HoC 85mm(Green).tif


International Trade Committee 

Oral evidence: Digital trade and data, HC 1096

Wednesday 27 January 2021

Ordered by the House of Commons to be published on 27 January 2021.

Watch the meeting 

Members present: Angus Brendan MacNeil (Chair); Mark Garnier; Anthony Mangnall; Mark Menzies; Taiwo Owatemi; Martin Vickers; Mick Whitley; Craig Williams.

Questions 1 - 32


I: Hosuk Lee-Makiyama, Director, European Centre for International Political Economy (ECIPE); Professor Elaine Fahey, Jean Monnet Chair in Law and Transatlantic Relations, City Law School, City, University of London; Javier Ruiz Diaz, Policy Consultant; and Dr Emily Jones, Associate Professor in Public Policy, Blavatnik School of Government, University of Oxford.

Examination of witnesses

Witnesses: Hosuk Lee-Makiyama, Professor Elaine Fahey, Javier Ruiz Diaz and Dr Emily Jones.

Q1                Chair: Good afternoon and welcome to the International Trade Committees evidence session on digital trade and data. We have two panels this afternoon. The first panel is Hosuk Lee-Makiyama, Professor Elaine Fahey, Javier Ruiz Diaz and Dr Emily Jones. I will ask the four guests to introduce themselves. Hopefully we will have this panel done by around 3.30 pm and then we will go on to our second panel.

Hosuk, good to see you again. Your name, rank and serial number, please.

Hosuk Lee-Makiyama: It is good to see you again. Hosuk Lee-Makiyama, director of the European Centre for International Political Economy and a senior fellow at the London School of Economics.

Professor Fahey: Good afternoon, Committee. My name is Elaine Fahey, I am the Jean Monnet chair of Law and Transatlantic Relations and a professor at City Law School, City, University of London.

Javier Ruiz Diaz: Hello, at the moment I am working as an independent consultant on digital trade supporting civil society and consumer groups in the UK. I have worked for Reach and other organisations and also internationally. I am the former policy director of the Open Rights Group, which is one of the leading digital rights organisations in the UK.

Chair: Thank you. Have I pronounced your name correctly?

Javier Ruiz Diaz: Javier is fine.

Dr Jones: Good afternoon, everybody. I am an associate professor at the Blavatnik School of Government at the University of Oxford. I am very much looking at this from a public policy perspective.

Chair: Excellent. Without further ado, to kick us off this afternoon we have Mark Garnier.

Q2                Mark Garnier: Emily, I will start with you. I think we met a couple of years ago at the Blavatnik School of Government. A very simple question, but I am not sure the answer is as simple as the question: what constitutes digital trade?

Dr Jones: There is quite a lot of debate in the academic community, as you have probably realised. Without getting into a rabbit hole, it is probably helpful for us to think about the digitally enabled transactions of goods and services.

For many of us this is familiar, particularly in Covid times, from online orders and then digitally delivered services—you might have an accountant giving you accountancy advice, digitally, remotely—so those remote online transactions. It is also important to think about the data space. A lot of the business world now is based on data and data as an asset. We can think about the internet of things, cloud computing and almost old-style things that have gone digital, as well as these new products that are data driven.

It is also important to think about what the scope of issues is that data chapters in trade agreements cover because they also touch on things like internet regulations, internet access and internet content as well as the regulation of digital technology. In a sense, they do not only concern things that are narrowly digital trade as much as wider issues that are also important in the digital economy. How we regulate the digital economy is at the heart of what is in many trade agreements.

Q3                Mark Garnier: I will give you a few examples just to see whether it is digital trade or not. You cited a very good example of an accountancy service being driven by digital interaction between two people. For the sake of argument, lets say I am a banker and I sell a service into somebody in Germany and we conclude the arrangement digitally. Is that digital trade or a service trade?

Dr Jones: It is a digitally enabled trade. If you look at a lot of the provisions in trade agreements, the language is often digitally enabled trade.

Q4                Mark Garnier: Therefore where the first contact is made digitally. Let me ask another question: if I buy something from Alibaba in China, off their equivalent of eBaymaybe a bookis that a digitally enabled trade and therefore digital trade, or is that trade in books?

Dr Jones: My understanding is that would be a digitally enabled trade. You have ordered it online. You have ordered it from Alibaba. It is delivered physically to your door by the postman. It is still digitally enabled.

Q5                Mark Garnier: Here is a really complicated one. Lets say somebody in Korea wants a part of a motorcycle manufactured. From my manufacturing plant in the UK, I send the programme down the internet to a 3D printer in Korea to print it. Clearly, digital data has been exported, but is that hard product or is that digitally enabled? Do you see why this is so confusing? It ends up as being a bit, but it is manufactured from data in the UK.

Dr Jones: Absolutely. The point here for us, and what is pertinent for this discussion, is that the provisions in international trade agreements have implications for that transaction because there are implications for both the technology underlying that transaction and the data flows that enable that transaction. Yes, in my book that is also a form of trade that is digitally enabled. It is within the remit of the issues or the types of transactions that we want to be talking about.

Q6                Mark Garnier: One final question on this, because this is something that I have been wrestling with. Lets say, for the sake of argument, that I take Pearsons to Myanmar, where I am a trade envoy, and it sells some educational services. If Pearsons trains somebody to deliver English as a second language in Myanmar, to be delivered by an individual in Myanmar, that is an education export, but if it persuades people to buy content down the line to do the same job, that is a digital transaction. Is that right?

