); data is to be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of storage limitation); data processing must be secure (principle of integrity and confidentiality); and the data controller is to be held responsible (principle of accountability).
- 49.
Art. 17 GDPR.
- 50.
Art. 12 GDPR.
- 51.
Arts 13, 14, 15 and 19 GDPR.
- 52.
Art. 20 GDPR.
- 53.
Arts 21 GDPR.
- 54.
Art. 22 GDPR.
- 55.
Art. 25 GDPR.
- 56.
Depending on the infringement, data protection authorities can impose fines up to 20’000’000 EUR, or in the case of an undertaking, up to 4% of its total worldwide annual turnover of the preceding financial year, whichever is higher. See Art. 83(5) and (6) GDPR.
- 57.
Art. 3(2) GDPR. Guidance to determine whether a controller or a processor is offering goods or services to EU data subjects is provided in Recital 23 GDPR, as well as in more detail by the EU data protection authority (see European Data Protection Board 2019).
- 58.
- 59.
The adoption of an adequacy decision involves a proposal from the European Commission; an opinion of the European Data Protection Board; an approval from representatives of EU countries; and the adoption of the decision by the European Commission. At any time, the European Parliament and the Council may request the European Commission to maintain, amend or withdraw the adequacy decision on the grounds that its act exceeds the implementing powers provided for in the regulation.
- 60.
Art. 45(1); Recital 103 GDPR.
- 61.
Art. 45(2); Recital 104 GDPR.
- 62.
Negotiations are ongoing with South Korea and many of the existing adequacy decisions are up to renewal.
- 63.
European Commission (2019).
- 64.
European Commission (2019), para. 175.
- 65.
Art. 46(1) GDPR.
- 66.
Drake (2017).
- 67.
- 68.
Downes (2016).
- 69.
Clarke et al. (2014), p. 158.
- 70.
The White House (2019).
- 71.
See e.g. Tourkochoriti (2016).
- 72.
For a great overview of US privacy laws, see Deckelboim (2017).
- 73.
Reidenberg (2000).
- 74.
See e.g. Weiss and Archick (2016).
- 75.
European Commission (2000).
- 76.
- 77.
Schrems I, para. 97.
- 78.
Schrems I, para. 86.
- 79.
Schrems I, paras. 93–95.
- 80.
Schrems I paras. 105–106.
- 81.
- 82.
European Commission (2016a), paras. 19–29 refer to the Notice Principle, Data Integrity and Purpose Limitation Principle, Choice Principle, Security Principle, Access Principle, Recourse, Enforcement and Liability Principle, and Accountability for Onward Transfer Principle. The principles are additionally detailed in Annex II attached to the Commission’s implementing decision.
- 83.
European Commission (2016a), para. 40.
- 84.
European Commission (2016a), paras. 43–63.
- 85.
European Commission (2016a), paras. 64−90.
- 86.
- 87.
European Commission (2016a), at paras. 90 and 124 citing the Schrems I judgment.
- 88.
Court of Justice of the European Union (2020) C-311/18.
- 89.
Court of Justice of the European Union (2020) C-311/18, para. 164.
- 90.
Court of Justice of the European Union (2020) C-311/18, paras. 168–185.
- 91.
Court of Justice of the European Union (2020) C-311/18, paras. 191–192.
- 92.
Court of Justice of the European Union (2020) C-311/18, paras. 193–197.
- 93.
- 94.
Art. XIV(b) GATS.
- 95.
- 96.
Art. XIV(c) GATS. For a commentary of Art. XIV GATS, see Cottier et al. (2008).
- 97.
Art. XIV(c)(ii) GATS.
- 98.
- 99.
- 100.
WTO Appellate Body (2000) [hereinafter Korea – Beef], para. 161.
- 101.
US – Gambling, para. 6.536; see also WTO Appellate Body (2015); WTO Panel (2015) [hereinafter Argentina – Financial Services], paras 7.655, 7.685, 7.727, referring to Korea – Beef, paras. 162, 163.
- 102.
- 103.
