Rules providing for unrestricted cross-border flow of commercial data and prohibiting the requirement of localization of the data facilities as a condition for conducting business on the territory are often found in the modern PTAs, also being included in the rich negotiating agenda of the WTO Joint Statement Initiative on Electronic Commerce (the WTO JSI). Nevertheless, indispensable for the conduct of international trade, such rules are made subject to exceptions, most of which, if applied, could deprive them of their effect. Such exceptions are aimed at protecting privacy, safeguarding essential security interests, ensuring data security, allowing the pursuit of the legitimate public policy objectives, maintaining regulatory and supervisory access to certain sectoral data, and, finally, allowing for the establishment or enhancement of the data processing and storage capacities of the developing countries and LDCs. Elaboration of the common data classification; better elucidation of the [proposed] exceptions; progress in elaboration and implementation of the other, connected rules (on privacy, spam, consumer protection, cybersecurity, source code, cryptography, and technical assistance and capacity building, among others), which might enhance mutual trust between different nations and their regulatory authorities; as well as cooperative efforts of different scales and scopes, might be seen as incremental steps contributing to achieving universal unrestricted commercial data flows in the future.
Read full abstract