Data Protection without Data Protectionism
The Right to Protection of Personal Data and Data Transfers in EU Law and International Trade Law
- Open Access
- 2023
- Open Access
- Book
- Author
- Tobias Naef
- Book Series
- European Yearbook of International Economic Law
- Publisher
- Springer International Publishing
About this book
This open access book offers a new account on the legal conflict between privacy and trade in the digital sphere. It develops a fundamental rights theory with a new right to continuous protection of personal data and explores the room for the application of this new right in trade law. Replicable legal analysis and practical solutions show the way to deal with cross-border data flows without violating fundamental rights and trade law principles.
The interplay of privacy and trade became a topic of worldwide attention in the wake of Edward Snowden’s revelations concerning US mass surveillance. Based on claims brought forward by the activist Maximilian Schrems, the ECJ passed down two high-profile rulings restricting EU-US data flows. Personal data is relevant for a wide range of services that are supplied across borders and restrictions on data flows therefore have an impact on the trade with such services. After the two rulings by the ECJ, it is less clear then ever how privacy protection and trade can be brought together on an international scale.
Although it was widely understood that the legal dispute over EU-US data flows concerns the broad application of EU data protection law, it has never been fully explored just how far the EU’s requirements for the protection of digital rights go and what this means beyond EU-US data flows. This book shows how the international effects of EU data protection law are rooted in the EU Charter of Fundamental Rights and that the architecture of EU law demands that the Charter as primary EU law takes precedence over international law. The book sets out to solve the problem of how the EU legal data transfer regime must be designed to implement the EU’s extraterritorial fundamental rights requirements without violating the principles of the WTO’s law on services. It also addresses current developments in international trade law – the conclusion of comprehensive trade agreements – and offers suggestion for the design of data flow clauses that accommodate privacy and trade.
Advertisement
Table of Contents
-
Chapter 1. Introduction
- Open Access
Download PDF-versionThe chapter delves into the complex relationship between data protection and trade, highlighting the conflict between fundamental rights and economic interests in the digital age. It introduces the extraterritorial dimension of the right to data protection enshrined in Article 8 of the Charter of Fundamental Rights, arguing that this dimension mandates continuous protection of personal data transferred from the EU to third countries. The text also explores the restrictions placed on cross-border flows of personal data by the EU and assesses the compatibility of EU data protection regulations with WTO law. Additionally, it offers legal requirements and design suggestions for data flow clauses in EU trade agreements, aiming to balance data protection with the need for international data transfers. This comprehensive analysis provides valuable insights into the intricate interplay between data protection and trade, making it a must-read for specialists in the field.AI Generated
This summary of the content was generated with the help of AI.
AbstractData protection is an area where fundamental rights collide with trade policy. Personal data has become an essential asset for the digital economy. Consequently, the free flow of personal data across borders has been described as a “new battleground” for states trying to protect their vital economic and non-economic interests—especially now that trade negotiations are shifting to digital trade. There is a deep disagreement about when data protection should be considered data protectionism. This research explores EU-style data protection and shows where the line between data protection and data protectionism in international trade law currently is, and how it can, or should be redrawn. -
European Union Data Protection Law
-
Frontmatter
-
Chapter 2. The Global Reach of the Right to Data Protection
- Open Access
Download PDF-versionThe chapter delves into the origins and development of data protection laws in Europe, starting with early regulations in the 1970s and progressing through international instruments and EU directives. It underscores the driving forces behind these developments, such as technological advancements and state powers, and emphasizes the significance of the Charter of Fundamental Rights of the EU in recognizing data protection as a fundamental right. The text also explores the key values and principles that guide data protection, including privacy, informational self-determination, transparency, and democracy. Additionally, it discusses the extraterritorial dimension of data protection, highlighting the importance of ensuring continuous protection for personal data transferred to third countries. This chapter offers a deep dive into the legal framework and underlying values of data protection, making it a valuable resource for professionals seeking to understand the complexities of this fundamental right.AI Generated
This summary of the content was generated with the help of AI.
