Written evidence submission from UNISON (DTD0023)
Digital trade and data enquiry
International Trade Commons Select Committee Inquiry
UNISON response February 2021
About UNISON
Background to UNISONs response
UNISONs response covers four key areas:
Lack of consultation and transparency in the UK governments agreement of digital trade rules in the WTO and digital chapters of trade deals
1. UNISON believes that the governments rush to agree a new WTO digital trade agreement without UK domestic consultation, especially in the light of recognised need for domestic digital and AI regulation in the UK National Data Strategy consultation 2020, is not a sustainable approach.
2. In November 2020 the UK joined the WTOs current e-commerce bilateral discussions and negotiations, involving 86 countries. The aim is to update WTO e-commerce trade rules and are more than likely to maintain a de-regulatory approach to digital and e-commerce trade with lower data protections and to prevent domestic regulation overriding these new data rules.
3.The proposed e-commerce provisions will impact on how easily data can flow across borders, the extent to which citizens’ personal data is protected, and shape the way we regulate the Internet and manage new technologies like artificial intelligence and algorithmic decision-making. They have implications for public services, as well as public service users, and workers.
4.The UK WTO text is not public and there are concerns about the lack of transparency and consultation. The UKs unseen text proposals are in areas where there is yet little consensus in the UK or among the broad spectrum of countries participating in the talks, which include ‘protectionist’ countries such as Indonesia and China (at least in part), digital free traders from the Asia-Pacific, and super-regulators with strong views in certain areas such as the EU and the US.
5.These legal texts cover customs duties on electronic transmissions, personal information and data privacy protection, cross-border transfer of information, location of computing (and financial computing) services, source code, cryptography, open internet access, cybersecurity, electronic contracts, and paperless trading
6.The EU has requested in its text that data privacy protection must come first and proposed a ‘carve out’ of privacy protection measures from the trade agreement’s usual disciplines and has asked that data privacy be regarded as a fundamental (and human) right.[1] There is no evidence that the UK has supported this negotiating approach. Instead it is reported that the UK is supporting the signatories of the Asia-Pacific trade pact CPTPP as the UK seeks accession to join the CPTTP.
7.UNISON is concerned that the UK government is not championing high standards in a new global digital level playing field. We would like to see the government make a public commitment that it will be supporting the underpinning of digital privacy protections as fundamental and human rights like the EU in the WTO e-commerce negotiations and in digital trade agreements.
8.We would not want the UK to sign up to the WTO bilateral e-commerce agreement if it directly lowers our existing data standards and removes the domestic ability to apply safeguarding data privacy regulations, such as GDPR or human rights in free international data flows.
9. UNISON welcomes the DTIs commitments and initiatives to set up a variety of UK Trade Advisory Groups (TAGs) and Themed Working Groups (TWGs) to discuss new UK trade deals and to which trade unions have been invited to participate to some extent. Currently however there is no AI or digital trade group but instead a Telecoms and Technology group[2] which includes mainly large UK and global tech companies and capital venture corporations but no public service bodies such as the NHS which has one of the largest growing public digital and AI budgets in the UK.
10. No trade unions, civil society or public bodies have been invited to sit on this particular TAG diminishing the voices of workers, civil society and public service consumers in the formation of the UKs digital trade strategy which will have significant impact on everyone’s daily life as we move to a new digital age.
11. The absence of public sector bodies representing the UK public interest in digital trade negotiations is an imbalance that needs to be addressed. It diminishes trust, accountability and a transparent link between public service bodies rights to recommend digital rules to safeguard citizens data transfers over corporate tech interests to determine rules that only benefit their profit-making business models.
12. Given the governments ambitions to set new standards in digital trade, with for example its proposed new UK adequacy regime, digital and AI trade rules requires a lot more scrutiny – not less. This includes not just public consultation and stakeholder participation but comprehensive and independent Data Impact Assessments of the likely economic, social, environmental, labour and health impacts of any new digital agreement to protect the public interest.
13. The lack of parliamentary scrutiny of WTO negotiations and trade bills in general and the UKs government decisions to not publish negotiating text or consult with stakeholders on that text in detail hinders the UKs ability to adopt a future proofed and sustainable a digital trade strategy that will serve the best public interest domestically.