Dr Jones: It is certainly a digitally enabled transaction. The point isI would defer to the lawyers on the panel herethat there is a big discussion within the World Trade Organisation about exactly when the rules on goods and services apply and when actually the digital rules apply. Digitalisation is transforming a lot of the old products, so it is quite hard for the old trade rules. It is not always clear when they apply.

Certainly, I think, in our common understanding of digitally enabled trade, all the examples you have given are pertinent for the provisions that we see in the digital trade chapters of trade agreements.

Q7                Mark Garnier: Then data itself, which is digital in the purest formbuying and selling data that has its own valuepresumably that is digital as well?

Dr Jones: Certainly a part of the digital economy that is regulated through and in trade agreements now. With digital trade provisions, a huge amount of the discussion is precisely around the terms of those provisions in trade agreements, in data flows, or in cross-border data flows, so, yes, absolutely.

Q8                Mark Garnier: I will move on, because I do not want to take up too much time on this definition, but given the fact that the aegis of this seems to be slightly greythere is no hard edge to this; it is not a car as opposed to an aeroplane and this is something that cannot be clearly defined—does that mean you are likely to get very different interpretations in different trade deals?

Dr Jones: It is less the interpretations in trade deals, per se, as much as trying to figure out which trade deals apply to the given transactions. In some respects an item might rely on data that crosses borders, so then the data provisions in the trade agreement matter for that product, but it might be a smart speaker, in which case the rules on trade in goods would also apply if that smart speaker is physically crossing borders. To work that smart speaker needs constant data flows and, therefore, the data provisions in the trade agreement are pertinent. Does that—

Mark Garnier: Yes, it does. As you say, it is quite easy to get stuck in a rabbit hole and go off into Alice in Wonderland territory. Thanks very much indeed; I am conscious I have taken a lot of time.

Chair: That is a very good question. It is a four-word question, but it just shows the complexity of the matter.

Q9                Anthony Mangnall: Thank you, Dr Jones, for your response to that. Hosuk, what is the general intention behind including the provisions on digital and data in free trade agreements? I have a couple of follow-up questions to your answer.

Hosuk Lee-Makiyama: To build on the previous question, maybe I should stress how important it is to remember that the digital economy or digital trade is not an industrial sector, like automotive or banking. Digital trade defies legal and statistical definitions, as we have heard, and it is very important that we think of it as a general purpose technology. Therefore, trying to define it or trying to measure it can be as meaningful as trying to figure which portion of trade is enabled by electricity or good weather. I dont think that is a very helpful question at all.

You can also tell if you look at the commitments and the exceptions in the recent trade agreements: sure they are very asymmetrical and very different, but in the end most of the digital trade chapters concern digital trade restrictions. In other words, that is when technology regulation is used to restrict trade.

Indeed, as the previous speaker was clearly pointing out, there has been a legal discussion that is very much settled—at least in the perspective of multilateral lawthat when there is use of digital technologies within the context of online payments, the commitment on payment as a service activity stretches into the digital portion of the value chain.

One example is the online payments case that was brought against China. Since China had certain commitments in that area, as it also had on audio-visuals, it was deemed that China was bound by those commitments. All the transmission of payments as well as audio-visual entertainment has moved online. This is something that is relatively clear.

Q10            Anthony Mangnall: We had Sam Lowe from the Centre for European Reform in the other day and he was talking about the UK-Japan deal. He made the point that the arrangements that we have come to in terms of digital trade were much more about what we are not going to do rather than what we can do around digital trade. Can you expand a little bit on that premise? Can I push you about the WTO—I know this is going to be touched on slightly later, but I think it is important at this point—where the terms around digital trade are still relegated from the 1995 definition? Do we need to more updated and more forward looking or are they forward looking enough in where they are?

Hosuk Lee-Makiyama: All trade agreements, especially in the area of services and technology analysis, are mostly about collecting commitments in negative terms. That is preventing the contracting parties from undertaking restrictions and prohibitions that might impede negatively on trade. Of course, there is a clear set of exceptions to that.

I am personally of the view that these ratchets or standstill clausesas you may almost look at themhave been relatively successful, but there has also been a legal development towards managing trade rather than liberalising trade. I should add that that is partly due to domestic constraints and the political constraints and, also, the lack of negotiation space in these areas, as it touches upon very sensitive areas.

One of the reasons is that if you look at a major economic sectorfor example retail or information and bankingwhen the foundation of multilateral commitments and services were taken, there was no intention to liberalise those services because it was deemed that they were not tradeable. As a consequence, I think we have seen ample exceptions and non-conforming measures in all forms of trade agreements.

To answer your question in regards to the laws from the mid-1990s, especially with regard to WTO GATS, I would say there has been more specificity in recent commitments. At the same time, the general commitments we have undertaken in GATS are still valid. They explain cross-border data flows without using the terminology cross-border data flows. We are talking about public telecommunication networks that are necessary, for example, to conclude a services trade. They basically mean the same thing.

There is no mention of data localisation, but there is an explanation of what the market access barriers are. You can say that, rather than having a development through case law within the multilateral system, certain parties in the global trading system have chosen a more specific drafting technique in order to specify their commitments more narrowly, but also there are exceptions. We need to bear in mind that it is not just a commitment that has become more specific, the exceptions are actually much more specific in the case of, for example, CPTPP.