AbstractThe internet as a technology not only revolutionized communication, it also enabled new forms of trade. Digital trade often involves personal data. Information about individuals now travels around the world on an unprecedented and rapidly growing scale. The key to understanding the implications of data protection in the EU for trade with the wider world is the Charter of Fundamental Rights of the EU (Charter, CFR). The Charter has the status of primary Union law and data protection is enshrined as a fundamental right in Article 8 CFR. The first section of this chapter traces the development of the right to data protection from the early data protection laws in Europe to the inclusion of Article 8 into the Charter. It identifies the driving forces behind this development and offers insights into the origins of this new fundamental right (Sect. 2.1). The second section addresses the substance of the right to data protection. It explains the underlying values for the interpretation of the new fundamental right and analyzes the six written constituent parts of Article 8 CFR. It shows that the right to data protection must be distinguished from the right to private life in Article 7 CFR. The second section also explains what counts as an interference with the right to data protection and addresses lawful limitations on the exercise of this new fundamental right (Sect. 2.2). The third section focuses on the extraterritorial dimension of the right to data protection. The jurisprudence of the ECJ reveals an unwritten constituent part of the new fundamental right: the right to continuous protection of personal data. Personal data cannot be exported to third states that do not provide a level of protection for the transferred personal data that is essentially equivalent to that guaranteed within the EU (Sect. 2.3). Certain practices in third states are of particular relevance for the extraterritorial dimension of Article 8 CFR. Foreign internet surveillance often targets personal data that is transferred from the EU to a third country. The fourth section analyzes the requirements for foreign internet surveillance practices emanating from the right to data protection in Article 8 CFR (Sect. 2.4). -
Chapter 3. The Restrictive Effect of the Legal Mechanisms for Data Transfers in the European Union
- Open Access
Download PDF-versionThe chapter delves into the legal mechanisms governing data transfers within the European Union, focusing on the extraterritorial dimension of data protection rights. It traces the evolution of these mechanisms from early data protection laws in countries like Sweden, France, and Germany to the harmonized rules under the GDPR. The chapter discusses the three primary legal mechanisms for data transfers: adequacy decisions, instruments providing appropriate safeguards, and derogations for specific situations. It also explores the policy objectives behind these mechanisms, including anticircumvention and enhancing trust in the information society. The chapter offers a detailed analysis of the development of data transfer rules, from the early international instruments like the OECD Privacy Guidelines and Convention 108 to the GDPR's comprehensive framework. It highlights the importance of continuous protection for personal data across borders and the role of fundamental rights in shaping these regulations. This chapter is essential for understanding the complex landscape of data transfers and the legal foundations that support data protection in the EU.AI Generated
This summary of the content was generated with the help of AI.
AbstractThe right to data protection in Article 8 CFR has an extraterritorial dimension, which requires continuous protection for personal data that is essentially equivalent to the protection guaranteed within the EU. This right to continuous protection of personal data is an unwritten constituent part of the right to data protection in Article 8 CFR. Primary Union law in Article 16(2) TFEU instructs the European Parliament and the Council to establish rules relating to the protection of individuals regarding the processing of their personal data. This mandate also extends to the extraterritorial dimension of the right to data protection. Accordingly, Chapter V GDPR sets out the system for the transfer of personal data from the EU to third countries. The first section of this chapter defines the legal concept of “data transfers” and introduces the three legal mechanisms for the transfer of personal data in Chapter V GDPR (Sect. 3.1). The following sections address the three legal mechanism and their role in guaranteeing the right to continuous protection for personal data. Each section entails a fundamental rights analysis for the transfer of personal data on the basis of a legal mechanism in Chapter V GDPR. The second section is dedicated to data transfers based on adequacy decisions for third countries following Article 45 GDPR (Sect. 3.2). The third section is dedicated to data transfers based on the instruments providing appropriate safeguards in Article 46 GDPR such as standard data protection clauses and binding corporate rules (BCRs) (Sect. 3.3). Finally, the fourth section is dedicated to data transfers subject to contract-based and consent-based derogations in Article 49 GDPR (Sect. 3.4).
-
-
International Trade Law
-
Frontmatter
-
Chapter 4. Restrictions on Data Transfers and the WTO
- Open Access
Download PDF-versionThe chapter delves into the intricate relationship between data transfer restrictions and the World Trade Organization (WTO). It begins by highlighting the historical context of the WTO’s role in regulating trade, including the unforeseen oversight of data flows due to the internet’s early development. The text then examines how WTO rules on trade in services can be applied to distinguish between legitimate regulatory concerns and protectionism, particularly in the context of cross-border data flows. It also analyzes whether the EU’s stringent data protection regulations interfere with WTO rules, and whether such interferences can be justified under relevant exceptions. The chapter offers a detailed classification of digital services and discusses the implications of data localization policies on trade. It concludes by emphasizing the importance of understanding these regulations for the future of international trade in the digital era.AI Generated
This summary of the content was generated with the help of AI.
