Cybersecurity, Digital Trade, and Data Flows: Re-thinking a Role for International Trade Rules

Abstract

Trade and cybersecurity are increasingly intertwined. Global data flows and digital technologies accelerate the global connectivity of businesses, governments, and supply chains. Yet, this digital connectivity increases exposure to cyberattacks. The potential costs of cyberattack have underpinned a turn to conceiving of cybersecurity as a national security threat and to using trade and investment restrictions to reduce the risk of cyber-attack. Cybersecurity measures are, however, likely to constitute barriers to data flows and digital trade. The turn to using trade policy to address cybersecurity threats creates two distinct challenges for the WTO and FTAs. The first is the challenge of distinguishing genuine cybersecurity measures from disguised protectionism. The second is how to deal with growth in trade restrictions for legitimate cybersecurity purposes. The approach to the national security exception The WTO and FTA national security exception is poorly designed to deal with these trade policy challenges. This paper analyzes the implication of the WTO panel finding in Russia-Transit case to show why the national security exception and generally exception provisions are poorly designed to deal with cybersecurity-based trade restrictions. The paper concludes by outlining new trade rules and mechanisms for cooperation.