nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Data Flows versus Data Protection: Mapping Existing Reconciliation Models in Global Trade Law

verfasst von : Mira Burri

Erschienen in: Law and Economics of Regulation

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the increased role of data in societies, the interfaces between trade and privacy protection have become multiple and intensified, and raise important questions as to adequate regulatory design that can reconcile economic and non-economic concerns, national and international interests. This chapter is set against this complex backdrop and seeks to provide a better understanding and contextualization of the theme of data protection and its interfaces with global trade law. It addresses this task by looking first at the existing international, transnational, and selected national frameworks for privacy protection and briefly sketches their evolution over time. In a second step, the chapter explores the application of the rules of the World Trade Organization, which are still in a pre-internet state, to situations where privacy concerns are affected. The chapter then looks at the data-relevant rules that have emerged in free trade agreements with a focus on the reconciliation mechanisms that these treaties provide. The chapter concludes with an appraisal of the current state of affairs and some thoughts on the pros and cons of the available legal solutions for reconciling trade and privacy protection.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Regulation of Information About Unfolding Events in Securities Markets: A Behavioral Economics Perspective

Nächstes Kapitel The Concept of Regulatory Arbitrage

The General Agreement on Tariffs and Trade (GATT) 1947 makes no reference to privacy and most of the free trade agreements up to very recently make no mention of it.

See e.g. Jackson (1989); Jackson et al. (1995); Jackson (1998); Wolfrum et al. (2011), pp. 1–24.

See e.g. Kuner (2011); Aaronson (2015), pp. 672, 680–685.

OECD (1980).

OECD (2013).

See Manyika et al. (2011); Mayer-Schönberger and Cukier (2013); Cohen (2013); Richards and King (2014).

There are no clear definitions of small versus Big Data. Definitions vary and scholars seem to agree that the term of Big Data is generalized and slightly imprecise. One common identification of Big Data is through its characteristics of volume, velocity, and variety, also referred to as the “3-Vs”. Increasingly, experts add a fourth “V” that relates to the veracity or reliability of the underlying data. See Mayer-Schönberger and Cukier (2013), p. 13. For a brief introduction on Big Data applications and review of the literature, see Burri (2019).

The Economist (2017).

Among other arguments, see Burri (2019); for a full analysis, see Scholz (2019).

Manyika et al. (2011).

See e.g. Manyika et al. (2011); Mayer-Schönberger and Cukier (2013); Henke et al. (2016).

Irion and Williams (2019); The Royal Society (2017).

See e.g. Manyika et al. (2011); Henke et al. (2016); Bughin et al. (2016).

Ohm (2010); Schwartz and Solove (2011); Tene and Polonetsky (2013); The White House (2014); Gasser (2016); Bennett and Bayley (2016); Pan (2016); Council of Europe (2017).

The White House (2014), pp. 14–15; also Ohm (2010); Rubinstein (2013), p. 77.

Rubinstein (2013), p. 78.

Tene and Polonetsky (2013).

See Chander (2016), p. 2; also Chander and Lê (2015).

USITC (2013, 2014); For a country survey, see Chander and Lê (2015).

See Chander (2016), p. 2.

See e.g. Ferracane (2020); Taylor (2020).

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”.

The text of Art. 17 is identical with Art. 12 UDHR but the two sentences are framed as separate paragraphs.

Diggelmann and Cleis (2014).

UN Office of the High Commissioner for Human Rights (1988), para. 10.

UN General Assembly (1990).

UN General Assembly (1990), para. 6.

Art. 8 “Right to respect for private and family life” reads: 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

For a comprehensive guide to the jurisprudence, see European Court of Human Rights (2019).

See e.g. European Union Agency for Fundamental Rights and Council of Europe (2018), pp. 15–16.

OECD (2011), p. 7.

OECD (1980).

OECD (2013).

APEC (2005).

The APEC framework endorses similar to the OECD Privacy Guidelienes principles: (1) preventing harm; (2) notice; (3) collection limitations; (4) use of personal information; (5) choice; (6) intergrity of personal information; (7) security safeguards; (8) access and correction; and (9) accountability. Greenleaf (2004), pp. 16–18.

http://cbprs.org.

Waters (2009), pp. 74–89.

