Following up on my last post, let me go into more detail about an issue that was under the surface in that post but I didn't really get in to: I think there is some overlap between a general non-discrimination obligation, on the one hand, and a specific obligation focused on cross-border data flows (paired with exceptions), on the other hand. So which should we use? One or the other? Both?
Recall that digital trade agreements often have a general non-discrimination obligation, such as this one from the CPTPP:
Article 14.4: Non-Discriminatory Treatment of Digital Products
1. No Party shall accord less favourable treatment to digital products created, produced, published, contracted for, commissioned or first made available on commercial terms in the territory of another Party, or to digital products of which the author, performer, producer, developer or owner is a person of another Party, than it accords to other like digital products
(The language change from "digital products" to "a digital product" in two U.S. agreements was why I started writing about this issue.)
These agreements also have an obligation related to cross-border data flows, with some variation in the wording and overall construction. Here is the CPTPP, which has a broad obligation and then an exception directly after the obligation:
Article 14.11: Cross-Border Transfer of Information by Electronic Means
...
2. Each Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person.
3. Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraph 2 to achieve a legitimate public policy objective, provided that the measure:
(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and
(b) does not impose restrictions on transfers of information greater than are required to achieve the objective.
By contrast, the EU-NZ FTA has a more explicitly defined obligation, combined with a reference to general exceptions in another chapter:
ARTICLE X.4
Cross-border data flows
...
2. To that end, cross-border data flows carried out in the context of activity that is within the scope of this chapter shall not be restricted between the Parties by:
(a) requiring the use of computing facilities or network elements in the Party's territory for processing, including by imposing the use of computing facilities or network elements that are certified or approved in the territory of the Party;
(b) requiring the localisation of data in the Party's territory for storage or processing;
(c) prohibiting storage or processing in the territory of the other Party;
(d) making the cross-border transfer of data contingent upon use of computing facilities or network elements in the Party’s territory or upon localisation requirements in the Party’s territory.
3. For greater certainty, the Parties understand that nothing in this Article prevents Parties from adopting or maintaining measures in accordance with Article X.1 (General Exceptions) to achieve the public policy objectives referred to therein, which, for the purpose of this Article, shall be interpreted, where relevant, in a manner that takes into account the evolutionary nature of the digital technologies. The preceding sentence does not affect the application of other exceptions in this Agreement to this Article.
The EU-NZ FTA General Exceptions chapter is here, and says the following:
1. For the purposes of Chapter X [Trade in Goods], Chapter X [Customs and Trade Facilitations], Chapter X [Energy and Raw Materials], Chapter X [State Owned Enterprises], Chapter X [Digital Trade] and Section Y of Chapter X [Investment liberalisation], Article XX of the GATT 1994, including its Notes and Supplementary Provisions, is incorporated into and made part of this Agreement, mutatis mutandis.
2. Subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on investment liberalization or trade in services, nothing in Chapter X [Investment Liberalisation and Trade in Services], Chapter X [Digital Trade], Chapter X [Energy and Raw Materials], Chapter X [Capital Movements] and Chapter X [State-Owned Enterprises] shall be construed to prevent the adoption or enforcement by either Party of measures:
(a) necessary to protect public security or public morals or to maintain public order1;
(b) necessary to protect human, animal or plant life or health;
(c) necessary to secure compliance with laws or regulations which are not inconsistent with
the provisions of this Agreement including those relating to:
(i) the prevention of deceptive and fraudulent practices or to deal with the effects of a default on contracts;
(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts;
(iii) safety.
I'm not going to use up any more space here by going through all the various approaches to constructing the cross-border data flows obligation and its general exceptions, but I'll just note that there is some variation here.
This all leaves me with two broad categories of questions:
1) Should there be a general non-discrimination obligation or a more specific obligation related to cross-border data flows?
2) How should the exceptions work?
With regard to the obligation, in a sense, a general non-discrimination obligation is similar to GATT Article III, whereas an obligation not to impose restrictions on cross-border data flows is like GATT Article XI. This makes the obligation related to cross-border data flows potentially much broader than a general non-discrimination obligation, and therefore makes the exception more relevant. (Arguably, a properly functioning non-discrimination obligation wouldn't need an exception, because legitimate policy purposes could be taken into account in the obligation itself.) So which one is better? And if it's the cross-border data flows obligation, how should it be defined? The EU-NZ FTA definition here is much narrower, as it is closely tied to specific examples of non-discrimination.
With regard to the exceptions, some key questions are: Should they be attached to the provision itself? Should they rely on the general exceptions somewhere else in the agreement? Should they refer to the GATT/GATS exceptions? And how should the exceptions be worded?
Ideally, these fundamental questions would be thought through carefully by negotiators before any negotiations start. In reality, while there may be some good thinking going on, we have already plunged into a fair number of these negotiations, and we have multiple approaches coexisting out there. It would be helpful if the various governments involved in these discussions could get on the same page sooner rather than later, or else the variations could continue to multiply and the differences in the texts will add to the confusion about what the exact scope of each provision is.