Q11            Anthony Mangnall: I have one more question. How much of these provisions help to facilitate free trade agreements? Is this beneficial? You could use the UK-Japan agreement. Is this setting a benchmark for how to do these things or do we have a lot further to go in terms of how we provide free trade agreements on digital trade?

Hosuk Lee-Makiyama: The general answer, not specific to the trade agreements you mentioned, is that very few services provisions in trade agreements liberalise trade. They mainly bind existing openness as well as the space to regulate. There are very few trade agreements that would constrain any contracting party to undertake what we see in digital governance: privacy, intermediary liability and law enforcement, just to take a few examples.

Q12            Chair: In the next area I am going to go to most of the panel for answers. I will start with Dr Emily Jones. Can you summarise—some of this may have been touched on already—the digital and data provisions that the UK and Japan agreed in the comprehensive economic partnership agreement last year? Much has been trumpeted about it, but is it a freeing, is it a restraining, or is it just codifying what is already there?

Dr Jones: Thank you very much for that question. I will focus mainly on the data provisions and perhaps touch on the question of algorithms as well. The important thing with the UK-Japan agreement is it is the first time we have seen the UK depart from the EUs approach. If I was to characterise very broadly, globally, I would suggest that the US approach generally looks more at the business, and opening market access and restricting the barriers, which Hosuk spoke very powerfully about just then, but on the flip side has really constrained in some respects the scope for public policy regulationthose exceptions.

The EU has been much more cautious in the type of commitments it has been prepared to make, partly because, for example in the area of privacy, it is concerned to make sure that it has the scope to regulate in the interests of privacy and to uphold consumer protection. The EU has been much more cautious. What we have seen with the UK-Japan agreement is that for the first time the UK is now giving a positive obligation to let data flow across borders. It is still able to put in measures to protect privacy but those are then restricted. They are subject to a much narrower exception than the EU would be prepared to sign up to.

Q13            Chair: Thank you. I will move on to Professor Fahey and Javier Ruiz Diaz for your views on the next question. Do these provisions sufficiently balance the ambition of supporting digital trade with digital privacy and other policy considerations, because there must be a tension there?

Professor Fahey: When it comes to looking at the CEPA agreement, it is very clear that the UK is committed to diverge from the European approach with respect to privacy. It is very much a commitment on banking all of the eggs in the basket of CPTPP and economic understanding of privacy, and moving towards APECs CBPR rules.

This was very clearly stated by the EU to its member states the other day in trying to explain in the chapter on digital trade in the Brexit TCA that the UK was trying to heavily push the CPTPP. You will see that there is a very considerable effort to shift the nature of rollover. This is a very different type of agreement.

I would say that there has to be extreme caution about this approach because CPTPP was the Silicon Valley concerns; it was a Trump Administration view of privacy. In the last few months we have seen incredible developments as to a federal privacy law being under discussion from Republican Senators and the House of Representatives, the FTC looking at areas of privacy and California adopting the GDPR.

For the UK to adopt the strategic approach to say, “We want to go for CPTPP at all costs, I think that also has a specific understanding of privacy that may be quite outdated, or that may be forced to be reconsidered in some nuance in the not-too-distant future.

Q14            Chair: That is fascinating. There is a lot in that answer to unpack. I will move to Javier Ruiz Diaz and your view on this area.

Javier Ruiz Diaz: The short answer is that there isnt an adequate balance. Many organisations are worried about the impact that this may have, mainly because the mechanism to create that balance within the trade deal would be the exception regime. That means that any restrictions from data flows will have to be necessary, and I think privacy definitely would be. In theory, they cannot be excessive. At the same time, you are accepting a lower redemption—in the words of that treaty and othersfor the idea of voluntary undertakings. You are already accepting that there are lower, less intrusive data protection mechanisms that are equally valid for the UK, so you are undermining your own approach to say that the UK GDPR regime is necessary to protect data.

The other problem here is not just data going to Japan or one country, because as these provisions are found in many other trade agreements, you have overlapping regimes of free flows of data. Japan has signed another trade agreement with the US that also says that they have to provide data. They have to send data to the US where there are no restrictions. There is nothing stopping the US from suing Japan for breaching their own agreement with them by trying to restrict the data of the people from the UK or from the EU from going there.

Once they start building these overlapping mosaics of data, you can lose control of where data has gone and whether protections are being applied. Also, for companies, it is not just the rights. From a company perspective, the adequacy regime is something that is fairly straightforward, if you actually look at all the legal arrangements that they would need to make to send data to Japan and maybe to the US that would be a lot more expensive.

Q15            Chair: Just to clarify, what you are saying is there might be a wall between the UK and the US, but if there is a way around the wall via Japan, the wall can be meaningless?

Javier Ruiz Diaz: Yes. Without getting too technical, Japan has promised two different things to the US and the UK. If no one complains, life can go on, but the moment that someone tries to push the limit of those two lines, something is going to give. At the moment—I will defer to the lawyers in the room—the commitment that Japan has made to the EU and possibly to the UK, although it is not confirmed, to restrict data flows from the EU to the US is a unilateral commitment, but they have also signed a bilateral treaty with the US. The understanding I have from talking to lots of lawyers is that bilateral treaties trump over unilateral commitments, so if the US wanted to push this, they would have a very good case.

