Written evidence from Emily Jones, Rutendo Tavengerwei, Danilo Garrido Alves, and Beatriz Kira (ANZ0029)

Digital Trade Provisions in the UK-NZ FTA: Submission to the International Trade Committee

Emily Jones,[i] Rutendo Tavengerwei,[ii] Danilo Garrido Alves,[iii] and Beatriz Kira[iv]

11th May 2022

We are submitting evidence in our capacity as researchers at the Blavatnik School of Government, University of Oxford. The Blavatnik School of Government is committed to improving the quality of government and public policymaking worldwide. We also thank Prof. Jane Kelsey for her assistance with regard to the Treaty of Waitangi and Māori interests.

Introduction

1. In February 2022, the UK and New Zealand signed a free trade agreement (hereafter UK-NZ FTA), which is now being scrutinised prior to ratification. The UK and New Zealand are both seeking to position themselves as world leaders in digital trade and the UK government has expressed that this new agreement with New Zealand is part of ‘a series of advanced deals with leading nations that will update trade rules for the digital age, building on the ground-breaking Digital Trade Principles agreed by the G7 countries under the UK’s Presidency.’[v]

2. Digital trade is increasingly important for the UK economy: roughly 25% of all UK trade in services and goods was digitally delivered in 2019,[vi] a percentage that has likely grown due to the pandemic. Digital trade also corresponds to a significant proportion of trade between the UK and New Zealand – in 2019, the UK exported £321 million worth of services to New Zealand digitally, over 40% of all services between the two countries.[vii] The UK-NZ FTA is part of a series of free trade agreements that the UK government has negotiated since it exited from the European Union. Although New Zealand is a relatively small trading partner, the agreement is significant because it will govern future trade relations between the UK and New Zealand and sets a precedent for the UK’s future trade negotiations.

3. In this note we examine the digital provisions in the UK-NZ FTA, explain how they differ from previous UK trade agreements, and highlight possible public policy implications.[viii] An important feature of the UK-NZ FTA are the special provisions and caveats in relation to the indigenous Māori people. By force of the 1840 Treaty of Waitangi, New Zealand must protect the interests and rights of the Māori people – including when those are affected by international agreements, which led New Zealand to include the so-called ‘Treaty of Waitangi exception’ across most treaties it is party. One consequence therefrom is that the UK-NZ FTA allows New Zealand to observe the rights of the Māori in certain circumstances, provided measures are ‘not used as a means of arbitrary or unjustified discrimination against persons of the other Party or as a disguised restriction on trade in goods, trade in services, and investment’ (Art. 32.5(1)). However, some concerns have been raised by Māori interest groups in relation to breaches arising from various aspects of the UK-NZ FTA including on digital trade.[ix] In November 2021, as the UK-NZ FTA was being finalised, the Waitangi Tribunal (a permanent commission of inquiry that examines claims brought by Māori relating to actions of the New Zealand Crown) found that several key digital trade provisions in CPTPP were incompatible with the New Zealand’s Treaty of Waitangi obligations, and that the New Zealand government had failed to meet the Treaty standard of active protection of Māori interests.[x] It is important that the UK Parliament assesses the UK-NZ FTA in this context. Although the Waitangi Tribunal only has recommendatory powers and thus cannot render provisions of the UK-NZ FTA void, if the Tribunal were to similarly find aspects of the UK-NZ FTA in breach of the Treaty of Waitangi, this would have adverse reputational implications for the UK, particularly in the context of the UK’s historical colonial relationship with New Zealand and the Māori.