Some scholars have argued that such soft law frameworks are nonetheless far-reaching, as their implemnetation depends on the power of reputational constraints as treaties do. See e.g. Brummer (2011), pp. 263–272.

Art. 8 ECHR.

Art. 8 “Protection of personal data” reads: 1. Everyone has the right to the protection of personal data concerning him or her; 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified; 3. Compliance with these rules shall be subject to control by an independent authority.

European Court of Human Rights (2003) Refah Partisi (The Welfare Party) and Others v. Turkey. App Nos. 41340/98, 41342/98, 41343/98 and 41344/98. Grand Chamber Judgment of 13 February 2003.

See Kuner (2012); also Lynskey (2015).

See e.g. Brown and Korff (2014).

Court of Justice of the European Union (2014) C-131/12.

Court of Justice of the European Union (2015) C-362/14, [hereinafter Schrems I].

Art. 5 GDPR specifies that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency); collected for specified, explicit and legitimate purposes (principle of purpose limitation); processing must also be adequate, relevant and limited to what is necessary (principle of data minimization); as well as accurate and, where necessary, kept up to date (principle of accuracy); data is to be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of storage limitation); data processing must be secure (principle of integrity and confidentiality); and the data controller is to be held responsible (principle of accountability).

Art. 17 GDPR.

Art. 12 GDPR.

Arts 13, 14, 15 and 19 GDPR.

Art. 20 GDPR.

Arts 21 GDPR.

Art. 22 GDPR.

Art. 25 GDPR.

Depending on the infringement, data protection authorities can impose fines up to 20’000’000 EUR, or in the case of an undertaking, up to 4% of its total worldwide annual turnover of the preceding financial year, whichever is higher. See Art. 83(5) and (6) GDPR.

Art. 3(2) GDPR. Guidance to determine whether a controller or a processor is offering goods or services to EU data subjects is provided in Recital 23 GDPR, as well as in more detail by the EU data protection authority (see European Data Protection Board 2019).

See e.g. Schwartz (2013a); Tene and Wolf (2013); Burri and Schär (2016); Kuner (2016).

The adoption of an adequacy decision involves a proposal from the European Commission; an opinion of the European Data Protection Board; an approval from representatives of EU countries; and the adoption of the decision by the European Commission. At any time, the European Parliament and the Council may request the European Commission to maintain, amend or withdraw the adequacy decision on the grounds that its act exceeds the implementing powers provided for in the regulation.

Art. 45(1); Recital 103 GDPR.

Art. 45(2); Recital 104 GDPR.

Negotiations are ongoing with South Korea and many of the existing adequacy decisions are up to renewal.

European Commission (2019).

European Commission (2019), para. 175.

Art. 46(1) GDPR.

Drake (2017).

See e.g. Whitman (2004); Schwartz (2013b); Schwartz and Solove (2014).

Downes (2016).

Clarke et al. (2014), p. 158.

The White House (2019).

See e.g. Tourkochoriti (2016).

For a great overview of US privacy laws, see Deckelboim (2017).

Reidenberg (2000).

See e.g. Weiss and Archick (2016).

European Commission (2000).

See Farrell (2003); Schwartz and Solove (2014).

Schrems I, para. 97.

Schrems I, para. 86.

Schrems I, paras. 93–95.

Schrems I paras. 105–106.

European Commission (2016a). For an overview, see European Commission (2016b).

European Commission (2016a), paras. 19–29 refer to the Notice Principle, Data Integrity and Purpose Limitation Principle, Choice Principle, Security Principle, Access Principle, Recourse, Enforcement and Liability Principle, and Accountability for Onward Transfer Principle. The principles are additionally detailed in Annex II attached to the Commission’s implementing decision.

European Commission (2016a), para. 40.

European Commission (2016a), paras. 43–63.

European Commission (2016a), paras. 64−90.

European Commission (2016a), paras. 119−122. For a great analysis of the EU-US Privacy Shield, see Deckelboim (2017).

European Commission (2016a), at paras. 90 and 124 citing the Schrems I judgment.

Court of Justice of the European Union (2020) C-311/18.

Court of Justice of the European Union (2020) C-311/18, para. 164.

Court of Justice of the European Union (2020) C-311/18, paras. 168–185.

Court of Justice of the European Union (2020) C-311/18, paras. 191–192.

