The African Continental Free Trade Area (AfCFTA) governments have been working on the issue of international rules on digital trade. There was recently a leak of a draft Digital Trade Protocol to the AfCFTA Agreement (an earlier draft is here). In this post, I'm going to look at a few of the provisions in the draft that deal with core principles such as non-discrimination. (For many of these, I have previously written about parallel provisions in the context of other digital trade agreements.)
Let me start with the provision on the "right to regulate":
Article 4
Right to Regulate
Each State Party has the right to regulate within its territory and to safeguard public welfare, promote sustainable development, protect essential security interests and pursue legitimate public policy objectives.
I haven't been tracking whether there was such a provision in other agreements. What would its impact be here? It's not written as an explicit exception, and I think it would be hard to invoke it in that way. But it could, I think, be invoked in support of a particular interpretation of an obligation or an exception, so it's possible it would have some impact, although the precise degree of impact is hard to predict.
Now let's turn to the more familiar provisions that I've looked at in other trade agreements. First, there is the one on nationality-based discrimination (NT and MFN) in relation to digital products:
Article 7
Non-Discrimination of Digital Products
1. A State Party shall accord no less favourable treatment to digital products created, produced, published, transmitted, contracted for, commissioned, or first made available on commercial terms in the territory of another State Party than it accords to like digital products created, produced, published, transmitted, contracted for, commissioned, or first made available on commercial terms in its territory or that of any other State Party.
2. A State Party shall accord no less favourable treatment to digital products from another State Party than it accords to like digital products from its territory, or that of any other State Party on the basis that the author, performer, producer, developer, distributor or owner of such products is a person of another State Party. This does not apply to subsidies, loans or grants provided by a State Party.
...
A big question I have here is, can public policy purposes be taken into account to defend a measure that has a disparate impact on foreign products? There's no general exception provision to invoke here (or even a security exception!), so this would have to be part of the analysis of the obligation itself. Some people are OK with including such an analysis in a non-discrimination obligation, while others are not. (As a caveat, I'm not sure how this Protocol interacts with the broader AfCFTA Agreement, so maybe there are general/security exceptions from that agreement that would apply here? But at first glance, I didn't see anything like that.)
Next up is the data flows provisions:
Article 20
Cross-Border Data Transfers
1. State Parties shall, subject to an Annex on Cross-Border Data Transfers, allow the cross-border transfer of data, including personal data, by electronic means, provided the activity is for the conduct of digital trade by a person of a State Party.
2. For greater certainty, a State Party may adopt or maintain measures inconsistent with Paragraph 1 to achieve a legitimate public policy objective or protect essential security interests, provided that the measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination, or a disguised restriction on digital trade, and do not impose restrictions on transfers of data greater than are required to achieve the objective.
3. In accordance with Paragraph 1, the Annex on Cross-Border Data Transfers shall, among others, set out legitimate public policy objectives, how data may be used, restrictions on sharing of data to third parties, including data protection regulations and restrictions that may be applied by regulators.
The broad obligation in paragraph 1 is subject to an explicit exception set out in paragraph 2. The exception doesn't use the word "necessary," but the "do not impose restrictions on transfers of data greater than are required to achieve the objective" language would, I think, lead to a similar test being applied. It's worth noting here that definitions of "necessary" include the word "required."
The Annex mentioned in paragraph 1 could be interesting when it is finished. Also interesting is that there is an "essential security" exception mentioned here, but without the typical "considers" language that gives security exceptions more flexibility.
And here are the data localization provisions:
Article 22
Location of Computing Facilities
1. State Parties shall not require a person of another State Party to use or locate computing facilities in their territories as a condition for conducting digital trade in that territory.
2. For greater certainty, a State Party may adopt or maintain measures inconsistent with Paragraph 1 to achieve a legitimate public policy objective or protect essential security interests provided that the measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on digital trade, and do not impose restrictions on the use or location of computing facilities greater than are required to achieve the objective.
...
Again, there is an explicit exception built right in, using the "greater than are required" language.
Finally, it's also worth noting that there is a phase-in period for these rules:
Article 48
Application...
4. State Parties shall align their national laws, rules and regulations with this Protocol within the period of five (5) years from its entry into force.
As digital trade agreements proliferate, so do the variations in language used to express the core principles. If we ever get to the stage where disputes arise, the interpretation and application of these rules is going to be interesting!