Our headline findings are that:

1. The provisions on digital trade in the UK-NZ FTA are extensive, going beyond the CPTPP and the UK-Japan Free Trade Agreement (2020) and are similar to – albeit not as extensive as – those found in the recent Australia-UK Free Trade Agreement (2021) and the UK-Singapore Digital Economy Agreement (2022) (see Table 1).
2. While the UK-NZ FTA omits a provision on source code which the Waitangi Tribunal found to be in breach of the Treaty of Waitangi in the CPTPP, it retains provisions on cross-border data flows, an aspect of the CPTPP which the Waitangi Tribunal also found to be in breach. This opens up the risk that the UK-NZ FTA will be found to breach the Treaty of Waitangi. (This is also a factor the UK should consider in its bid to accede to the CPTPP where the provision on source code would apply between the UK and New Zealand, unless the countries sign a side agreement to the contrary).
3. The UK-NZ FTA missed the opportunity to strengthen consumer protection (including online harms), competition, and labour rights. In those three areas, it features provisions that are less ambitious than previous UK-signed agreements, especially the recent UK-Singapore DEA. The FTA is entirely silent on labour issues in the digital economy, which is striking given the number of UK citizens who rely on it for their livelihoods and the direct impact this FTA could have on them.
4. The absence of an effective mechanism for stakeholder dialogue from the FTA is also striking, especially in light of Māori concerns about a number of provisions. The text provides for a specific review of the ‘operation and implementation’ of the digital trade provisions after two years, and expressly mentions that New Zealand ‘affirms its intention to engage Māori to ensure the review … takes account of the continued need for New Zealand to support Māori to exercise their rights and interests, and meet its responsibilities under Te Tiriti o Waitangi/the Treaty of Waitangi and its principles’ (Art 15.22.2(b)). However, it is unclear what steps would be taken if the FTA is found to adversely affect Māori interests or breach the Treaty of Waitangi, and the FTA stops short of creating a more structured mechanism for stakeholder dialogue such as the ‘Digital Economy Dialogue’ (UK-Singapore DEA).
5. In general, the digital trade commitments aim at ‘binding’ existing practices and increasing cooperation rather than requiring changes to current regulations or policies. In the area of data regulation, questions remain as to the compatibility of the UK’s commitments with its existing regime for personal data protection. Given that the UK’s data protection regime is based on the EU’s GDPR, it is striking that it has not followed the EU’s path in negotiating more robust protections for its personal data regime. However, despite the UK approach to data flows and personal data protection in trade agreements continuing to be problematic, it is unlikely that it will result in legal challenge in the context of this FTA, as New Zealand has high data protection standards and an adequacy agreement with the EU.
6. Careful analysis and evaluation of the provisions is important for ensuring consistency between the text of the treaty and areas of existing or proposed domestic policy, to ensure that commitments in the FTA strike an appropriate balance between different policy objectives (such as the promotion of data flows and personal data protection), and do not unduly restrict the government’s future ability to regulate fast-moving technologies. The UK has created a Digital Regulation Cooperation Forum (DRCF) to improve coordination across government which brings together the Competition and Markets Authority (CMA), Information Commissioner’s Office (ICO), the Office of Communications (Ofcom), and the Financial Conduct Authority (FCA). It is unclear from public documents the extent to which DRCF has advised on the details of digital trade provisions in the UK-NZ FTA.
7. Comparing the final text with the policy positions of key interest groups suggests that the provisions on digital trade generally align with requests articulated by major UK business groups. In some areas the agreement makes modest steps forward in promoting consumer interests, labour protections and digital rights, but does not go as far as consumer, labour and digital rights groups would like. Although the government has a specific mechanism for consulting with UK businesses on digital trade - the Trade Advisory Group on telecoms and technology – there is no analogous mechanism for consumer groups, digital rights groups, or labour organisations.

