ARTICLE 19 joined a coalition of civil society organisations and consumer and digital rights groups in calling on governments to better protect people’s fundamental rights in trade deals. The Joint Statement Initiative, a World Trade Organization draft agreement seeking to level the playing field by establishing common rules across a range of electronic commerce issues, prioritises the free flow of data and limits scrutiny of source code over rights protections, undermining national authorities’ ability to protect consumers’ data privacy. Read the full statement below, and use the button to read as a PDF to view all signatories.
30 January, 2024
Global Statement: Consumer and Digital Rights Groups Call On Governments to Better Protect People’s Fundamental Rights in Trade Deals
Leading consumer and digital rights organisations across the globe welcome the recent announcement by the US government, indicating that it is withdrawing support from controversial data flows and source code rules in the Joint Statement Initiative on e-commerce. We call on other governments to take this opportunity to reassess their own digital trade policy and better protect their citizens.
Trade agreements that are being negotiated in different regions of the world seek to include binding rules that require governments to allow free flow of data across borders without restrictions and to limit scrutiny of source code used in software. These international rules define strict conditions that governments have to respect when regulating the digital ecosystem. This could undermine the ability of governments to protect personal data and privacy of their citizens. It could also make it very difficult for authorities to protect consumers from bias and discrimination, amongst other harms, of artificial intelligence systems.
This appears clearly in the different proposals by various countries engaged in the Joint Statement Initiative (JSI) on e-commerce, a plurilateral trade negotiation encompassing 93 countries on the sidelines of the World Trade Organization.
What is the problem for data protection and privacy?
Cross-border data flow rules have been included in modern trade agreements at the request of large digital companies. The purported objective is to facilitate international data transfers across national borders. It is crucial to consider the broad implications of any cross-border data flows provisions, which could undermine people’s fundamental human right to privacy and personal data protections. Failing to do so would defeat another ostensible purpose of these negotiations: to enhance consumer trust online.
Many digital services rely on collecting and processing personal data. At the same time, people wish to have control over their personal data. Scandals like the one linked to Cambridge Analytica and the invasive and constant tracking and exploitation of people’s data have eroded people’s trust in cross-border data transfers. Multiple surveys reveal that a large majority of consumers around the world are concerned about companies’ collection of their personal data online.
When the draft text of the JSI was leaked in summer 2023, the public could see that certain countries party to the JSI negotiations were seeking to secure rules to guarantee companies a right to free flow of data across borders. Some of their proposals replicate clauses from trade agreements, such as the US-Mexico-Canada Agreement (USMCA) and the Comprehensive and Progressive Trans-Pacific Partnership (CPTPP). These proposals seek to prioritise unhindered data flows above data protection and privacy. From a consumer and digital rights perspective, the logic should be exactly the opposite: protecting people’s rights should come first.
The risks of including rules on cross border data flows, data protection, and privacy in the JSI and any other agreement would be far greater for citizens’ rights than the economic benefits that can potentially be achieved in a few countries. Instead, countries could adhere to the only binding international treaty on data flows and personal data protection to date: the Convention 108+.
What is the risk regarding artificial intelligence?
The JSI negotiations include proposed rules conditioning who can and cannot have access to source code of software. The source code provision could restrict governments and regulators from requiring source code disclosure. They could hinder transparency and accountability of AI-driven systems. This restriction is unnecessary as companies already can rely on protection of their trade secrets and intellectual property rights.
The different proposals in the consolidated text would make it difficult for authorities to require pre-market launch audits of AI systems to review for discriminatory or anticompetitive practices. They would also prevent civil society organisations and academics from alerting authorities to domestic regulation infringements. For example, this provision would prevent consumer organisations and academics from investigating suspected biases in an artificial intelligence system of a bank, used to assess credit worthiness, and to alert authorities in case of confirmed bias.
Countries participating in the JSI are still in the process of defining their artificial intelligence regulatory frameworks domestically. Including source code-related provisions in the JSI, or any other international agreement, is therefore premature. If not defined carefully, such provisions could limit the level of protection governments intend to provide to their citizens.
Time for a new deal on digital trade
We welcome the US administration’s announcement that it will no longer support proposals for rules on data flows and source code in the JSI.
We call on all governments to use this opportunity to consider the consequences of including poorly-drafted clauses in their trade agreements that could weaken their citizens’ fundamental digital rights. This is particularly important for developing countries.
Instead of including rules on data flows and source code in trade agreements, governments should look for alternatives that will not affect their policy space and their ability to protect their citizens’ digital rights. They should consult consumer and digital rights groups and regularly inform them of the state of play of digital trade negotiations.