Technology policy experts and foreign officials are eyeing a U.S.-Japan Free Trade Agreement as a platform for digital trade rules that the rest of the world -- including China -- can follow.
Digital trade should be a part of the “harvest conversations” as Washington and Tokyo sit down to determine the scope of a potential deal, Aaron Cooper, vice president of global policy for BSA | The Software Alliance, said during an Oct. 30 event hosted by the Wilson Center.
“We are very happy with the digital trade language that’s in the U.S.-Mexico-Canada Agreement and we think there is still more that we can do to improve upon that and are hopeful that in our conversations with Japan that are upcoming -- in the early harvest conversations -- that we can talk about digital trade,” he said, adding that like-minded countries need to coalesce around ways to drive a global set digital economy standards.
The earliest the Office of the U.S. Trade Representative can begin to formally negotiate with Japan is Jan. 14, according the 2015 Trade Promotion Authority law, with all public comments on negotiating objectives due by Nov. 26 and a public hearing set for Dec. 10.
“It is important that countries that have a like-minded view of the importance of the emerging data society and the importance of developing [artificial intelligence] work together to create international standards that will enable those technologies,” Cooper added.
The “alignment” of U.S. and Japanese viewpoints on digital trade would present an “excellent opportunity to start creating a more global set of digital trade rules” that can begin to cover cybersecurity and other emerging issues, he said, adding that the two countries “need to make sure we have a consistent and not conflicted area of legal systems.”
Cooper also noted restrictions Europe places on companies transferring personal data across its borders, “except under a few exceptions,” and said the U.S. and Japan have more effective platforms for facilitating data transfers.
“As long as the party that is transferring the data is accountable to make sure that however that personal information is processed is done consistent with Japanese law, in this case, the data can be transferred. I think that kind of flexibility with accountability built in is really important,” Cooper asserted.
“It’s all about privacy,” he added. “And one of the things I think the U.S. has done well is to not have those kinds of restrictions on the ability to transfer data. Japan just revived its Personal Information Protection Act [and] also did some really important work in making sure that there is more than one basis for transferring data.”
Cooper said the Asia-Pacific Economic Cooperation forum’s Cross Border Privacy Rules were a good place to start in dealing with the transfer of data. He added that all APEC countries “feel that if you are certified under the CBPR then you should be able to transfer data using that mechanism because you are held accountable.”
If USMCA goes into force, the U.S., Mexico and Canada must “endeavor to exchange information on the mechanisms applied in their jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility between them,” the deal states, citing the APEC forum’s Cross Border Privacy Rules as a “valid mechanism to facilitate cross-border information transfers while protecting personal information.”
In a section dedicated to cooperation on digital trade issues, the parties also committed to maintaining a dialogue on the promotion of APEC data rules “that further global interoperability of privacy regimes”; engaging in multilateral and regional efforts to promote digital trade development; and promoting, “through international cross-border cooperation initiatives, the development of mechanisms to assist users to submit cross-border complaints regarding protection of personal information.”
Cooper lauded the inclusion of the privacy rules in the NAFTA replacement, adding that while some of the language could be tightened in a U.S.-Japan FTA, “it’s important that there be a good dialogue between nations.”
“It’s not that everybody has to have the exact same privacy law. Japan is a great example of having something similar to what the EU has with the [General Data Protection Regulation] but not identical,” he said. “And making sure there is enough coordination so that there is a harmonized system -- even if not identical -- is really important. Hopefully in the Japan discussions we can pick up on these themes in the early harvest portions.”
Masayuki Matsui, a counselor with the Japanese Embassy, noted that the scope of a trade deal with the U.S. had yet to be determined. He added that digital trade issues were likely to be a key topic of discussion at the G20 summit in November as well as next year’s annual meeting, when Japan will chair of the group.
Asked about China, Matsui said countries must begin a dialogue with Beijing even as they work to address its behavior. China’s technology transfer practices and a cybersecurity law that went into force in June 2017 have been identified by the Trump administration as key targets for the U.S. as it pushes China to reform on trade.
The cybersecurity law featured prominently in last year's annual report on foreign trade barriers released by the Office of the U.S. Trade Representative. In the report, the U.S. criticized China’s cyber legislation as inconsistent with Beijing’s international trade obligations.
Cooper said there was optimism within the software industry that as Chinese technology companies become more “global” in nature, certain rules and regulations seen as protectionism in China will “start to get relaxed.”
Chinese policies aimed at prohibiting data flows, along with some Chinese cybersecurity standards and data localization requirements, “are at odds with where a lot of the rest of the world really is and it’s that fracturing that makes it difficult to do business there,” he contended.
“And I think that is another reason that . . . like-minded nations that care about open markets and trying to make sure that we are using data to improve all sectors of economy . . . set the global norms. So, that there is a coalition of governments . . . that view international standards as the best way to go,” he said.
On Nov. 1, a new regulation stemming from China's cybersecurity law will take effect. It will grant law enforcement agencies discretionary authority to inspect private technology companies, the Chinese Ministry of Public Security said this week.
The “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” will allow “Public Security Bureaus” -- Chinese police forces -- to conduct cybersecurity inspections of companies that provide a broad range of internet services there, according to the National Law Review.
Specifically, the regulation will allow certain levels of law enforcement in Beijing to inspect internet service companies that process and redistribute data or provide internet services to the public. The regulation was released on Sept. 30.
“PSBs are authorized to enter a company’s physical premises -- including data centers -- to conduct an unannounced onsite inspection, review and copy documents, and interview company executives,” the article states. “Precisely which companies will be subject to the Regulation is unclear, as the Regulation leaves local PSBs broad discretion to decide whether a company falls into the Regulation’s purview, including the ability to interpret what services are considered 'other Internet services.’”
The rule authorizes PSBs to impose a range of penalties for companies that fail an inspection, including the imposition of fines and detention of individuals for more “substantial” violations, according to the article.
The regulation, while focused on inspections and penalties, is viewed as a precedent-setting policy for upcoming cybersecurity requirements in China, according to Yan Luo, Ashden Fein and Moriah Daugherty, lawyers at the firm Covington & Burling, who wrote the Oct. 24 article.
“Even though the Regulation codifies existing practices rather than imposing wholly new obligations, the Regulation will likely pave the way for more cybersecurity enforcement actions from PSBs in the future,” they wrote. -- Isabelle Hoagland (email@example.com) with Rick Weber (firstname.lastname@example.org)