Issue 1: Trade facilitation (customs duties, e-signatures, e-contracts, e-authentication, e-payments, paperless trading)

4. A series of provisions in the UK-NZ agreement aim to make it easier for all types of businesses to leverage digitalisation to facilitate their cross-border transactions. Parties commit not to impose customs duties on electronic transmissions (Art 15.4); to try and implement ‘paperless trade’ whereby all customs and other trade compliance paperwork can be completed digitally (Art 15.10); to ensure that contracts made by electronic means have equivalent effect to their paper counterparts (Art 15.5); to facilitate the use of digital transferable records (Art 15.6); to facilitate the use of e-authentication and electronic trust services (Art 15.7) by ensuring that electronic forms of signature have equivalent legal effect to their paper counterparts, ensuring parties to a transaction are free to decide the form of authentication (subject to a limited exception), and promoting interoperability of e-authentication methods; to promote compatibility between their regulatory regimes for digital identities (Art 15.8); and to promote interoperability between their respective e-invoicing systems, including internationally (Art 15.9). Some provisions found in other UK-signed FTAs were not included in the UK-NZ agreement, namely on e-payments and on logistics (see Table 1).

5. Table 1: Comparison of UK-NZ FTA provisions on digital trade with other recent agreements

Notes:  = provision is present; () provision is present but less specific; - = no provision.

6. In general, the commitments ‘bind’ existing practice (e.g. in the area of customs duties) and promote cooperation rather than oblige either Party to make significant changes. The provisions generally reflect the requests of UK businesses keen to ensure they can conduct cross-border business transactions without needing to use paper documents, and ensure interoperability so that they can use the same forms of electronic processes in different jurisdictions (e.g. e-signatures, digital identities).
7. The provisions on digital trade facilitation are more extensive than the CPTPP and UK-Japan FTA, but not as broad as the ones in the UK-Singapore DEA or UK-Australia FTA. Commitments on digital transferable records are in line with previous agreements, with parties committing to ‘take into account’ the UNCITRAL Model Law on Electronic Transferable Records 2017 developing measures relating to electronic transferable records (Art. 15.6). The provision is in line with requests from UK businesses which expect substantial efficiency gains, including for SMEs, and recent draft legislation in the UK.[xi] On electronic authentication, the UK-NZ FTA follows the less prescriptive wording of most UK-signed agreements (‘recognise the benefits of working towards mutual recognition’, Art 15.7), rather than the language found in the UK-Singapore DEA (‘shall encourage the use of interoperable electronic authentication and work towards the mutual recognition of electronic authentication and electronic digital signatures’).
8. Wording is also similar to recent UK FTAs in digital identities (Art 15.8) and in e-invoicing (Art. 15.9), not going as far as the UK-Singapore DEA - which explicitly mentions Peppol as an example of international frameworks that Parties should take into account when developing measures related to electronic invoicing. Whereas the UK-NZ FTA instructs Parties to ‘facilitate initiatives to promote compatibility between their respective digital identity regimes’ (Art 15.8), they do not aspire to provide ‘comparable protection’ under each other’s legal frameworks (as in the Australia-Singapore DEA). This seems prudent given that this is the early stage of UK policymaking on digital identities. Consumers and digital rights groups have expressed concerns about the design of digital identities and while New Zealand has an established digital identities regime, the UK is only now trialling one.[xii] In the area of customs duties the text goes slightly further than other recent texts in both committing the Parties not to impose customs duties on electronic transmissions and to “cooperate in relevant international fora to promote the adoption of commitments by non-parties not to impose customs duties on electronic transmissions” (Art. 15.4).

Issue 2: Cross-border data flows (including privacy, data localisation, open government data, data innovation, financial data)