See US – Gambling, para. 78; WTO Appellate Body (2009) [hereinafter China – Publications and Audiovisual Products], para. 239.
- 104.
US – Gambling, para. 306; Argentina – Financial Services, para. 7.684.
- 105.
Argentina – Financial Services, para. 7.729 referring to US – Gambling, para. 308.
- 106.
Argentina – Financial Services, para. 7.743.
- 107.
US – Gambling, para. 351. In US – Gambling, the Appellate Body confirmed that the US ban on online gambling did not meet the requirement of the chapeau of Art. XIV GATS due to ambiguity in relation to the scope of one US statute, which appeared to permit domestic suppliers to have remote betting services for horse racing.
- 108.
- 109.
- 110.
European Commission (2000).
- 111.
- 112.
Irion et al. (2016), pp. 36−39.
- 113.
For instance, the recent Digital Economy Partnership Agreement (DEPA) between Chile, Singapore and New Zealand.
- 114.
Wunsch-Vincent (2003).
- 115.
The DR-CAFTA includes Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua and the Dominican Republic.
- 116.
This analysis is based on a dataset of all data-relevant norms in trade agreements (TAPED). See Burri and Polanco (2020) and http://unilu.ch/taped.
- 117.
- 118.
- 119.
As the OECD (OECD (2019a), p. 1) further clarifies: “the actual flow of data reflects individual firm choices: accessing the OECD library from Paris, for instance, actually means contacting a server in the United States (the OECD uses a US-based company for its web services). Moreover, with the cloud, data can live in many places at once, with files and copies residing in servers around the world”.
- 120.
For instance, Sen classifies data into personal data referring to data related to individuals; company data referring to data flowing between corporations; business data referring to digitised content such as software and audiovisual content; and social data referring to behavioural patterns determined using personal data (see Sen (2018), pp. 343–346). Aaronson and Leblond categorize data into personal data, public data, confidential business data, machine-to-machine data and metadata, although they do not specifically define each of these terms (see Aaronson and Leblond (2018)). The OECD has also tried to break data into different categories. See OECD (2019b).
- 121.
This chapter does not cover specific services sectors. For a more detailed analysis, see e.g. Burri (2020a).
- 122.
A similar wording is used in the 2008 Canada-Peru FTA, 2010 Hong-Kong-New Zealand FTA, the 2011 Korea-Peru FTA, the 2011 Central America-Mexico FTA, the 2013 Colombia-Costa Rica FTA, the 2013 Canada-Honduras FTA, the 2014 Canada-Korea FTA, and the 2015 Japan-Mongolia FTA. The 2007 South Korea-US FTA was the first agreement with more concrete language on data flows, albeit in a soft law form (Korea-US FTA, Art. 15.8).
- 123.
The Trans-Pacific Partnership Agreement, full text available at: https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/tpp-full-text [hereinafter TPP].
- 124.
Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore and Vietnam.
- 125.
See e.g. Ravenhill (2017).
- 126.
The Comprehensive and Progressive Agreement for Transpacific Partnership, full text available at: http://international.gc.ca/trade-commerce/trade-agreements-accords-commerciaux/agr-acc/cptpp-ptpgp/text-texte/index.aspx?lang=eng.
- 127.
- 128.
Art. 14.11(2) CPTPP.
- 129.
Art. 14.11(3) CPTPP.
- 130.
Art. 14.11(3) CPTPP.
- 131.
See the definition of “a covered person” in Art. 14.1, which is said to exclude a “financial institution” and a “cross-border financial service supplier”.
- 132.
The provision reads: “Each Party shall allow a financial institution of another Party to transfer information in electronic or other form, into and out of its territory, for data processing if such processing is required in the institution’s ordinary course of business”.
- 133.
Art. 14.8(3) CPTPP.
- 134.
Art. 19.11(2) CPTPP.
- 135.
Art. 19.11(2) CPTPP, footnote 5.
- 136.
Art. 8.81 EU-Japan EPA.
- 137.
See European Commission (2018).
- 138.
