The last month has been a busy month in terms of digital trade. Some of the main activities are outlined below:
The RCEP (Regional Comprehensive Economic Partnership) draft was signed earlier in the month incorporating 15 Asian-Pacific nations into a new trade agreement (Australia, Brunei, Cambodia, China, Indonesia, Japan, Laos, Malaysia, Myanmar, New Zealand, the Philippines, the Republic of Korea, Singapore, Thailand and Vietnam).
RCEP includes a full e-commerce chapter. The chapter text can be found on the Australian department of trade site. The e-commerce chapter is quite extensive, with clauses mainly focussing on supporting the environment for E-commerce and supporting digital trade facilitation. This makes sense in supporting the emergence of cross-border trade where a number of the countries involved are still in the process of setting up regulation in this area.
The e-commerce chapter includes clauses on three more debated issues, customs on electronic transmission, data localisation and cross-border transfers, but all are relatively broadly defined, ensuring that signatories have policy space within these areas.
- For custom duties, the agreement is defined in terms of the parallel WTO discussion on this issue. As all signatories are already WTO members, this clause only reaffirms previous agreements and effectively delegates future agendas in this area to WTO negotiations.
- On data localisation, signatories agree not to require data localisation, but the article includes clauses that allow such rules to be put in place for reasons of “security and confidentiality of communications” and “legitimate public policy objectives”. In addition, for a number of developing countries – Cambodia, Lao, Myanmar and Vietnam – these rules are delayed. Overall, this article therefore suggests a desire to reduce data localisation, but with weak binding rules in this area
- The cross-border transfers article follows similar wording to the one on data localisation, with security and public policy clauses. Bearing in mind signatory countries such as China and Indonesia have rules that already restrict certain cross-border data transfers, it can be assumed that this rule is likely to have relatively weak enforceability.
Commentators who have been pushing for binding global digital trade rules, expressed disappointment with RCEP in terms of it being relatively weak, with some suggestions that this was a success for China in setting multilateral agendas.
But it may be that the approach to digital trade in this agreement is most appropriate. This is particularly the case where the agreement includes a number of smaller nations where digital economies are still in their infancy. It provides clear direction and frameworks towards regional e-commerce but without forcing nations into broad binding rules where the implications are not yet clear.
The UK-Japan agreement is the first of a number of major bilateral agreements to be struck by the UK as it leaves the EU and is likely to signal the UK directions going forward.
If RCEP is relatively weak agreement in terms of digital trade then the UK-Japan e-commerce chapter is far stronger. It includes all the major digital trade rules including rules preventing custom duties, source code/algorithm requirements, prior authorisation, cross-border flows and data localisation. Given the UK position on open trade, this is not unexpected. It looks likely that the UK will become one of the stronger advocates for global agreements on open digital trade in the coming years.
Key critiques about digital trade in this agreement have most strongly focussed on the lack of transparency in the process, with very little scrutiny or discussion on what these rules might mean for firms in the UK . The implications of free flows of data is particularly concerning, given that the UK is seeking an “adequacy” ruling within the EU GDPR and the potential costs of not achieving this are significant.
It remains unclear how having a free flows agreement with Japan will work alongside the requirements of ‘adequacy’ with the EU GDPR. Some commentary has gone further, suggesting that where multiple agreements lead to overlapping data flow rules there are risks to data privacy and potential for ‘data laundering’.
Discussions around state banning/blocking of apps continue. The Indian Electronics and Information Technology ministry has expanded the number of Chinese apps that it has blocked. This round included a number of important Chinese business apps including Alibaba’s AliExpress app, and business communication app Dingtalk. Such exclusions are likely to be impactful on cross-border trade between India and China if the ban remains in place in the longer term.
Meanwhile in the US, ByteDance has had a number of extensions to its deadline as it looks to resolves US concerns around social media app Tik-tok under threats that it be banned in the US. Originally Bytedance proposed a partnership with Oracle as an attempt to meet requirements, but it is unclear if this was sufficient to satisfy the US administration. Adding to the complexity, the issue appears to have gone off the agenda during the election crisis in the US. At the moment ByteDance has been given another weeks extension, and it is unclear how this issue will be resolved during the transition between Trump and Biden.
The broader point here is that how these cases are resolved is likely to be important in terms of directions of digital trade. With two of the largest countries enforcing app bans (and China in addition controlling domestic apps stores), fundamental question need to be asked about the viability of rules enforcing open digital trade in other countries. This case also suggests the need for further discussions on how to differentiate between actions that are associated with national security and those linked to economic goals.
EU data flows after Schrems II
The successful “Schrems II” case was brought by privacy campaigner Max Schrems at the European Court of Justice earlier in the year. It looked at the legal validity of EU-US data flows. One of the outcomes of the successful case was the invalidation of so-called “standard contractual clauses” (SCC), an important mechanism which enables data flows outside the EU. The courts judgement suggested that the SCC did not provide sufficient protection for EU cross-border transfers to the US and in response, the EU has revised the SCC.
The discussion on SCCs, an obscure contracting mechanism, are difficult to follow for those from outside a law background, but the implications are significant. The SCC is an approach that allows firms to transfer EU data across borders even where countries have not reached EU adequacy rules. It is also the way that many US multinationals have enabled cross-border data flows from the EU. If the old SCC were already a challenge for medium-to-small firms to implement, according to commentators the new SCC is even more onerous, if not unachievable.
The major focus of discussion has been on SCC in terms of EU-US data flows which was part of the Schrems case. However, firms across the globe with ambitions to engage with EU consumers are likely to be looking to this ruling. These changes add futher significant barriers to accessing EU data. It will be interesting to see how countries deal with these changes, particularly in regions that have ambitions to become outsourcers of EU data, suppliers of e-commerce or integrated in EU business processes.