9. Cross-border data flows are vital for integrated supply chains and cross-border provision of digital products and services but there are also concerns that allowing data to flow freely may undermine policy objectives such as personal data protection and financial stability. As in other recent agreements, in the UK-NZ text the Parties make a strongly worded commitment not to ‘prohibit or restrict’ cross-border flows, including personal information, if the activity is for the conduct of the business of a covered person, (Art 15.4) and not to require the localisation of data (Art 15.15). Both provisions include an exception under which parties may introduce non-compliant measures, but any such measure has to meet a 4-step test: it must be designed to (i) achieve a ‘legitimate public policy objective’, (ii) not be applied ‘in a manner which would constitute a means of arbitrary or unjustifiable discrimination, (iii) not be applied so as to be ‘a disguised restriction on trade’, and (iv) not impose restrictions ‘greater than are required to achieve the objective’. Several privacy scholars point out that the EU has not made a commitment analogous to Art 15.4 in any of its trade agreements because the EU GDPR may not meet the necessity test found in the WTO’s general exceptions or the 4-step tests found in exceptions in agreements like the CPTPP (and UK-NZ FTA).[xiii] Much of the concern arises from the fact that other protection frameworks exist for personal data – such as the 2015 APEC Privacy Framework – that are arguably less trade-restrictive.[xiv] Given that the UK’s Data Protection Act of 2018 is based on the EU’s GDPR, it is surprising that the UK is agreeing to the 4-step test in its trade agreements.
10. It is important to note that both provisions are similar to the CPTPP (Art.14.8; 14.11 and 14.13) which were found by the Waitangi Tribunal to be in contravention of the Treaty of Waitangi.[xv] According to the Tribunal, Art. 14.8; 14.11 and 14.13 of the CPTPP do not adequately protect the Māori people’s rights in relation to data, which the Tribunal deemed fundamental to Māori identity, and by unilaterally engaging in the conclusion of the CPTPP without the participation of the Māori people or their free prior and informed consent, New Zealand undermined the Treaty of Waitangi.[xvi] On the basis of this ruling, and the similarities between the CPTPP (Art.14.8; 14.11 and 14.13) and the UK-NZ FTA (Art 15.4; Art 15.15), groups representing Māori have emphasised that in negotiating the UK-NZ FTA, the government of New Zealand failed to remedy this breach and traded it off against business and exporter interests.[xvii] There is thus a risk that the UK-NZ FTA will similarly be found to be at odds with the Treaty of Waitangi, with potential adverse reputational implications for the New Zealand and UK governments.

11. The UK-NZ FTA also recognises the importance of personal information protection (Art 15.13). The Parties make no specific commitments on the nature of personal data protection and simply commit to implement domestic legal frameworks that protect personal data. They make some specific commitments on the nature of domestic legislation, and “recognise that the principles underpinning a robust personal information protection framework include: collection limitation; data quality; purpose specification; use limitation; security safeguards; openness; individual participation; and accountability (Art 15.13(3)). Notably, unlike other recent UK trade agreements, there is no footnote stating that the obligation can be met via a variety of approaches including voluntary undertakings by enterprises (an approach that is widely viewed as providing lower levels of protection and being less trade-restrictive than the UK GDPR). This is a welcome development as in previous agreements the UK explicitly recognised voluntary undertakings as sufficient for meeting data protection obligations and agreed to promote compatibility between regimes (see e.g. UK-Aus FTA Art. 14.12). Explicit endorsement of a lower standard of data protection arguably rendered the UK particularly vulnerable to potential challenges by trading partners. While the drafting is problematic, the material risk of a case against the UK data protection regime being brought under the UK-NZ FTA is negligible, as NZ has a robust approach to data protection that is similar to the UK (so robust that it received an adequacy decision from the European Commission).

12. In other recent trade agreements (notably UK-Singapore and UK-Australia) where the European Commission had not granted adequacy to the UK’s trading partner, there were concerns that committing to free flow of data obligations might lead to inadvertent onward transfers of EU citizens’ data, which in turn risked undermining the UK data adequacy arrangements with the EU.[xviii] As the European Commission has conferred adequacy on New Zealand this risk does not arise.

13. Like many trade agreements, the digital trade chapter does not cover financial services suppliers (Art 15.1) and provisions for cross-border flows of financial data are found in the financial services chapter. The Parties make a general commitment to allow financial data to flow (Art 11.7.1) and stipulate the conditions under which a Party may require localisation of financial data (Art 11.7.2-4). Striking the balance between enabling financial data to flow freely (a demand from businesses, including the UK financial services sector[xix]) and ensuring regulators have sufficient access to data for regulation and supervision has been a controversial issue in trade agreements. Although the commitments are subject to a general exception for prudential regulation (Art 11.4), a specific exception that covers ‘public entities in pursuit of monetary policies and related credit policies, or exchange rate policies’ (Art 11.3), and are similar to the UK-Australia FTA, UK-Singapore DEA, and UK-Japan FTA, it is notable that the UK-NZ FTA places more conditions on regulators than the CPTPP text (where there is no commitment prohibiting data localisation for financial data) and the USMCA text (where the conditions for requiring localisation of financial data are less exacting, see USMCA 17.18).
14. Although for different reasons, UK technology companies and digital rights groups have been advocating for open government data. Technology companies particularly promote the access to large data sets, noting that they are vital to the development of the UK’s AI sector. Digital rights groups advocate for commitments by government to make data shareable and re-usable to promote transparency and accountability, and allow citizens an opportunity to engage with their own governance. The UK-NZ agreement contains a provision on open government data (Art 15.17) which is very similar to provisions in other agreements such as UK-Japan, Australia-Singapore DEA, the UK-EU TCA and USMCA. The Parties recognise the importance of open government data and expanding its accessibility, but stop short of making strong commitments, agreeing to strive towards ensuring that whenever government information is made public, it be machine-readable, searchable and able to be ‘retrieved, used, reused and redistributed’. Some experts argue that large AI firms with the capacity to collect open data and to correlate it with the ‘closed data’ they hold benefit disproportionately from such initiatives, and argue that trade agreements should help make privately held data made more accessible to governments, businesses, and citizens. The UK-NZ FTA and other recent agreements are silent on this.[xx]

Issue 3: Innovation and regulation of new technologies – protection of algorithm and source code, cryptography, AI and emerging technologies

15. For technology firms, the protection of proprietary algorithms and source code through intellectual property rights has become vital to maintaining their competitive edge. At the same time, as the use of technologies powered by algorithms, such as artificial intelligence, become more widespread, so have public policy concerns with the risks that could be associated with them, including discrimination and lack of fairness and accountability. Provisions around algorithms have been included in previous UK agreements with relation to access to source code. While technology firms have advocated for provisions in trade agreements that prohibit governments from requiring disclosure of algorithms and source code except under very specific circumstances, consumers and digital rights groups have expressed concerns that this may impede effective regulation. Trade unions have also advocated for more algorithmic and source code transparency in trade agreements, especially in light of the growing use of AI in the hiring, management, and dismissal of workers.[xxi]
16. Differently from previously negotiated UK’s FTAs (including UK-Japan and UK-AUS), the UK-NZ text does not include a general provision on access to source code. This likely reflects the finding of the Waitangi Tribunal which reported in November 2021 and found the source code provision in the CPTPP to be in breach of the Treaty of Waitangi. During the Waitangi Tribunal inquiry on the CPTPP, Māori tech experts highlighted that algorithmic decision-making could be biased against Māori people, due to biased assumptions in algorithmic design and/or biases in training data that would in turn lead to decisions that negatively impact them.[xxii] Ensuring that relevant stakeholders have access to source code is important for enabling the detection and correction of potential bias, as well as prevention of abuse of Māori data.[xxiii] The Tribunal thus found that the source code provision of the CPTPP did not provide the level of active protection of the rights of the Māori required under the Treaty of Waitangi.
17. However, the UK-NZ agreement does include some language banning mandatory access to proprietary information, including algorithmic specification, specifically with regards to ICT products that use cryptography. The language found in the UK-NZ text (Art. 15.12) on the use of cryptography for information and communication services is similar to the provisions included in other UK agreements. Similar to the AUS-UK FTA, UK-Japan and the DEA, the UK-NZ agreement prohibits parties from adopting regulation that requires access to a particular cryptography technology or access key, with exceptions to networks controlled by the government bodies (including central banks), for the supervision and investigation of financial markets, and for law enforcement purposes. These provisions are important to ensure the integrity and security of encrypted services, and to prevent unlawful interception and electronic surveillance, upholding individuals’ right to privacy. There are concerns from the technical community, however, that exceptional access to encrypted communications by law enforcement, such as included in the caveat of the article, might be unfeasible in practice and would create systemic vulnerabilities for users and consumers, for example creating backdoors that could be explored by ill-intentioned agents.[xxiv]
18. The UK-NZ includes non-binding commitments that reflect concerns with existing and potential risks that could emerge from the widespread use of algorithms and other emerging technologies. The UK-NZ FTA includes a commitment to cooperate on digital innovation and emerging technologies (Art 15.19), promoting activities that encourage the development and adoption of emerging technologies, and facilitating trade in related products and services. This provision mentions specifically that parties can cooperate on algorithmic transparency “to address issues such as unintended biases and exacerbation of existing divides” (Art. 15.19.4(b)). In developing this cooperation, it will be important to consider whether consumers and citizens will have means to understand how their data is collected and processed by algorithms, and have access to any mechanisms of redress. While non-binding, the inclusion of this language is a welcome development, as most other UK FTAs pay even less attention to the adverse impacts that can arise from new digital technologies.

Issue 4: Regulation of platforms (including ISP liability, open internet access, competition in digital markets)

19. Nations around the world have been drafting and adopting rules on internet liability, regulating in what circumstances internet companies are legally responsible for harmful or illegal content shared on their platforms, including for breaches of copyright. UK technology companies have been advocating for the adoption of safe harbours and rules that limit or except them from liability for the content they host or transmit, calling on the UK to adopt provisions analogous to those found in the USMCA, where liability provisions are based on the controversial s.230 of the US Communications Decency Act (CDA).[xxv] Meanwhile domestic policymakers in many countries have been discussing new rules requiring companies - often referred to as internet service providers, or online service providers - to take more responsibility for content they host (e.g. the UK Online Safety Bill). In terms of general intermediary liability the UK-NZ adopts a more cautious approach, refraining from including any general liability rules such as the prescriptive and generous safe harbour regime adopted in the USMCA (Art 19.17.2) that was modelled on section 230 of the US CDA.
20. In terms of liability related to intellectual property rules in the UK-NZ text, the Parties agree to establish and maintain a system to limit the liability and the remedies available against internet companies for copyright and related rights infringement by a user of its services as part of the IP chapter (Art 17.81). Provisions on intermediary liability for copyright infringement in the UK-NZ deal is more detailed and goes slightly beyond the UK-Japan agreement, while being slightly more narrow than the UK-AUS deal. It goes beyond the language in the UK-Japan by committing parties to the introduction or maintenance of measures to limit liability rather than a general commitment to take appropriate measures, adopting a wording that is similar to the provision found in the UK-AUS. However, the UK-NZ text is more specific that the UK-AUS. While the UK-AUS mentions provides a window to shield platforms from liability for other types of content, beyond copyright and other intellectual property by including the possibility of extending the liability mechanisms to other types of online service providers, the UK-NZ only allows the expansion of the measures to cover other intellectual property rights. The UK-NZ provision, like the UK-AUS, also provides that Parties need to provide injunctions requiring that online service providers (OSPs) disable access to infringing content (“blocking orders”) in case of copyright violation (Art 17.82 UK-NZ. At the same time, the UK-NZ deal is not as prescriptive with regards to the model of intermediary liability for copyright violations such as the CPTPP (Art 18.82) and the USMCA (Art 20.88), deals that mirror US domestic legislation (DCMA s. 512) and require parties to establish safe harbours for internet platforms and to adopt a ‘notice and take down’ mechanism.
21. Consumer organisations in the UK are concerned that proposed legislation to place greater responsibilities on online platforms for the safety and accuracy of their content could be undermined through commitments made in trade negotiations, leading to weaker protection for British consumers.[xxvi] At the same time, there are concerns that legal mechanisms to limit liability might create incentives for companies to remove more content than required and undermine freedom of speech online.[xxvii]
22. The language on the UK-NZ deal regarding open internet access (Art 15.16) provides weaker commitments than previous UK treaties, and indeed replicates the timid language of the CPTPP (Art 14.10) and of the UK-AUS (Art 14.15). While in the UK-Japan agreement (Art 8.78) and the TCA (Art 170) the government has committed to ensure non-discriminatory access to the internet, consistent with network neutrality principles, in UK-NZ the relevant provision merely recognises the benefits for consumers of having access to internet services and applications in a non-discriminatory way, incorporating the same watered-down wording that was agreed in the CPTPP. However, the UK-NZ provides a slightly more specific provision regarding the concept of “reasonable network management” than the UK-AUS and CPTPP, by specifying that it should not “block or slow down traffic based on commercial reasons”. The weaker commitment to network neutrality goes against calls from UK consumer organisations[xxviii] and means that the UK missed the opportunity to get a stronger commitment from New Zealand on network neutrality, commitments that are central to protect an open and innovative internet, prevent network managers from censoring, filtering or charging more for specific contents.
23. Provisions in the UK-NZ regarding competition policy are similar to the UK-Singapore DEA and provide for technical cooperation on competition policy including around issues in digital markets (Art. 18.5.2). Similarly to the UK-Singapore DEA, the UK-NZ has expressed specific competition concerns related to digital markets, explicitly mentioning that technical cooperation between the parties may include “the exchange of information on the development and implementation of competition policy and law, including in relation to competition issues in digital markets” and “the sharing of competition-related studies, reviews, and research, including in relation to competition issues in digital markets” (Art 18.5.2). The recognition that digital markets create new challenges and concerns, and that competition authorities need to cooperate is positive and reflects wider efforts to update and complement competition law, including by the UK Competition and Markets Authority (CMA). [xxix] However, the UK-NZ FTA does not place as much emphasis on the specific challenges that emerge in digital markets as the UK-Singapore DEA. Notably there is no commitment to cooperate in the enforcement of competition in digital markets including on aspects such as notification, consultation and the exchange of information (Art 16.2 UK-Singapore DEA). Given the UK CMA is playing a leading role in global policy decisions on digital markets, this is a missed opportunity to include stronger commitments and strengthen cooperation.