I have to stress that this is untested. We need a lot more information from DCMS, DIT and the ICO to explain whether these concerns can be solved or not. At the moment, all we are seeing is very quick dismissals to say it is not going to be a problem but, quite frankly, I have not found that very reassuring.

Q16            Chair: That sounds like a plea for more data to work out what is going on around data.

Emily Fahey, just to come back to you briefly. I was unaware of the moves in the US. Can you set up a backdrop for thata brief historical context of exactly what is going on there in the US? From what Javier said, it seems that the Americans might have one demand in Japan, possibly, and another expectation internally. Of course, that would not be the first time that a countryincluding the UShave been contradictory in approaches.

Professor Fahey: Absolutely. The TPP is understood to have reflected the Silicon Valley consensus and have been adopted in CPTPP.

The best way to explain what has been happening in the US in the last number of years is the movement of GAFAs, the tech giants, around the world where they are increasingly moving with their money. They are moving enormous amounts of regimes from jurisdiction to jurisdiction. We see that Facebook and, in particular, Google have gone from being very staunch critics of the EU to advocating the GDP as the global standard. It suits them to have a global regime. They have followed it around the world. Everyone in the UK will have noticed the Google or Facebook account that they have being moved to the US more in recent times. You will see, if you look at Californian law, what Facebook is doing is very closely tracking the GDPR.

There is a certain convenience to global standards that have dominated the law-making discussion. We have also seen in recent times the idea of a federal privacy law—many people thought that the Google v. Spain case of the EU, the right to be forgotten, was a weird European bizarre development. All of a sudden a few years later, as we are all here on the cusp of digitalisation of our lives, now suddenly privacy matters. Now, suddenly Google v. Spainthe right be forgotten”—is not so crazy. Instead Facebook had a $5 billion fine against it in recent times. There are billions of dollars of lawsuits with respect to taxation against Facebook ongoing in DC.

In short, the GAFAs are setting the rules here and we have seen the search for a global standard, the ease of jurisdictional questions, really dominating the discourse.

Q17            Chair: Thank you for that, I understand a bit more of that. I will move on to Emily Jones and Hosuk Lee-Makiyama. Please explain the effects and the rationale for the provisions of mandatory disclosure of source code and data localisation. I will start with Emily Jones.

Dr Jones: What we have to bear in mind here is that this is going back a long way to US-China discussions and Chinas requirement for companies to disclose their source code and other parts of their intellectual property as a condition for doing business.

As Elaine has rightly said, the TPP and some of the provisions where we first saw these requirements are trying to create a new global norm to prevent the type of measures that China has been using for many years. That is an important part of the backdrop here. The provisions that we see in trade agreements are a commitment by Government not to require companies to disclose important parts of intellectual property and, of course, in the digital era that means source code and algorithms.

What is important from a public policy point of view is to make sure that the exceptions that are thereso under what conditions Government are able to require the disclosureto make sure that they are sufficiently broad for us to properly regulate these new technologies.

As you will all remember from last summer, with the question about how algorithms were being used for exam marking and so on, we are seeing algorithms and data being used in ways that we all want to understand better as citizens. We want to be able to make sure that we hold those new technologies to account. While we want to protect the intellectual property of our businesses, under certain circumstances we want to make sure that Governments are able to regulate in the public interest.

The big issue for trade agreements is: how do we craft those exceptions? It is the crafting of these legal exceptions that becomes really important. Particularly with the algorithms question, we do not know—experts do not have a settled opinion—how exactly we should be regulating these new technologies. You are trying to craft into a trade agreement an exception that allows you the right to regulate without quite knowing what you need, if that makes sense.

Q18            Chair: It does make sense, thank you. Hosuk Lee-Makiyama, would you like to add anything to thatany reflections or thoughts?

Hosuk Lee-Makiyama: It was a very comprehensive answer. I would add that there has been, even here, a development in terms of getting more clarification on commitments as well as the exceptions.

We might very well argue that an algorithm is a form of source code, but it has been clarified in recent agreementsincluding USMCA as well as the UK-Japan agreementthat algorithms are considered to be a part of source code.

Another dimension as to why this is important is, of course, because intellectual property does not necessarily cover this or may not be a useful approach to protect this kind of intellectual capital. As the previous speaker clearly expressed, the exceptions are a very good expression of the domestic sensitivities that may exist in the politics of the contracting parties. If you look at USMCA, and before that CPTPP, there was an exception that it would apply only to mass market software, which probably would have disqualified most business-to-business applications, including AI.

We are now going towards a broader application and the exceptions are also getting slightly narrower. If you look at the UK-Japan agreement down to Government procurement and services and activities performing in the form of a government authority or some form of judicial investigation, most cases of so-called disclosure that most liberal democracies would deem legitimate is covered under this exception.

I would like to offer a slight correction or a slightly different view on the previous question on the privacy exceptions. I do not necessarily agree that the exceptions we have in the trade agreements do not adequately cover the privacy laws that we have in practice. As some of the statements have said, yes, there is an exception for legitimate public policy objectives, which basically means a two-tier test for legitimacy. Legitimacy in this context means no arbitrary or unjustifiable discrimination, or some kind of disguised restriction. Also, there is a concept of proportionality in CPTPP as well as the UK-Japan agreement, which basically means that they cannot be greater than what is required to achieve the objective.

