Electronic commerce is currently a hot topic in international trade. WTO Members are increasingly becoming aware of the need to regulate the Internet, the vast amounts of services that are being supplied over the Internet and the data flows that are necessary for the provision of such digital services. One of the main barriers to the cross-border flow of data are so-called data localization requirements (DLRs).
Data localization requirements – buzz-words in international trade
Electronic commerce is currently a hot topic in international trade. WTO Members are increasingly becoming aware of the need to regulate the Internet, the vast amounts of services that are being supplied over the Internet and the data flows that are necessary for the provision of such digital services. One of the main barriers to the cross-border flow of data are so-called data localization requirements (DLRs). DLRs consist of requirements for businesses to store, process and/or access the data they gather in their country locally. DRLs can take a wide variety of forms but in its strictest form a DLR prevents companies from moving their data elsewhere. DLRs have a considerable negative impact, not only on the cross-border movement of data but also on the supply of digital services across borders and the general functioning of e-commerce.
WTO law does not explicitly address DLRs
As the global international organisation that governs the rules of trade between countries, the World Trade Organization (WTO) has developed various agreements that help regulate the trade flows between its Members. The General Agreement on Trade in Services (GATS) was enacted in 1994 and entered into force on 1 January 1995, long before the concept of DLRs was known and understood as it is now. Already in the 1990s some data crossed borders in the context of services trade, but to a much more limited extent than what we have witnessed after the digital revolution. Considering that the Internet is now being used to provide services all over the world and to conduct e-commerce in a quasi-uninterrupted fashion, the amount of data that flows across borders in the context of this trade is unprecedented. According to UNCTAD’s 2019 Digital Economy Report, the Internet only carried 100 GB of data per day in 1992 which has grown to 46.600 GB per second in 2017. It should therefore not be a surprise that the GATS (or any other WTO Agreement for that matter) did not yet contain provisions specifically addressing this aspect of the digital economy. Even though discussions on e-commerce have been ongoing in the WTO since 1998, the Work Programme on E-commerce has, so far, not succeeded at clarifying outstanding questions on the applicability of the WTO framework to e-commerce.
Data localization requirements in FTAs
Despite the standstill at the international level, WTO Members have not hesitated to include e-commerce related provisions in their Free Trade Agreements (FTAs). Currently, 102 FTAs with e-commerce provisions are in force or pending ratification. Of those, ten contain explicit prohibitions on DLRs: article 9.10 of the Japan – Mongolia FTA, article 15 of chapter 14 of the Australia – Singapore FTA, article 14.13 of the Comprehensive and Progressive Trans-Pacific Partnership Agreement (CPTPP), article 9.10 of the Singapore – Sri Lanka FTA, article 19.12 of the United States-Mexico-Canada Agreement (USMCA), article 13.12 of the Australia – Peru FTA, article 11.7 of the Argentina – Chile RTA, article 10.13 of the Brazil – Chile RTA, article 13.12 of the Australia – Indonesia RTA and article 8.11 of the Chile – Uruguay RTA. Interestingly, none of these agreements include either China or the EU, which can be considered as two of the most important digital trading powers. Both of them however have quite distinct reasons for not being inclined to include such provisions in their free trade agreements.
Data protection in the EU and China
In the context of its digital trade strategy, the EU puts considerable focus on the protection of privacy. It considers privacy and data protection vital components for a sustainable democracy. By interlinking both values, the European Data Protection Supervisor (EDPS) already hints at the importance of data protection measures to protect privacy. In this context, it is not surprising that the EU is not favourable towards a blanket prohibition on requirements to localize data, which are often enacted for the purpose of privacy protection. This is reflected in the EU’s FTAs that are currently in force, none of which contain a DLR prohibition. For example, its latest FTA with Japan stipulates that parties will reassess the need to include provisions on the free flow of data in the agreement within three years.[1] On 17 July 2018, the EU and Japan however concluded a mutual adequacy arrangement, allowing the bilateral transfer of data between them. Interestingly, in its proposals in the ongoing FTA negotiations with Australia and New Zealand, the EU seems to be steering in different direction, including a prohibition to require the localisation in the Party’s territory for storage and processing.[2] The EU also included a provision safeguarding the free flow of data and prohibiting the requirement to localise data within the territory of a Member in its proposal in the context of the ongoing plurilateral negotiations on the trade-related aspects of electronic commerce.[3] These two developments seem to be a sign of a change of attitude towards DLRs by the EU.
China has strongly regulated the Internet ever since it became available. Contrary to most parts of the world, where the Internet could develop relatively unregulated (some argue that is what enabled it to grow so quickly), China has been maintaining the ‘Great Firewall’ since the 1990s. This ‘Great Firewall’ limits access to foreign websites or specific information on the Internet in the Chinese territory. Against this background, it seems quite unlikely that China looks favourably upon trade rules that limit its ability to control the online information and services provided in its territory. This is also reflected in its FTAs, none of which contain prohibitions on DLRs. So far, China has concluded six FTAs with e-commerce provisions, but most of them do not contain any hard law obligations. The most relevant provision in this regard, can be found in the China – Korea FTA, which includes the transfer of information in the guidelines for subsequent negotiations.[4] In its proposals for the ongoing plurilateral negotiations, China also does not include any prohibitions on DLRs. It does however refer to cross-border data flows, stating that “it's undeniable that trade-related aspects of data flow are of great importance to trade development. However, more importantly, the data flow should be subject to the precondition of security, […] it is necessary that the data flow orderly in compliance with Members' respective laws and regulations”.[5] It additionally pointed out that more exploratory discussions are required to bring issues such as data flows into the negotiations.[6]
And at the multilateral level…?
The question therefore remains how the views of both WTO Members will be converged with that of countries like the U.S., Australia and Singapore, which have furthered DLRs in their FTAs and which also propose such provisions in the ongoing plurilateral negotiations. Will the domestic concerns regarding the limitation of Members’ regulatory autonomy in an area highly affected by public policy concerns (privacy, consumer protection, national security, etc.) be compatible with the call for deregulation at both the bilateral and the multilateral level?
[1] Article 8.81 Japan-EU Economic Partnership Agreement (JEEPA).
[2] Article 5 in the EU’s proposal on the Digital Trade Chapter in the EU – Australia FTA and the EU – New Zealand FTA (available at, respectively: https://trade.ec.europa.eu/doclib/press/index.cfm?id=1865 and https://trade.ec.europa.eu/doclib/press/index.cfm?id=1867).
[3] WTO Joint Statement on Electronic Commerce, ‘EU Proposal for WTO Disciplines and Commitments
Relating to Electronic Commerce – Communication by the European Union’, INF/ECOM/22, 26 April 2019, para. 2.7.
[4] Annex 22-A China – Korea FTA.
[5] WTO Joint Statement on Electronic Commerce, ‘Communication from China’, INF/ECOM/19, 24 April 2019, para. 4.3.
[6] WTO Joint Statement on Electronic Commerce, ‘Communication from China’, INF/ECOM/19, 24 April 2019, para. 4.2.