ACTA Revisited? TTIP and Data Privacy
Data privacy has become an increasingly important concern in the EU, and the defeat of ACTA showed what can happen to international agreements that arouse public suspicion. Decision makers have shown that they are aware of public concern by being more forthcoming with information and promising not to compromise data privacy in TTIP. But negotiations also present a chance to improve upon some current privacy regulation as well as potentially providing economic benefits.
In the summer of 2012, the European Parliament voted decisively to reject a proposed Anti-Counterfeiting Trade Agreement (ACTA) between the EU, the United States and other key trade partners, which aimed to reduce international intellectual property rights violations. After years of secret negotiations, ACTA collapsed amid public concerns over both its impact on data privacy and the lack of transparency of the talks themselves. The opposition culminated in a petition signed by almost 2.5 million people "calling on MEPs to stand for a free and open Internet and reject the ratification of the ACTA."
Now, the EU has embarked on negotiations with the United States on the Transatlantic Trade and Investment Partnership (TTIP), which shares some of ACTA's goals. This time, though, the European Commission shifted gears, seeking to make the talks more transparent by publishing a series of position papers on key issues very early on in the process. This new degree of openness represents a step in the right direction toward an agreement that will have economic benefits for a net-exporting region of intellectual property such as the European Union.
As was the case with ACTA, the TTIP would require some degree of standardization with respect to the enforcement of intellectual property and data protection rules. In terms of intellectual property regulations, the U.S. Congressional Research Service sees the protection and enforcement of geographical indications as a major subject of discussion given the prominence of regionally-branded products in Europe and the differing trademark regime in the US. But the European Parliament has made clear it will not back a TTIP that threatens individual privacy. In a report issued in February, the European Parliament's Committee on Civil Liberties, Justice and Home Affairs states that it would only consent to the final TTIP agreement provided the agreement fully respects the fundamental rights recognized by the EU Charter, including any provisions on the protection of the individual privacy and personal data.
Again referencing the survey conducted by PEW and the Bertelsmann Foundation, it appears that public opinion on data protection standards in Germany and the United States could be a cause for concern in the negotiations, with strongly diverging opinions on both sides of the Atlantic. While the United States has exhibited a readiness to engage in a trade-off between national security interests and privacy of its citizens, opinion on this matter seems to be divided in Europe. According to a study by RAND Europe, EU citizens generally are open to the idea that security requires giving up some level of privacy; however, a majority expressed concerns about sharing those data across international borders.
In order to address concerns related to the protection of personal data, the European Commission has gone to great lengths to assure its citizens that TTIP is not another ACTA and in fact does not cover any of the controversial data sharing provisions thought to be part of the previous agreement. To underline this commitment, former European Justice Commissioner Viviane Reding stated that "a discussion on standards of data protection should be kept separate from the give and take of a trade negotiation." Nonetheless, according to Thomas Ruddy, TTIP holds the potential to bring to the table long-standing transatlantic debates on data provisions such as Passenger Name Records (PNR) held by airlines and the SWIFT agreement on international financial data. Under the Safe Harbor agreement established in 2000, U.S. companies certify to the U.S. Department of Commerce that they follow data protection standards that meet the requirements that the EU sets for protection of its citizens' personal data.
However, in the light of the recent NSA scandal and the revelations on transatlantic surveillance mechanisms, Europeans have become increasingly sensitive to the matter and existing, rather loosely-defined data regulations such as the self-regulatory Safe Harbor Agreement by U.S. companies may no longer be enough. The European Parliament has emerged as one of the most vocal proponents of this position, advocating that TTIP meet a set of rigorous data protection criteria such as "granting EU citizens the right to information when their data is processed in the US, ensuring that EU citizens' access to the US judicial system is equal to that enjoyed by US citizens and granting the right to redress," and calling on the European Commission to conduct a thorough review of the Safe Harbor agreement.
Ultimately however, it is unclear whether a conversation on privacy issues should be part of the TTIP negotiations and whether trade talks present the right forum to deal with the substantial differences in attitudes on either side of the Atlantic and the recent history of heated debate. While these issues will need to be addressed in one way or another in order to avoid another ACTA, it remains to be seen whether the prospect of economic benefits of a free trade agreement between economic superpowers will outweigh concerns over data protection and privacy regulations.
Marlon Graf is an assistant policy analyst at the nonprofit, nonpartisan RAND Corporation and a doctoral candidate at the Pardee RAND Graduate School.
- Enhancing NATO Cohesion: A Framework for 21st Century Solidarity
- China vs US or China vs Law: How Europe Can Make the Difference
- Redefining Relationships Inside and Outside the Alliance
- Georgia and Russia: Smoldering Conflict at a Geopolitical Intersection
- Future-Proofing NATO: A Forthcoming Decade of Change