Blog

Managed File Transfer and Network Solutions

Key Trans Pacific Partnership Provisions That Impact Data Transfers

Posted by John Carl Villanueva on Tue, Feb 16, 2016 @ 02:24 AM

Overview

The Trans-Pacific Partnership has drawn a tsunami of reactions both for and against it. For sure, it's going to be a game changer in global trade. But how does it concern us?

Business transactions are now accompanied by massive data exchanges. It's thus expected for the agreement to tackle the conduct of those data exchanges as well. In this post, we take a look at the agreement's provisions on data transfers and try to understand how they might affect current practices.

Trans-Pacific_Partnership_provisions_impact_data_transfers.png


The Trans Pacific Partnership In A Nutshell

The Trans-Pacific Partnership is a major trade agreement, involving several countries from Asia, North America, and South America. As of this writing, the current signatories include Singapore, Brunei, New Zealand, Chile, United States, Australia, Peru, Vietnam, Malaysia, Mexico, Canada, and Japan.  

TPP aims to promote economic growth through free trade. This is typically characterised by the reduction of tariffs and other trade barriers. But the TPP has arrived at an age where businesses have become heavily reliant on data processes. For this reason, TPP includes several provisions addressing issues on data and information technology. It tackles electronic commerce (ecommerce), data privacy, cross-border data flows, data security,  and other elements brought about by new technological advancements and the risks that accompany them. 

 

Article 14.11: TPP provisions on cross-border data transfers

Let's start with the provisions that are most relevant to our main topic - the provisions on cross-border data transfers. Cross border data transfers refer to data transfers between organisations situated in different countries.

These data exchanges are sometimes complicated because data protection laws can vary. Some countries have laws that are more restrictive than others. Some countries don't even have such legislations at all. Thus, when a company conducts cross-border data transfers, it must be aware of its legal obligations to avoid onerous penalties. 

Article 14.11 of the TPP, entitled "Cross-Border Transfer of Information by Electronic Means" lays down the legislative framework governing such data transfers. It stipulates,

"... Each Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person..." 

In the context of the TPP, "covered person" can mean a citizen or business belonging to any Party. A "Party", on the other hand, refers to any country for which the TPP is in force. 

Simply put, the TPP promotes cross-border data transfers even when they involve personal information. This is in stark contrast with the regulations in the European Union. There, laws on trans-border data transfers are more restrictive. Moreso if the transfers involve personal information. In fact, that's why there's currently this big issue concerning the invalidation of the EU-US Safe Harbor

Here's a simply way to understand this. If you're a global company operating in both the US and the EU and you want to transfer personal data you've collected in the EU (perhaps through business transactions conducted there)  to your servers in the US for further processing, you can't do that without first hurdling major legal obstacles. 

But if you're operating in the US (assuming US legislators ratify the TPP) and in another TPP- participating country and you want to do the same thing, it's going to be more seamless from a legal standpoint because the TPP clearly supports it.  

These cross-border data flow legislations have huge implications on business transactions. Laws that are restrictive to transborder data transfers can adversely affect cloud-based services, outsourcing, global manufacturing, travel, supply chain, and just about any business transaction that require the exchange of information from one country to another.

Businesses will therefore be happy to know that such exchanges, when carried out across TPP-covered countries, do not suffer such restrictions.

 

Article 14.13: TPP provisions addressing data localization

A very similar policy that's also threatening to impede the flow of data is forced data localization. Countries implementing forced data localization allow global companies to collect data from their citizens but require that the collected data be stored locally.

Although only a few countries like China and Russia have enforced data localization, it's one policy that can easily attract protectionist governments. 

Forced data localization restricts data flow because companies would be forced to invest in additional data centers. That might not be a problem for large enterprises like Facebook and Google, who have long been planting data centers all over the world, but that can certainly be a problem for most businesses. 

Article 14.13 of the TPP was specifically crafted to counter these data localization policies. It says

"... No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory..." 

This ensures that businesses who want to conduct business in a Party's territory will have the freedom to choose where to store their data. If they want to transfer data collected in that Party's borders to their servers at home, the TPP's got their backs covered. 

 

Conclusion

Despite having already been signed last February 4, 2016, the Trans Pacific Partnership Agreement is not yet a done deal. Each signatory country will still have to ratify the articles of the agreement domestically. It's in the hands of their respective legislative bodies now, so a lot of politics is still expected to come into play.

But for companies whose business operations are now under threat due to increasingly restrictive data flow policies, the ratification of the TPP (at least its provisions impacting data transfers) should be a welcome development. 

Topics: News, Compliance, Secure File Transfer