When negotiating future trade deals, the European Union will maintain its commitment to protect citizens’ rights over their personal data according to language in draft text a year in the making and just shared by the European Commission with the Union’s parliamentarians and member governments.
At the same time, the Commission also reiterated its intention to keep cross-border data flows as open as possible within the E.U. in order to stop individual countries from invoking protectionist measures.
Sounds dry, but these are critical concerns for every member country and every company doing business in the E.U. as the deadline nears for implementation of the General Data Protection Regulation, which takes effect on May 25th.
The regulation, passed in 2016 with a two-year lead-in to activation, is meant to reinforce the protection of E.U. citizens’ personal data, which the Union considers “a fundamental right,” while imposing a single body of rules across the E.U. rather than 28 individual sets as a critical element in the creation of a Digital Single Market, according to to the E.U. data protection website.
The Commission estimates the last point alone will be worth €2.3 billion per year in various benefits, freeing companies to deal with a single supervising agency. A significant change will be the creation as well of a “level playing field” in that companies outside the E.U. providing goods and services to Union members will be required for the first time to follow the same rules for doing business within the E.U.
According to Reuters, which reviewed the letter, the Commission is seeking to counter rules from other countries – Russia, China and India among them – that require companies to store data on local servers, a protectionist measure that many technology companies worry will create unfairness across the internet.
“Cross-border data flows shall not be restricted between the Parties by… requiring the localization of data in the Party’s territory for storage or processing,” the letter notes.
Such data can include credit card details from online purchases, employee information and users’ individual browsing customs that enable targeted online advertising.
“These horizontal provisions — once included in future trade and investment agreements — will for the first time provide for a straightforward prohibition of protectionist barriers to cross-border data flows, in full compliance with and without prejudice to the EU’s data protection and data privacy rules,” the Commission wrote.
There’s a complex dance at play here as tension between the protection of privacy and unrestricted free trade has surfaced internally among some members states as well as between the E.U. and others with whom Union members trade, such as Norway and Switzerland.
In the letter, six commissioners wrote that the text had been “drafted in the understanding that, as the protection of personal data is non-negotiable, future trade and investment agreements addressing these issues shall not deviate from these horizontal provisions,” according to the Financial Times, which reported that it had seen the letter.
The paper wrote that the E.U. wants to feature the new rules in any future free-trade deals, including with Mexico and potentially with the U.K. following Brexit.