The infringement and restrictions of the UK sovereign right to make domestic AI and digital laws that can override digital and AI agreements in trade deals
14.There is currently a lack of both UK and globally agreed AI and data management and regulation. This leaves an unresolved regulatory gap and conflict in balancing the argued requirements for corporate digital innovation and the need for regulations to safeguard and protect fundamental rights in public service use of AI and ownership of data, alongside strengthening workers and civil digital rights. This imbalance is currently playing our across three interrelated areas:
15. The WTO GATS, which the UK is part of, already has trade rules in AI and digital services. The new inclusion of source code protection into the WTO plurilateral trade rules on electronic commerce is seen as a protectionist approach by big tech companies seeking to maintain and expand their global control of digital and AI services by strengthening trade secrets and Intellectual Property rights on algorithms, data and source code. This can also be seen as a way to justify the right by big tech companies to demand the preclusion of forced technology transfer by parties in any trade agreement.
16. Future UK domestic legislation requiring auditing of source code or algorithms and data for public health and safety reasons will violate some of the new trade law clauses on source code proposed. Domestic legislation violating trade law can be justified pursuant to the GATS ‘general exceptions’ if the requirements that are attached to the exceptions can be satisfied.
17. This means that the UKs possibility to adopt rules that, for example, mandate external audits of public service AI systems will be confined only to the policy space that is allowed under trade law. UK policy options for AI governance will have to be consistent with the future WTO electronic commerce proposals on source code, unless they neatly fit the GATS ‘general exceptions’.
18. Alongside the WTO negotiations international trade deals are increasingly outlawing measures that require access to source code as a condition for market access and/ or foreign direct investment. These include large regional agreements such as USMCA, but not RCEP yet, and specifically for the UK the new deal with the EU in the Trade Cooperation Agreement (TCA) and Japan and expected in the future deals with CPTPP, New Zealand and Australia.
19. For comparison purposes the UK-EU TCA states that source code disclosure rules does not prevent discovery by a court in judicial proceedings or investigations by regulatory bodies or administrative tribunals. Also, a party can justify mandating access to software source code in the context of a certification procedure subject to meeting the requirements of the general exceptions and the security exceptions contained in the agreement.[3]
20 . The exceptions allowed to meet any domestic modification requirements of source code however in other agreements are written in such a way as to be meaningless. For example the CPTPP Chapter on Electronic Commerce, prohibits a party to this agreement to require the transfer of, or access to, “source code of mass-market software or products containing such software” as a condition for the import, distribution, sale or use of such software in its territory. It then goes on to say that the prohibition does not preclude “requiring the modification of source code of software necessary for that software to comply with laws or regulations” which are themselves not inconsistent with this trade agreement. [4]
21. Meanwhile there are also uncertainties and inconsistencies around how much source code disclosure is allowed in relation to public procurement contracts. For example the EU has put forward in its WTO text:
the voluntary transfer of or granting of access to source code on a commercial basis by a natural or juridical person, for instance in the context of a public procurement transaction or a freely negotiated contract.[5]
There is a similar clause in the UK-Japan deal but UNISON has no understanding if the UK is promoting the proposal for a voluntary public procurement exception as a standard clause in the WTO negotiations or in all future trade deals. The implications and usefulness for this trade clause for domestic public service public procurement contracts involving the procurement of AI and data use needs to be explored further.
22. Future regulations under discussion by UK authorities, maybe at risk. For example proposals such as prior conformity assessment of high-risk AI applications by certified testing centres, regulatory oversight of algorithmic systems with a high potential for harm through a live interface and for large online platforms to enable vetted researchers to study systemic risks by accessing data via interfaces. These regulations will be vital to ensure future accountable, ethical and trustworthy AI and digital data use in public services, particularly the health service.
23. The UK committing itself now to new digital and AI trade law clauses that would make it harder to regulate, manage, consult and engage with UK citizens about the role and purpose of AI systems in delivering public services, in particular future health and social care, police and educational services will undermine public trust and raise issues of legitimate sovereign governance.
24.The test to qualify for ‘general exceptions’ in Gats is very difficult to meet. For example a measure that breaches source code rules must first meet a legitimate general interest objective. These objectives can include measures that are necessary to protect public morals, public order, health and to secure compliance with laws or regulation, including those relating to the prevention of deceptive and fraudulent practices or to deal with the effects of a default on services contracts or the protection of the privacy of individuals in relation to the processing and dissemination of personal data.[6]
25.The measure must then be applied in a manner that does not constitute “arbitrary” or “unjustifiable” discrimination, or a “disguised restriction on trade in services.” It must pass a ‘necessity test’. It could be argued that an audit or disclosure of a source code is not necessary and a less trade-restrictive alternative such as a self-assessment by the foreign or global tech company could be used. This would involve additional liability and burden of proof legal agreements.
26.A UK public service like the NHS, for example when contracting medical devices using AI and UK health data, could argue that it has the right to audit that AI system purchased in a public procurement trade contract, to ensure health and safety risks are minimised. A wider problem that the NHS would then face is that there is no internationally accepted standard for audits of AI systems – data, source code or algorithms and no international standard of self -assessments as a lesser trade restriction measure.
