Alec Ross, the author of Industries of the Future, opined in 2017 as the world embraces digital trade in goods and services, data remains its key raw material.
Over the past few weeks, there have been a number of commentaries on the ongoing Kenya-United States negotiations of a bilateral trade agreement following a meeting between presidents Uhuru Kenyatta and Donald Trump in February. In a 19-page “Summary of Specific Negotiating Objectives” by the Office of the United States Trade Representative Executive Office of the President, a number of issues were highlighted and have elicited debate, among them, cross-border data flows.
Data has become crucial in trade agreements. As more nations come to the realisation of its importance, most trade pacts contain provisions on data. In light of the proliferation of North-South Free Trade Agreements (FTAs), that is, agreements between the developed countries and the less developed, it is important that trade policy negotiators look at data provisions in these agreements with a tooth-comb.
As the East African Community (EAC) countries continue to negotiate these FTAs, there is no better time to hold discourse on the place of data, especially regarding national security, transferability and localisation. The EAC is bereft of any serious provisions on data. Yet as e-commerce grows, digital trade will encompass a considerable chunk of these agreements. The World Trade Organisation (WTO) does not have a legal framework on this, meaning countries entering into agreements are largely left to their own devices.
The WTO’s position on this is that its General Agreement on Trade in Services (GATS), which covers measures to do with trade in services, adequately deals with digital trade and its ever-evolving technologies.
In the case where the US had prevented cross-border gambling services from Antigua & Barbuda, the WTO panel held that GATS does not limit the technologically possible means of delivering cross-border services. In China–Publications and Audiovisual Products case, regarding China’s refusal to distribute the US’s e-reading materials on the basis that they were not in the physical form, the WTO’s appellate body reaffirmed that GATS commitments cover technological developments. It is therefore unlikely the WTO will have a specific agreement on data anytime soon.
Given the skewed nature of negotiations in North-South agreements due to lack of capacity by the poorer countries, they will in most cases, abide by the terms of the FTAs as developed by the richer ‘trading partners’ wholesomely without as much as an interrogation.
Perhaps EAC and other African countries can draw inspiration from the EU, who have the General Data Protection Regulations (GDPR) which have a framework for protections of citizens’ personal data as well as measures aimed at preventing transfer of data to third countries.
It is noteworthy that these regulations do apply to all the EU members and as such, even agreements negotiated with non-EU members are inevitably subject to the EU stringent data regulations.
Could the developed countries then be exploiting this lacuna in the EAC data protection regime, in the trade agreements? The data protection issues in some of the North-South FTAs should be a cause for alarm. For instance, the US-Kenya FTA, according to the US Department of Commerce, aims to, among other things, “establish state of the art commitments to ensure Kenya refrains from imposing measures that restrict cross-border data flows and does not require the use of installation of local computing facilities”.
Just what are these “state of the art commitments”? Does the FTA intend to do away with Kenya’s localisation of data efforts? Joshua P. Meltzer, a Senior Fellow at Brookings Global, reckons that “the absence of common standards or mechanisms for interoperability among regulatory systems is one reason governments are increasingly requiring data to remain local.”
Section 50 of Kenya’s Data Protection Act envisages processing of data exclusively through servers or data centres located in Kenya. This US expectation under the FTA seems to be in conflict with this provision on data localisation, and will require the attention of both parties to the negotiations.
Another issue to be considered in the Kenya-US trade negotiations is the establishment of rules to prevent governments from mandating the disclosure of algorithms.
Section 35 of the Data Protection Act grants a data subject, in this case a consumer, the right to be informed whenever a decision that significantly affects them is arrived at based solely on automated processing by either the data controller or data processor.
This provision is in conflict with one of the US demands that purposes to limit algorithmic traceability. Algorithmic traceability is a data ethics tenet that calls for consumers to be explained to how and why a decision affecting them was arrived at when an algorithm in actual sense made the decision.
We will have to see what comes off the negotiations regarding this aspect of disclosure of algorithms considering that on the inverse, algorithms are protected by copyright, trade secrets and patents under intellectual property law.
It is worth noting that the US and other rich countries like Canada have adopted this data delocalisation trend in their current FTAs. For instance, the USA-Mexico-Canada Free Trade Agreement (USMCA) provides that no party shall prohibit or restrict the cross-border transfer of information, including personal information.
This has caused jitters, especially in Canada, where data and trade law experts have warned that it could have negative implications on citizens' data privacy.
This is all the more reason these agreements and others that will come to the African continent should be thoroughly scrutinised with the needs of the African countries in mind given the insufficiency of data security laws on the continent. If the US succeeds with Kenya in this, then it shall have on its hands an astounding template for other African countries it considers fertile grounds for trade.
Anam is an international trade law expert. Karanja is a data protection compliance & commercial law practitioner.