Privacy a Necessary Component of NAFTA Digital Trade Discussions

Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...

By George Lynch

Canada, Mexico, and the U.S. are on track to add digital trade data flow provisions to an updated NAFTA but may be missing a chance to address related privacy issues that could serve as a global model for future trade pacts, privacy and trade analysts told Bloomberg Law.

Provisions on ensuring the free flow of data across borders and limiting demands that information be stored on servers within one country, akin to those in the Trans-Pacific Partnership (TPP) agreement, are being discussed during the North American Free Trade Agreement negotiations. President Donald Trump withdrew the U.S. from the TPP, a deal that was signed by former President Barack Obama but never ratified by Congress.

“I am 100 percent confident that if there’s a final NAFTA renegotiation, it will include provisions on data flows and will include 100 percent of what is in TPP around cross-border flows and localization,” Robert Holleyman, privacy and international trade partner at Crowell Moring LLP in Washington, and former deputy U.S. trade representative from 2014-17, told Bloomberg Law.

But based on a review of the NAFTA negotiation positions the Trump administration has submitted to Congress, the discussion isn’t moving beyond the TPP template to capture more direct privacy issues.

The administration hasn’t included any consumer-friendly privacy provisions—a missed opportunity because all three countries should have harmonious views on consumer privacy, Anupan Chander, the Martin Luther King, Jr. professor of law and director of the California International Law Center of the University of California, Davis, told Bloomberg Law.

Cybersecurity provisions also aren’t part of the NAFTA discussion, although the TPP encouraged cybersecurity capacity-building and cooperation measures.

“NAFTA should advance mutually beneficial approaches to cybersecurity among the three governments,” Kenneth Propp, director of policy for BSA|The Software Alliance, told Bloomberg Law. The agreement should encourage the adoption of voluntary, standards-based cybersecurity measure by both governments and industry, as well as an acknowledgment that cyberthreats undermine free trade, he said.

The fifth round of NAFTA negotiations wrapped up in Mexico City at the end of November. The sixth round is set for Jan. 23-28, 2018, in Montreal. In the meantime, negotiators from all three countries will be holding intersessional meetings in Washington from Dec. 9-15, where digital trade is on the agenda.

Change Drivers

The creation of a digital single market would be the primary goal of NAFTA negotiators, Chander said. A single market would allow streaming and video across borders, and deployment of internet-connected devices for all of North America rather than to each national market, he said.

But consideration of privacy provisions in trade agreements has become increasingly necessary due to the expansion of e-commerce, cloud-based services, and big data analytics services, which depend on free flows of data.

“In today’s world of e-commerce, that means not only goods but data crosses borders,” Lena Trudeau, CEO of Nuage Strategies and the Canadian American Business Council’s Digital Task Force Lead, told Bloomberg Law.

Narrowing Exceptions

Trade pacts are a good place to address the absence of binding international data localization rules requiring data storage within a country’s borders that restrict the free flow of data, Propp said. Including limits on data localization in NAFTA would help show the way for future agreements around the world, he said.

The TPP included broad exemptions to allow data localization for legitimate public policy objectives. Some privacy and trade professionals believe that the three NAFTA members may agree to narrower exceptions, given their similar economic development status and respective privacy laws.

Holleyman, who also led the creation of the Digital Trade Working Group within the Office of the U.S. Trade Representative, predicted the exceptions language in NAFTA will be narrower, and will reserve the rights of the parties to protect the privacy of their citizens.

Privacy laws traditionally fall within trade pact public policy exceptions, and industry professionals don’t expect them to hinder enforcement of national privacy laws.

The TPP also included much-criticized data localization exemptions for financial services industry data that the industry wasn’t comfortable with.

Holleyman said that it isn’t clear how negotiators will deal with localization issued around financial institution data, but preventing localization of financial data is a way to accomplish cutting-edge regulation in a trade agreement and show the rest of world how to deal with the challenge.

The USTR declined to comment for this story. The Canadian and Mexican governments did not respond to requests for comment.

To contact the reporter on this story: George Lynch in Washington at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Tech & Telecom on Bloomberg Law