Issue 5: Online consumer protection

24. The rapid shift to business online has made it a necessity for policymakers to ensure that digital marketplaces are safe, and that consumer trust is promoted, particularly when consumers engage in cross-border digital transactions. The UK-NZ FTA provision on online consumer protection (Art 20.3) is surprisingly weak, as “Each Party shall provide consumers engaged in online commercial activities with a level of protection not less than that provided under its law to consumers engaged in other forms of commerce”. As such, and unlike other recent digital trade agreements, it does not consider specific concerns that arise in digital markets, including the need to facilitate access to redress including for consumers from one Party transacting with suppliers from the other (e.g. Art 8.61-M in UK-Singapore DEA).
25. In relation to spam (Art 15.11), the Parties follow the same approach as other UK FTAs, CPTPP and Australia-Singapore DEA. This approach is weaker than that followed by the EU as it drops the requirement for prior consent (whereby a consumer must opt-in to receive commercial messages). Parties are however still obligated to adopt laws that enable recipients to opt out of unsolicited messages and it includes the requirement that “Each Party shall ensure that commercial electronic messages are clearly identifiable as such, clearly disclose on whose behalf they are made, and contain the necessary information to enable recipients to request cessation free of charge and at any time” (Art 15.11.2). Unlike the UK-Singapore DEA, no mention is made of the Parties cooperating to address online harms (Art. 8.61-O UK-Singapore DEA), despite calls for this from UK consumer organisations.[xxx]