UK and EU GDPR is deemed by most mainstream lawyers to pass those tests. We need to also bear in mind that there a number of countries who have adequacy agreements with Europe and previously also with the UK, including countries like Canada, Japan and New Zealand, whose legal systems are more or less conforming with GDPR, and who have signed the CPTPP agreement without being actioned upon on the basis of the CPTPP agreement.

Secondly, the transmission to third counties that was illustrated by the non-legal analysis is forbidden under GDPR, so there is no passing on to third countries, as we heard, for example, from the UK to Japan and onward to the United States. That is explicitly forbidden.

Thirdly, the question about bilateral international treaties trumping domestic law, there are very, very few legal systems where that kind of legal monism exits. One of them is France. I am not familiar with any other jurisdiction that I can name right now.

Q19            Chair: Thank you. Javier Ruiz Diaz, did you have your hand up? Were you wanting to come in at this stage or did I see that wrongly?

Javier Ruiz Diaz: I wanted to come in on the question on algorithms, just to say that I think that there are a couple of issues there. The first is that as far as when we have looked at these, we have not found a lot of evidence that this is a problem beyond China. There are some comments around Vietnam maybe having requested some things on encryption, but there is very limited evidence that companies around the world are getting their source code or their IP stolen because Governments put any kind of demand on them to disclose their code for accountability purposes. I think that that is something that is quite hard. When we spoke to Government officials about this, in the context of the UK-Japan deal, they said, “Yes, of course we don’t think that Japan is going to try to do that, but we are doing this to promote a global consensus on the topic.

On the premise that this is such a way of making policy, given the risks—and even if you disagree—I think we should take a much more precautionary principle, because there are some potential impacts on important technology transfer around climate change commitments, environmental laws and many other areas where you may want to be more proactive. At the moment, the way that the exceptions are crafted, they are mainly about demanding things by regulators but not about making general policy. There is a severe limitation on the way that the policy is created right now in the deals.

Q20            Chair: Thank you. I am going to come to you anyway, Emily Jones, but I will let you just respond on this because it seems to be quite an area.

Dr Jones: Thank you very much. I just wanted to come back on this question of the legal opinions on the compatibility of GDPR with the type of revisions that we have seen the UK sign up to in the Japan agreement. My sense here is that this is a very contested area. I have had the same answer that perhaps you have had, Hosuk, from many of the lawyers I have spoken to on this. It is very instructive that the EU has not wanted and has not signed up to that type of provision in any of its trade agreements precisely because it is concerned about GDPR. I think it is instructive there that that is the EU’s settled opinion, that if it wants to protect privacy as a fundamental right, it does not want to make the type of commitments that we have seen.

For the UK, it is very important that we think through what we want our post-EU membership privacy regime to look like and then think very carefully about the type of exceptions that we are putting into trade agreements, especially in the light of the fact that this is a very disputed area of international trade law.

Q21            Chair: Thank you. Before I go to Mick Whitley, Mark Garnier kicked us off with the question of what constitutes digital trade, and this has become sort of a centipede—if not a millipede—of arms and legs that have come off it. One of the reasons the Committee has ventured into this area is, given the UK-Japan agreement and the chapter in that about the digital data provisions and the likelihood that it is coming in more, as politicians we need more education on this, which is why all of us are ears open in this inquiry at the moment at this particular session.

The UK Government described the digital and data provisions in the UK-Japan deal as “cutting edge”. Emily Jones, would you agree with that assessment? I am trying to be brief, and it might not be easy to be brief, but I am aware of time as well, so as briefly as you can.

Dr Jones: My brief answer is that they are novel for the UK in the sense that they are new commitments we have not entered into before. They are not cutting edge in the sense of breaking new ground; we have seen these type of commitments in other trade agreements. I think what is novel or new is the fact that we are seeing the UK move away from a US approach to privacy regulation, in particular in data regulation, to a US approach. The other area, I think, is perhaps on algorithms.

Chair: Sorry, just to check there, you said “away from a US approach towards a US approach”.

Dr Jones: Sorry, that is not what I meant. Away from an EU approach in trade—thank you for the correction—to a US approach. I think that is what is novel; that is what is new. It is incumbent on all of us to understand the implications of that.

In terms of cutting edge, I would look to some of the interesting work being done by the deeper agreements, for example between New Zealand, Chile and Singapore, as well as Singapore-Australia, particularly with regards to consumer protection. This is a big new area of trade policy and I think what we are now seeing is a move to rebalance commitments to think not only about the economic interests, but also the rights of consumers and citizens’ rights more broadly. That is where I think the novelty could come from. We have an opportunity in the UK to think carefully about how we craft these digital trade provisions.

Q22            Chair: That answer is a huge sign for the Committee in Chile and Singapore and whatever. Javier Ruiz Diaz, do you want to come in briefly?

Javier Ruiz Diaz: Very briefly, I agree with Emily. The only one area that is completely new, as far as we know, is the provision on encryption, which is modelled on the provisions on so-called algorithms, but goes further in detailing the kind of things that you cannot demand. There is a quite problematic mention of joint ventures, which is widely accepted as a perfectly legitimate request under the trade law, as far as I understand, and there is the prohibition of requiring joint ventures for encryption. In that sense, that particular area goes further than anything else.

Q23            Chair: Thank you. Before we go to Mick Whitley, who has been very patient, I think Elaine Fahey is wanting to comment as well.

Professor Fahey: Very quickly, I think it is very difficult to speak about legal innovation in these areas when in fact—I agree fully with all the speakers before me—the biggest problem is that if you buy a child’s toy or a smartwatch now, there is no such thing as buying a good anymore that is not signed up to an app or a service. The International Economic Law Framework for Digital Trade is grossly out of date. The WTO law is very problematic and it looks very unlikely to solve all of these issues. I think it is piecemeal. Any commitments the UK makes in bilateral agreements are not going to have any kind of meaningful effect in a broader sense. Not to belittle it, but with innovation in this context, it is important to see these developments but, frankly, the broader scheme of things is so extraordinarily outdated. That is the legal question that remains.

Chair: Thank you very much for that. Mick Whitley, you have been a model of restraint.

Q24            Mick Whitley: At last, Mr Chairman. Good afternoon to all the witnesses and welcome. My question is to Mr Makiyama and Mr Diaz. Can we expect the UK to secure a similar provision on digital trade and data to those agreed in the UK-Japan agreement in its trade negotiations with other partners, and is that desirable?

Hosuk Lee-Makiyama: Once again, I would like to build on the answers that were given to the previous question because I think there is quite a bit of overlap. Regardless of which agreement we look to now among the most recent trade agreements, we see that the commitments in the main rules in terms of allowing for cross-border data flows and prohibition against data localisation and general prohibition on source code disclosure are somewhat similar. The only thing that differs is the exceptions. As I was saying previously, the exceptions are not necessarily based on the need to retain them to keep laws like GDPR.

In the example of the EU, it is more a question about the defensive interest based on retaining policy space. Here it was generally referred to as the EU as a whole but, of course, as we know, the EU is not a monolith. There are different interests and different interpretations within different branches of EU executive bodies. From what I understand, at least, trade lawyers have concluded that EU GDPR, and therefore also UK GDPR, is consistent with the most recent trade provisions and these exceptions are unnecessary.

However, it is based on the assumption that we have no intention to discriminate among like conditions and maybe a part of the answer lies here and also the importance of retaining policy space. We will notice that the negotiation with counterparts will have different exceptions. That is simply because, even within a group like CPTPP, you have very, very different models, and also you have a different constitutional order and political systems, therefore exceptions will vary. In the end, it is a question about negotiation leverage as well as political capital. In other words, to what extent do we want to restrict the other side’s policy space in terms of imposing these digital trade restrictions? It is very difficult to say whether they are going to be similar. Of course, Japan is a very different economy than, let’s say, Brunei or other CPTPP countrieseven a country like Singapore. They are all within themselves very different legal structures and have very different laws.

In terms of describing the UK’s transition as moving from the EU model to the US model, because we have now concluded a CPTPP-type of provision, I think that is an extrapolation too far because in the end the United States is not a signatory of CPTPP. There are very few economies that have a common-law system within the CPTPP. As I stressed before, we have several countries in the CPTPP that have more or less drafted laws that are effectively and functionally equivalent to GDPR.

Javier Ruiz Diaz: At the moment, my understanding is that the policy of the Department for International Trade is to try to extend these kinds of provisions in as much as possible. For example, as I said, when we asked why we have data localisation in Japan when it was not necessary, the idea was to build some sort of global consensus and there is a collection of other countries that believe that this is important. I would expect the Government to push for these measures in other deals.

In terms of the priority countriesAustralia and New Zealand, and the USmany of those countries are either in the CPTPP or their own treaties, like the USMCA and others. They contain similar provisions, so that would be quite likely. I think that part of the rationale for bringing these provisions into the Japan deal is that they would facilitate the access to the CPTPP and that has been expressed quite openly by Ministers.

The question gets more complicated when you go beyond those first few countries. The UK has been rolling over and it has all these continuity agreements but, if you look at the detail, many of the continuity agreements now have rendezvous clauses for review and they are expecting to review many, many trade agreements in the next couple of years. The question then is: will the UK push for these clauses in those agreements in the negotiation, which they call offensive asks? That is a bit unclear.

There is a concern among consumer groups around Kenya particularly, because Kenya is seen as the digital gateway to Africato east Africa at leastso that is one country where there is an expectation among many people that there will be a discussion on digital and, also, because the US is already pushing Kenya, which as you are aware is the home of mobile banking. Kenyan IT organisations are quite powerful in the whole region.

In the Asian regions, you have a fairly complicated map. I had to build a diagram for myself to see the overlapping between the APEC, CPTPP and the business rules, like the privacy rules. It is quite complicated to see which countries are part of it. The idea that the UK can just go into the Pacific as if it was a homogenous area, I don’t think that is true. There is now also development of a new trade treaty with China, DEPA, the Digital Economy Partnership Agreement mentioned by Emily. It is going to be quite complicated, but I think the main thing is there is a willingness to try to bring these measures into other deals. It will probably happen with the countries that are already incorporating them, but it will be a harder push.

I think that the biggest question will be India because there is going to be a renegotiation, but India is trying to develop its own domestic digital sector, trying to promote its national digital champion and in a way trying to compete with China in some sense. It is going to be very difficult for the UK to get these kind of rulesparticularly on data localisationwith India. That is quite sad because, ideally, what you want is a system of global rules that respects human rights and to avoid that kind of race to the bottom towards fragmentation and nationalism in that sense. In practice, it is quite hard to see, unless you push for the rights first rather than just trade first.

