Modern field guide to security and privacy

Opinion: Why privacy alarmists are wrong about data rules in big trade deals

Provisions in the Trade in Services Agreement, which is currently under negotiation in Geneva, are not meant to erode privacy. Instead, the pact reflects the reality of how data is stored and transmitted in the modern global digital economy. 

|
Reuters

It was only a matter of time before populist-minded skeptics sounded privacy alarms over provisions the US government is currently negotiating in trade agreements to prevent "data protectionism." File it under the category of "no good deed goes unpunished."

Case in point, Emma Woollacott’s recent Forbes article that incorrectly asserts that trade negotiators have slipped provisions into the Trade in Services Agreement (TISA) that threaten privacy and security. In reality, these terms are meant to reduce barriers to trade in services – such as banking and health care – among 24 World Trade Organization member countries.

But Ms. Woollacott contends that people’s privacy could be threatened because language in TISA "could bar countries from trying to control where their citizens’ personal data is held or whether it’s accessible from outside the country." In making this assertion, she cites a TISA provision stating that "no party may require a service supplier, as a condition for supplying a service or investing in its territory, to: (a) use computing facilities located in the Party’s territory." She goes on to warn us "there are clear implications for privacy – as well as security from hacking. EU privacy regulations currently require companies to store EU citizens’ personal data locally, to make sure they comply with the region’s strict legal requirements for data processing."

Of course, Woollacott is not alone – in the US or abroad – in trying to connect TISA’s provisions to an abrogation of privacy rights. Writing in Slate, Margot Kaminski contends, "states bargain away citizens’ freedoms behind closed doors" with TISA. Of course, privacy is one of those freedoms implicated. Likewise, Patricia Ranald, coordinator of the Australian Fair Trade and Investment Network, asserts that TISA contains "rules that would threaten privacy and civil rights protections for digital personal data."

But the notion that data must be stored locally to be secure or to maintain privacy protections is patently false, as the Information Technology and Information Foundation has shown in a detailed report. The security of data does not depend on where it is stored, only the measures used to store the data securely.

With regard to privacy, the entities that leverage a consumer’s data in the course of their business activities must adhere to the privacy laws a country imposes; thus where that data is stored is immaterial. It’s either in compliance with the privacy laws and regulations of the home nation or it is not. For example, American companies must comply with the privacy provisions of HIPAA (the Health Insurance Portability and Accountability Act), which regulates US citizens’ health data privacy rights, or the Gramm-Leach-Bliley rules regulating the privacy of financial data, whether they store a customer’s data on their own server in the US or on a third-party cloud server in another nation.

A business simply cannot evade a nation’s privacy and security laws by moving the data to another nation. Besides, the provisions do not in any way prevent a government from making a decision about where to store personal data used in the delivery of government services – whether tax or benefits data or personal health records – but it does foreclose a government’s ability to mandate that such data (or data collected by a private company) could be stored only within the geographic confines of a country.

So why are US negotiators pushing to add this kind of provision to trade agreements such as TISA, the Trans-Pacific Partnership (TPP), and Transatlantic Trade and Investment Partnership (TTIP) agreements?

Just as trade negotiators fought to remove barriers to trade in physical goods in the 20th century in order to maximize economic growth and prosperity, they need to remove barriers to trade in digital goods and services in the 21st century.

When organizations can choose to store their data with any provider anywhere in the world, they have access to best-of-breed solutions providers – whether they’re located in the cloud or are using servers in another country – that have the best documented track records of securely managing a citizen’s or customer’s data and protecting their privacy rights. But if countries were allowed to mandate local data storage requirements or require an Internet company to use only local computing facilities to store data or deliver digital services, they then foreclose this option for their citizens and enterprises. Moreover, such policies would unnecessarily add additional costs (for example, by forcing companies to open more local data centers than necessary), which would raise the cost of digital services for end users. Finally, one overlooked impact of allowing mandatory data localization policies is on the environment. If firms are forced to build redundant data centers they will end up using more energy for redundant facilities than if they can optimize data center location.

Data increasingly represents the lifeblood of the global economy. The reality is that the terms the US seeks in TISA, TPP, and TTIP are designed to facilitate the exchange of information, data, and knowledge that make the world work today. It is not a coordinated campaign to undermine individuals’ privacy rights; rather, it is an effort to prevent new, disruptive forms of digital protectionism in the 21st century.

Stephen Ezell is vice president for global innovation policy for The Information Technology & Innovation Foundation, a nonpartisan Washington think tank. Follow him on Twitter @sjezell. 

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Why privacy alarmists are wrong about data rules in big trade deals
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0715/Opinion-Why-privacy-alarmists-are-wrong-about-data-rules-in-big-trade-deals
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe