Irion Urges the EU to Remain Vigilant in Efforts to Protect Personal Data

The EU’s data protection laws are the strictest and most comprehensive in the world. This puts it at odds with many countries, including and especially the United States, the EU’s largest trading partner. The divergence in data protection standards and enforcement, not just between the EU and the United States but among countries around the world, has a profound impact on international trade.

“Global data flows is an increasingly political issue,” said Kristina Irion in her presentation at the Center for Media, Data and Society on November 24. Irion explained that it is also a critical issue – that gains in importance every day. The ability to move data globally facilitates trade, supply chains, and businesses around the world. The volume of global data flows doubles every 18 months.

Irion, who is currently on leave from the School of Public Policy, is a senior researcher at the Institute for Information Law (IViR) at the University of Amsterdam. She reported on a study that she and others at the IViR had recently undertaken for the European Consumer Organisation (BEUC), the Center for Digital Democracy (CDD), the Transatlantic Consumer Dialogue (TACD), and European Digital Rights (EDRi). The study identified some of the risks that the EU currently faces in safeguarding its privacy and data protection rules.

Irion explained that the World Trade Organization (WTO), which regulates international trade agreements, has its own judicial mechanism. The WTO looks particularly closely at any actions that could disrupt trade. In the opinion of some, the EU’s strict data protection laws constitute barriers to trade. “The EU has the highest standards worldwide,” said Irion, “so the WTO could be expected to rule against it.” Irion noted that being labeled a “barrier to trade” sometimes puts the EU in an uncomfortable position such as when it is “lumped together” with countries like China and Turkey that practice internet censorship. Irion argued forcefully that EU’s strict standards also create trust, which is a valuable asset and deserves protection.

The EU has the right under international trade agreements to, for example, regulate the cross-border transfers of personal data. When it does this, however, it is vulnerable to a finding that it is being inconsistent with GATS (General Agreement of Trade in Services). Irion explained that GATS carries an explicit exception for privacy, but that there is room for interpretation.

Irion said that current EU measures to protect its data protection laws in international trade agreements are inadequate and that there is an urgent need for it to strengthen and revise existing safeguards to ensure that they are appropriate for next generation free trade agreements. “International trade agreements will never trump EU law,” said Irion, “but the EU must remain vigilant.”