21 October 2016
Trade agreements, data flows, data protection and privacy
We are writing regarding trade agreements in general, and the Trade in Services Agreement
(TiSA) in particular. In light of the recent speculation with regard to the potential inclusion of
clauses on processing and transfer of personal data in TiSA, we would like to highlight our
concerns and to encourage you to defend Europe’s approach to fundamental rights to data
protection and privacy.
Fundamental rights must be respected and not negotiated upon. Therefore, data flows –
which refer to transfers of individuals’ personal data – must not be part of trade agreements.
Trade negotiations are not suitable for shaping rules affecting fundamental rights and the rule
of law in a democratic society.
Regardless of the apparent strength of the general exception clauses put forward to protect
privacy and data protection in trade agreements, these clauses will ultimately be interpreted
by trade dispute settlement bodies. These have the object and purpose of trade liberalisation,
not the protection of human rights.
If however, the negotiating parties decide to proceed with such a general exception clause,
we fully support the European Parliament’s recommendation “to incorporate a
comprehensive, unambiguous, horizontal, self-standing and legally binding provision based
on GATS Article XIV which fully exempts the existing and future EU legal framework for the
protection of personal data from the scope of this agreement, without any conditions that it
must be consistent with other parts of the [agreement]”.
In practice, this means that this clause needs to:
• ensure that the parties to the agreement can condition the transfer and processing of
personal data on the protection of privacy and personal data;
• allow the European Union, and any other party, to suspend the flow of personal data if
other parties to the agreement do not respect fundamental rights requirements;
• ensure that the existence, application, modification and enforcement of measures
relating to fundamental rights, including data protection and the right to privacy, are
not subject to challenge on the basis of any trade agreement;
• guarantee that parties to the agreement must not be required to apply or adopt “least
restrictive” privacy or data protection measures. Otherwise, the freedom to adopt
measures aimed at protecting the individuals’ right to privacy and data protection will
be limited by potential legal challenge.
We are looking forward to your commitments to citizens and remain at your disposal for more
European Digital Rights (EDRi), European Union
Access Now, international
Alternative Informatics Association, Turkey
Amis de la Terre (Friends of the Earth), France
Arbeitskreis Vorratsdatenspeicherung (Working Group on Data retention), Germany
Association for Proper Internet Governance, Switzerland
Association for Technology and Internet (APTI), Romania
Bits of Freedom, The Netherlands
D3 – Defesa dos Direitos Digitais, Portugal
Electronic Frontier Foundation (EFF), International
Elektronisk Forpost Norge (Electronic Frontier Norway)
Förderverein Informationstechnik und Gesellschaft (FITUG), Germany
IT-Political Association of Denmark (IT-Pol), Denmark
Just Net Coalition (JNC), International
My Nigeria Online (MyNOL), Nigeria.
Panoptykon Foundation , Poland
Vrijschrift Foundation, The Netherlands
Annette Mühlberg, United Services Union (Vereinte Dienstleistungsgewerkschaft, ver.di),
Akinbo A. A. Cornerstone, Team Lead of My Nigeria Online. CEO, KOBOKINGs Limited.
Chris Jones, project director, Statewatch, UK
Eneko Sanz, social scientist at Research Band
Frank Bsirske, Chairman of the United Services Union (Vereinte Dienstleistungsgewerkschaft,
Norbert Schepers, political scientist and head of the Bremen/German office Rosa Luxembourg Foundation
Ricard Boscar, social scientist at Research Band