Issue 6: Cybersecurity

26. Cyber-attacks are an increasing source of risk in the global economy, are costly for businesses, and undermine trust in the digital economy. The UK-NZ FTA contains an extensive provision on cybersecurity (Art 15.18) which is similar to articles in the UK-Australia FTA and UK-Singapore DEA and more substantial than provisions in the CPTPP and Australia-Singapore DEA. In some places the wording is watered down in comparison to the UK-Australia FTA as the Parties merely ‘recognise the importance of’ (rather than ‘shall endeavour to’) building national capabilities for cyber security incident response; strengthening collaboration mechanisms to cooperate to anticipate, identify and mitigate malicious intrusions or dissemination of malicious code that affect electronic networks, and use those mechanisms to swiftly address cyber security incidents; maintaining a dialogue on matters related to cyber security. As with the UK-Australia FTA and UK-Singapore DEA, agreements, each Party ‘shall encourage’ juridical persons within its territory to use risk-based approaches that rely on open and transparent industry standards to ‘manage cyber security risks and to detect, respond to, and recover from cyber security events’ and ‘otherwise improve the cyber security resilience of these juridical persons and their customers’ (Art 15.18-3). The contents of this provision, modelled after the USMCA, broadly reflect consensus in global policy debates around risk-based approaches, and are in line with the commitments made by the UK in other trade agreements.

Issue 7: Labour standards

27. The UK-NZ FTA makes no mention of strengthening gig-economy labour protections. This is striking given the number of people working in the gig economy (more than 4 million people in the UK),[xxxi] widespread concerns about gig economy employment practices, and the recently signed UK-Singapore DEA, which mentions the issue (albeit in soft terms) within the provision on digital inclusion. The analogous provision in the UK-NZ FTA (Art. 15.20) does not mention labour or workers at all. There is plenty of room for innovation and leadership in this field, with provisions that go beyond obligations to cooperate and participate in international fora to promote the digital inclusion of groups and individuals that disproportionately face barriers to digital trade. A commitment to progressively improve labour conditions and references to the international labour standards that should be upheld for gig workers could be introduced in future FTAs. Framing labour solely as a digital inclusion issue moreover fails to take into consideration those workers that are already part of the digital economy and might have been adversely impacted by it – further signalling that even the most innovative approach adopted by the UK to date is still falling short of comprehensively addressing the challenges posed by the digital economy to workers.

Issue 8: SMEs, digital inclusion, and stakeholder engagement

28. Like previous agreements, the UK-NZ FTA has a specific provision on Small and Medium Enterprises that aims to reduce barriers to participation in the digital economy, to including Māori-led and women-led enterprises. The Parties shall ‘foster close cooperation on digital trade between SMEs’, ‘encourage their participation in platforms that help link them with international suppliers, buyers, and other potential business partners’, and ‘share best practices in improving digital skills and leveraging digital tools and technology to improve access to capital and credit, participation in government procurement opportunities, and other areas that could help SMEs adapt to digital trade’ (Art 15.20-3). The digital inclusion article contains similar commitments to reduce barriers to participation focusing on developing countries (Art. 15.20-4).
29. The UK-NZ FTA creates no mechanisms for specific digital economy cooperation like the ‘Digital Economy Dialogue’ (UK-Singapore DEA) and ‘Strategic Innovation Dialogue’ (UK-Australia FTA). Despite criticisms regarding the inner workings of those dialogues in other FTAs, their complete absence from the UK-NZ FTA is surprising and concerning, especially given the importance of creating mechanisms for Māori participation for the success of this trade agreement. That being said, Art 15.22 does establish a specific review of the ‘operation and implementation’ of the digital trade provisions in the FTA after two years, and expressly mentions that New Zealand ‘affirms its intention to engage Māori to ensure the review outlined in paragraph 1 takes account of the continued need for New Zealand to support Māori to exercise their rights and interests, and meet its responsibilities under Te Tiriti o Waitangi/the Treaty of Waitangi and its principles’ (Art 15.22.2(b)). While still falling short of an effective stakeholder engagement provision, this article is a positive step towards safeguarding Māori’s right to participation in the context of digital trade provisions.

              May 2022