Art. II Jordan-US Joint Statement on Electronic Commerce.
- 139.
See e.g., Art. 10.8.5 and Art. 10.15(b) Brazil-Chile FTA; Art. 13.7(b) Canada-Korea FTA; Art. 13.10.2 Australia-Japan FTA; Art. 12.5(b) Chile-Colombia FTA; Art. 14.05(b) Nicaragua-Taiwan FTA; Art. 13.4(b) Panama-Singapore FTA; Art. 14.5(b) CAFTA-DR-US; Art. 15.5(b) Chile-US FTA.
- 140.
Art. 13.3.1(b)(i) Australia-Indonesia FTA; Art. 19.14.1(a)(i) USMCA; Art. 13.14(b)(i) Australia-Peru FTA; Art. 9.12(c)(i) Singapore-Sri Lanka FTA; Art. 9.9(c) Singapore-Turkey FTA; Art. 13.5 China-Korea FTA; Art. 16.6.2 Colombia-Costa Rica FTA; Art. 1506.2 Canada-Colombia FTA.
- 141.
Art. 30 Chile-EC AA.
- 142.
Art. 10.8.1(b) Korea-Vietnam FTA.
- 143.
Art. 30 Chile-EC AA.
- 144.
Art. 13.7.1 Australia-Indonesia FTA; Art. 10.2.5(f) and Art. 10.8.1 Brazil-Chile FTA; Art. 8.78.3 EU-Japan EPA; Art. 14.5.1 Central America-Korea FTA; Art. 16.2.2(e) Canada-Honduras FTA.
- 145.
Art. 14.8(2) CPTPP.
- 146.
Art. 14.8(2) CPTPP, footnote 6.
- 147.
Art. 14.8(5) CPTPP.
- 148.
Art. 19.8(2) USMCA.
- 149.
Art. 19.8(3) USMCA.
- 150.
Art.19.8(4) and (5) USMCA.
- 151.
- 152.
For a great analysis, see Chander et al. (2019).
- 153.
Chapter 6, Arts 61-65 Cameroon-EC Interim EPA; Chapter 6, Arts 197-201 CARIFORUM-EC EPA. Other agreements merely recognize principles for the collection, processing and storage of personal data such as: prior consent, legitimacy, purpose, proportionality, quality, safety, responsibility and information, but without developing this in detail: Art. 11.2.5(f) Argentina-Chile FTA, footnote 1; Art. 8.2.5(f) Chile-Uruguay FTA, footnote 3.
- 154.
Art. 8.54.2 EC-Singapore FTA; Understanding 3 Additional Customs-Related Provisions, Arts 9.2 and 11.1; Art. 10 of Protocol on Mutual Administrative Assistance on Custom Matters EC-Ghana EPA; Art. 10.2 of Protocol 5 on Mutual Administrative Assistance on Custom Matters Bosnia and Herzegovina-EC SAA; Art. 45 and Protocol No 7 Algeria EC Euro-Med Association Agreement.
- 155.
WTO (2019).
- 156.
See European Commission (2018).
- 157.
European Commission (2018) (emphases added).
- 158.
Yakovleva (2020) p. 496.
- 159.
Yakovleva (2020).
- 160.
Mattoo and Meltzer (2018).
- 161.
- 162.
