From the abstract:
Free Trade Agreements (FTAs) are not likely to be sources of privacy rights, but may act as limitations on the operation of privacy laws. Countries negotiating new bilateral or multilateral trade agreements, particularly but not exclusively the USA, are likely to attempt to include a requirement that the parties do not include any significant data export restrictions, or ‘data localisation’ provisions in their laws.
I argue that, in most cases, the only role that privacy rights should play in Free Trade Agreements is a negative one: as explicit exceptions confirming that other FTA provisions have nothing to do with limiting the protection of privacy (or other human rights). Human rights are not bananas, to be traded for other commodities.
Until 2016, Article XIV(c)(ii) of the GATS (General Agreement on Trade in Services, 1995) was the only significant privacy limitation in FTAs, but an important one because of its near-universality. Its effect is still uncertain, as it has not yet resulted in WTO case law.
The Trans-Pacific Partnership (TPP) agreement, signed (but not ratified) in February 2016, is the first multilateral trade agreement with detailed provisions relating to privacy/data protection that go beyond GATS, and they are overwhelmingly negative from a privacy perspective. The TPP requirements involve: (a) no substantive or meaningful requirements to protect privacy; (b) coupled with prohibitions on data export limitations or data localisation requirements that can only be overcome by a complex ‘four step test’ of justification; and (c) backed up by the risk of enforcement proceedings between states or under ISDS provisions, both involving uncertain outcomes from dubious tribunals and potentially very large damages claims.
TPP seems to be the type of binding international privacy treaty that the USA (in particular) wishes to achieve. For the other states whose personal data will be ‘hoovered up’, it is more likely to be a Faustian bargain: put at risk the protection of the privacy of your citizens (except at home) in return for the golden chalice of trade liberalisation. If the TPP is defeated in the US Congress, this will be a net gain for privacy protection, whatever one thinks about the other potential economic advantages of the TPP.
In the meantime, other FTAs are proliferating, and overlapping in confusing ways. This article concludes with a review of what (if anything) is known of possible privacy provisions in agreements under negotiation including the EU-US TTIP, the Trade in Services Agreement (TISA), RCEP, and PACER. One way or another, FTAs are likely to be one of the defining factors in the future evolution of data privacy laws.