Court of Justice of the European Union (2020) C-311/18, paras. 193–197.

Burri (2015); WTO (2018).

Art. XIV(b) GATS.

Art. XIV(a) GATS. See Wu (2008); Delimatsis (2010).

Art. XIV(c) GATS. For a commentary of Art. XIV GATS, see Cottier et al. (2008).

Art. XIV(c)(ii) GATS.

For a fully-fledged analysis of how this may be occur, see Weber (2012); Irion et al. (2016), pp. 27−33.

WTO Appellate Body (2005) [hereinafter US – Gambling], at para. 292; see also WTO Appellate Body (2007), paras. 119–124.

100

WTO Appellate Body (2000) [hereinafter Korea – Beef], para. 161.

101

US – Gambling, para. 6.536; see also WTO Appellate Body (2015); WTO Panel (2015) [hereinafter Argentina – Financial Services], paras 7.655, 7.685, 7.727, referring to Korea – Beef, paras. 162, 163.

102

Korea – Beef, para. 49 (citing WTO Appellate Body (1996), para. 19 and WTO Appellate Body (1998), para. 141).

103

See US – Gambling, para. 78; WTO Appellate Body (2009) [hereinafter China – Publications and Audiovisual Products], para. 239.

104

US – Gambling, para. 306; Argentina – Financial Services, para. 7.684.

105

Argentina – Financial Services, para. 7.729 referring to US – Gambling, para. 308.

106

Argentina – Financial Services, para. 7.743.

107

US – Gambling, para. 351. In US – Gambling, the Appellate Body confirmed that the US ban on online gambling did not meet the requirement of the chapeau of Art. XIV GATS due to ambiguity in relation to the scope of one US statute, which appeared to permit domestic suppliers to have remote betting services for horse racing.

108

Only one case has so far passed all the tests. See WTO Appellate Body (2001); also Howse (2002).

109

Irion et al. (2016), pp. 36−39; also MacDonald and Streatfeild (2014), pp. 640−650.

110

European Commission (2000).

111

Bygrave (2014); Rotenberg (2016).

112

Irion et al. (2016), pp. 36−39.

113

For instance, the recent Digital Economy Partnership Agreement (DEPA) between Chile, Singapore and New Zealand.

114

Wunsch-Vincent (2003).

115

The DR-CAFTA includes Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua and the Dominican Republic.

116

This analysis is based on a dataset of all data-relevant norms in trade agreements (TAPED). See Burri and Polanco (2020) and http://unilu.ch/taped.

117

See in this sense Burri (2017); Casalini and López González (2019).

118

See e.g. Casalini and López González (2019); OECD (2019a).

119

As the OECD (OECD (2019a), p. 1) further clarifies: “the actual flow of data reflects individual firm choices: accessing the OECD library from Paris, for instance, actually means contacting a server in the United States (the OECD uses a US-based company for its web services). Moreover, with the cloud, data can live in many places at once, with files and copies residing in servers around the world”.

120

For instance, Sen classifies data into personal data referring to data related to individuals; company data referring to data flowing between corporations; business data referring to digitised content such as software and audiovisual content; and social data referring to behavioural patterns determined using personal data (see Sen (2018), pp. 343–346). Aaronson and Leblond categorize data into personal data, public data, confidential business data, machine-to-machine data and metadata, although they do not specifically define each of these terms (see Aaronson and Leblond (2018)). The OECD has also tried to break data into different categories. See OECD (2019b).

121

This chapter does not cover specific services sectors. For a more detailed analysis, see e.g. Burri (2020a).

122

A similar wording is used in the 2008 Canada-Peru FTA, 2010 Hong-Kong-New Zealand FTA, the 2011 Korea-Peru FTA, the 2011 Central America-Mexico FTA, the 2013 Colombia-Costa Rica FTA, the 2013 Canada-Honduras FTA, the 2014 Canada-Korea FTA, and the 2015 Japan-Mongolia FTA. The 2007 South Korea-US FTA was the first agreement with more concrete language on data flows, albeit in a soft law form (Korea-US FTA, Art. 15.8).

123

The Trans-Pacific Partnership Agreement, full text available at: https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/tpp-full-text [hereinafter TPP].

124

Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore and Vietnam.

125

See e.g. Ravenhill (2017).