Q25            Mick Whitley: Thank you. Chair, just one quick supplementary question. Is there such a thing as best in class when we are talking about this? If there is, why aren’t we using that model?

Chair: Emily Jones, you seem keen to come in on that question.

Dr Jones: Yes, thank you very much. It is a very important question for us all to ask ourselves. I think the answer to that is: it is best in class in terms of what objective we are trying to promote. What is very important is to understand that the provisions that we see in trade agreements in the digital trade chapters are very different between the EU trade agreements, and the US ones in particular, and they promote different policy objectives. The US one is focused on maximising digital trade. The EU one is much more focused on maximising consumer protection. Yes, it is supporting trade, but I want to make sure that I support consumer protection and privacy.

For the UK right now, we have to ask ourselves: what are our primary objectives when it comes to digital trade and what is our ordering of those policy objectives? How deeply do we care about privacy, for instance? Given that, yes, there are best in class ways of promoting those objectives, but I think the prior question that we have not yet asked ourselves is: what are our national objectives when it comes to this very important area of regulating the digital economy? Until we have that clear, we cannot quite figure out the best in class, if that makes sense.

Q26            Chair: Elaine Fahey, do you want to add anything to that?

Professor Fahey: Yes, I think that is the absolute best question. That is the most important question for legislators to ask themselves, in my view. You are lucky enough to have the GDPR within your laws. It is literally the most dominant set of rules in the entire world. “The Brussels Effect” is a very important book written by Anu Bradford, describing that there are at least 12 countries all over the world, including China, that have taken the GDPR. The EU has been the first mover. You are very lucky to have this in your laws and I think you need to be very careful about moving away from privacy in terms of the gold standard, because there is a lot of manoeuvre for public policy in the right to regulate. It is far from being a downer or a difficult charge upon businesses. On the contrary, they are very high standards. It is institutionalised and it is robust.

You are not seeing the same effect with the CPTPP. That is very clearthe US, in particular, is changing direction. I think the UK is in a very lucky position but, unfortunately for you, you have just signed up to the Brexit TCA agreement, which says for six months you cannot diverge from EU law if you want your adequacy decision. The UK is in a very difficult place if it wants to make such policy decisions. I feel very sorry for lawmakers, that they were not adequately consulted about the downgrading in CEPA of UK privacy standards. There are very unimpressive retorts from Government as to why this is the case and a kind of meaningless scrutinya lack of accountability.

These are key questions of our times as we live in full-scale digitisation, as we live with apps and when you are trying to track people’s public health. It has never been more important for legislators to adopt this and global rules matter, not necessarily bilateral agreements that can only do so much.

Chair: Thank you very much for that. Fascinating areas and loads of fascinating things being touched upon. I am going to turn to Craig Williams now. We have a little bit to go in this panel and the problem is, of course, time, so if we can all collectively—note to self as well—pick up the pace, that would be great. Craig Williams.

Q27            Craig Williams: Thanks, Chair. I will be quick because I think a lot of it has been covered. Could I go to Emily and Hosuk and just ask about CPTPP and the digital and trade and data chapters? I know the e-commerce chapter is similar to what we have signed up with UK-Japan and you have mentioned some of the few exemptions, but what is included in CPTPP and how do they compare with the provisions we have just agreed with Japan? Emily, do you want to go first and then Hosuk?

Dr Jones: Sure, delighted to. My understanding is that UK-Japan is modelled on CPTPP. There are very, very, very slight differences. I have not done a systematic provision-by-provision analysis, but I think the one discrepancy I would highlight is that the CPTPP does not cover algorithms, so in that sense the UK-Japan one is slightly more extensive, but essentially it is a very, very similar framework.

Q28            Craig Williams: Hosuk, do you want to come in? Then I can see that Mr Ruiz wants to come in as well.

Hosuk Lee-Makiyama: I would agree that they are more or less interchangeable in that extent. There are no major substantive differences, at least not in the e-commerce chapters. However, there are differences of course that are of importance in other chapters that are outside the digital economy sections. IPR and market accessall that is related to any part of the digital economy and is, of course, still important.

I would also warn against thinking of CPTPP or any trade agreement as a template or best in class, as we heard before, because in the end the objectives of each agreement are very different because the barriers or the restrictions are very different. Also, we need to bear in mind that the protection that a country may put up against UK offensive interests is going to be based on very different laws. Sometimes it is because of very genuine and legitimate security or human rights perspectives. We also need to bear in mind that the illegal technique that has been deployed in order to protect their domestic economy against reasonable market access demands vary very much between the different countries. I would very much try to avoid a template-based approach that has been taken by some of the major economies.

I would also like to stress that, if you want to pursue consumer protection or fundamental rights, trade agreements are basically the wrong vehicle for doing so. Trade agreements have basically one main purpose, which is to make sure that these very genuine and legitimate purposes are not being abused to protect domestic economies against international commitments.

Q29            Craig Williams: It is very helpful not to conflate those issues. Mr Ruiz, you wanted to come in, sorry.

Javier Ruiz Diaz: Just very quickly. The one area that is different in the CPTPP from Japan is how procurement is handled, wherein the detailed trade chapter of CPTPP is kind of at the top and everything falls under it. In the Japan deal, it is much more piecemeal, so you need to look at how it applies to each specific provision. There is a lot of devil in the detail there.

Craig Williams: In closing, Chair, because I know you will want to move us on, can you see any—feel free to say no and we can move on quickly—other bilateral agreements with other CPTPP members that might conflate with those chapters? No. You can move on, Chair.