References
Aaronson SA (2015) Why Trade Agreements are not setting information free: the lost history and reinvigorated debate over cross-border data flows, human rights and national security. World Trade Rev 14(4):671–700
Aaronson SA, Leblond P (2018) Another digital divide: the rise of data realms and its implications for the WTO. J Int Econ Law 21(2):245–272
Ahmed U (2019) The importance of cross-border regulatory cooperation in the Era of Digital Trade. World Trade Rev 18(S1):99–120
APEC (2005) APEC privacy framework. APEC Secretariat, Singapore
Bennett CJ, Bayley RM (2016) Privacy protection in the era of “big data”: regulatory challenges and social assessments. In: van der Sloot B, Broeders D, Schrijvers E (eds) Exploring the boundaries of big data. University of Amsterdam Press, Amsterdam, pp 205–227
Bollyky TJ, Mavroidis PC (2017) Trade, social preferences, and regulatory cooperation: the new WTO-think. J Int Econ Law 20(1):1–30
Bradford A (2020a) The Brussels effect. Northwest Univ Law Rev 107(1):1–68
Bradford A (2020b) The Brussels effect: how the European Union rules the world. Oxford University Press, Oxford
Brown I, Korff D (2014) Foreign surveillance: law and practice in a global digital environment. Eur Human Rights Law Rev 3:243–251
Brummer C (2011) How international financial law works (and how it doesn’t). Georgetown Law J 99(2):257–327
Bughin J et al (2016) Digital Europe: pushing the frontier, capturing the benefits. McKinsey Global Institute, Washington, DC
Burri M (2015) The international economic law framework for digital trade. Zeitschrift für Schweizerisches Recht 135(5):10–72
Burri M (2017) The governance of data and data flows in trade agreements: the pitfalls of legal adaptation. UC Davies Law Rev 51:65–132
Burri M (2019) Understanding the implications of big data and big data analytics for competition law: an attempt for a primer. In: Mathis K, Tor A (eds) New developments in competition behavioural law and economics. Springer, Berlin, pp 241–263
Burri M (2020a) Data flows and global trade law. In: Burri M (ed) Big data and global trade law. Cambridge University Press, Cambridge
Burri M (2020b) Telecommunications and media services in preferential trade agreements: path dependences still matter. In: Krajewski M, Hoffmann R (eds) European yearbook of international economic law: coherence and divergence in agreements on trade in services. Springer, Berlin
Burri M (2021) Towards a new treaty on digital trade. J World Trade 55(1)
Burri M, Polanco R (2020) Digital trade provisions in preferential trade agreements: introducing a new dataset. J Int Econ Law 23(1):187–220
Burri M, Schär R (2016) The reform of the EU data protection framework: outlining key changes and assessing their fitness for a data-driven economy. J Inf Policy 6:479–511
Bygrave LA (2014) Data privacy law: an international perspective. Oxford University Press, Oxford
Casalini F, López González J (2019) Trade and Cross-Border Data Flows. OECD Trade Policy Papers No. 220
Chander A (2016) National Data Governance in a Global Economy. UC Davis Legal Studies Research Paper: 495
Chander A, Lê UP (2015) Data nationalism. Emory Law J 64(3):677–739
Chander A, Kaminski ME, McGeveran W (2019) Catalyzing privacy law. University of Colorado Law Legal Studies Research Paper, pp 19–25
Clarke RA et al (2014) The NSA report: liberty and security in a changing world. Princeton University Press, Princeton, NJ
Cohen JE (2013) What privacy is for. Harv Law Rev 126:1904–1933
Cottier T, Delimatsis P, Diebold N (2008) Article XIV GATS: general exceptions. In: Wolfrum R et al (eds) Max Planck commentaries on World Trade law: trade in services, vol 6. Martinus Nijhoff Publishers, Leiden, pp 287–328
Council of Europe (2017) Guidelines on the Protection of Individuals with Regard to the Processing of Personal Data in a World of Big Data. Strasbourg. T-PD(2017)01. 23 January 2017
Deckelboim SJ (2017) Consumer privacy on an international scale: conflicting viewpoints underlying the EU-U.S. Privacy shield framework and how the framework will impact privacy advocates, national security, and businesses. Georgetown J Int Law 48:263–296
Delimatsis P (2010) The puzzling interaction of trade and public morals in the digital Era. In: Burri M, Cottier T (eds) Trade governance in the digital age. Cambridge University Press, Cambridge, pp 276–296
Diggelmann O, Cleis MN (2014) How the right to privacy became a human right. Hum Rights Law Rev 14(3):441–458
Downes L (2016) The Business Implications of the EU-U.S. “Privacy Shield”. Harv Bus Rev. 10 February 2016. https://hbr.org/2016/02/the-business-implications-of-the-eu-u-s-privacy-shield
Drake G (2017) Navigating the Atlantic: understanding EU data privacy compliance Amidst A sea of uncertainty. South Calif Law Rev 91(1):163–194
European Commission (2000) Commission Decision 2000/520/EC of 26 July 2000 Pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequacy of the Protection Provided by the Safe Harbour Privacy Principles and Related Frequently Asked Questions Issued by the US Department of Commerce. OJ [2000] L 215/7
European Commission (2016a) Commission Implementing Decision of 12 July 2016 Pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequacy of Protection Provided by the EU-US Privacy Shield. C(2016) 4176 final. 12 July 2016
European Commission (2016b) EU-US Privacy Shield: Frequently Asked Questions. MEMO/16/434. Brussels. 29 February 2016
European Commission (2018) Horizontal Provisions for Cross-Border Data Flows and for Personal Data Protection in EU Trade and Investment Agreements. https://trade.ec.europa.eu/doclib/docs/2018/may/tradoc_156884.pdf
European Commission (2019) Commission Implementing Decision 2019/419 of 23 January 2019 Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the Adequate Protection of Personal Data by Japan under the Act on the Protection of Personal Information. OJ L [2019] 76
European Court of Human Rights (2019) Guide on Article 8 of the European Convention on Human Rights: Right to Respect for Private and Family Life, Home and Correspondence. Council of Europe, Strasbourg
European Data Protection Board (2019) Guidelines 3/2018 on the Territorial Scope of the GDPR. Version 2.0. 12 November 2019
European Union Agency for Fundamental Rights and Council of Europe (2018) Handbook on European Data Protection Law. Publications Office of the European Union, Luxembourg
Farrell H (2003) Constructing the international foundations of E-Commerce – the EU-US Safe Harbor Arrangement. Int Organ 57(2):277–306
Ferracane MF (2020) The costs of data protectionism. In: Burri M (ed) Big data and global trade law. Cambridge University Press, Cambridge
Gasser U (2016) Recoding privacy law: reflections on the future relationship among law, technology, and privacy. Harv Law Rev 130(2):61–70
Greenleaf G (2004) The APEC privacy initiative: “OECD Lite” for the Asia-Pacific? Privacy Laws Bus Int Newslett 71
Henke N et al (2016) The age of analytics: competing in a data-driven world. McKinsey Global Institute, Washington, DC
Howse R (2002) The appellate body rulings in the shrimp/turtle case: a new legal baseline for the trade and environment debate. Columbia J Environ Law 27(2):491–521
Irion K, Williams J (2019) Prospective policy study on artificial intelligence and EU Trade Policy. The Institute for Information Law, Amsterdam
Irion K, Yakovleva S, Bartl M (2016) Trade and privacy: complicated bedfellows? How to achieve data protection-proof Free Trade Agreements. Institute for Information Law, Amsterdam
Jackson JH (1989) The world trading system: law and policy of international economic relations. MIT Press, Cambridge
Jackson JH (1998) The World Trade Organization: constitution and jurisprudence. Royal Institute of International Affairs, London
Jackson JH, Davey WJ, Sykes AO (1995) Legal problems of international economic relations. West Group, St. Paul, MN
Kuner C (2011) Regulation of transborder data flows under data protection and privacy law: past, present and future. OECD Digital Economy Paper: 187
Kuner C (2012) The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law. Bloomberg BNA Privacy and Security Law Report