126

The Comprehensive and Progressive Agreement for Transpacific Partnership, full text available at: http://international.gc.ca/trade-commerce/trade-agreements-accords-commerciaux/agr-acc/cptpp-ptpgp/text-texte/index.aspx?lang=eng.

127

For a fully fledged analysis, see Burri (2017); also Burri (2020b).

Art. 14.11(2) CPTPP.

Art. 14.11(3) CPTPP.

Art. 14.11(3) CPTPP.

See the definition of “a covered person” in Art. 14.1, which is said to exclude a “financial institution” and a “cross-border financial service supplier”.

132

The provision reads: “Each Party shall allow a financial institution of another Party to transfer information in electronic or other form, into and out of its territory, for data processing if such processing is required in the institution’s ordinary course of business”.

133

Art. 14.8(3) CPTPP.

134

Art. 19.11(2) CPTPP.

135

Art. 19.11(2) CPTPP, footnote 5.

136

Art. 8.81 EU-Japan EPA.

137

See European Commission (2018).

138

Art. II Jordan-US Joint Statement on Electronic Commerce.

139

See e.g., Art. 10.8.5 and Art. 10.15(b) Brazil-Chile FTA; Art. 13.7(b) Canada-Korea FTA; Art. 13.10.2 Australia-Japan FTA; Art. 12.5(b) Chile-Colombia FTA; Art. 14.05(b) Nicaragua-Taiwan FTA; Art. 13.4(b) Panama-Singapore FTA; Art. 14.5(b) CAFTA-DR-US; Art. 15.5(b) Chile-US FTA.

140

Art. 13.3.1(b)(i) Australia-Indonesia FTA; Art. 19.14.1(a)(i) USMCA; Art. 13.14(b)(i) Australia-Peru FTA; Art. 9.12(c)(i) Singapore-Sri Lanka FTA; Art. 9.9(c) Singapore-Turkey FTA; Art. 13.5 China-Korea FTA; Art. 16.6.2 Colombia-Costa Rica FTA; Art. 1506.2 Canada-Colombia FTA.

141

Art. 30 Chile-EC AA.

142

Art. 10.8.1(b) Korea-Vietnam FTA.

143

Art. 30 Chile-EC AA.

144

Art. 13.7.1 Australia-Indonesia FTA; Art. 10.2.5(f) and Art. 10.8.1 Brazil-Chile FTA; Art. 8.78.3 EU-Japan EPA; Art. 14.5.1 Central America-Korea FTA; Art. 16.2.2(e) Canada-Honduras FTA.

145

Art. 14.8(2) CPTPP.

146

Art. 14.8(2) CPTPP, footnote 6.

Art. 14.8(5) CPTPP.

Art. 19.8(2) USMCA.

Art. 19.8(3) USMCA.

Art.19.8(4) and (5) USMCA.

151

See Bradford (2020a); Bradford (2020b).

152

For a great analysis, see Chander et al. (2019).

153

Chapter 6, Arts 61-65 Cameroon-EC Interim EPA; Chapter 6, Arts 197-201 CARIFORUM-EC EPA. Other agreements merely recognize principles for the collection, processing and storage of personal data such as: prior consent, legitimacy, purpose, proportionality, quality, safety, responsibility and information, but without developing this in detail: Art. 11.2.5(f) Argentina-Chile FTA, footnote 1; Art. 8.2.5(f) Chile-Uruguay FTA, footnote 3.

154

Art. 8.54.2 EC-Singapore FTA; Understanding 3 Additional Customs-Related Provisions, Arts 9.2 and 11.1; Art. 10 of Protocol on Mutual Administrative Assistance on Custom Matters EC-Ghana EPA; Art. 10.2 of Protocol 5 on Mutual Administrative Assistance on Custom Matters Bosnia and Herzegovina-EC SAA; Art. 45 and Protocol No 7 Algeria EC Euro-Med Association Agreement.

155

WTO (2019).

156

See European Commission (2018).

157

European Commission (2018) (emphases added).

158

Yakovleva (2020) p. 496.

159

Yakovleva (2020).

160

Mattoo and Meltzer (2018).

161

See e.g. Willemyns (2020); Burri (2021).

162

Bollyky and Mavroidis (2017), pp. 11–13 (Bollyky and Mavroidis discuss the need for regulatory competition in the context of global value chains; their argument is only strengthened in the domain of digital trade); also Ahmed (2019), pp. 99–120.

Aaronson SA (2015) Why Trade Agreements are not setting information free: the lost history and reinvigorated debate over cross-border data flows, human rights and national security. World Trade Rev 14(4):671–700CrossRef

Aaronson SA, Leblond P (2018) Another digital divide: the rise of data realms and its implications for the WTO. J Int Econ Law 21(2):245–272CrossRef

Ahmed U (2019) The importance of cross-border regulatory cooperation in the Era of Digital Trade. World Trade Rev 18(S1):99–120CrossRef

APEC (2005) APEC privacy framework. APEC Secretariat, Singapore

Bennett CJ, Bayley RM (2016) Privacy protection in the era of “big data”: regulatory challenges and social assessments. In: van der Sloot B, Broeders D, Schrijvers E (eds) Exploring the boundaries of big data. University of Amsterdam Press, Amsterdam, pp 205–227

Bollyky TJ, Mavroidis PC (2017) Trade, social preferences, and regulatory cooperation: the new WTO-think. J Int Econ Law 20(1):1–30CrossRef

Bradford A (2020a) The Brussels effect. Northwest Univ Law Rev 107(1):1–68

Bradford A (2020b) The Brussels effect: how the European Union rules the world. Oxford University Press, OxfordCrossRef

Brown I, Korff D (2014) Foreign surveillance: law and practice in a global digital environment. Eur Human Rights Law Rev 3:243–251

Brummer C (2011) How international financial law works (and how it doesn’t). Georgetown Law J 99(2):257–327

Bughin J et al (2016) Digital Europe: pushing the frontier, capturing the benefits. McKinsey Global Institute, Washington, DC

Burri M (2015) The international economic law framework for digital trade. Zeitschrift für Schweizerisches Recht 135(5):10–72

Burri M (2017) The governance of data and data flows in trade agreements: the pitfalls of legal adaptation. UC Davies Law Rev 51:65–132

Burri M (2019) Understanding the implications of big data and big data analytics for competition law: an attempt for a primer. In: Mathis K, Tor A (eds) New developments in competition behavioural law and economics. Springer, Berlin, pp 241–263CrossRef

Burri M (2020a) Data flows and global trade law. In: Burri M (ed) Big data and global trade law. Cambridge University Press, Cambridge

Burri M (2020b) Telecommunications and media services in preferential trade agreements: path dependences still matter. In: Krajewski M, Hoffmann R (eds) European yearbook of international economic law: coherence and divergence in agreements on trade in services. Springer, Berlin

Burri M (2021) Towards a new treaty on digital trade. J World Trade 55(1)

Burri M, Polanco R (2020) Digital trade provisions in preferential trade agreements: introducing a new dataset. J Int Econ Law 23(1):187–220CrossRef

Burri M, Schär R (2016) The reform of the EU data protection framework: outlining key changes and assessing their fitness for a data-driven economy. J Inf Policy 6:479–511CrossRef

Bygrave LA (2014) Data privacy law: an international perspective. Oxford University Press, OxfordCrossRef

Casalini F, López González J (2019) Trade and Cross-Border Data Flows. OECD Trade Policy Papers No. 220

Chander A (2016) National Data Governance in a Global Economy. UC Davis Legal Studies Research Paper: 495

Chander A, Lê UP (2015) Data nationalism. Emory Law J 64(3):677–739

Chander A, Kaminski ME, McGeveran W (2019) Catalyzing privacy law. University of Colorado Law Legal Studies Research Paper, pp 19–25

Clarke RA et al (2014) The NSA report: liberty and security in a changing world. Princeton University Press, Princeton, NJ

Cohen JE (2013) What privacy is for. Harv Law Rev 126:1904–1933

Cottier T, Delimatsis P, Diebold N (2008) Article XIV GATS: general exceptions. In: Wolfrum R et al (eds) Max Planck commentaries on World Trade law: trade in services, vol 6. Martinus Nijhoff Publishers, Leiden, pp 287–328

Council of Europe (2017) Guidelines on the Protection of Individuals with Regard to the Processing of Personal Data in a World of Big Data. Strasbourg. T-PD(2017)01. 23 January 2017

Deckelboim SJ (2017) Consumer privacy on an international scale: conflicting viewpoints underlying the EU-U.S. Privacy shield framework and how the framework will impact privacy advocates, national security, and businesses. Georgetown J Int Law 48:263–296

Delimatsis P (2010) The puzzling interaction of trade and public morals in the digital Era. In: Burri M, Cottier T (eds) Trade governance in the digital age. Cambridge University Press, Cambridge, pp 276–296

Diggelmann O, Cleis MN (2014) How the right to privacy became a human right. Hum Rights Law Rev 14(3):441–458CrossRef

Downes L (2016) The Business Implications of the EU-U.S. “Privacy Shield”. Harv Bus Rev. 10 February 2016. https://hbr.org/2016/02/the-business-implications-of-the-eu-u-s-privacy-shield

Drake G (2017) Navigating the Atlantic: understanding EU data privacy compliance Amidst A sea of uncertainty. South Calif Law Rev 91(1):163–194

European Commission (2000) Commission Decision 2000/520/EC of 26 July 2000 Pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequacy of the Protection Provided by the Safe Harbour Privacy Principles and Related Frequently Asked Questions Issued by the US Department of Commerce. OJ [2000] L 215/7

European Commission (2016a) Commission Implementing Decision of 12 July 2016 Pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequacy of Protection Provided by the EU-US Privacy Shield. C(2016) 4176 final. 12 July 2016

European Commission (2016b) EU-US Privacy Shield: Frequently Asked Questions. MEMO/16/434. Brussels. 29 February 2016

European Commission (2018) Horizontal Provisions for Cross-Border Data Flows and for Personal Data Protection in EU Trade and Investment Agreements. https://trade.ec.europa.eu/doclib/docs/2018/may/tradoc_156884.pdf

European Commission (2019) Commission Implementing Decision 2019/419 of 23 January 2019 Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the Adequate Protection of Personal Data by Japan under the Act on the Protection of Personal Information. OJ L [2019] 76

European Court of Human Rights (2019) Guide on Article 8 of the European Convention on Human Rights: Right to Respect for Private and Family Life, Home and Correspondence. Council of Europe, Strasbourg

European Data Protection Board (2019) Guidelines 3/2018 on the Territorial Scope of the GDPR. Version 2.0. 12 November 2019

European Union Agency for Fundamental Rights and Council of Europe (2018) Handbook on European Data Protection Law. Publications Office of the European Union, Luxembourg

Farrell H (2003) Constructing the international foundations of E-Commerce – the EU-US Safe Harbor Arrangement. Int Organ 57(2):277–306CrossRef

Ferracane MF (2020) The costs of data protectionism. In: Burri M (ed) Big data and global trade law. Cambridge University Press, Cambridge

Gasser U (2016) Recoding privacy law: reflections on the future relationship among law, technology, and privacy. Harv Law Rev 130(2):61–70

Greenleaf G (2004) The APEC privacy initiative: “OECD Lite” for the Asia-Pacific? Privacy Laws Bus Int Newslett 71

Henke N et al (2016) The age of analytics: competing in a data-driven world. McKinsey Global Institute, Washington, DC

Howse R (2002) The appellate body rulings in the shrimp/turtle case: a new legal baseline for the trade and environment debate. Columbia J Environ Law 27(2):491–521

Irion K, Williams J (2019) Prospective policy study on artificial intelligence and EU Trade Policy. The Institute for Information Law, Amsterdam

Irion K, Yakovleva S, Bartl M (2016) Trade and privacy: complicated bedfellows? How to achieve data protection-proof Free Trade Agreements. Institute for Information Law, Amsterdam

Jackson JH (1989) The world trading system: law and policy of international economic relations. MIT Press, Cambridge

Jackson JH (1998) The World Trade Organization: constitution and jurisprudence. Royal Institute of International Affairs, London

Jackson JH, Davey WJ, Sykes AO (1995) Legal problems of international economic relations. West Group, St. Paul, MN

Kuner C (2011) Regulation of transborder data flows under data protection and privacy law: past, present and future. OECD Digital Economy Paper: 187

Kuner C (2012) The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law. Bloomberg BNA Privacy and Security Law Report

Kuner C (2016) Reality and illusion in EU data transfer regulation post schrems. German Law J 18(4):881–918CrossRef

Lynskey O (2015) The foundations of EU data protection law. Oxford University Press, Oxford

MacDonald DA, Streatfeild CM (2014) Personal data privacy and the WTO. Houston J Int Law 36(3):625–652

Manyika J et al (2011) Big data: the next frontier for innovation, competition, and productivity. McKinsey Global Institute, Washington, DC

Mattoo A, Meltzer JP (2018) International data flows and privacy: the conflict and its resolution. J Int Econ Law 21(4):760–789

Mayer-Schönberger V, Cukier K (2013) Big data: a revolution that will transform how we live, work, and think. Eamon Dolan/Houghton Mifflin Harcourt, New York

OECD (1980) Guidelines for the protection of personal information and transborder data flows. OECD Publishing, Paris

OECD (2011) The evolving privacy landscape: 30 years after the OECD privacy guidelines. OECD Digital Economy Papers No. 176

OECD (2013) The OECD privacy framework: supplementary explanatory memorandum to the revised OECD privacy guidelines. OECD Publishing, Paris

OECD (2019a) Trade and Cross-Border Data Flows. Trade Policy Papers: 220

OECD (2019b) Data in the digital age. OECD Going Digital Policy Note. OECD Publishing, Paris. www.oecd.org/going-digital/data-in-the-digital-age.pdf. Accessed 4 August 2020

Ohm P (2010) Broken promises of privacy: responding to the surprising failure of anonymization. UCLA Law Rev 57(6):1701–1778

Pan SB (2016) Get to know me: protecting privacy and autonomy under big data’s penetrating gaze. Harv J Law Technol 30(1):239–261

Ravenhill J (2017) The political economy of the trans-pacific partnership: a “21st Century” trade agreement? New Polit Econ 22(5):573–594CrossRef

Reidenberg JR (2000) Resolving conflicting international data privacy rules in cyberspace. Stanf Law Rev 52(5):1315–1371CrossRef

Richards NM, King JH (2014) Big data ethics. Wake Forest Law Rev 49(2):393–432

Rotenberg M (2016) Privacy law sourcebook 2016: United States Law, international law, and recent developments. Electronic Privacy Information Center, Washington, DC

Rubinstein IS (2013) Big data: the end of privacy or a new beginning? Int Data Privacy Law 3(2):74–87CrossRef

Scholz LH (2019) Big data is not big oil: the role of analogy in the law of new technologies. Tennessee Law Rev 86:863–893

Schwartz PM (2013a) Information privacy in the cloud. Univ Pa Law Rev 161(6):1623–1662

Schwartz PM (2013b) The EU-US privacy collision: a turn to institutions and procedures. Harv Law Rev 126:1966–2009

Schwartz PM, Solove DJ (2011) The PII problem: privacy and a new concept of personally identifiable information. New York Univ Law Rev 86(6):1814–1894

Schwartz PM, Solove DJ (2014) Reconciling personal information in the United States and European Union. California Law Rev 102(4):877–916

Sen N (2018) Understanding the role of the WTO in international data flows: taking the liberalization or the regulatory autonomy path? J Int Econ Law 21(2):323–348CrossRef

Taylor RD (2020) “Data localization”: the internet in the balance. Telecommun Policy 44(8):102003CrossRef

Tene O, Polonetsky J (2013) Big data for all: privacy and user control in the age of analytics. Northwest J Technol Intellect Prop 11(5):239–273

Tene O, Wolf C (2013) Overextended: Jurisdiction and Applicable Law under the EU General Data Protection Regulation. Future of Privacy Forum White Paper

The Economist (2017) The World’s Most Valuable Resource Is No Longer Oil, but Data. Print Edition. 6 May 2017

The Royal Society (2017) Machine learning: the power and promise of computers that learn by example. The Royal Institute, London

The White House (2014) Big data: seizing opportunities, preserving values. Executive Office of the President, Washington, DC

The White House (2019) Guidance for Regulation of Artificial Intelligence Applications. Memorandum for the Heads of Executive Department and Agencies. Washington, DC

Tourkochoriti I (2016) Speech, privacy and dignity in France and in the USA: a comparative analysis. Loyola Los Angeles Int Comp Law Rev 38(2):217–296

UN General Assembly (1990) Resolution 45/95 of 14 December 1990

UN Office of the High Commissioner for Human Rights (1988) General Comment No. 16: Article 17 (Right to privacy). The Right to Respect of Privacy, Family, Home and Correspondence, and Protection of Honour and Reputation. Adopted at the Thirty-Second Session of the Human Rights Committee, on 8 April 1988

United States International Trade Commission (2013) Digital Trade in the US and Global Economies. Part 1, Investigation No 332–531. USITC. Washington, DC

United States International Trade Commission (2014) Digital Trade in the US and Global Economies. Part 2, Investigation No 332–540. USITC. Washington, DC

Waters N (2009) The APEC Asia-Pacific Privacy initiative: a new route to effective data protection or a Trojan Horse for self-regulation. SCRIPTed: A J Law Technol Soc 6(1):75–89

Weber RH (2012) Regulatory autonomy and privacy standards under the GATS. Asian J WTO Int Health Law Policy 7(1):25–48

Weiss MA, Archick K (2016) U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield. Congressional Research Service Report 7-5700. Washington, DC

Whitman JQ (2004) The two Western cultures of privacy: dignity versus liberty. Yale Law J 113(6):1151–1221CrossRef

Willemyns I (2020) Agreement forthcoming? A comparison of EU, US, and Chinese RTAs in times of plurilateral E-Commerce negotiations. J Int Econ Law 23(1):221–244CrossRef

Wolfrum R, Stoll PT, Hestermeyer HP (eds) (2011) WTO – Trade in goods. Martinus Nijhoff Publishers, Leiden

WTO (2018) World Trade Report 2018: the future of world trade: how digital technologies are transforming global commerce. World Trade Organization, Geneva

WTO (2019) Joint Statement on Electronic Commerce, EU Proposal for WTO Disciplines and Commitments Relating to Electronic Commerce. Communication from the European Union. INF/ECOM/22. 26 April 2019

WTO Appellate Body (1996) WTO Appellate Body Report, United States – Standards for Reformulated and Conventional Gasoline, WT/DS2/AB/R, adopted 29 April 1996

WTO Appellate Body (1998) WTO Appellate Body Report, United States – Import Prohibition of Certain Shrimp and Shrimp Products, WT/DS58/AB/R, adopted 12 October 1998

WTO Appellate Body (2000) WTO Appellate Body Report, Korea – Measures Affecting Imports of Fresh, Chilled and Frozen Beef, WT/DS161/AB/R, WT/DS169/AB/R, adopted 11 December 2000

WTO Appellate Body (2001) WTO Appellate Body Report, US – Import Prohibitions of Certain Shrimp and Shrimp Products (Recourse to Article 21.5 DSU by Malaysia), WT/DS58/AB/RW, adopted 22 October 2001

WTO Appellate Body (2005) Appellate Body Report, United States – Measures Affecting the Cross-Border Supply of Gambling and Betting Services (US – Gambling), WT/DS285/AB/R, adopted 7 April 2005

WTO Appellate Body (2007) WTO Appellate Body Report, Brazil – Measures Affecting Imports of Retreaded Tyres, WT/DS332/AB/R, adopted 3 December 2007

WTO Appellate Body (2009) Appellate Body Report, China – Measures Affecting Trading Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products, WT/DS363/AB/R, adopted 21 December 2009

WTO Panel (2015) WTO Panel Report, Argentina – Financial Services, WT/DS453/R, adopted 30 September 2015

Wu M (2008) Free Trade and the protection of public morals: an analysis of the newly emerging public morals clause Doctrine. Yale J Int Law 33(1):215–252

Wunsch-Vincent S (2003) The Digital Trade Agenda of the US: parallel tracks of bilateral, regional and multilateral liberalization. Aussenwirtschaft 58(1):7–46

Yakovleva S (2020) privacy protection(ism): the latest wave of trade constraints on regulatory autonomy. Univ Miami Law Rev 74(2):416–519

Titel: Data Flows versus Data Protection: Mapping Existing Reconciliation Models in Global Trade Law
verfasst von: Mira Burri
Verlag: Springer International Publishing
Buch: Law and Economics of Regulation
Print ISBN: 978-3-030-70529-9

Electronic ISBN: 978-3-030-70530-5

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-70530-5_7