Building Bridges: International Trade Law, Internet Governance, and the Regulation of Data Flows.

• Author: Mishra, Neha

TABLE OF CONTENTS I. INTRODUCTION 465 II. UNDERSTANDING MEASURES RESTRICTING CROSS-BORDER DATA FLOWS 471 A. The "Restrictive" Element of "Cross-Border Data Flows" 471 1. Types of Data 471 2. Cross-Border versus Domestic Data Flows. 473 B. Types of Data Restrictive Measures 474 III. INTERNET GOVERNANCE PRINCIPLES UNDERLYING DATA FLOWS 477 A. The Principle of Internet Openness 478 1. Internet Openness Requires Free Flow of Data 478 2. Free Flow of Information Is Recognised Internationally 480 3. Implementing Principle of Internet Openness 482 B. Principle of Internet Security 484 1. Internet Security Means Both Network and Application Security 484 2. Increasing Recognition of Internet Security in Various International Platforms 485 3. Implementing Principle of Internet Privacy 486 C. Principle of Internet Privacy 489 1. Internet Privacy: A User-Centric Approach 489 2. Growing Recognition of Internet Privacy 491 3. Implementing Principle of Internet Privacy 492 D. Complementarity of Internet Openness, Security, and Privacy 495 IV. OPERATIONALISING INTERNET OPENNESS, SECURITY, AND PRIVACY IN INTERNATIONAL TRADE LAW 498 A. The Principles of Internet Openness, Security, and Privacy and Objectives of GATS and WTO Agreement Are Mutually Compatible 498 B. Internet Openness, Security, and Privacy Are Beneficial for Digital Trade 501 1. Internet Openness and Digital Trade Liberalisation Go Together 501 2. Internet Security Supports Digital Trade 502 3. Internet Privacy Is a Precondition for Digital Trade 503 C. Applying and Interpreting Principles of International Trade Law 504 D. Framing New Rules on Cross-Border Data Flows and Data Localisation 506 V. TYING MULTISTAKEHOLDER AND MULTILATERAL PROCESSES TO SUPPORT DIGITAL TRADE 507 VI. CONCLUSION 509 I. INTRODUCTION

At first sight, international trade law appears disconnected from internet governance due to the stark divergence in the legal and institutional structures of the two regimes. While international trade law governs relationships amongst countries, internet governance is considered to be a largely multistakeholder process aimed at policymaking for a universal and global internet, unconstrained by national borders. (1) International trade law comprises rules developed by countries through negotiated agreements at the World Trade Organization (WTO) (2) and other mechanisms such as preferential trade agreements (PTAs). (3) Several provisions, including obligations on nondiscrimination and market access, within international trade agreements are binding and enforceable, such that government measures that constitute barriers to trade may be actionable in international trade law. In contrast, different aspects of internet policymaking are dispersed across government departments, (4) multistakeholder bodies, (5) multilateral institutions (e.g., the International Telecommunications Union (ITU) (6) and other specialised agencies of the United Nations (UN)), (7) and regional organisations. (8) Further, civil society organisations (9) and technology companies (10) play an instrumental role in internet governance. Principles of internet governance can be derived from multiple sources: declarations and resolutions of multilateral and multistakeholder bodies, standards and recommendations of multistakeholder bodies such as the Internet Engineering Task Force (IETF) (11) and the Internet Governance Forum (IGF), and voluntary standards developed by civil society or private bodies. (12)

Despite these obvious differences between international trade law and internet governance, it would be imprudent to dismiss their linkage as a matter of mere theoretical interest. Several scholars have already studied the importance of cross-border data flows to boost the growth of trade in a digitalised world. (13) Good governance of the internet (such as a high degree of openness, efficiency, and stability) facilitates the use of the internet for trade. (14) With the rapid expansion of the global market for digital services, measures that obstruct the internet (e.g., restrictions on data flows or imposition of proprietary or indigenous technical standards) also constitute barriers to trade and, therefore, may be subject to scrutiny under international trade law.

The relationship between international trade law and internet governance is increasingly being explored and evaluated. (15) For instance, in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), (16) the parties acknowledged the importance of internet-related policy issues to digital trade and thereby introduced binding provisions on cross-border flows of information and data localisation and other disciplines on personal data protection, spam, online consumer protection, and cybersecurity cooperation. (17) Further, stakeholders in the internet governance community also recognise the significance of international trade agreements in supporting "a free and open [i]nternet, which is just, fair, and development oriented and furthers the interoperability of [i]nternet information services" and its positive ramifications on "social and economic development." (18) However, others have noted the possible discord between trade rules and internet governance as trade agreements are used by powerful stakeholders in a secretive manner to impose internet openness, (19) without due regard to the regulatory autonomy necessary for domestic regulation of cyberspace. (20) To date, trade tribunals have not comprehensively investigated the conflict between trade and internet policy. (21) Therefore, to understand better how these two fields interface, greater clarity is required regarding how existing (and future) trade rules can be applied and interpreted in trade disputes concerning internet and internet-enabled services.

When applying international trade agreements such as the General Agreement on Trade in Services (GATS) (22) to measures restricting data flows, a delicate balance needs to be struck between liberalising trade in digital services and preserving domestic policy goals, including regulating online content in the public interest, protecting privacy of citizens, and reducing cybercrimes. (23) Although such measures are implemented domestically, they have a direct impact on a globally interconnected network. For example, data localisation laws may affect how data is routed through the network as well as the efficiency of cross-border data flows. (24) When examining such measures under GATS, the assessment will often involve fundamental issues related to internet governance. For instance, under GATS Article XIV, a trade tribunal may need to determine the necessity of a data localisation measure to achieve privacy or cybersecurity. (25) Therefore, even applying international trade law requires clarity regarding the fundamental principles governing data flows.

This Article argues that three principles of internet governance are most pertinent to internet data flows: internet openness, internet security, and internet privacy. Though these terms are frequently used in internet governance literature, different stakeholders attribute different meanings to these terms. This Article has defined and explained each of these principles by distilling and assimilating important and relevant values and ideas from different soft law instruments, policy documents, and scholarship in internet governance. Since the internet is a "multilayered framework" governed by several institutions, data transfers through the internet require coordination among different stakeholders, and interoperability of policies and technical protocols across different layers. (26) The principles of internet openness, security, and privacy provide important guiding tools to different stakeholders operating in different layers to ensure the interoperability and security of data flows. This Article further explores how these three principles are relevant to international trade law, particularly if it can contribute to or facilitate achieving these principles. However, as international trade law is not the appropriate platform to resolve issues related to human rights, this Article does not directly evaluate the political connotations of the principles of internet openness, security, and privacy. For example, measures restricting data flows cannot be challenged before trade tribunals because they violate human rights recognised in domestic or international non-trade instruments (e.g., the freedom of expression). (27)

Part 0 explains how measures restricting cross-border data flows operate in practice as well as the different types of data restrictive measures with a trade-restrictive effect. Part 0 focuses on three key principles in internet governance instrumental to data flows--internet openness, security, and privacy--arguing that these principles are complementary in nature. Part 0 evaluates the extent to which these three principles align with rules in international trade law, as well as how they can be used in context of applying, interpreting, and reforming international trade law. Part V discusses the possibility of bringing together the multilateral approach of international trade law with the multistakeholder approach in internet governance with regard to regulating cross-border data flows. The Article concludes that given the growing importance of digital trade, international trade law should not be isolated from internet governance. Understanding the linkages between the two fields is timely and crucial to: (i) ensure a more meaningful role for trade disciplines in addressing digital trade issues such as cross-border data flows; and (ii) build a comprehensive and balanced approach to govern cross-border data flows at the global level.

2. UNDERSTANDING MEASURES RESTRICTING CROSS-BORDER DATA FLOWS

   The internet is a multilayered technology consisting of a physical layer containing the physical infrastructure-carrying data packets; the...