Data flows and national security: a conceptual framework to assess restrictions on data flows under GATS security exception

Published date14 January 2019
Date14 January 2019
DOIhttps://doi.org/10.1108/DPRG-09-2018-0052
Pages44-70
AuthorMartina Francesca Ferracane
Subject MatterInformation & knowledge management,Information management & governance,Information policy
Data f‌lows and national security: a
conceptual framework to assess
restrictions on data f‌lows under GATS
security exception
Martina Francesca Ferracane
Abstract
Purpose The paper aims to explore the national securityimplications of a potential for a World Trade
Organization (WTO) dispute on data flow restrictions. It proposes a basic conceptual framework to
assessdata flows’ restrictions under GeneralAgreement on Trade in Services(GATS) security exception.
Design/methodology/approach If a case were to be brought beforethe WTO dispute settlement, the
defender could support its case by invoking the security exception. This paper analyzes three main
arguments that could be broughtup: protection from cyber espionage, protection fromcyberattacks on
critical infrastructure and access to data needed to prevent terrorist threats. These three cases are
analyzed both legally and technically to assess the relevance of restrictions on data flows under GATS
security exception. This analysis can, more generally, inform the debate on the protection of national
securityin the digital era.
Findings In the threecases, restrictions on data consideredcritical for national securitymight raise the
cost of certain attacks. However, the risks would remain pervasive and national security would not be
significantly enhancedboth legally and technically. The implementation of good security standardsand
encryption techniquesappears to be a more effective way to ensure a better response to cyber threats.
All in all, it will be important to investigate on a case by case basis whether the scope of the measure
(sectors and data covered)is considered proportionate and whether the measure in questionin practice
reducesthe exposure of the country to cyber espionage, cyberattacksand terrorist threats.
Originality/value This paper represents a contribution to the literature because it is the firstpaper to
address systematicallythe issue of data flows and national security in the contextof a GATS dispute and
becauseit provides a unique perspective thatlooks both at legal and technical arguments.
Keywords WTO, Cybersecurity, GATS, National security, Data f‌lows, Digital trade
Paper type Research paper
1. Introduction
Trump’s tariffs on steel and aluminum have brought renewed interest on the security
exception in the World Trade Organization(WTO). Under the WTO system, countries are not
allowed to introduce new tariffs or to impose other trade restrictions on bound goods and
services. However, a country can deviate from its free trade obligations to achieve
important non-economic objectives such as data privacy, public morals and national
security.
The security exception is the widest among the exceptions listed in the WTO texts and has
only rarely been invoked by WTO members. This has been partly due to the fact that
members did not wish for the exception to be employed as a cover for new protectionist
measures. But things could change now as more countries consider how to justify trade
Martina Francesca
Ferracane is Policy Leaders
Fellow at the European
University Institute,
Florence, Italy and PhD
candidate in Law and
Economics at Hamburg
University, Hamburg,
Germany.
Received 2 September 2018
Accepted 5 November 2018
This paper is published as a
working paper in SIPA Tech &
Policy Initiative, Working Paper
Series 2. Comments or
questions can be sent to
martina.ferracane@gmail.com.
The author would like to thank
Columbia University SIPA and
the Carnegie Corporation for
their generous research
support. I am also grateful to
Francesco Casotto (CISCO),
Lee Tuthill (WTO) and Prof.
Anupam Chander (UC Davis)
for their valuable comments
and suggestions to improve the
quality of the paper. In addition,
I would like to thank the
participants to the GIG-ARTS
Conference 2018 in Cardiff,
ECPR General Conference
2018 in Hamburg and GigaNet
Symposium 2018 in Paris for
their comments.
PAGE 44 jDIGITAL POLICY, REGULATION AND GOVERNANCE jVOL. 21 NO. 1 2019, pp. 44-70, ©Emerald Publishing Limited, ISSN 2398-5038 DOI 10.1108/DPRG-09-2018-0052
restrictions under this exception. Recently, this exception has been invoked by the Russian
Federation in a dispute involving transit restrictions that Moscow imposed on Ukraine in
January 2016 (Palmer, 2018)[1]. More generally, however, several countries are referring to
the security exception when imposing new regulatory measures, especially those related to
the digital economy. The most recent case is Vietnam’s Cybersecurity Law passed in June
2018. The lawmakers of the country havemade clear that the new measure is justified under
the security exception in WTOtexts and other free trade agreements (Nguyen, 2018).
Vietnam’s law is an example of a new wave of restrictions affecting digital trade (Ferracane
et al.,2018
). In their public pronouncements or related laws and regulations, many
countries have cited national security as a rationale to restrict digital trade, although it is not
yet clear whether, in practice, the restrictions contribute to improved national security
(Peng, 2015;Sargsyan, 2016). Examples of measures that create thick digital borders
include bans to the use of certain digital productsin the public sector[2], security screening
on investment (European Commission,2017a, 2017b) and measures requiring data to be
kept locally (Ferracane, 2017).
The uncertainty surrounding the digital economy increases the policy space of countries to
impose protectionist measures,as it is not always clear whether in practice these measures
are needed to protect important non-economic interests or whether there are less trade-
restrictive alternatives. When a WTO member considers that a certain measure is actually
designed to restrict trade rather than to achieve its stated non-economic objective,
including national security, it can challenge the measure under the WTO dispute system.
Such a dispute is the topic of this paper. In particular, this paper focuses on disputes
related to restrictions on data flows. While some scholars have looked into potential
disputes related to cybersecurity threats connected to certain digital goods (Peng, 2015),
no papers have yet addressed potential disputes related to restrictions on data flows and
national security.
These restrictions can have a serious impact on the capacity of businesses to operate and
provide services to their customers, and it is therefore not unlikely that a WTO member
might challenge data flows’ restrictions as a violation of a member’s WTO commitments on
services. Already in 2015, the European Commission’s Report on Trade and Investment
Barriers and Protectionist Trends criticized China for restricting data flows “on the
ostensible grounds of ‘national security’” going “beyond essential national security
concerns”, and generally risking “imposing unnecessary restrictions on commercial
activities” (European Commission, 2016).
This paper therefore explores the national security implications of a potential for a WTO
dispute on data flow restrictions. It proposes a basic conceptual framework to assess data
flows’ restrictions under WTO security exception and, in particular, under the General
Agreement on Trade in Services (GATS), which enshrines obligations and disciplines on
commercial services that apply to all WTO Members[3]. In doing so, the paper intends to fill
a gap in the literature by clarifying how these restrictions could be assessed under the
existing WTO language.
Ultimately, the decision of a country to start a dispute on data flows restrictions remains a
political one and its impact will go well beyond trade. The deadlock on negotiation of digital
trade commitments reflects the uncertainty on whether the current structure of the WTO is
well suited to judge on issues of privacy, security and, ultimately, internet governance. The
WTO members might want to refrain from bringing claims on digital issues which are not
explicitly covered by current WTO language until this uncertainty is settled. The likelihood
for such a claim will depend on whether one or more members want to take a political
stance on internet governancein a forum that is meant to address trade issues.
This paper remains nevertheless relevant even if a WTO dispute on data flows neverarises.
On the one hand, an analysis on how data flows restrictions may influence, in practice, the
VOL. 21 NO. 1 2019 jDIGITAL POLICY, REGULATION AND GOVERNANCE jPAGE 45

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT