Introduction

Naef, Tobias

doi:10.1007/978-3-031-19893-9_1

Tobias Naef ORCID: orcid.org/0000-0002-5101-5152²⁶

Part of the book series: European Yearbook of International Economic Law ((EYIELMONO,volume 28))

3367 Accesses

Abstract

Data protection is an area where fundamental rights collide with trade policy. Personal data has become an essential asset for the digital economy. Consequently, the free flow of personal data across borders has been described as a “new battleground” for states trying to protect their vital economic and non-economic interests—especially now that trade negotiations are shifting to digital trade. There is a deep disagreement about when data protection should be considered data protectionism. This research explores EU-style data protection and shows where the line between data protection and data protectionism in international trade law currently is, and how it can, or should be redrawn.

You have full access to this open access chapter, Download chapter PDF

1.1 Framing

Data protection is an area where fundamental rights collide with trade policy. Personal data has become an essential asset for the digital economy.^{Footnote 1} Consequently, the free flow of personal data across borders has been described as a “new battleground” for states trying to protect their vital economic and non-economic interests—especially now that trade negotiations are shifting to digital trade.^{Footnote 2}

The conflict over data protection and trade first crystallized in the transatlantic relations between Europe and the United States (US). From the outset, the US has been concerned with trade barriers erected by rules regulating the cross-border flow of personal data in European countries. As early as 1978, the Director of the White House Office of Telecommunications Policy, John Eger, wrote that “there is the danger, of course, that these new laws will be used not only to protect just privacy but also to protect domestic economic interests.”^{Footnote 3} As efforts to harmonize data protection within the European Communities (EC) progressed, the US rhetoric about its motives has been ratcheted up.^{Footnote 4} Ira Magaziner, who was responsible for electronic commerce issues in the administration of US President Bill Clinton, stated in 1998 that “we in the U.S. don’t recognize an extraterritorial attempt to shut down the electronic flow of data between countries. According to the principles of international trade, I think that’s a violation of WTO rules.”^{Footnote 5}

Spiros Simitis––one of the pioneers of European regulatory policy in the field of data protection and the first titled “data protection officer”––famously countered these allegations in an interview with the New York Times in 1999 by referring to another high-profile trade dispute between the US and the EC over the European banana import regime: “Americans still have the illusion that they can change the [data protection] directive, but they can’t … This is not bananas we are talking about … This is about what we consider a fundamental claim to privacy, and therefore there is a limit to compromise.”^{Footnote 6} Nevertheless, US political attacks on EU data protection has not subsided, even after Edward Snowden revealed in 2013 the extent of US mass surveillance.^{Footnote 7} In the runup to the adoption of the General Data Protection Regulation (GDPR)^{Footnote 8} in 2016, US President Barack Obama said in an interview with Re/code that EU “roadblocks” for cross-border flows of personal data to the US are not always entirely sincere because European countries intend to displace US companies with European companies.^{Footnote 9} In essence, the US narrative has always been that EU data protection rules are a form of data protectionism.^{Footnote 10}

In spite––or maybe because––of this, the EU began to express disapproval of impediments to the free flow of data across borders.^{Footnote 11} EU Commissioner for Trade Cecilia Malström noted in 2016 that “in the digital age, restrictions on cross-border data flows inhibit trade of all kinds, and may amount to ‘digital protectionism’.”^{Footnote 12} However, the EU’s opposition to digital or data protectionism is on a wholly different trajectory than its regard for the fundamental right to data protection. The European Commission has been careful to exclude its data protection regime from a protectionism narrative. In a communication from 2017 on exchanging and protecting personal data in a globalized world, the Commission highlighted that “European companies operating in some third countries are increasingly faced with protectionist restrictions that cannot be justified with legitimate privacy considerations.”^{Footnote 13} Nonetheless, this reference to “legitimate considerations” highlights that even from a European perspective, privacy and data protection are sometimes used as a disguise for protectionist policies.^{Footnote 14} In the end, while many states recognize, at least on paper, that data protection and privacy are important values, they diverge quite jarringly on what the correct level or design of such protection should be.^{Footnote 15} There is a deep disagreement about when data protection should be considered data protectionism. This research explores EU-style data protection, its application to cross-border flows of personal data, and its consequences.

The key to legally explaining the conflict over data protection and trade in the EU is the right to data protection enshrined in Article 8 Charter of Fundamental Rights (Charter, CFR).^{Footnote 16} This research provides a new account of the right to data protection with regard to cross-border flows of personal data. Crucially, the right to data protection has an extraterritorial dimension that is independent from the legal data transfer mechanisms provided by secondary Union law. I suggest that there is an unwritten constituent part of the right to data protection in Article 8 CFR, which mandates continuous protection of all personal data transferred from the EU to third countries. This extraterritorial dimension of the right to data protection also requires a new investigation of the restrictions placed on the free flow of personal data by the EU.

Even if restrictions on the free flow of personal data are deeply rooted in the protection of fundamental rights, they can still constitute barriers to international trade as regulated by the World Trade Organization (WTO). So far, data protection has not been subject to dispute settlement proceedings at the WTO. Consequently, this research also provides a precise legal assessment of the EU’s fundamental rights-based regulation of data transfers and its resulting restrictions on cross-border flows of personal data in a hypothetical challenge at the WTO. I argue that the scope for regulating data protection in accordance with WTO law is wider than expected from the previous jurisprudence of the WTO’s adjudicative bodies on other public policy objectives.^{Footnote 17} Nevertheless, I also show that even a delicately crafted and rule-based system of data transfers must be carefully managed in order to comply with the rules of the WTO.

Given its importance for digital trade, the free flow of personal data across borders is the subject of multiple, current negotiations in international trade law.^{Footnote 18} While multilateral trade negotiations at the WTO move slow and compromise is increasingly more difficult, bilateral and regional trade agreements have become an important forum in which topics such as cross-border flows of personal data can be addressed. Indeed, bilateral and regional trade agreements have compensated in several ways the lack of progress at the WTO.^{Footnote 19} The challenge for the EU is to safeguard its fundamental rights-based regulation of data transfers in these negotiations. This research also explores and offers the legal requirements for a data flow clause in EU trade agreements. I ultimately suggest four possible designs for such a data flow clause in EU trade agreements. All in all, the intention of this research is to show—using the example of EU law—where the line between data protection and data protectionism in international trade law currently is, and how it can, or should be redrawn.

1.2 Questions

The right to data protection in Article 8 CFR has been in force since 2009. Many aspects of this innovative fundamental right have yet to be extensively explored.^{Footnote 20} One of the topics that has received little attention to date is the relationship between the right to data protection in Article 8 CFR and cross-border flows of personal data. The existing research is often limited to short explanations of how the legal mechanisms for the transfer of personal data in the GDPR, or its predecessor Directive 95/46/EC,^{Footnote 21} should be interpreted in light of Article 8 CFR.^{Footnote 22} Commentaries on the Charter do not usually address the implications of the right to data protection for the cross-border free flow personal data.^{Footnote 23} Consequently, the first question this research seeks to answer is: Does the right to data protection in Article 8 CFR protect individuals in the EU in cases in which their personal data is transferred to third countries for processing?

The second research question focuses on the effect of the protection afforded by the right to data protection in Article 8 CFR for cross-border flows of personal data. Chapter V GDPR includes multiple different legal mechanisms for enabling the transfer of personal data to third countries. These include: adequacy decisions from the European Commission according to Article 45 GDPR, instruments providing appropriate safeguards in Article 46 GDPR, and the derogations in Article 49 GDPR. The use of these mechanisms must fully incorporate the protection afforded by Article 8 CFR, which can lead to restrictions on the free flow of personal data from the EU to third countries. The research question is thus what kind of restrictions are imposed on cross-border flows of personal data because of Article 8 CFR and the legal mechanisms for data transfers in Chapter V GDPR?

The conflict over data protection and trade is not new. Both data protection law and WTO law have been around for more than 20 years. The coexistence of these two legal disciplines has been subject so some scholarly debate.^{Footnote 24} However, little attention has been paid to the intricacies of EU-style data protection. It mostly circled around the now defunct Safe Harbor Agreement between the EU and the US.^{Footnote 25} Corresponding to the rising prominence of data protection law, the issue has been taken up more frequently in recent years.^{Footnote 26} Nevertheless even here, the importance of the fundamental right to data protection in Article 8 CFR has not been sufficiently analyzed in the EU regulation of data transfers as the subject of the analysis under WTO law. The third research question thus relates to the coexistence of EU data protection law and WTO law on trade in services: Is the fundamental rights-based regulation of data transfers in the EU compatible with the obligations of WTO members in the General Agreement on Trade in Services (GATS)?^{Footnote 27}

The fourth and final research question addresses the coexistence of EU data protection law and data flow clauses in bilateral and regional trade agreements. The inclusion of provisions regulating the cross-border flow of personal data in trade agreements has not yet been studied systematically. The issue is usually mentioned briefly as part of explanations of the challenges for the regulation of digital trade in bilateral and regional trade agreements, but the discussion is minimal.^{Footnote 28} Some examples include: studies that briefly discuss the difficulties of including data protection in trade agreements;^{Footnote 29} studies addressing regulatory cooperation for the protection of personal data in trade agreements;^{Footnote 30} and studies that focus on the different positions during the negotiations of the so-called “mega-regional trade agreements” such as the Transatlantic Trade and Investment Partnership (TTIP), the Trade in Services Agreement (TiSA) or the Trans-Pacific Partnership (TPP).^{Footnote 31} Yet, there has been no analysis of the legal requirements for data flow clauses included in EU trade agreements and there have been no alternative suggestions for the design of such clauses. In addition, the EU horizontal model data flow clauses, which the European Commission endorsed in 2018, have not been the subject of much scientific debate either.^{Footnote 32} The final research question is thus how the fundamental rights-based regulation of data transfers in the EU can be accommodated in the bilateral and regional trade agreements of the EU?

1.3 Structure

In terms of the structure, this book consists of two main parts. The first part is dedicated to EU data protection law while the second part covers international trade law. The two parts are both further divided into two main chapters each (plus a preliminary chapter in the form of this introduction and a final chapter in the form of an epilogue). The four main chapters each address one of the four research questions raised above.

Chapter Two discusses the global reach of the right to data protection in Article 8 CFR. It outlines the substance of the right to data protection and introduces the extraterritorial dimension of this fundamental right as an unwritten constituent part of Article 8 CFR. The chapter then focuses on foreign internet surveillance, which is the most important field of application for the extraterritorial dimension of the right to data protection. Chapter Three explores the restrictions imposed on cross-border flows of personal data by the EU. It describes the legal mechanisms for the transfer of personal data in the GDPR and sets out how the extraterritorial dimension of the right to data protection must be applied to the three legal mechanisms set out in the GDPR. Chapter Four assesses the compatibility of the EU’s fundamental rights-based regulation of data transfers with WTO law. The chapter explains why international trade in services requires cross-border flows of data, and––against this background––shows where the regulation of data transfers in the EU constitutes a trade barrier, and whether such barriers can be justified according to the GATS. Finally, Chapter Five investigates how data flow clauses can be integrated in EU bilateral and regional trade agreements. The chapter offers four suggestions for the design of data flow clauses that entail a commitment to the cross-border flow of personal data while respecting the EU’s fundamental rights. The chapter also criticizes the horizontal data flow clauses that were adopted by the European Commission in 2018 as a model for future trade agreements of the EU. Chapter Six concludes the book with an epilogue.

1.4 Method

The book applies the doctrinal legal research method.^{Footnote 33} This method can be defined as “research which provides a systematic exposition of the rules governing a particular legal category, analyses the relationship between rules, explains areas of difficulty and, perhaps, predicts future developments.”^{Footnote 34} In practice, the analysis of the case law of the competent courts and adjudicative bodies is of the utmost importance. In the field of EU law, the relevant case law primarily comes from the European Court of Justice (ECJ). The opinions of the Advocates General (AG), which are produced before the ECJ makes its decision and serve as an orientation for the Court, are also crucial.^{Footnote 35} AG opinions often provide further analysis of the legal issues at stake and provide valuable insights for doctrinal legal research.^{Footnote 36} Where necessary, the case law of the European Court of Human Rights (ECtHR) is also taken into account. The ECtHR deals with data protection––in the absence of a specific right to data protection enshrined in the European Convention of Human Rights (ECHR)^{Footnote 37}––under the right to private life in Article 8 ECHR.^{Footnote 38} The case law on Article 8 ECHR of the ECtHR is relevant for EU law because the Charter contains an identical right to private life in Article 7 CFR. According to Article 52(3) CFR, as long as the Charter contains rights that correspond to rights guaranteed by the ECHR, then the meaning and scope of those rights should be the same as those laid down by the ECHR.^{Footnote 39} In the field of international trade law, the relevant case law comes from WTO panels and the Appellate Body (AB). It must be noted, however, that the reports of WTO panels and the AB are only legally binding on the parties involved in the litigation and do not constitute binding precedents for other disputes, even if the same question of WTO law arises in the future.^{Footnote 40} In short, there is no rule of stare decisis in WTO dispute settlement that can bind the adjudicative bodies in subsequent cases.^{Footnote 41} Nevertheless, the AB has underlined that the fact that AB reports are only legally binding on the parties to a dispute “does not mean that subsequent panels are free to disregard the legal interpretations and the ratio decidendi contained in previous Appellate Body reports.”^{Footnote 42} The reports of WTO panels and the AB therefore provide relevant guidance to address the research question concerning WTO law.

Where the meaning of rules must be determined in this book, the appropriate instruments for interpreting the law are applied. In the interpretation of EU law, the four classical methods of interpretation can be used: historical interpretation, literal interpretation, systematic interpretation, and teleological interpretation.^{Footnote 43} The ECJ emphasizes that “in interpreting a provision of EU law, it is necessary not only to refer to its wording but also to consider its context and the objectives of the legislation of which it forms part, and in particular the origin of that legislation.”^{Footnote 44} There is no formal hierarchy among the methods of interpretation in EU law, but it is evident from the case law of the ECJ and extrajudicial writings of AGs and judges of the ECJ that the Court often gives high importance to teleological considerations.^{Footnote 45} The importance of teleological interpretation for EU law is reflected in this book.

The interpretation of terms in international law follows the customary rules of interpretation in Article 31 and Article 32 Vienna Convention on the Law of Treaties (VCLT).^{Footnote 46} In the realm of WTO law, Article 3.2 Dispute Settlement Understanding (DSU) refers to these customary rules of interpretation.^{Footnote 47} Article 31(1) VCLT provides the general rule of interpretation and requires that a treaty must be interpreted in good faith in accordance with the ordinary, contextual meaning of the terms of the treaty and in the light of the treaty’s object and purpose.^{Footnote 48} Article 32 VCLT states that recourse to supplementary means of interpretation, including the preparatory work of the treaty and the circumstances of its conclusion, may be used when the interpretation according to Article 31 VCLT leaves the meaning ambiguous or obscure, or leads to a result which is manifestly absurd or unreasonable.^{Footnote 49} While the purpose, or teleology of the law, is of paramount importance for the interpretation of EU law, a sovereignty-oriented reading with a focus on the literal interpretation is essential in international law.^{Footnote 50} That does not mean, however, that the interpretation of WTO law does not offer any flexibility for new developments. The AB specifically held that

WTO rules are not so rigid or so inflexible as not to leave room for reasoned judgments in confronting the endless and ever-changing ebb and flow of real facts in real cases in the real world. They will serve the multilateral trading system best if they are interpreted with that in mind.^{Footnote 51}

This book critically examines the essential features of the legal rules in question and the corresponding case law to provide alternative interpretations of those rules where appropriate, and then to combine and synthesize the relevant elements to establish an arguably correct and complete statement of the law.^{Footnote 52} In addition, three methodological specifics deserve mention:

First, the right to data protection in Article 8 CFR is examined in the context of the historical development of legal data protection in Europe. Here, the project benefits significantly from the research by Gloria González Fuster, whose work has described the emergence of personal data protection as a fundamental right of the EU in great detail.^{Footnote 53} Given this historical context, the need for an interpretation of this fundamental right in the light of technological developments becomes apparent. This need can also be found in the Preamble of the Charter. An interpretation in the light of technological developments is of central importance for the construction of the extraterritorial dimension of the right to data protection. In the age of the internet, when personal data flows across territorial borders on an unprecedented scale, this need is even more important. Furthermore, this book identifies the underpinning values of data protection and shows that they are equally applicable to the protection of personal data in a transnational context.

Second, this research conducts a fundamental rights compatibility analysis of data transfers based on the different legal mechanisms in Chapter V GDPR. This analysis demonstrates and explains the restrictions that are required by the EU on cross-border flows of personal data from the perspective of fundamental rights. The requirements for limitations on fundamental rights in EU law can be found in Article 52(1) CFR:

Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.^{Footnote 54}

The analysis offered in this book is more detailed than the analysis by the ECJ in the data transfer case Schrems 2.^{Footnote 55} An important difference with the analysis of the ECJ results from my argument that the interference with the right to data protection in Article 8 CFR should be legally located in the EU when personal data is transferred to a third country, rather than in the rules, measures, and actions of the third countries.^{Footnote 56} This changes the analysis insofar as the interference with the right to data protection––i.e., the transfer of personal data in question––cannot be justified with the same objectives of general interest or the same need to protect the rights and freedoms of others as is possible when the interference is found, for example, in the access of foreign intelligence agencies to transferred personal data.

Third, this research project makes concrete proposals de lege ferenda on how to design data flow clauses for future EU trade agreements. The four proposals each include a commitment to cross-border flows of personal data. For this reason, these proposals stand in contrast to the model data flow clauses endorsed by the European Commission in 2018.^{Footnote 57} The underlying assumptions these proposals rest on––which is also reflected in title of this book––are: first, cross-border flows of personal data are important for the global economy and are of benefit to individuals and the larger society, but the fundamental rights-based regulation of data transfers and the resulting restrictions on data transfers are equally important to protect and guarantee the privacy of individuals, their right to informational self-determination, the transparency of data processing operations, and democracy. Second, international cooperation in the field of data protection and international commitments to cross-border flows of personal data are important both to strengthen data protection and to combat data protectionism as long as data flow clauses in trade agreements leave enough room for genuine data protection considerations. This is why my proposals all respect the extraterritorial dimension of the right to data protection in Article 8 CFR and accommodate the legal mechanisms for data transfers in Chapter V GDPR.

Notes

1.
See UNCTAD (2019), pp. 29–30, for a description of the monetization of personal data including cross-border data flows.
2.
Burri (2017b), p. 408. The Financial Times referred to “EU trade data flows” as the new GMOs, referring to a long-lasting and high-profile trade dispute between the US and the EC over the European moratorium on the approval of genetically modified biotech products. See Beatie (2017).
3.
Eger (1979), p. 1066.
4.
Bennett and Raab (2006), p. 87; Madsen (1992), p. 26.
5.
See Shaffer (2000), p. 56; Farrell (2002), p. 116; Swire and Litan (1998), p. 189, who refer to comments of Ira Magaziner at a conference of the Brookings Institution and the Cato Institute on 6 February 1998 as reported by Declan McCullagh for the Netly News.
6.
The remark is cited in Edmund (1999) [emphasis added].
7.
The journalists Glenn Greenwald, Ewen MacAskill, Barton Gellman and Laura Poitras broke the story on 7 June 2013. See Greenwald and MacAskill (2013); Gellman and Poitras (2013).
8.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1.
9.
Kara Swisher Interviews President Barack Obama on Cyber Security, Privacy and His Relationship With Silicon Valley. Swisher (2015).
10.
Aaronson (2019), pp. 557–562; Schwartz and Pfeifer (2017), p. 118; Farrell and Newman (2016); Aaronson (2015), p. 674; USITC (2013), pp. 5-1, 5-2. However, there are other voices as well in the US. Former Commissioner of the FTC Julie Brill stated that “in some quarters in the United States, there has been suspicion that discussions about privacy in Europe were veiled attempts at protectionism. I believe the Schrems decision should put those suspicions to rest. The decision crystallizes what has been clear—or should have been clear—for a long time about privacy in Europe: it is a fundamental right that Europeans and their Court take very seriously.” Brill (2015), p. 4.
11.
In a communication on digital trade from 2015, the European Commission contended that “European companies still face significant barriers around the world, such as non-transparent rules, government interference, unjustified data localization and data storage requirements.” European Commission (2015), p. 7.
12.
European Commission (2016).
13.
European Commission (2017), p. 3.
14.
See Burri (2017b), p. 448; Chander and Le (2015), p. 448.
15.
Yakovleva (2020), p. 476; Schwartz and Peifer (2017), pp. 178–179; Aaronson (2015), pp. 682–683.
16.
Charter of Fundamental Rights of the European Union [2012] OJ C 326/391.
17.
So far, only one of all the cases that reached the adjudicative stage of WTO dispute settlement satisfied all the standards of the general exceptions. See WTO Panel Report, EC – Asbestos, para. 8.240; cp. Public Citizen (2015), pp. 5–6.
18.
On 25 January 2019, 76 members of the WTO started negotiations on electronic commerce. See WTO (2019). The parties to these negotiations include countries that have different domestic policy priorities and approaches to data protection. Sen (2018), pp. 339–341.
19.
Burri (2017a), p. 101.
20.
González Fuster (2014), p. 205.
21.
Directive 95/46/EC of the European Parliament and Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281/31.
22.
See, e.g., Kuner (2020), p. 757, 802; Drechsler (2019), para. 10; Wagner (2018), p. 323.
23.
See Riesz (2019), pp. 196–224; Knecht (2019), pp. 3392–3394; Johlen (2016), pp. 214–223; Kranenborg (2014), pp. 241–259; Bernsdorff (2014), pp. 243–249; the issue is briefly addressed by Tinière (2018), pp. 198–199; but cp. Lock (2019a), p. 2126.
24.
Peng (2011), pp. 756–757; Wunsch-Vincent (2008), pp. 504–505, 518; Shaffer (2000), pp. 46–54; Bloss (2000), pp. 654–660; Swire and Litan (1998), pp. 189–196.
25.
Shapiro (2003), pp. 2782–2783; Perez Asinari (2003), pp. 3–5; Reidenberg (2001), pp. 737–739.
26.
Velli (2019), pp. 884–889; Ruotolo (2018), pp. 21–28; Saluzzo (2017), p. 819; Yakovleva and Irion (2016), pp. 202–207; Irion et al. (2016), pp. 26–39; Weber (2012), pp. 36–39; Reyes (2011), pp. 13–34; Keller (2011), pp. 352–353; with regard to Korean data protection law MacDonald and Streatfield (2014), pp. 629–650.
27.
General Agreement on Trade in Services of 15 April 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1B, 1869 UNTS 183.
28.
Gasser and Palfrey (2012), p. 145; Meltzer (2019), pp. 43–46; Wu (2017), pp. 22–24; Burri (2017a), pp. 106–110.
29.
Willemyns (2020), pp. 237–238; Wolfe (2019), pp. 79–81; Yakovleva (2018), pp. 487–499; Berka (2017), pp. 185–186; Branstetter (2016), p. 321; Yijun (2016), pp. 387–389; Greenleaf (2018), pp. 203–212.
30.
Mancini (2020), pp. 192–203; Irion (2018), pp. 9–11.
31.
Streinz (2019), pp. 330–340; Berka (2017), pp. 176–182; Park (2017), pp. 363–370.
32.
Yakovleva (2020), pp. 494–496; Streinz (2019), p. 336; Velli (2019), pp. 890–893.
33.
For an overview of the doctrinal legal research method see Bhat (2020), pp. 143–168; Hutchinson and Duncan (2012), pp. 110–119; Smits (2017), pp. 207–228.
34.
Hutchinson and Duncan (2012), p. 101.
35.
See for the role of AG opinions Albors-Llorens (2020), pp. 284–285; Schütze (2018), p. 206; Craig and de Búrca (2017), p. 61; Solanke (2015), pp. 113-116; Dashwood et al. (2011), p. 62.
36.
Albors Llorens (2020), p. 284; Solanke (2015), p. 115.
37.
Convention for the Protection of Human Rights and Fundamental Freedoms of 4 November 1953, ETS 5, 213 UNTS 221.
38.
See, e.g., ECtHR, Amann v. Switzerland, para. 56; ECtHR, S. and Marper v. the United Kingdom, para. 103; Lynskey (2014), pp. 581–587; Kokott and Sobotta (2013), p. 223.
39.
Lock (2019b), pp. 2255–2256; Schütze (2018), pp. 466–468; Craig and de Búrca (2017), p. 398; Solanke (2015), pp. 258–259.
40.
Van Damme (2009), p. 197.
41.
Matsushita et al. (2015), pp. 89–90.
42.
WTO AB Report, US – Stainless Steel (Mexico), para. 158.
43.
Lenaerts and Gutiérrez-Fons (2014), p. 6; Schütze (2018), p. 211; Itzcovich (2009), pp. 539–540. In addition, Albertina Albors Llorens describes the comparative method of interpretation in the EU. See Albors Llorens (1999), p. 375, 380.
44.
ECJ, La Quadrature du Net, para. 105.
45.
See former ECJ judge Pescatore (1972), p. 325; former AG Fennelly (1996), p. 664; ECJ judge Lenaerts and Gutiérrez-Fons (2014), p. 36; see also Schütze (2018), p. 212; Albors Llorens (1999), p. 382.
46.
Vienna Convention on the Law of Treaties of 23 May 1969, 1155 UNTS 331.
47.
Understanding on the Rules and Procedures Governing the Settlement of Disputes of 15 April 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 2, 1869 UNTS 401. See Van den Bossche and Zdouc (2017), pp. 190–198; Matsushita et al. (2015), pp. 63–87.
48.
See generally Dörr (2018a), pp. 559–616; Sorel and Boré Eveno (2011), pp. 804–837; Villiger (2009), pp. 415–441.
49.
See generally Dörr (2018b), pp. 617–633; le Bouthillier (2011), pp. 841–837; Villiger (2009), pp. 442–449.
50.
Ammann (2020), pp. 199–202; Gardiner (2015), pp. 181–196; Van Damme (2009), pp. 221–235; Fernández de Casadevante y Rom (2007), pp. 37–38.
51.
WTO AB Report, Japan – Alcoholic Beverages II, paras 122–123.
52.
Cp. Hutchinson (2018), p. 13.
53.
See particularly the research on the surfacing of national norms on data processing in Europe. González Fuster (2014), pp. 55–71.
54.
Spaventa (2020), pp. 267-268; Lock (2019b), pp. 2249–2254; Schütze (2018), pp. 461–466; Peers and Sacha (2014), pp. 1469–1486.
55.
ECJ, Schrems 2, paras 174–185.
56.
Ibid., para. 165; ECJ, Schrems, para. 87.
57.
European Commission (2018).

References

Bibliography

Aaronson SA (2015) Why trade agreements are not setting information free: the lost history and reinvigorated debate over cross-border data flows, human rights, and national security. World Trade Rev 14(4):671–700
Article Google Scholar
Aaronson SA (2019) What are we talking about when we talk about digital protectionism? World Trade Rev 18(4):541–577
Article Google Scholar
Albors Llorens A (1999) The European court of justice, more than a teleological court. Cambridge Yearb Eur Legal Stud 2:373–398
Article Google Scholar
Albors Llorens A (2020) Judicial protection before the court of justice of the European Union. In: Barnard C, Peers S (eds) European Union law, 3rd edn. Oxford University Press, Oxford, pp 283–333
Chapter Google Scholar
Ammann O (2020) Domestic courts and the interpretation of international law. Methods and reasoning based on the Swiss example. Brill, Leiden
Book Google Scholar
Beatie A (2017) EU trade data flows are becoming the new GMOs. Financial Times, 4 December 2017. https://www.ft.com/content/9da22968-d8ee-11e7-a039-c64b1c09b482. Accessed 10 April 2022
Bennett CJ, Raab CD (2006) The governance of privacy: policy instruments in global perspectives. MIT Press, Cambridge
Google Scholar
Berka W (2017) CETA, TTIP, TiSA and data protection. In: Griller S, Obwexer W, Vranes E (eds) Mega-regional trade agreements: CETA, TTIP, and TiSA: new orientations for EU external economic relations. Oxford University Press, Oxford, pp 175–186
Google Scholar
Bernsdorff N (2014) Artikel 8 Schutz personenbezogener Daten. In: Meyer J (ed) Charta der Grundrechte der Europäischen Union, 4th edn. Nomos, Baden-Baden, pp 239–250
Google Scholar
Bhat PI (2020) Idea and methods of legal research. Oxford University Press, Oxford
Book Google Scholar
Bloss K (2000) Raising or razing the E-curtain: the EU directive on the protection of personal data. Minnesota J Int Law 9(2):645–661
Google Scholar
Branstetter L (2016) TPP and digital trade. In: Cimino-Isaacs C, Schott JJ (eds) Trans-Pacific partnership: an assessment. Columbia University Press, Washington DC, pp 309–322
Google Scholar
Brill J (2015) Transatlantic Privacy After Schrems: Time for An Honest Conversation. Keynote Address at the Amsterdam Privacy Conference. 23 October 2015
Google Scholar
Burri M (2017a) The governance of data and data flows in trade agreements: the pitfalls of legal adaptation. UC Davis Law Rev 51(1):65–133
Google Scholar
Burri M (2017b) The regulation of data flows through trade agreements. Georgetown Int Law J 48(1):407–448
Google Scholar
Chander A, Le UP (2015) Data nationalism. Emory Law J 64(3):677–739
Google Scholar
Craig P, de Búrca G (2017) EU Law, 6th edn. Oxford Academic, Oxford
Google Scholar
Dashwood A, Dougan M, Rodger B et al (2011) European Union law, 6th edn. Hart, Oxford
Google Scholar
Dörr O (2018a) Article 31. General rule of interpretation. In: Dörr O, Schmalenbach K (eds) Vienna Convention on the law of treaties. A commentary, 2nd edn. Springer, Heidelberg, pp 559–616
Google Scholar
Dörr O (2018b) Article 32. Supplementary means of interpretation. In: Dörr O, Schmalenbach K (eds) Vienna convention on the law of treaties. A commentary, 2nd edn. Springer, Heidelberg, pp 617–633
Google Scholar
Drechsler L (2019) What is Equivalent? A Probe into GDPR Adequacy based on EU Fundamental Rights. Jusletter IT. 21 February 2019
Google Scholar
Edmund A (1999) Europe and U.S. Are Still at Odds over Privacy. New York Times. 27 May 1999
Google Scholar
Eger JM (1979) Emerging restrictions on transnational data flows: privacy protection or non-tariff trade barriers. Law Policy Int Bus 10(4):1055–1104
Google Scholar
Farrell H (2002) Negotiating privacy across arenas: the EU-U.S. “safe harbour” discussions. In: Héritier A (ed) Common goods. Reinventing European and international governance. Rowman and Littlefield, Lanham, pp 105–126
Google Scholar
Farrell H, Newman A (2016) The Transatlantic Data War. Europe Fights Back Against the NSA. Foreign Affairs January/February 2016. https://www.foreignaffairs.com/articles/united-states/2015-12-14/transatlantic-data-war. Accessed 3 January 2021
Fennelly N (1996) Legal interpretation at the European court of justice. Fordham Int Law J 20(3):656–679
Google Scholar
Fernández de Casadevante y Rom C (2007) Sovereignty and interpretation of international norms. Springer, Heidelberg
Google Scholar
Gardiner R (2015) Treaty interpretation, 2nd edn. Oxford University Press, Oxford
Google Scholar
Gasser U/Palfrey J (2012) Fostering innovation and trade in the global information society: the different facets and roles of interoperability. In: Burri M, Cottier T (eds) Trade governance in the digital age. Cambridge University Press, Cambridge, p. 123–154
Chapter Google Scholar
Gellman B, Poitras L (2013) U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. The Washington Post, 7 June 2013. https://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html. Accessed 3 January 2021
González Fuster G (2014) The emergence of personal data protection as a fundamental right of the EU. Springer, Heidelberg
Book Google Scholar
Greenleaf G (2018) Free trade agreements and data privacy. Future perils of Faustian bargains. In: Svantesson DJB, Kloza D (eds) Trans-Atlantic data privacy relations as a challenge for democracy. Intersentia, Cambridge, pp 181–212
Google Scholar
Greenwald G, MacAskill E (2013) NSA Prism program taps into user data of Apple, Google and others. The Guardian, 7 June 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data. Accessed 3 January 2021
Hutchinson T (2018) Doctrinal research. Researching the jury. In: Watkins D, Burton M (eds) Research methods in law, 2nd edn. Routledge, London, pp 8–39
Google Scholar
Hutchinson T, Duncan N (2012) Defining and describing what we do: doctrinal legal research. Deakin Law Rev 17(1):83–120
Article Google Scholar
Irion K (2018) Public Security Exception in the Area of non-personal Data in the European Union. Research paper commissioned by the European Parliament Committee on the Internal Market and Consumer Protection. Amsterdam
Google Scholar
Irion K, Yakovleva S, Bartl M (2016) Trade and Privacy: Complicated Bedfellows? How to achieve data protection-proof free trade agreements. Independent study commissioned by BEUC et al. Amsterdam
Google Scholar
Itzcovich G (2009) The interpretation of community law by the European Court of Justice. German Law J 10(5):537–560
Article Google Scholar
Johlen H (2016) Art. 8. Schutz personenbezogener Daten. In: Stern K, Sachs M (eds) GRCh Europäische Grundrechte-Charta. Kommentar. Beck, München, pp 207–223
Google Scholar
Keller P (2011) European and international media law: Liberal democracy, trade, and the new media. Oxford University Press, Oxford
Book Google Scholar
Knecht M (2019) Artikel 8 Schutz personenbezogener Daten. In: Becker U, Hatje A, Schoo J, Schwarze J (eds) EU-Kommentar. Schwarze, Baden-Baden, pp 3390–3394
Google Scholar
Kokott J, Sobotta C (2013) The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR. Int Data Priv Law 3(4):222–228
Article Google Scholar
Kranenborg H (2014) Article 8. In: Peers S, Hervey T, Kenner J, Ward A (eds) The EU charter of fundamental rights. A commentary. Bloomsbury, Oxford, pp 223–265
Google Scholar
Kuner C (2020) Chapter V transfers of personal data to third countries or international organisations (Articles 44-50). In: Kuner C, Bygrave L, Docksey C (eds) The EU general data protection regulation (GDPR). Oxford University Press, Oxford p, pp 755–862
Chapter Google Scholar
Le Bouthillier Y (2011) Article 32 Convention of 1969. In: Corten O, Klein P (eds) The Vienna Conventions on the law of treaties. A commentary. I Oxford University Press, Oxford, p. 841–863
Google Scholar
Lenaerts K, Gutiérrez-Fons JA (2014) To say what the law of the EU is: methods of interpretation and the European Court of Justice. Columbia J Eur Law 20(2):3–61
Google Scholar
Lock T (2019a) Article 8 CFR. In: Kellerbauer M, Klamert M, Tomkin J (eds) The EU treaties and the charter of fundamental rights. A commentary. Oxford University Press, Oxford, pp 2121–2127
Google Scholar
Lock T (2019b) Article 52 CFR. In: Kellerbauer M, Klamert M, Tomkin J (eds) The EU treaties and the charter of fundamental rights. A commentary. Oxford University Press, Oxford, pp 2248–2260
Google Scholar
Lynskey O (2014) Deconstructing data protection: the ‘Added-Value’ of a right to data protection in the EU legal order. Int Comp Law Q 63(3):569–597
Article Google Scholar
MacDonald D, Streatfeild C (2014) Personal data privacy and the WTO. Houston J Int Law 36:625–653
Google Scholar
Madsen W (1992) Handbook of personal data protection. Stockton Press, New York
Book Google Scholar
Mancini I (2020) Deepening trade and fundamental rights? Harnessing data protection rights in the regulatory cooperation chapters of EU trade agreements. In: Weiß W, Furculita C (eds) Global politics and EU trade policy. European yearbook of international economic law. Springer, Heidelberg, pp 185–207
Chapter Google Scholar
Matsushita M, Schoenbaum TJ, Mavroidis PC, Hahn M (2015) The World Trade Organization. Law, practice, and policy, 3rd edn. Oxford University Press, Oxford
Google Scholar
Meltzer JP (2019) Governing Digital Trade. World Trade Rev 18(1):23–48
Article Google Scholar
Park N (2017) Data protection in the TPP: more emphasis on the “Use” than the “Protection”. In: Chaisse J, Gao H, Lo C-f (eds) Paradigm shift in international economic law rule-making. TPP as a new model for trade agreements? Springer, Singapore pp 363–370
Google Scholar
Peers S, Sacha P (2014) Article 52 – scope and interpretation of rights and principles. In: Peers S, Hervey R, Kenner J, Ward A (eds) The EU charter of fundamental rights. A commentary. Oxford University Press, Oxford, pp 1455–1522
Chapter Google Scholar
Peng S-y (2011) Digitalization of services, the GATS and the protection of personal data. In: Sethe R, Heinemann A, Hilty RM et al (eds) Kommunikation. Stämpfli, Bern, pp 753–769
Google Scholar
Perez Asinari MV (2003) The WTO and the Protection of Personal Data. Do EU Measures Fall within GATS Exception? Which Future for Data Protection within the WTO e-commerce Context? Paper presented at the 18th BILETA Conference: Controlling Information in the Online Environment. London
Google Scholar
Pescatore P (1972) Les Objectifs de la Communauté Européenne Comme Principes d'Interprétation dans la Jurisprudence de la Cour de Justice. In: Miscellanea (eds) W.J. Ganshof van der Meersch: Studia ab discipulis amicisque in honorem egregii professoris edita. Bruylant, Brussels, p. 325–363
Google Scholar
Public Citizen (2015) Only One of 44 Attempts to Use the GATT Article XX/GATS Article XIV “General Exception” Has Ever Succeeded: Replicating the WTO Exception Construct Will Not Provide for an Effective TPP General Exception. Washington DC
Google Scholar
Reidenberg JR (2001) E-commerce and trans-Atlantic privacy. Houston Law Rev 38(3):717–749
Google Scholar
Reyes CL (2011) WTO-compliant protection of fundamental rights. Lessons from the EU privacy directive. Melbourne J Int Law 12(1):1–36
Google Scholar
Riesz T (2019) Schutz personenbezogener Daten. In: Holoubek M, Lienbacher G (eds) GRC Kommentar, 2nd edn. Manz, Wien, pp 155–225
Google Scholar
Ruotolo GM (2018) The EU data protection regime and the multilateral trading system. Where dream and day unite. Questions Int Law 51(6):5–29
Google Scholar
Saluzzo S (2017) Cross border data flows and international trade law. The relationship between EU data protection law and the GATS. Diritto del Commercio Internazionale 31(4):807–829
Google Scholar
Schütze R (2018) European Union law, 2nd edn. Cambridge University Press, Cambridge
Book Google Scholar
Schwartz PM, Peifer K-N (2017) Transatlantic data privacy law. Georgetown Law J 106(1):115–179
Google Scholar
Sen N (2018) Understanding the role of the WTO in international data flows: taking the liberalization or the regulatory autonomy path? J Int Econ Law 21(2):323–348
Article Google Scholar
Shaffer G (2000) Globalization and social protection: the impact of EU and international rules in the ratcheting up of U.S. privacy standards. Yale J Int Law 25(1):1–88
Google Scholar
Shapiro E (2003) All is not fair in the privacy trade: the Safe Harbor agreement and the World Trade Organization. Fordham Law Rev 71(6):2781–2821
Google Scholar
Smits JM (2017) What is legal doctrine? In: van Gestel R, Micklitz H-W, Rubin E-L (eds) Rethinking legal scholarship. A transatlantic dialogue. Cambridge University Press, Cambridge, pp 207–228
Chapter Google Scholar
Solanke I (2015) EU Law. Pearson, Harlow
Google Scholar
Sorel J-M, Boré Eveno V (2011) Article 31 Convention of 1969. In: Corten O, Klein P (eds) The Vienna Conventions on the law of treaties. A commentary, vol I. Oxford University Press, Oxford, pp 804–837
Google Scholar
Spaventa E (2020) Fundamental rights in the European Union. In: Barnard C, Peers S (eds) European Union law, 3rd edn. Oxford University Press, Oxford, pp 243–282
Chapter Google Scholar
Streinz T (2019) Digital Megaregulation uncontested? TPP’s model for the global digital economy. In: Kingsbury B, Malone DM, Mertenskötter P et al (eds) Megaregulation contested: global economic ordering after TPP. Oxford University Press, Oxford, pp 312–342
Chapter Google Scholar
Swire PP, Litan RE (1998) None of your business. World data flows, electronic commerce, and the European privacy directive. Brooking Institution Press, Washington DC
Google Scholar
Swisher K (2015) President Obama: The Re/code Interview. Re/code. 13 February 2015. https://www.youtube.com/watch?v=yaylQmnXztU&ab_channel=Recode. Accessed 2 June 2022
Tinière R (2018) Article 8. Protection des données à caractère personnel. In: Picod F, Van Drooghenbroeck S (eds) Charte des droits fondamentaux de l’Union européenne. Commentaire article par article. Bruylant, Brussels, pp 185–204
Google Scholar
UNCTAD (2019) Digital Economy Report 2019. Value Creation and Capture: Implications for Developing Countries. United Nations Publishing, New York
Google Scholar
USITC (2013) Digital Trade in the U.S. and Global Economies, Part 1. Washington DC
Google Scholar
Van Damme I (2009) Treaty interpretation by the WTO appellate body. Oxford University Press, Oxford
Book Google Scholar
Van den Bossche P, Zdouc W (2017) The law and policy of the World Trade Organization, 4th edn. Cambridge University Press, Cambridge
Book Google Scholar
Velli F (2019) The issue of data protection in EU trade commitments: cross-border data transfers in GATS and bilateral free trade agreements. Eur Pap 4(3):881–894
Google Scholar
Villiger ME (2009) Commentary on the 1969 Vienna convention on the law of treaties. Brill, Leiden/Boston
Book Google Scholar
Wagner J (2018) The transfer of personal data to third countries under the GDPR. When does a recipient country provide an adequate level of protection? Int Data Priv Law 8(4):318–337
Article Google Scholar
Weber R (2012) Regulatory autonomy and privacy standards under the GATS. Asian J WTO Int Health Law Policy 7(1):25–48
Google Scholar
Willemyns I (2020) Agreement forthcoming? A comparison of EU, US, and Chinese RTAs in times of plurilateral E-commerce negotiations. J Int Econ Law 23(1):221–244
Article Google Scholar
Wolfe R (2019) Learning about digital trade: privacy and E-commerce in CETA and TPP. World Trade Rev 18(1):63–84
Article Google Scholar
Wu M (2017) Digital Trade-Related Provisions in Regional Trade Agreements: Existing Models and Lessons for the Multilateral Trade System. ICTSD and IDB Overview Paper. Geneva/Washington DC
Google Scholar
Wunsch-Vincent S (2008) Trade rules for the digital age. In: Panizzon M, Pohl N, Sauvé P (eds) GATS and the regulation of international trade in services. Cambridge University Press, Cambridge, pp 497–529
Chapter Google Scholar
Yakovleva S (2018) Should fundamental rights to privacy and data protection be a part of the EU’s international trade ‘deals’? World Trade Rev 17(3):477–508
Article Google Scholar
Yakovleva S (2020) Privacy protection(ism): the latest wave of trade constraints on regulatory autonomy. Univ Miami Law Rev 74(2):416–519
Google Scholar
Yakovleva S, Irion K (2016) The best of both worlds. Free trade in services and EU law on privacy and data protection. Eur Data Protect Law Rev 2(2):191–208
Article Google Scholar
Yijun TG (2016) Current issues of cross-border personal data protection in the context of cloud computing and trans-Pacific partnership agreement: join or withdraw. Wisconsin Int Law J 34(2):367–408
Google Scholar

Jurisprudence

ECJ, La Quadrature du Net: ECJ, Judgment of 6 October 2020, La Quadrature du Net, C-511/18, C-512/18 and C-520/18, EU:C:2020:791
Google Scholar
ECJ, Schrems: ECJ, Judgment of 6 October 2015, Schrems, C-362/14, EU:C:2015:650
Google Scholar
ECJ, Schrems 2: ECJ, Judgment of 16 July 2020, Facebook Ireland and Schrems, C-311/18, EU:C:2020:559
Google Scholar
ECtHR, Amann v. Switzerland: ECtHR, Judgment of 16 February 2000, Amann v. Switzerland, App no. 27798/95
Google Scholar
ECtHR, S. and Marper v. the United Kingdom: ECtHR, Judgment of 4 December 2008, S. and Marper v. the United Kingdom, App nos. 30562/04 and 30566/04
Google Scholar
WTO AB Report, Japan – Alcoholic Beverages II: WTO AB Report of 4 October 1996, Japan – Taxes on Alcoholic Beverages WT/DS8/AB/R
Google Scholar

Documents

European Commission (2015) Communication Trade for All. Towards a more responsible trade and investment policy. COM(2015) 497 final. 14 October 2015
Google Scholar
European Commission (2016) Press Release Commissioner Malmström on the Opportunities of Digital Trade. 17 November 2016
Google Scholar
European Commission (2017) Communication on Exchanging and Protecting Personal Data in a Globalised World. COM(2017) 7 final. 10 January 2017
Google Scholar
European Commission (2018) European Commission endorses provisions for data flows and data protection in EU trade agreements. Daily News. 31 January 2018
Google Scholar
WTO (2019) Joint Statement on Electronic Commerce. WT/L/1056. 25 January 2019
Google Scholar

Download references

Author information

Authors and Affiliations

Faculty of Law, University of Zurich, Zurich, Switzerland
Tobias Naef

Authors

Tobias Naef
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Naef, T. (2023). Introduction. In: Data Protection without Data Protectionism. European Yearbook of International Economic Law(), vol 28. Springer, Cham. https://doi.org/10.1007/978-3-031-19893-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-031-19893-9_1
Published: 13 December 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19892-2
Online ISBN: 978-3-031-19893-9
eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics