Under the draft provisions of the latest trade deal to be leaked by Wikileaks, countries could be barred from trying to control where their citizens’ personal data is held or whether it’s accessible from outside the country.
Wikileaks has released 17 documents relating to the Trade in Services Agreement (TISA), currently under negotiation between the US, the European Union and 23 other nations. These negotiating texts are supposed to remain secret for five years after TISA is finalized and brought into force.
The deal, which has been under discussion behind closed doors since early 2013, is intended to remove barriers to trade in services. It’s a sort of companion piece to the Transatlantic Trade and Investment Partnership (TTIP) and the Trans-Pacific Partnership (TPP), which cover trade in goods – but potentially far bigger, with Wikileaks claiming that ‘services’ now account for nearly 80 per cent of the US and EU economies.
Like TTIP and TPP, TISA could be sped through Congress using Trade Promotion Authority (TPA), also known as fast-track authority, which has been passed by the US Senate and may be taken up in the House this month. Under TPA, Congress is barred from making amendments to the trade deals, and most simply give yes-or-no approval.
And the contents of TISA make interesting reading, particularly for anybody concerned about privacy. Under the draft agreement, the EU would be barred from requiring the personal data of its citizens to be held within European borders, an idea currently under discussion in Germany.
“No Party may require a service supplier, as a condition for supplying a service or investing in its territory, to: (a) use computing facilities located in the Party’s territory,” the leaked draft stipulates.
“No Party may require a service supplier, as a condition for supplying a service or investing in its territory, to: (a) use computing facilities located in the Party’s territory.”
These rules could in some ways have a beneficial effect: they could, for example, be used to outlaw state censorship.
However, there are clear implications for privacy – as well as security from hacking. EU privacy regulations currently require companies to store EU citizens’ personal data locally, to make sure they comply with the region’s strict legal requirements for data processing. Tech companies like Facebook, Google, and internet advertising networks would be delighted to see such rules relaxed.
It’s a complicated issue, and one that should really be discussed in public, before any agreement is reached. As Maira Sutton of the Electronic Frontier Foundation has previously noted, “Negotiators should be working to reconcile this tension between powerful private and public actors who may have conflicting stances on major human rights issues such as privacy and free expression.
“That in turn, will require open public participation from a variety of stakeholders. By contrast, TISA’s language reflects the concerns of the internet industry, and not necessarily the interests of internet users as a whole.”
Wikileaks has previously leaked parts of the TPP deal, and on Tuesday, announced plans to try and raise $100,000 to be used as a reward for the remaining chapters.