27.Different countries take different approaches to AI design, ranging from free market-led approaches to fundamental rights’ preserving and some emphasising ethical and trustworthy AI governance. Where there is no internationally accepted standard in AI audits it would mean the UK would have to develop a domestic standard in AI auditing and then defend the need for a high level of personal health protection needed against a less trade-restrictive practice such as a self-assessment.
28.The WTO ecommerce text makes no definition of what an international source disclosure audit standard would be but the 2019 OECD Recommendation on Artificial Intelligence[7] calls for responsible and trustworthy AI and promotes transparency, explainability and accountability of AI systems. It does not go as far however to recommend an international standard for auditing, verification and inspection of AI systems.
29.Besides the lack of agreed international AI and digital standards and laws, trading in transformative digital and AI technology will definitely require new domestic laws as risks are imported with digital and AI trade. The risks of imported digital and AI systems impacting on, for example, civil society, democratic institutions, public services, the equal treatment and unfair discrimination of consumers and workers will need to be balanced against existing digital trade objectives.
30.The current risks of the opacity and scalability of AI algorithms and source code requiring the need to get into the so called ‘black box’ could swing the ‘necessity test’ in favour of an source code audit being seen as justified. Then however the measure, according to GATs, would need to be applied consistently without discrimination and discretion has to be exercised reasonably. The UK currently has not yet developed any policy or strategy on introducing these measures domestically nor any thinking how they would apply to global digital and AI trade imports.
31.A further problem the UK government faces in domestic legislation is that source code protection through Intellectual Property Rights and trade secrets are also dealt with inside the WTO Intellectual Property (TRIPS) Agreement. Why source code of software enjoys triple protection as a copyright protected material, a trade secret and sui generis software source code is not well founded or explained but it means that software source code is well shielded from being interfered with by domestic measures.
32.Keeping source code and algorithms secret from government means it would be almost impossible for a government regulator, public service provider or trade union to expose bias or discrimination in source code. For example, an algorithm used in recruitment that perpetuates gender or racial biases or that profiles workers as union activists is harmful and discriminatory but without being able to look at the source code it would be difficult to find the burden of proof.
33.A high level of consumer protection calls for robust safeguards against anticipated risks of AI technology. AI systems’ characteristic opacity and the difficulty disclosure of proving that an AI system is faulty, biased or unfair makes it difficult defending consumer rights in digital consumer markets. New domestic laws will require more agile and scalable regulatory measures, in addition to the current system of ex post enforcement.
34.It is important to note also that digitalization leads to more and more digital artefacts made of software source code and algorithms and AI technology will continually pose new risks for individuals and society whilst trade law largely remains static after having been ratified.
35.The source code clause therefore is a blunt deregulatory instrument not fit for UK domestic digital policies that need to build on interoperability, accountability, and verifiability of digital technologies.
36.A further cause for concern in digital trade deals is the measure to keep international data flows unregulated. Trade deals are increasingly preventing the restriction of transfer of cross-border information by electronic means and preventing governments from requiring a corporation use or locate computing facilities in their territory as a condition of conducting business in that territory.
37.Some trade deals also contain provision that prohibits governments from requiring service suppliers to establish or maintain a representative office or any form of enterprise, or to be a resident, in its territory as a condition for the cross-border supply of a service. There can be exceptions however such as government procurement, information held or processed on behalf of government, personal credit information, and data related to measures linked to health services.
38.Even with these exceptions, which UNISON would like to see the UK adopt in its digital trade approach, the restrictions on regulating cross-border data flows, location of computing facilities and local presence have implications for the ability of governments to regulate and enforce laws, including tax law, and implications for workers’ rights.
39.These rules give corporations the right to operate across borders while limiting the ability of workers and the community to obtain justice. If the rights of a worker are violated by an online platform with no local presence, it is unclear how they obtain justice. As the International Trade Union Confederation[8] ‘Without a local presence of companies, there is no entity to sue and the ability of domestic courts to enforce labour standards, as well as other rights, is fundamentally challenged.’
40.UNISON also has concerns that unregulated cross-border flows risks personal and anonymous public service data flowing into potential commercial hands with no protection on our data privacy rights being upheld in the receiving country These potential harms could be very sensitive in the case of NHS data.
41.UK digital trade agreements must not include any provisions that allow for the undermining, restriction or limitations on the domestic right for UK appropriate regulatory bodies to protect or restrict harmful international free flow and use of digital health and social care data.
42.UNISON is very concerned that unregulated and liberalisation of data flows and increased IP protections of AI algorithms in trade deals will turn UK public sector data into a lucrative commodity. NHS information for example can be used for the privatisation of health services, assisting with cherry picking the most profitable parts.
43.IPR on UK health AI generated data with free and unregulated data flows could place the NHS in the long term position that it has to buy back its own medical data because of its reliance on these technologies. Private digital and AI companies could hold valuable NHS data sets with little regulations on AI and ADM processing and decision-making, end use to third parties, time limits or means to challenge IPR data set rights unless domestically regulated.
44.The increasing development and use of AI medical devices and tools contain source codes and personal health data. Currently the government is having a two-year consultation on the application of AI and ADM in medical devices. Yet private commercial protections via IPRs such as patents and trade secrets are already being written into trade deals which can override a future UK decision to require source code disclosure for medical reasons on health and safety grounds.
45.Other deregulatory aspects of trade deal chapters such as ‘ratchet clauses’ and ‘standstill cluses’ and dispute mechanisms such as ISDS can have an additional chilling impact on domestic digital legislation which will also mean lower protections for public service users.
46.UNISON has long called for the exemption of public services and particularly health from all chapters in trade deals. We extend this to include all health and social care data and IT technology.
What we would like the UK government to achieve in digital trade deals to protect public services, data privacy rights and workers digital rights
47.UNISON would like to see that all public services, particularly health and social care services that use data driven technology are removed from trade agreements and in particular in e-commerce chapters where IP, Patents and commercial and trade secrets are used to protect disclosure of AI and ADM technology and tools and devices. This would include medical devices, health data processing services and IT systems, trade in medical algorithms, data technology or other health and social care AI devices.
48.The UK government must exempt or ‘carve out’ e-commerce provisions in health and social care commissioning of data, health data processing services and IT systems for commissioners, analysts, and clinicians in relation to patient data, public health data and publicly provided social care data relating to UK citizens.
49.UK Public Procurement contracts should include the right for public services to demand source code disclosure and local data flows and local presence if it’s in the best public interest. Furthermore trade agreements and AI public procurement must specifically exclude NHS health and social care data from becoming commercially commodified and protected from ISDS mechanisms, ratchet clauses and standstill clauses. The government should ensure that data access and the processing of UK public health data for the purpose of research, planning and innovation remains publicly owned and not commercially owned.
50.This would protect public funded health data processing services for which NHS England/NHS Improvement and NHS Digital has policy making responsibility, from any form of data control from outside the UK. It would also ensure that the government retains control of access to health data for the purpose of research, planning and innovation according to its own priority policies and associated regulations.
51.The digital economy is still growing and evolving. Locking in deregulatory rules at such an early stage of development of the digital economy will see the ownership and control of data concentrated in the hands of a few corporations, leaving governments unable to maximise the public good benefits that can come with digitalisation.
52.Currently digital trade rules not only exacerbate the problem of tax havens but could also lead to the creation of data havens. As Jane Kelsey points out, big tech companies want ‘a guaranteed and unfettered right to collect data and store, transfer, process, use, sell and exploit it anywhere in the world…they want to transfer and store data in their place of choice. That is partly for efficiency, so they can process bulk data without having to duplicate facilities and personnel – but as importantly so they can choose destinations that have the most favourable laws.’ [9]That means countries that do not regulate the internet and have weak consumer and privacy laws.
53.Workers need governments to implement strong regulations in the rapidly evolving digital economy to protect human rights and ensure new technology benefits us all. We would like the government to review its employment laws, equality and human rights laws – including mandatory human rights due diligence laws in supply chains- privacy laws, and public procurement laws to strengthen its domestic regulations in response to the development of the digital economy and imported digital trade risks.
54.We would like to see a UK global approach to digital trade as one that levels up not down on digital privacy rights. As the International Trade Union Confederation argues, Government regulation and enforcement is necessary – to protect workers, to protect personal data, to avoid market power abuses and protect economic freedom, to industrialise/digitalise, and to ensure that taxes and contributions are paid where value is created. In the absence of a global regulatory system on e-markets, data localisation is required for governments to regulate effectively.
55.We want commitments in digital trade deals to safeguard workers’ rights and implement International Labour Organisation (ILO) standards and not undermine workers’ rights by preventing the government from regulating the ‘gig economy’.
56.The inability of governments to require data to be stored locally also has implications for workers’ privacy, as new technologies generate large amounts of data on workers. New technology also brings with it increasing risk of worker surveillance. The trend of workplace surveillance has accelerated since the start of the COVID-19 pandemic and the rapid shift to ‘work from home’ arrangements for many workers
57.The International Labour Organisation’s Global Commission on the Future of Work report Work for a brighter future [10] argues that ‘the exercise of algorithmic management, surveillance and control, through sensors, wearables and other forms of monitoring, needs to be regulated to protect the dignity of workers.’
58.There is the need to strengthen our privacy legislation in line with the development of the digital economy. Workers need to be informed and consulted regarding data collected on them, have access to their own data, and there needs to be regulation to place limits on the collection of data that might discriminate against workers or trade union activity, for instance the collection of data on union membership.
59.The privileging of big tech companies in digital trade rules will further proliferate exploitative business models.[11] As the International Trade Union Confederation’s report ‘Free Trade Agreements, Digital Chapters and the impact on Labour’ notes: ‘key to the success of all these platforms is the huge amount of data that they collect and process together with their ambition to disrupt and dominate existing markets, often with little regard for existing regulation or the wider social impacts.’
60.Trade expert Deborah James explains
Big Tech has proposed the rules in order to consolidate its exploitative business model, including: gaining rights to access markets globally; extracting and controlling personal, social and business data around the world; locking in deregulation and evading future regulation; accessing an unlimited supply of labour that has been stripped of its rights; expanding its power through monopolies; avoiding the payment of taxes.[12]
61.UNISON would like to see the UK government campaign to remove the ban on source code disclosure in the WTO proposals and in existing and new trade deal chapters. The UK should clarify the impact of the source code clause on UK digital policies, in particular consumer rights, and in the meanwhile give up on this trade law clause since software source code already enjoys copyright and trade secret protection.
62.There is currently no experience with this new trade law clause on source code and insufficient analysis of its scope, application and effects on a party’s autonomy to regulate and so it should be removed from all trade deals.
63.The UK government should adopt a modular approach to algorithmic transparency combining different requirements, ranging from information duties, qualified transparency for public authorities and domestic courts to facilitating external audits and public scrutiny in justified cases. Central to accountability, verifiability, and trust in AI are methods to audit algorithms and AI systems.
64.New regulation for high-risk AI system would also apply to economic operators in third countries providing AI-enabled products or services in the UK.
65.Much more should be achieved, such as regulating AI systems with moderate risk levels, the publication of ex ante impact assessments, enabling qualified transparency with the help of standardized interfaces to carry out input/output audits and harnessing public interest research in justified cases.
66.To overcome challenges in AI Regulation in global trade rules the burden of proof in litigation must be alleviated, new regulatory enforcement capacity and technical expertise, as well as leveraging collective public redress and public scrutiny of AI systems will be needed too.
February 2021
[1] https://trade.ec.europa.eu/doclib/docs/2020/january/tradoc_158557.pdf
[2] https://www.gov.uk/government/publications/trade-advisory-groups-tags/trade-advisory-groups-membership
[3] Article DIGIT.12: Transfer of or access to source code https://ec.europa.eu/info/sites/info/files/draft_eu-uk_trade_and_cooperation_agreement.pdf
[4] CPTPP Article 14.17 https://www.iilj.org/wp-content/uploads/2018/03/CPTPP-consolidated.pdf
[5] EU text proposals tabled for WTO ecommerce negotiations 2.6 TRANSFER OR ACCESS TO SOURCE CODE
[6] https://www.vzbv.de/sites/default/files/downloads/2021/01/21/21-01-26_study_ai_and_trade.pdf
[7] https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449
[8] ITUC and New Economics Foundation, ‘Free Trade Agreements, Digital Chapters and the Impact on Labour’, https://www.ituc-csi.org/IMG/pdf/digital_chapters_and_the_impact_on_labour_en.pdf , p. 24
[9] Public Services International, ‘Digital trade rules and big tech: surrendering public good to private power’, p.14 https://pop-umbrella.s3.amazonaws.com/uploads/f2bddc3d-c353-4846-a23b-82dec9a9e6d7_2020_- _ASIA_DIG_REPORT_3__1_.pdf
[10] 8 International Labour Organisation’s Global Commission on the Future of Work report Work for a brighter future, https://www.ilo.org/wcmsp5/groups/public/---dgreports/---cabinet/documents/publication/wcms_662410.pdf
[11] ITUC and New Economics Foundation, ‘Free Trade Agreements, Digital Chapters and the Impact on Labour’, https://www.ituc-csi.org/IMG/pdf/digital_chapters_and_the_impact_on_labour_en.pdf , p. 24
[12] Deborah James, ‘Digital Trade Rules: A disastrous new constitution for the global economy, by and for big tech’, RosaLuxemburg Stiftung, Brussels (2020), p. 7, https://www.rosalux.eu/en/article/1742.digital-trade-rules.htm