Chair: I will. Mark Menzies.

Q30            Mark Menzies: Thanks, Chair. I will be brief, because I realise the second panel is waiting. This is to Professor Fahey. Can you summarise how the UK-EU Trade and Co-operation Agreement will affect digital trade between the UK and the EU, please?

Professor Fahey: This is indeed the million dollar question. It is a very modern chapter in some senses: it is very thin; it is very skinny; it does not have that many provisions. It is not very exciting from an internationalisation perspective. The EU and UK have not committed to any global engagement in any meaningful way, but there are important insertions. There is article 6 on the cross-border data flows with a three-year review, which is extremely important, and article 7 on protecting personal privacy. EU member states had this consternation raised as to its contentsas to whether or not it has liberalised EU model provisions too much. There is a lot of legal concern about whether or not the agreement could be the subject of legal challenge because of this clause.

As many other speakers have very eloquently stated, trade agreements are generally not very helpful about liberalising trade, per se, and digital trade, but it is a modern agreement. It has a broad view of digital services, but it certainly is an EU template and it aligns very well with what the UK asked of the EU. It copies the EU-Australia agreement almost verbatim. In many senses, because it is a very thin trade agreement, it is an extremely hard Brexitlots of areas of services are not covered. It is very positive to see the broad view of services in there and its application to digital trade, but unfortunately it is a limited agreement.

A lot hinges upon the adequacy decision in the next few months. There is a bridging clause as to this and what is going to happen. Business will be severely affected by this, but luckily a lot of UK law is already ready for all of this. Digital trade really matters, but the other side of the question is things like digital services taxes are not included in anything to do with Brexit. That is a huge issue globally. As so many other speakers have mentioned, there are many, many issues about digital trade that are just not holistically captured in the content. Yes, it is a modern template, but unfortunately it is an extremely skinny, light agreement, but it adopts modern terminology in digital tradevery Americanisedbut not in e-commerce.

Craig Williams: Brilliant, that is great. Thank you, Chair.

Q31            Taiwo Owatemi: Dr Jones, how likely is it for the UK to achieve a data adequacy decision from the EU? What is the impact if it does not?

Dr Jones: Thank you very much. On the impact question, I would defer to Javier, because I know he has been working on precisely that question. On the adequacy, we do not know. I think that is the question everybody is waiting to hear. The Schrems II ruling makes it a little bit more complicated from the EU’s point of view. I think it will be highly undesirable from the EU’s point of view not to give the UK adequacy, given the intensity of data flows. I think that it will do all that it can within its legal constraints to give the UK adequacy, so long as we are seen to be complying with and upholding the GDPR. My hope and expectation will be that, so long as we are staying consistent with the GDPR, we will get an adequacy decision.

The big question is about how our national security agencies treat citizens’ data. That is the one sticking point. It is also the sticking point with the US in terms of the privacy shield, so I think that has to be worked through but, as I say, my instinct is that the EU will be looking to find ways to make things work. It is reviewing its other adequacy decisions, for example, with Japan, so the whole framework is then in question.

Q32            Taiwo Owatemi: Javier, how do you think it will impact?

Javier Ruiz Diaz: I wrote a report on this topic with Duncan McCann and Oliver Patel from the New Economics Foundation and UCL Europe unit, where we interviewed dozens of lawyers and business people in the UK. We found that overall lack of adequacy would cost them straightaway between £1 billion and £1.6 billion on compliance costs, plus an indeterminate number of other side effects. Like we are seeing now with Brexit, there are lots of complications you know that can bring. We just thought that it would be an impossibility to try to calculate the full impact, but it would be quite gigantic. For example, for micro-enterprises, we found that they would have to pay around £2,000, and for SMEssmall companies£5,000. As you know, the larger ones are more expensive.

What is quite problematic is at the moment the advice from the Government is that organisations should put provisions in place in case we don’t get adequacy, but as we are saying, that means that businesses will have to spend £1.6 billion just in case. I don’t think that is acceptable. There should be a lot more transparency on what is happening.

In that sense, I think that the one big complication is—this is a little bit tricky—that the cost would be a requirement on the EU data exporters that want to have a service from UK companies. In all our conversations, what we found is that everyone expected those costs to end up being borne by the UK companies if they want to keep the business, otherwise EU companies will just go to someone in the EU. It is not that the UK companies will have a new legal obligation, but that their EU partners will have it.

In that sense also, the Schrems case and privacy shield—where the European Court of Justice declared the arrangement for sending data to the EU invalid—is seen as an absolute game-changer. The kind of legal compliance before that was pretty much a formality, which people did for freelawyers did it for free at the end of a contract.  It has now become a very complicated issue, and in some cases potentially even too complicated. There are demands on companies to do a level of due diligence on their partners and those partners’ legal regime. That is completely unrealistic, so the whole thing would be quite problematic.

Chair: Thank you very much, panel one, for your time. We have had you for about an hour and I appreciate that very much. Given the range of answers and the areas you have opened up, I am not sure if they are helping us at all—I know they are.  Your time has been greatly appreciated. Thank you very much for coming and making time today from whichever corner you are in. We will say cheerio to panel one. Thank you very much, Hosuk Lee-Makiyama, Professor Elaine Fahey, Javier Ruiz Diaz and Dr Emily Jones.