AbstractThe WTO is not well-known for being an institution that regulates the free flow of personal data across borders. The trade agreements under the auspices of the WTO either predate or coincide with the invention and early development of the internet. When the WTO was created in 1994, its members agreed to create rules for trade in services. Tim Wu observed that as a consequence, and almost by accident, “the WTO has put itself in an oversight position for most of the national laws and practices that regulate the Internet.” Wu (Chicago J Int Law 7(1), 264, 2006). Over a quarter century later, the internet has become indispensable for trade in services, facilitating not only communication and payment between parties involved in any transaction, but also as a platform for the transmission of the services themselves, and the driving technology for the creation of new services. The first section of this chapter shows how cross-border flows of personal data (on the internet) have become intertwined with the supply of many digital services (Sect. 4.1). The second section describes how the rules of the WTO on trade in services are relevant for the regulation of cross-border flows of personal data (Sect. 4.2). These multilateral trade rules can be used as proxies to distinguish between legitimate regulatory concerns and protectionism. Regarding the regulation of cross-border flows of personal data, these rules allow for the legal assessment of the line between data protection and data protectionism. The third section of this chapter analyzes whether the EU’s fundamental rights-based regulation of data transfers interferes with the rules of the WTO on trade in services (Sect. 4.3). The fourth section assesses whether the interferences that have been identified can be justified under the relevant exceptions to the rules of the WTO on trade in services (Sect. 4.4). -
Chapter 5. Restrictions on Data Transfers and Trade Agreements
- Open Access
Download PDF-versionThe chapter traces the development of data flow clauses in trade agreements, beginning with the EU's pioneering efforts and the US's later involvement. It examines key agreements like the TTIP, TiSA, and TPP, and the EU's legal requirements for data protection under the GDPR. The text also proposes four potential designs for data flow clauses in EU trade agreements, each with its advantages and disadvantages. This comprehensive analysis offers valuable insights into the complex interplay between data protection and international trade law, making it a must-read for those interested in the future of digital trade agreements.AI Generated
This summary of the content was generated with the help of AI.
AbstractIn reaction to the stalemate in the multilateral trading system, international governance of digital trade has gradually shifted toward bilateral and regional trade agreements. This allowed countries to start to regulating cross-border flows of personal data outside the WTO framework. The first section of this chapter traces the development of data flow clauses in the trade agreements of the EU, the US, and other countries. It also looks at the negotiations of the big trade agreements in the late 2010s, such as the TTIP, the TiSA, and the TPP (Sect. 5.1). The second section outlines the scope for data flow clauses in the trade agreements of the EU based on different legal requirements stemming from the architecture of EU law, the GDPR, and other regulations. These requirements include the primacy of fundamental rights over international law with regard to the right to continuous protection of personal data in Article 8 CFR, the accommodation of the legal mechanisms for the transfer of personal data in the GDPR, the inclusion of cooperation mechanisms on the basis of Article 50 GDPR, and the ban of data localization requirements beyond data protection and privacy concerns. These legal requirements are necessary to consider when drafting data flow clauses for EU trade agreements (Sect. 5.2). The third section of this chapter offers and analyzes four potential designs for data flow clauses for EU trade agreements (Sect. 5.3). The fourth section is dedicated to the analysis of the EU model data flow clauses that the European Commission introduced as a template for future trade negotiations in 2018 (Sect. 5.4).
-
-
Epilogue
-
Frontmatter
-
Chapter 6. Concluding Remarks: Data Protection Without Data Protectionism
- Open Access
Download PDF-versionThe chapter delves into the intricate relationship between data protection and data protectionism, focusing on EU data protection laws and their extraterritorial application. It argues that the right to data protection in Article 8 CFR has an extraterritorial dimension, ensuring continuous protection of personal data transferred to third countries. The analysis highlights the limitations on systematic data transfers to countries without equivalent protection and the compatibility of EU regulations with WTO law. The chapter also proposes new designs for data flow clauses that respect fundamental rights while promoting the free flow of personal data across borders.AI Generated
This summary of the content was generated with the help of AI.
AbstractMany states recognize, at least on paper, that data protection and privacy are important values. Nevertheless, they diverge quite jarringly on what the correct level or design of such protection should be. In particular, there is deep disagreement about when data protection crosses the line and becomes data protectionism. In this book, I have shown—using the example of EU law—where the line between data protection and data protectionism in international trade law currently is, and how it can, or should be redrawn.
-
- Title
- Data Protection without Data Protectionism
- Author
-
Tobias Naef
- Copyright Year
- 2023
- Publisher
- Springer International Publishing
- Electronic ISBN
- 978-3-031-19893-9
- Print ISBN
- 978-3-031-19892-2
- DOI
- https://doi.org/10.1007/978-3-031-19893-9
PDF files of this book don't fully comply with PDF/UA standards, but do feature limited screen reader support, described non-text content (images, graphs), bookmarks for easy navigation and searchable, selectable text. Users of assistive technologies may experience difficulty navigating or interpreting content in this document. We recognize the importance of accessibility, and we welcome queries about accessibility for any of our products. If you have a question or an access need, please get in touch with us at accessibilitysupport@springernature.com
