EU/US: Cross-border data flows - a necessary part of global trade
Digital services and the data they generate are constantly growing in importance. Yet, restrictions of data flows are increasing. Cross-border data flows are essential to the global economy.
The increasing importance of digital trade
Digital services and the data they generate are becoming an increasingly important feature of the global economy. By the end of this year, 60% of the world’s GDP is projected to be digitised. As the trend towards digitalisation of the global economy continues, so the importance of trade in digital services grows. Nowhere is this more evident than in the transatlantic trade relationship: US exports of digitally-enabled services to the EU reached more than $167 billion in 2019. In return, the EU exported $130 billion to the US.
Data transfers for digital trade
Underpinning the growing importance of digital trade are international data transfers. It is no overstatement that businesses rely on data transfers for a significant portion of their operations. Naturally, this is the case for companies engaged in the ICT and the professional services sectors, but it is equally true for all other sectors, as more and more of the economy moves to digital.
Cross-border data transfers have been beneficial to consumer welfare, by giving access to a wider range of goods and services at a lower cost. They are also good for businesses. They allow small and medium companies to access IT services such as cloud computing, which reduces the need for costly investments in local digital infrastructure. The ability to rapidly scale-up IT capacities in response to demand allows SMEs to compete more readily with bigger companies. For multinationals, meanwhile, data flows are nothing less than essential for day-to-day business. Efficient supply chain management relies on the smooth flow of goods, services, capital and data.
Lifting restrictions on data transfers could increase services imports by an average of 5% across all countries.
Data regulation: trade restrictive?
However, the international regulatory landscape for data flows is increasingly complex as governments seek to balance the need for international companies to move their data between jurisdictions against concerns for data privacy and security. As the graphic below illustrates, between 2006 and 2017, the number of data policies restricting data use domestically as well as its flow across borders significantly increased (source).
These data flow restrictions are costly for businesses in all sectors of the economy – and by extension, for consumers too. Restrictions could add up to 60% more costs for computing needs. Furthermore, limits on free flows of data hurt the economy by reducing imports of services. An analysis of the effects of data transfer restrictions on trade predicts that lifting restrictions could increase services imports by an average of 5% across all countries.
How to enable rather than restrict data flows?
In order to prevent data transfer restrictions from becoming a technical barrier to trade, it is important that regulators and trade negotiators across jurisdictions work together to build trust and develop common approaches. In that context, the fact that the EU and the US take a different approach to data in their own jurisdictions should not prevent them to find a common ground and develop a successor to the Privacy Shield relying on their shared democratic values. The Privacy Shield allowed for both EU and US companies with presence in the US to self-certify by complying to a set of rules in line with the EU’s data protection legal framework. More than 5,000 groups of companies had self-certified as compliant by the time the EU Commission Decision approving the Privacy Shield was struck down by Europe’s highest court (Schrems II case).
In the absence of a reliable adequacy regime, contractual safeguards may be relied upon in order to enable cross-border data transfers (save in the limited cases where specific derogations, such as data subjects’ consent for specific transfers or the contractual necessity of such transfers, can apply). However, the requirements to conduct transfer impact assessments and, as the case may be, adopt supplementary measures, stemming from the above Schrems II case as supplemented by the Recommendations of the European Data Protection Board, create significant legal uncertainties and an extra burden for companies, largely unsustainable for SMEs with limited resources. In that context, AmCham EU welcomes the recent publication of the revised Standard Contractual Clauses (SCCs) by the European Commission, and hopes that the European Data Protection Board will soon release its finalised recommendations.
Conclusion: free movement of data is the future
In our increasingly digitalised economy, businesses of all sizes are more and more reliant on data transfers for their operations. In order to reap the full rewards of the new age of trade in digital services, data needs to be able to flow freely across borders, under mechanism ensuring they remain properly protected without unnecessary restrictions. As governments seek to achieve policy goals in privacy and security, they should take a cooperative stance with their counterparts in other jurisdictions, by striking agreements to ensure equivalent protections of their data subjects in those jurisdictions in a robust manner that can resist challenges in court.
The EU and the US must work together, and work quickly, to reinstate an adequacy mechanism that puts in place the necessary protection mechanisms to ensure a secured free flow of data across the world’s most developed digital trade relationship: the transatlantic. Thereafter, they should cooperate to establish principles at the multilateral level that will allow domestic policy objectives to be achieved without creating unnecessary data borders. As digitalisation takes hold, the future of global trade will depend on the free movement of data.
This article was first published on the AmCham EU Blog. Click here to access the page.
By Tanguy Van Overstraeten