Kuner C (2016) Reality and illusion in EU data transfer regulation post schrems. German Law J 18(4):881–918
Lynskey O (2015) The foundations of EU data protection law. Oxford University Press, Oxford
MacDonald DA, Streatfeild CM (2014) Personal data privacy and the WTO. Houston J Int Law 36(3):625–652
Manyika J et al (2011) Big data: the next frontier for innovation, competition, and productivity. McKinsey Global Institute, Washington, DC
Mattoo A, Meltzer JP (2018) International data flows and privacy: the conflict and its resolution. J Int Econ Law 21(4):760–789
Mayer-Schönberger V, Cukier K (2013) Big data: a revolution that will transform how we live, work, and think. Eamon Dolan/Houghton Mifflin Harcourt, New York
OECD (1980) Guidelines for the protection of personal information and transborder data flows. OECD Publishing, Paris
OECD (2011) The evolving privacy landscape: 30 years after the OECD privacy guidelines. OECD Digital Economy Papers No. 176
OECD (2013) The OECD privacy framework: supplementary explanatory memorandum to the revised OECD privacy guidelines. OECD Publishing, Paris
OECD (2019a) Trade and Cross-Border Data Flows. Trade Policy Papers: 220
OECD (2019b) Data in the digital age. OECD Going Digital Policy Note. OECD Publishing, Paris. www.oecd.org/going-digital/data-in-the-digital-age.pdf. Accessed 4 August 2020
Ohm P (2010) Broken promises of privacy: responding to the surprising failure of anonymization. UCLA Law Rev 57(6):1701–1778
Pan SB (2016) Get to know me: protecting privacy and autonomy under big data’s penetrating gaze. Harv J Law Technol 30(1):239–261
Ravenhill J (2017) The political economy of the trans-pacific partnership: a “21st Century” trade agreement? New Polit Econ 22(5):573–594
Reidenberg JR (2000) Resolving conflicting international data privacy rules in cyberspace. Stanf Law Rev 52(5):1315–1371
Richards NM, King JH (2014) Big data ethics. Wake Forest Law Rev 49(2):393–432
Rotenberg M (2016) Privacy law sourcebook 2016: United States Law, international law, and recent developments. Electronic Privacy Information Center, Washington, DC
Rubinstein IS (2013) Big data: the end of privacy or a new beginning? Int Data Privacy Law 3(2):74–87
Scholz LH (2019) Big data is not big oil: the role of analogy in the law of new technologies. Tennessee Law Rev 86:863–893
Schwartz PM (2013a) Information privacy in the cloud. Univ Pa Law Rev 161(6):1623–1662
Schwartz PM (2013b) The EU-US privacy collision: a turn to institutions and procedures. Harv Law Rev 126:1966–2009
Schwartz PM, Solove DJ (2011) The PII problem: privacy and a new concept of personally identifiable information. New York Univ Law Rev 86(6):1814–1894
Schwartz PM, Solove DJ (2014) Reconciling personal information in the United States and European Union. California Law Rev 102(4):877–916
Sen N (2018) Understanding the role of the WTO in international data flows: taking the liberalization or the regulatory autonomy path? J Int Econ Law 21(2):323–348
Taylor RD (2020) “Data localization”: the internet in the balance. Telecommun Policy 44(8):102003
Tene O, Polonetsky J (2013) Big data for all: privacy and user control in the age of analytics. Northwest J Technol Intellect Prop 11(5):239–273
Tene O, Wolf C (2013) Overextended: Jurisdiction and Applicable Law under the EU General Data Protection Regulation. Future of Privacy Forum White Paper
The Economist (2017) The World’s Most Valuable Resource Is No Longer Oil, but Data. Print Edition. 6 May 2017
The Royal Society (2017) Machine learning: the power and promise of computers that learn by example. The Royal Institute, London
The White House (2014) Big data: seizing opportunities, preserving values. Executive Office of the President, Washington, DC
The White House (2019) Guidance for Regulation of Artificial Intelligence Applications. Memorandum for the Heads of Executive Department and Agencies. Washington, DC
Tourkochoriti I (2016) Speech, privacy and dignity in France and in the USA: a comparative analysis. Loyola Los Angeles Int Comp Law Rev 38(2):217–296
UN General Assembly (1990) Resolution 45/95 of 14 December 1990
UN Office of the High Commissioner for Human Rights (1988) General Comment No. 16: Article 17 (Right to privacy). The Right to Respect of Privacy, Family, Home and Correspondence, and Protection of Honour and Reputation. Adopted at the Thirty-Second Session of the Human Rights Committee, on 8 April 1988
United States International Trade Commission (2013) Digital Trade in the US and Global Economies. Part 1, Investigation No 332–531. USITC. Washington, DC
United States International Trade Commission (2014) Digital Trade in the US and Global Economies. Part 2, Investigation No 332–540. USITC. Washington, DC
Waters N (2009) The APEC Asia-Pacific Privacy initiative: a new route to effective data protection or a Trojan Horse for self-regulation. SCRIPTed: A J Law Technol Soc 6(1):75–89
Weber RH (2012) Regulatory autonomy and privacy standards under the GATS. Asian J WTO Int Health Law Policy 7(1):25–48
Weiss MA, Archick K (2016) U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield. Congressional Research Service Report 7-5700. Washington, DC
Whitman JQ (2004) The two Western cultures of privacy: dignity versus liberty. Yale Law J 113(6):1151–1221
Willemyns I (2020) Agreement forthcoming? A comparison of EU, US, and Chinese RTAs in times of plurilateral E-Commerce negotiations. J Int Econ Law 23(1):221–244
Wolfrum R, Stoll PT, Hestermeyer HP (eds) (2011) WTO – Trade in goods. Martinus Nijhoff Publishers, Leiden
WTO (2018) World Trade Report 2018: the future of world trade: how digital technologies are transforming global commerce. World Trade Organization, Geneva
WTO (2019) Joint Statement on Electronic Commerce, EU Proposal for WTO Disciplines and Commitments Relating to Electronic Commerce. Communication from the European Union. INF/ECOM/22. 26 April 2019
WTO Appellate Body (1996) WTO Appellate Body Report, United States – Standards for Reformulated and Conventional Gasoline, WT/DS2/AB/R, adopted 29 April 1996
WTO Appellate Body (1998) WTO Appellate Body Report, United States – Import Prohibition of Certain Shrimp and Shrimp Products, WT/DS58/AB/R, adopted 12 October 1998
WTO Appellate Body (2000) WTO Appellate Body Report, Korea – Measures Affecting Imports of Fresh, Chilled and Frozen Beef, WT/DS161/AB/R, WT/DS169/AB/R, adopted 11 December 2000
WTO Appellate Body (2001) WTO Appellate Body Report, US – Import Prohibitions of Certain Shrimp and Shrimp Products (Recourse to Article 21.5 DSU by Malaysia), WT/DS58/AB/RW, adopted 22 October 2001
WTO Appellate Body (2005) Appellate Body Report, United States – Measures Affecting the Cross-Border Supply of Gambling and Betting Services (US – Gambling), WT/DS285/AB/R, adopted 7 April 2005
WTO Appellate Body (2007) WTO Appellate Body Report, Brazil – Measures Affecting Imports of Retreaded Tyres, WT/DS332/AB/R, adopted 3 December 2007
WTO Appellate Body (2009) Appellate Body Report, China – Measures Affecting Trading Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products, WT/DS363/AB/R, adopted 21 December 2009
WTO Panel (2015) WTO Panel Report, Argentina – Financial Services, WT/DS453/R, adopted 30 September 2015
Wu M (2008) Free Trade and the protection of public morals: an analysis of the newly emerging public morals clause Doctrine. Yale J Int Law 33(1):215–252
Wunsch-Vincent S (2003) The Digital Trade Agenda of the US: parallel tracks of bilateral, regional and multilateral liberalization. Aussenwirtschaft 58(1):7–46
Yakovleva S (2020) privacy protection(ism): the latest wave of trade constraints on regulatory autonomy. Univ Miami Law Rev 74(2):416–519
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Burri, M. (2021). Data Flows versus Data Protection: Mapping Existing Reconciliation Models in Global Trade Law. In: Mathis, K., Tor, A. (eds) Law and Economics of Regulation. Economic Analysis of Law in European Legal Scholarship, vol 11. Springer, Cham. https://doi.org/10.1007/978-3-030-70530-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-70530-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-70529-9
Online ISBN: 978-3-030-70530-5
eBook Packages: Law and CriminologyLaw and Criminology (R0)