Another Digital Divide: The Rise of Data Realms and its Implications for the WTO

Another Digital Divide: The Rise of Data Realms and its Implications for the WTO Abstract Individuals, businesses, and governments increasingly use data to create new services delivered via the internet. In so doing, they are creating a new economy built on cross-border data flows. The USA, the European Union, and China are using domestic and foreign policies to reap data-based economies of scale and scope. Essentially, they have created three distinct data realms with different approaches to data governance. As a result, they have fostered a new digital divide: between the three data behemoths and other countries that are rule takers. This situation presents the WTO with a challenge and an opportunity. These three data realms could undermine the ability of the WTO to govern trade in data flows, but it also creates pressures for the three data realms to use WTO mechanisms to find common ground among their approaches. Moreover, it could provide an incentive to WTO members to create new rules governing trade in data. I. INTRODUCTION As long as humans have traded, they have traded data (facts or statistics) about the world they encountered. For example, the ancients communicated information about which tribes could be trusted or engaged in piracy.1 Traders have always used data as an input to improve quality, efficiency, and price. But in recent years, the role of data in trade has changed. Today, individuals, businesses, and governments also use data to create new sectors and services delivered via the internet such as the cloud, apps, and artificial intelligence.2 In so doing, they are creating a new economy built on cross-border data flows.3 With the advent of cloud (and other data-driven) services, data in one country are increasingly stored, processed, and analyzed in another country. In this regard, data are essentially traded among individuals, firms, and states.4 Yet, there is no universal or even plurilateral system of rules to govern these cross-border data flows. Many people believe that the right place to regulate such flows should be the WTO. However, members of the WTO and its predecessor, the GATT, have not even directly debated what constitutes legitimate regulation of cross-border data flows (e.g. data protection and censorship regulations) and what is trade distorting (such as server location requirements).5 All that they have agreed to is to refrain from imposing customs duties on electronic transmissions.6 Although the WTO’s dispute settlement bodies have asserted that WTO rules apply to data flows, the WTO has not kept up with the new data-driven economy.7 This is why some countries are instead relying on bilateral and regional free trade agreements (FTAs) to govern cross-border data flows. The Comprehensive and Progressive Agreement on Trans-Pacific Partnership, established by 11 countries bordering the Pacific, provides a good example of such an approach.8 Meanwhile other economies rely on these agreements not only to achieve shared rules but also to achieve economies of scale and scope regarding data. Several countries have put forward plans to encourage data-driven sectors such as artificial intelligence (AI) in the new data-driven economy.9 With more access to various types of personal and other types of data, computer scientists can more easily test and improve algorithms, apps, and services built on data.10 Their policymakers and business leaders appear determined to maintain that advantage through domestic regulations and/or trade strategies.11 But the USA, the EU, and China have taken the clearest steps to dominating these sectors. We refer to these three economic behemoths and their approach to data governance as ‘data realms’. Each of the three realms has adopted a different approach to developing an appropriate enabling environment for these data-driven sectors, relying on a mix of tax, transparency, intellectual property protection, competition, and data protection policies among others. In the US realm, policymakers have put few limits on cross-border data flows. They use trade agreements to develop economies of scale and scope in data and to ban practices such as data and server localization requirements, which could distort trade as well as undermine US comparative advantage in data-driven sectors. In contrast, the EU has made personal data protection the top priority for its realm, in the belief that it will build trust and help netizens feel more comfortable as firms use their personal data. Finally, policymakers in the Chinese realm restrict the free flow of data and information not only across borders but also within China. In so doing, Chinese officials maintain social stability and the power of the Communist Party, while simultaneously nurturing knowledge-based sectors such as artificial intelligence. We argue that this focus on creating data realms is perpetuating a new digital divide. First, given their comparative advantage in these new data-driven sectors, their early investment and large market share, the three realms set the rules for data flows. Moreover, to enhance their access to data and their market dominance, they seek to bring other countries under their realm through incentives (such as a trade agreement or capacity building) or coercion (if you want market access you must behave in x way). As a result, many smaller countries without significant capacity in these new data-driven sectors will be left out of the data rule-making process. Officials in these smaller or less advanced states will likely face considerable pressure to choose one realm over the others, because they already have significant trade relations with that realm or because they favour that realm’s approach to data governance. Unfortunately, because many countries have significant economic relations with more than one realm, it will be difficult for policymakers to choose among the realms unless the rule takers and rule makers can agree on strategies of interoperability. Moreover, by pursuing different approaches, the three data realms are making it more difficult to devise global rules to govern cross-border data flows and, thereby, create a level-playing field for all Member States. As the data-driven economy becomes more important over time, this situation could undermine the WTO. Yet, paradoxically, this digital divide also creates an opportunity for the WTO. The internet giants of the USA and China could pressure the three data realms to resolve disputes or develop mechanisms for interoperability at the WTO. Alternatively, WTO Member States without significant comparative advantage in data could be incentivized to find common ground on rules at the WTO. This article proceeds as follows. We begin by defining ‘data’, ‘information’, ‘e-commerce’, ‘digital trade’, and ‘data-driven economy’. These distinctions are important because the data-driven economy does not always involve what we traditionally consider trade: when two parties exchange money to receive a good or service. We then explain the growing importance of the data-driven economy and the role of trade agreements in regulating cross-border flows. While the WTO implicitly governs cross-border data flows through its General Agreement on Trade in Services (GATS), policymakers have so far used e-commerce chapters of FTAs to govern (or not) cross-border data flows and the many types of services they create. Next, we describe how the USA, the EU, and China have relied on a mix of trade and domestic regulatory policies to create their data realms. In particular, we focus on the regulation and promotion of data flows. However, due to space constraints, we ignore important but related issues such as taxation, intermediary liability, and intellectual property rights. We end with a discussion of the implications of this digital divide for the WTO. II. THE ROLE OF DATA AND NEED FOR GOVERNANCE Data and information12 have long been a key component of trade. In recent years, they have helped to stimulate new forms of trade. However, all forms of data-driven trade are not the same. We define e-commerce as sales of goods and services online between business and consumers and between businesses. E-commerce is conducted over computer networks by methods specifically designed to place or receive orders.13 The OECD defines digital trade as trade built on the movement of data. Data are a means of production, an asset that can be traded, and the means through which some services are traded and global value chains (GVCs) are organized. While there is no single definition of digital trade, there is a consensus that it encompasses digitally-enabled transactions in trade in goods and services that can be either digitally or physically delivered involving consumers, firms, and governments.14 Finally, we define the data-driven economy as an economy built on new services such as personalized healthcare and sectors such as apps, internet-connected devices (Internet of Things [IoT]), and artificial intelligence (AI), which cloud-service providers often facilitate.15 In 2016, the McKinsey Global Institute estimated that around 50% of the world’s traded services are in digital form, while e-commerce accounts for approximately 12% of all goods traded across borders.16 Many services from payroll to data analytics rely on access to cross-border data flows. As such, data and information can be a good, a service or both. On the one hand, physical and digital goods are similar. Physical goods can be stored; some of their characteristics are observable before purchase; their consumption always follows production; and they move in space over means of transportation.17 These same characteristics also apply to digital goods such as films and music. But the key difference is that trade in the same digital good can occur simultaneously in seconds. On the other hand, trade in digital services differs from trade in other services, because suppliers and consumers do not need to be in the same physical location for a transaction to occur. Researchers and policymakers disagree on how to characterize cross-border data flows. For example, the US government distinguishes among categories of transactional data flows based on the relationship between the sender and recipient and the type of transaction that connects them.18 In contrast, the Organization for Economic Co-operation and Development (OECD) focuses on three attributes: whether data are digitally ordered, whether they are a good, a service or information, and who is engaged in the transaction: businesses, consumers, or government.19 Ciuriak and Ptashkina suggest a third taxonomy based on delivery modes and the nature of the parties to the transactions.20 Sen and Aaronson take a more granular approach. Sen distinguishes among personal data, company data, business data, and social data, and refers to metadata as business and social data.21 Aaronson differentiates between personal data, public data, confidential business data, machine-to-machine data, and metadata (Figure 1).22 Both Sen and Aaronson note that control should be a key factor in any taxonomy or set of rules, because it influences the benefits that firms and consumers can reap from trade. Figure 1. View largeDownload slide Types of data traded across borders. Note: Metadata is aggregated and supposedly anonymized personal data. Figure 1. View largeDownload slide Types of data traded across borders. Note: Metadata is aggregated and supposedly anonymized personal data. Although researchers have made some progress in defining the costs of barriers to digital trade and data flows,23 they are still just beginning to categorize them.24 The USA is currently the only country to define digital protectionism, but its definition keeps evolving.25 Thus, until nations develop a consensus on defining digital trade barriers, they remain less likely to find common ground on how to regulate these barriers.26 Moreover, trade in data is fluid and frequent and, as a result, location is hard to determine for the borderless network. Hence, analysts cannot always determine if the flows are an import or export. They also struggle to ascertain when information is subject to domestic law (e.g. intellectual property law) and what type of trans-border enforcement is appropriate.27 Finally, policymakers cannot easily determine jurisdiction, because data and information flows may travel through several countries before they reach their destination.28 Given these unique characteristics, policymakers are just beginning to figure out how and where to regulate cross-border data flows. They understand that the internet’s dynamism depends to a great degree on its openness and stability. When one or more governments censor the internet, it can reduce the platform’s openness and stability.29 Hence, in developing norms and rules, decision-makers must define how and when governments can control data and limit their flows. They must ensure that these rules are internationally accepted and transparent to ensure predictability and accountability. With shared understanding, the internet would be less likely to fragment, more people would have greater access to information, and individuals could create and share more information.30 Without shared rules, costs and legal disputes could escalate, while individuals and firms have fewer incentives to innovate.31 III. TRADE AGREEMENTS AND THE GOVERNANCE OF CROSS-BORDER DATA FLOWS The WTO is the best place to set rules to govern cross-border data flows for two reasons. First, it covers 85% (164) of all nations. Second, WTO rules are transparent, disputable and designed to be flexible as technologies, markets, and political conditions evolve. As of 2018, the WTO has several agreements that implicitly relate to digital trade.32 These agreements include the Information Technology Agreement (ITA), which eliminates duties for trade in computing and information technology equipment;33 the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), which protects trade-related intellectual property pertinent to information technology such as computer programs;34 and the General Agreement on Trade in Services (GATS), which has annexes on financial services, computer services, and telecommunications. However, none of these agreements explicitly addresses data flows, the different types of data flowing across borders, or the many types of new services created by and for the internet.35 The WTO has nevertheless taken some steps to assert its authority over data flows. In July 1999, the GATS Council on Services found that much of e-commerce falls within the GATS’ scope and that GATS obligations cover measures affecting the electronic delivery of services. The Council noted that governments are free to regulate such services at the national level but must do so in a way that does not constitute unnecessary barriers to trade. Finally, it announced that the GATS applies even as technology changes a service’s delivery.36 The GATS’ architects recognized there would be times when states would need to breach the rules to achieve important domestic policy goals.37 Under these exceptions, signatory countries can restrict trade in the interest of protecting public health, public morals, privacy, national security or intellectual property, if such restrictions are necessary and proportionate and do not discriminate among WTO Member States. The public order exception may be invoked only when a genuine and sufficiently serious threat is posed to one of society’s fundamental interests. Moreover, WTO dispute settlement bodies have found that ‘measures must be applied in a manner that does not constitute arbitrary or unjustifiable discrimination or a disguised restriction on trade in services’. Finally, when they use these exceptions, WTO members should ensure they use them in a reasonable manner so that they do not deny the rights of other members.38 As the internet became more important to trade, some Member States demanded greater clarity on the regulation of internet-derived services. In 2011, the USA questioned whether WTO commitments under trade in goods or services should govern digital trade and if these rules could cover the mobile internet and cloud computing.39 Academics and business leaders have also argued that the WTO’s rules are incomplete, outdated, and in need of clarification.40 Some Member States have worked on three tracks to develop rules to govern cross-border data flows. First, they have agreed to continue a ban on cross-border e-commerce duties; however, they have been unable to agree on new rules.41 Second, through the Trade in Services Agreement (TiSA), the EU and 22 other states have engaged in a plurilateral negotiation aimed at liberalizing specific services, including those linked to cross-border data flows. They have, however, not achieved significant progress yet.42 Third, some Member States have sought greater clarity on these implicit provisions through trade disputes.43 The WTO’s Dispute Settlement Body has adjudicated two trade disputes related to information flows. In the internet gambling case, the WTO ruled that governments could restrict service exports to protect public morals if these barriers were necessary, proportionate and non-discriminatory (not discriminating between foreign and domestic providers).44 The WTO’s Appellate Body also examined China’s restrictions on publications and audiovisual products, noting that commitments for distribution of audiovisual products must extend to the distribution of such products on the internet.45 However, neither dispute provided clarity regarding key issues such as whether censorship and filtering or onerous cyber security regulations are trade-distorting or can be justified under the GATS exceptions.46 Meanwhile, in the absence of WTO progress on cross-border data flows, the USA, the EU, China, and other countries have actively pursued FTAs to govern the ever-changing digital economies. Hence, they drafted chapters to govern e-commerce, to which they have, in very limited instances, added language to encourage digital trade and, more recently, the data-driven economy.47 While China remains focused on limited aspirational language, the USA and the EU have increasingly moved to include in their FTAs binding language banning certain types of trade-distorting behaviour. As of early 2018, only one FTA, the CPTPP, includes explicit, binding rules to govern cross-border data flows. CPTPP establishes that states cannot require that data be stored or processed locally (data localization) or that firms disclose their proprietary source code (the original executable commands in a program).48 However, even CPTPP’s language may be insufficient to facilitate new services such as personal assistants (e.g. Apple’s SIRI) or personal health apps (e.g. Doctor on Demand).49 IV. THE US DATA REALM Since the internet came into wide use in the 1990s, the USA has led the global data-driven economy. It is home to the top ten internet brands and to seven out of the 10 internet companies with the largest market value worldwide. These companies include Amazon, Apple, Facebook, Google, Intel, and Microsoft; they provide the hardware, software and platforms for digital trade.50 Four US companies provide more than one half of the worldwide cloud-computing capacity.51 The US market is, however, relatively saturated. Hence, it is growing more slowly than in other countries where internet penetration is lower. Meanwhile, firms from many other countries are gaining ground on US competitors.52 Policymakers must establish an effective enabling environment to maintain success in innovative sectors.53 However, under President Donald Trump’s leadership, US trade and domestic policies in support of the data-driven economy have become increasingly incoherent. US executives and some policymakers are increasingly concerned about what they see as the United States’ declining competitiveness, especially in AI, as well as US taxpayers’ unwillingness to invest in government-sponsored research and development.54 A. Trade policy In 1997, President Bill Clinton’s administration put forward the first set of global principles regarding the governance of cross-border flows—the Framework for Global Electronic Commerce. Even then, the USA viewed maintaining market access as a top priority. It stated: ‘The US government supports the broadest possible free flow of information across international borders […] The Administration […] will develop an informal dialogue with key trading partners […] to ensure that differences in national regulation […] do not serve as disguised trade barriers.’55 The Clinton administration used this framework to build common ground on governing international data flows. For example, the USA was a leading force behind the WTO’s moratorium on taxes on cross-border data flows.56 President Clinton directed the Department of Commerce to develop a uniform international commercial legal framework that recognizes, facilitates, and enforces electronic transactions worldwide and to work with the private sector to develop national online privacy standards. The World Bank and the United Nations Conference on Trade and Development (UNCTAD) began to support efforts to disseminate ideas about an effective enabling environment in the developing world.57 In this regard, the USA was pushing a shared conception regarding the appropriate enabling environment for e-commerce. The George W. Bush administration included e-commerce chapters in many of its FTAs, but the language did not keep up with the rapidly moving internet world. More people from other countries were going online and building domestic companies to serve local internet needs. Companies outside of the USA found a niche in providing services, cyber security, apps, or games.58 Hence for the first time, US internet giants started to see competition. Meanwhile, policymakers outside the USA were increasingly determined to control the internet within their borders. In some cases, they also wanted to facilitate the rise of domestic internet firms. Finally, they had different conceptions about the appropriate enabling environment for data flows that were not directly related to e-commerce.59 By 2009, executives from US digital firms began to worry about increasing barriers to their digital exports.60 They appealed to US officials to limit barriers to cross-border data flows. For example, Google used the OpenNet Initiative’s (a Canadian think tank) research to document how more than 40 governments instituted broad-scale restrictions on information flows.61 President Barack Obama’s administration made digital trade issues a major focus. Obama’s team was determined to respond to policies that influential US internet companies deemed protectionist. Given the dearth of action at the WTO, the USA turned to bilateral and regional trade agreements to regulate such practices. In 2012, the USA and the Republic of Korea became the first states to include specific language related to the free flow of information in their FTA’s e-commerce chapter. The agreement’s Article 15.8 states that ‘the Parties shall endeavour to refrain from imposing or maintaining unnecessary barriers to electronic information flows across borders’.62 However, this provision neither forbids the use of such barriers nor defines necessary or unnecessary barriers.63 After the US–Korea FTA, the Obama administration decided to make the language in its future agreements binding and disputable (i.e. one state may challenge another country’s policies as trade-distorting). In this way, the USA could gain greater leverage to ensure barriers to data flows would be limited. The USA made the Trans-Pacific Partnership (TPP) the first test of this strategy. US policymakers wanted to establish the free flow of information as a default, with limits to digital protectionism and a privacy floor.64 At the same time, Obama administration officials were worried about China’s efforts to enforce its concept of cyber sovereignty, defined as banning unwanted influence in a country’s information space.65 They believed TPP could provide an answer to the Chinese challenge, since, if approved, it would include some 40% of the world’s current internet users. Hence, TPP could set the norms for cross-border information flows.66 Alas, immediately after his inauguration, President Donald Trump pulled the USA out of TPP. Nevertheless, the USA under President Trump has also made clear it was increasingly worried about Chinese competition in data-driven sectors and willing to respond with protectionist measures.67 B. Personal data protection Although President Clinton’s Framework for Global Electronic Commerce stressed that strong data protection is essential to building trust, the USA has not been a strong advocate of data protection in trade agreements. The USA has essentially said that countries must establish a privacy floor, but has said little about how its trade agreement partners should protect personal data. In contrast to the EU, where online privacy is both a human and a consumer right, the USA considers privacy strictly a consumer right. Moreover, the USA uses a sectoral approach that relies on a mix of legislation, regulation, and business self-regulation. US laws contain minimal guarantees of an individual’s right to not have confidential personal information exposed online.68 Unlike the EU, the USA does not have one broad privacy law related to data protection. US laws do not require companies to get informed consent to use personal data, nor do they establish a baseline commercial data privacy framework. In February 2012, the Obama White House announced the Consumer Privacy Bill of Rights, a set of data privacy guidelines. The Department of Commerce convened companies, privacy advocates and other stakeholders to develop and implement enforceable privacy policies based on it.69 However, as of March 2018, Congress had not approved legislation to strengthen US data protection or been able to find common ground on new legislation. Under President Obama, the USA stated it wanted to make its approach to privacy interoperable with its international partners’ privacy frameworks.70 For its part, the Trump administration has said little about this issue. Since Congress has not written legislation on privacy in cross-border data flows, US officials have worked to accommodate the strategies of key trade partners that have made personal data protection more of a priority (e.g. the EU and Switzerland). For example, the Department of Commerce developed the US–EU Safe Harbor Framework (now revised and called Privacy Shield), which permits data for commercial purposes to flow across the Atlantic to the USA, with Federal Trade Commission (FTC) enforcement as a backstop. Companies (except financial institutions and telecommunications common carriers) may apply to qualify for a safe harbour. Companies that accept the relevant voluntary, enforceable code are safeguarded (i.e. they are given a certification) so long as their practices do not deviate from the code’s approved provisions. However, those firms that fail to comply with the code’s provisions could be subject to an enforcement action by the FTC or a state attorney general. Similarly, a company’s failure to follow the terms of its privacy policy or other information practice commitments may lead to investigation and enforcement under current US policy.71 C. Trump’s incoherent approach to digital trade and the data-driven economy The Trump administration has taken a radically different approach to trade than its predecessors. One of Trump’s first acts as president was to withdraw from TPP. In addition, President Trump has threatened to withdraw from the North American Free Trade Agreement (NAFTA) if negotiators could not achieve a better deal for the USA. Finally, the Trump administration has stated it will focus on bilateral trade deals, rather than on regional or multilateral agreements. Nevertheless, with respect to digital trade, the Trump administration has built its proposals on those of the Obama administration (namely, the TPP).72 The Trump administration has taken some steps that reduce American credibility to advocate for the free flow of information across borders. First, domestic regulators have rejected the net neutrality principle,73 whereby individuals should be free to access all content and applications equally, regardless of the source, without Internet Service Providers (ISPs) discriminating against specific online services or websites.74 Critics have contended that this new ‘hands-off’ approach allows America’s providers to discriminate among services, service providers, and websites.75 Second, in the wake of election-hacking revelations, Republican and Democratic congressional members are pressuring internet platforms such as Google, Facebook, and Twitter to do more to fight false information and stop foreign infiltration. To some observers, this smells like censorship.76 Finally, several analysts have criticized US policymakers for not focusing sufficiently on Chinese efforts to dominate AI. They have noted that US firms are increasingly moving AI research to China to take advantage of the country’s large supply of data as well as the low level of protection accorded to personal data. Moreover, the Trump administration proposed reducing science and technology funding, which could over time reduce American innovation in AI and other data-driven sectors. Thomas Kalil, who led White House efforts under President Obama, warned that the Trump administration is headed in the wrong direction and that the USA is losing its comparative advantage in digital trade.77 Taken in sum, these policy changes weaken US credibility to demand the free flow of information in trade agreements. V. THE EU DATA REALM Although the inventor of the World Wide Web Tim Berners-Lee is Swiss and British, European governments and firms did not play a major role in the internet’s development. Today, there are no European firms among the top 15 digital firms by market value or any household names among Europe’s top 20 digital firms.78 Some EU members such as the UK (soon to Brexit), Sweden, and Germany have strong AI, robotics, apps, and software firms. However, while Europe has many strong global competitors in the software and telecommunications sector, it is still just beginning to build new data-based firms. While the EU is the biggest exporter of digital services, US firms control some 54% of the EU’s digital market, compared with 46% for European firms.79 In 2016, Bauer and Erixon calculated the EU–US digital performance gap at 43%.80 Although EU Member States consist of mature industrialized economies, their digital markets have significant room to grow.81 Unlike the USA, the EU is relying on domestic trade policies to build its data realm. In 2010, EU policymakers recognized that EU Member States should work collectively to build a unified market, just as they did for goods and services. They created the Digital Agenda for Europe (DAE), a roadmap for a Digital Single Market (DSM) that would allow them to pool resources, share governance and create economies of scale and scope in data while ensuring personal data protection. The DAE has seven pillars: achieving the digital single market; enhancing interoperability and standards; strengthening online trust and security; promoting fast internet access for all; investing in research and innovation; promoting digital literacy, skills and inclusion; and enabling ICT benefits for society. The EU also announced separate plans for data flows involving personal and non-personal data.82 To build the DSM, policymakers had to find ways to reduce trade barriers between EU Member States. In January 2017, the European Commission adopted its Building a European Data Economy policy. In the Staff Working Document that accompanied the policy, it looked at the rules and regulations impeding the free flow of data. It also presented options to remove unjustified or disproportionate data location restrictions. Finally, it outlined legal issues regarding access to and transfer of data, data portability, and liability of non-personal, machine-generated digital data.83 The Commission also launched a public consultation and dialogue with stakeholders to better understand public concerns.84 In so doing, it acknowledged that EU Member States still had many roadblocks to the free flow of information. For example, the Brussels-based European Centre for International Political Economy found 22 data localization measures whereby EU Member States imposed restrictions on the transfer of data to another Member State. The most common restrictions target company records, accounting data, banking, telecommunications, gambling, and government data. In addition, there are at least 35 restrictions on data usage that could indirectly localize data within certain Member States.85 A. Privacy and personal data protection The European data realm is characterized by its strong commitment to maintaining online trust. As members of the Council of Europe, all EU Member States are required to ensure personal data protection under human rights law.86 Every EU citizen has the right to personal data protection, and firms can only collect data under specific conditions.87 The EU also requires Member States to investigate privacy violations.88 The first iteration of the EU’s commitment to online data protection was the Directive on Data Protection.89 It prohibits the transfer of personal data to non-EU countries that do not meet the ‘adequacy’ standard for privacy protection. To become adequate, the EU requires other countries to create independent government data protection agencies, register databases with those agencies and, in some instances, obtain prior approval from the European Commission before personal data processing may begin.90 As new technologies emerged, policymakers and the public realized the data protection framework needed updating. In 2016, the EU adopted the General Data Protection Regulation (GDPR), which replaces the Data Protection Directive. The GDPR took effect on 25 May 2018 and provides rules on the use of data that can be attributed to a person or persons.91 In October 2017, the European Commission proposed another regulation to complement the GDPR.92 This new regulation concerns ‘the respect for private life and the protection of personal data in electronic communications’; it is meant to replace the outdated e-Privacy Directive.93 The EU’s commitment to data protection has costs and benefits. On the one hand, the EU’s approach to elevating data protection is attractive to many countries and netizens. On the other hand, it is extremely costly to digital firms that must comply with the GDPR. They must hire staff to interpret and enact these regulations.94 Moreover, the EU (like China) is increasingly requiring its trade partners to accept the EU commitment as non-negotiable. In 2017, a French court required that websites outside of France must block foreign content to enforce the EU’s ‘right to be forgotten’. In so doing, the EU is imposing its values upon other suppliers and consumers of data.95 Because the EU is a major market, several countries are adopting EU data protection policies or working towards being deemed ‘adequate’.96 To date, the European Commission has recognized Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and the USA (limited to the Privacy Shield framework) as providing adequate protection, while Japan and South Korea are in discussions with the EU.97 The EU has also introduced a new approach to regulating the use of algorithms, designed to protect the privacy of users and empower them to contest misuse. Since 25 May 2018, the GDPR’s Article 21 gives anyone the right to opt out of algorithm-tailored ads (such as what one finds when one searches on Google). Article 22 allows EU citizens to contest legal or significant decisions made by algorithms and appeal for human intervention. With these regulations, the EU has made clear that consumers should oversee their data. B. Trade policy The European Commission has committed to using FTAs to set rules for cross-border data flows and tackle new forms of digital protectionism in compliance with the EU’s personal data protection rules.98 However, until early 2018 it was not able to develop shared language for trade agreements. Its trade and justice directorates-general were reportedly at odds over how to address cross-border data flows in trade agreements while ensuring that personal data are protected. As a result, EU trade agreements contain only aspirational language related to cross-border data flows.99 This situation was in evidence during the FTA negotiations between the EU and Japan. The parties initially drafted a digital trade chapter that contained binding language regulating some aspects of digital protectionism.100 However, because the Commission could not find common ground on the appropriate binding language, the EU and Japan agreed instead that their FTA would only include a review clause that allows the two sides to revisit the issue once the EU has a stated position.101 On 8 February 2018, the European Commission finally found a workable compromise based on three pillars: (i) a horizontal clause covering the free flow of both personal and non-personal data; (ii) a ban on data and server localization requirements; (iii) language that safeguards the EU’s right to regulate personal data, including language that the first two pillars cannot be subject to investor-state challenges or included in regulatory dialogues.102 With this compromise, the EU signalled that it plans to adopt trade agreements as a tool to tackle protectionist practices, while preserving the EU’s acquis on the protection of personal data. It also made clear that, as a result, it would ‘take a lead in shaping global rules on digital trade’.103 VI. THE CHINESE DATA REALM China is the world’s largest digital market, with 731 million internet users, according to the China Internet Network Information Centre.104 It accounts for more than 40% of global e-commerce transactions. It processes 11 times more mobile payment transactions than the USA in terms of value. It is one of the top three global locations for venture-capital investment in key types of digital technology, including virtual reality, autonomous vehicles, 3-D printing, robotics, drones, and AI.105 It has one third of the world’s 262 unicorns (start-ups valued at over $1 billion).106 By 2021, more than half of its economy will be digital.107 China’s innovation occurs under the Great Firewall, a system of censorship, filtering and technological requirements put in place by the Chinese Communist Party (CCP). Although the Chinese internet economy is very innovative, it is also highly regulated, opaque and seen as discriminatory.108 The government plays an active role in building world-class infrastructure to support digitization as an investor, developer, and consumer. Because Chinese citizens are generally supportive of AI and seem to be less concerned about privacy than those in the US or EU realms, the Chinese government shares personal data with firms and vice versa. As a result, China has quickly been able to achieve data economies of scale and scope, thereby helping its firms to develop AI. As reporter Paul Mozur noted, ‘China’s unabashed fervour for collecting such data, combined with its huge population, could eventually give its artificial intelligence companies an edge over American ones […] If Silicon Valley is marked by a libertarian streak, China’s vision offers something of an antithesis, one where tech is meant to reinforce and be guided by the steady hand of the state’.109 A. China’s data governance regime The Chinese government justifies its strong controls over data in the name of national security; however, restrictive or discriminatory policies also serve to facilitate the emergence of Chinese national champions by reducing competition from abroad.110 The internet and its associated digital flows are an important driver of China’s economic future. They are also seen as a potential threat to CCP rule. As a result, the government wants not only to control information that comes from outside China but also data that circulate within the country. For instance, the State Security Law, enacted in 1993, allows Chinese security institutions to access ‘any information or data held by an entity in China whenever they deem it necessary’.111 The Chinese government is also looking at feeding data into AI systems to predict social unrest and terrorist attacks, whereby ‘security services should break down any barriers in data sharing to enable the smooth integration of various systems’.112 Finally, China blocks cross-border data flows. Since 2007, the government has increasingly relied on restrictive measures related to digital information and data. Ferracane and Lee-Makiyama count 16 measures for digital policies (12 since 2007), eight measures for content access (six since 2007), and six measures for online sales and transactions (five since 2007).113 For instance, the government blocks sites by IP address and blocks and filters uniform research locators (URLs) and search engine results. Such censorship is made easier because all telecommunication operators in China remain under the government's ownership. In addition, foreigners are not allowed to invest in internet publishing.114 According to Freedom House, China had the most internet restrictions in the world in 2017, more than Syria, Ethiopia, and Iran.115 Chinese restrictions appear to distort trade and investment.116 The American Chamber of Commerce in China reported that 79% of US companies in China experienced blocked access to web tools and services, which raised their business costs.117 For its part, the European Chamber of Commerce in China found that 49% of its surveyed members indicated that the tightening of the Great Firewall was making it harder for them to do business in China. A quarter indicated that they experienced lower productivity in the office, faced difficulties in exchanging data and documents with headquarters, partners and customers, and/or were unable to properly search for information and engage in research.118 Finally, the US–China Business Council reported that 82% of its members ‘are concerned about China’s approach to information flows and technology’.119 The Cyberspace Administration of China (CAC) is now the main governance body for China’s cyberspace. It was created in 2014 out of the State Internet Information Office, which was responsible to overseeing telecommunications companies.120 The CAC is also responsible for regulating and supervising internet content, after having taken over other agencies.121 It reports to the Central Internet Security and Informatization Leading Group, which President Xi Jinping directs. Lee Myers and Wee assert the CAC ‘is now seen as an institution as important as the defense ministry’.122 B. Censorship China’s Great Firewall (GFW) controls China’s internet access. According to Ferracane and Lee-Makiyama, ‘[t]his system is based on centralized control over international gateways, filtering online content or blocking access entirely to some of the most common websites on the public internet’.123 For example, unless accessed through virtual private networks (VPNs), which help circumvent the GFW, applications like Facebook, YouTube, Google’s search engine and maps, and Twitter are blocked in China. Foreign media websites like The New York Times or The Economist are also blocked. The GFW increasingly blocks access to VPNs themselves, including custom-built ones used by global firms as well as embassies in some cases.124 Since 2017, the Chinese government requires that VPNs be approved for sale in China. For instance, in late July 2017, Apple had to remove many VPN services from its iTunes app in China, because they had become illegal.125 Businesses worry that their in-house VPNs will no longer be allowed and they will have to use those approved by the Chinese government, which would make spying and data access restrictions easier to conduct.126 New regulations issued in May 2017 also require websites that provide online news and information services to be licensed.127 But it goes even further. According to Ferracane and Lee-Makiyama, the ‘new regulations require all services – including all political, economic, military, or diplomatic reports or opinion articles, whether they feature on blogs, websites, forums, search engines, instant messaging apps or any other platform – to be managed by party-sanctioned editorial staff’.128 In addition to the Chinese government relying on paid censors to identify inappropriate content, digital service and content providers (telecom operators, mobile apps, websites, cloud services, etc.) are now required to monitor their users’ behaviour on their platforms to ensure ‘public safety’.129 Specifically, these firms are supposed to ensure that only appropriate content is published, check the identity of customers, and report violations to the authorities. Inappropriate content includes ‘independent evaluations of China’s human rights record, critiques of government policy, discussions of politically and socially sensitive topics, and information about the authorities’ treatment of ethnic and religious minorities’.130 Firms that fail to prevent or eliminate banned content could be fined, lose their licences, or even be charged criminally.131 Furthermore, on 3 August 2017, all internet data centres and cloud companies located in China were ordered to participate in a three-hour drill to hone their emergency response skills. They were essentially ordered to practise taking down websites that had been deemed harmful.132 China does not only censor and restrict market access in its home market. Since 2008, researchers have found evidence that the Chinese government has exported censorship beyond its borders. For instance, Deibert argues that China has used distributed denial of service (DDoS) attacks in Tibet, the USA, UK, Canada and elsewhere. These attacks deny access to information by disabling directly the sources of information rather than blocking requests for information as filtering systems do.133 In 2015, Marczak et al. identified a new, more powerful external censorship tool, which they called the ‘Great Cannon’. This tool ‘manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack’.134 The attack took place in March 2015 and was directed at GreatFire.org’s rented proxy servers, which were used to make blocked websites accessible in China. In addition, Western firms are increasingly using self-censorship or apologizing for actions and policies that the Chinese government dislikes.135 C. Data localization and transfers China’s new Cybersecurity Law, which took effect in June 2017, requires firms operating in China to store data collected in China to be kept on servers located in the country. Such a requirement is not new, but it had not been formalized until then.136 In addition, any publisher of online content must locate their ‘necessary technical equipment, related servers and storage devices’ in China.137 Firms and individuals storing and processing personal financial and population health information must store the data in China. Online maps must also be kept on a server inside China.138 In addition to localizing data in China, a significant portion of data cannot be transferred outside of the country without official approval, following a security assessment.139 For instance, any cross-border transfer of personal data requires government approval.140 Finally, foreign firms cannot offer cloud-computing services without a Chinese partner owning at least 50% of the joint venture.141 Hence, Apple, which has signalled that protecting personal data is key to its mission, in February 2018, began hosting the iCloud accounts of its Chinese customers in a new data centre located in China whose ownership is shared 50–50 with state-owned Guizhou—Cloud Big Data Industry Co Ltd. In line with a draft encryption law released in April 2017, Apple also agreed to store the cryptographic keys to unlock the iCloud accounts in these Chinese data centres. Apple had always kept the keys in the USA, which would force Chinese authorities to use US courts to try to obtain access to information held on Chinese users’ accounts. Chinese law will now apply, whereby the courts are reportedly not required to issue warrants.142 D. Privacy and protection of personal data and information The Chinese government has not made protection of personal data a priority. Wang notes that the term ‘right of privacy’ did not even exist in Chinese laws and regulations before the end of 2009, when the Tort Liability Law was enacted. However, this law does not affect public law. Moreover, the government has established many exemptions that give it extensive rights and generous room for flexibility for investigation, seizures and search, especially in the areas of state security or for maintaining social order.143 For instance, on top of requiring that personal data be kept on servers within China, the new Cybersecurity Law demands that firms providing online services register their users under their real names.144 For its part, the State Security Law requires that relevant government entities have access, without due process, ‘to any information help by companies in China’.145 The more recent Counterterrorism Law states that internet services providers and telecommunication operators must also provide technical support to security authorities.146 Given the above, it should not come as a surprise to know that privacy as a fundamental human right is a relatively new concept in China. According to Wang, there are five reasons for this. First, the word for privacy ‘yinsi’ means ‘illicit secrets and selfish, conspiratorial behaviour’. Second, Chinese people tend to see privacy in terms of being left alone from their fellow citizens, not from the government, since they are used to the latter collecting information on them. Third, they have been subject to government propaganda on the importance of data collection for security and social stability. Fourth, possibly because of the above-mentioned reasons, their awareness of government intrusion remains ‘vague and weak’. Fifth and most importantly, there is no real representative system for the people’s interests.147 Nevertheless, Chinese people’s concern with online privacy is gradually increasing. In 2018, The Economist reported that Chinese citizens are anxious about protecting their personal data from fraudulent use such as theft rather than with government authorities collecting information on them.148 Yet attitudes are changing. For example, state broadcaster China Central Television (CCTV) and Tencent Research surveyed 8000 respondents on their attitudes towards AI as part of CCTV’s China Economic Life Survey. A total of 76% of those polled see certain forms of AI as a threat to their privacy, even as they believe that AI holds much development potential and will permeate different industries.149 In addition, people are increasingly relying on VPNs to get around internet censorship in China, even as censorship increases. VPN providers are very reluctant to disclose how many users they have, much less where those users are located, both for business purposes and fear of attracting attention from regimes trying to crack down on these services.150 However, according to a survey by the Global Web Index, almost one-third (31%) of internet users in China used a VPN to achieve greater privacy online.151 E. Trade policy China has not used its FTAs to build its data realm. China’s FTAs do not contain binding rules on data flows or language to limit digital protectionism. In its recent agreements with Korea and Australia, China has encouraged e-commerce, a sector where it is very competitive with firms like Alibaba and JD.com. China has also included provisions for facilitating cross-border e-commerce in its updated FTA with Chile.152 China is also part of the Regional Economic Comprehensive Economic Partnership (RCEP) negotiations, which include the Association of Southeast Asian Nations (ASEAN), Australia, India, Japan, South Korea, and New Zealand. The language for RCEP’s e-commerce chapter has not been made public or leaked but some Member States are pushing for binding language on the free flow of data, language on privacy, and language banning some forms of digital protectionism.153 At the time of writing (April 2018), it is unclear whether China would agree to such provisions. VII. DISCUSSION: THREE DATA REALMS, A DIGITAL DIVIDE, AND THE WTO The USA, the EU, and China are using domestic and foreign policies to reap data-based economies of scale and scope. They are creating three distinct data realms with different approaches to data governance. The USA has a patchwork of data protection rules; the US approach has been to let business set the rules and to self-regulate privacy in the belief that consumers will punish firms that do not do a good enough job of data (and cyber security) protection.154 While the USA has included language that includes data protection as a floor (as in TPP/now CPTPP), it has not proposed such language for NAFTA. So, thus far, the USA has not communicated that data protection is a priority. Meanwhile, it has used trade agreements to get other countries to limit restrictions on the free flow of data across borders. In light of recent privacy scandals (e.g. Russian meddling in the 2017 elections) and the AI challenge posed by China, the US government is facing strong pressures to rethink its approach to data protection. In contrast, the EU has relied on internal trade policies and domestic regulations to create a digital single market where personal data and privacy are strongly protected. The EU views this approach as the only way to maintain trust online, which it considers a precondition to a successful digital market. It has restricted firms’ ability to move data outside Europe unless recipient countries’ data protection regimes are deemed to be ‘adequate’ by the European Commission. Recently, the EU agreed to include binding language on the free flow of data and to limit data localization in trade agreements, but it made clear that its approach to data protection is non-negotiable. Finally, China has relied on domestic regulations to restrict cross-border data flows and limit personal data protection, to promote its data-driven economy and ensure domestic political stability and security. With a large consumer population and relatively low data protection standards, China offers its firms an attractive environment to develop new digital products and services, especially in AI. A. Another digital divide These three digital trade giants have provided other countries some incentives to join their realms. While the USA and the EU have relied on access to their wealthy, active, and sizeable digital markets to attract other countries to their realms, China has offered to help the countries that are part of its Belt and Road Initiative to build an internet infrastructure modelled on the Great Firewall.155 According to Chen Zhaoxiong, Vice Minister of China’s Ministry of Industry and Information Technology, the aim is to ‘promote the ‘digital silk road’ to construct a community of common destiny in cyberspace’.156 But these three realms’ existence poses a challenge for other countries: their policymakers could eventually be forced to choose which realm to associate with. For example, both Canada and Mexico have FTAs with the USA and EU. While the USA is Canada’s largest trade partner for goods and services and the Canadian regulatory approach more resembles that of the USA, Canadians may feel more comfortable with the EU's approach and its strong commitment to data protection. However, Canada’s commitments under CPTPP and possibly under NAFTA 2.0 could make it more difficult to meet the EU’s GDPR requirements.157 Mexico is also increasingly committed to data protection and has included some rights embedded in EU law into Mexican law. Moreover, given the Trump administration’s bullying of Mexico, Mexican officials and citizens want to increase trade with Europe to be less dependent on the US market. They too might ultimately be more comfortable with the EU approach.158 Meanwhile, countries in Africa face a choice between the Chinese and EU data realms. While Africa has close trade ties to Europe, policymakers may seek to gain more Chinese investment in the region. In South America, the pull could be three ways rather than two. Traditionally, the Americans and Europeans have vied for influence in the region, but China has made significant inroads. Given that existing FTAs in Latin America do not address data flows, countries in the region face a difficult choice, unless they have already committed to the TPP model. Finally, in the Asia-Pacific region, countries face a choice between the Chinese and US models. With the CPTPP, Japan and other Member States have managed to ensure that the US data realm continues to be an attractive option for countries in the region.159 Many countries may struggle with the decision to choose a realm to govern data flows. While they may have a significant base in e-commerce, they do not yet have significant data-driven sectors. These states may be suppliers of personal data, but they do not control or process data. Policymakers in these states may want to wait and see how the data-driven economy develops rather than picking the wrong realm to latch onto. Alternatively, they may try to devise rules that are interoperable with at least two of the three data realms; yet that is easier said than done given the different data realm strategies. Alternatively, policymakers may decide to shape their own markets by developing rules that require companies to pay them for personal data.160 In so doing, they gain leverage related to these sectors and could influence comparative advantage in the data-driven economy.161 B. Implications for the WTO The three data realms both undermine and bolster the WTO. On the one hand, given that WTO members have made little progress on e-commerce or TiSA, some countries that seek modernized rules to govern data flows are turning to FTAs. In so doing, they are weakening the WTO, as its purview will not include key new sectors. Moreover, relying on FTAs to govern data flows only risks aggravating the digital divide between countries, since FTAs will only serve to promote (and protect) the three giants’ data realms. On the other hand, countries recognize that the WTO provides the only legitimate forum to clarify rules and resolve disputes. Moreover, the WTO has significant experience balancing demands for open markets with demands to restrict markets to achieve important domestic policy goals. And there is growing evidence that members are turning to the WTO to provide guidance and stimulate discussion. For instance, several Member States have submitted ‘non-papers’ on data-related provisions to the WTO since 2016.162 In addition, in June 2017, WTO members debated if cyber security strategies were a technical barrier to trade. Some members were concerned that cyber security regulations would negatively impact trade in IT products, potentially discriminating against foreign companies and technologies and possibly leading to unnecessary disclosure of commercially confidential and technical information. Others argued that cyber security rules are needed to address national security issues and ensure consumer privacy and the measures in question were non-discriminatory.163 In March 2018, at the United States’ behest, WTO members discussed whether China’s cyber security regulations undermined the free flow of data across borders.164 They are also using this venue to discuss Vietnam’s cyber security laws as a barrier to data flows.165 With such discussions, the three data realms are bolstering the WTO—prodding members to find common ground on important questions.166 However, a lot of work remains. Although the EU and the USA broadly support the free flow of data across borders with restrictions on data localization, other Member States such as the Africa Group are aligned with the Chinese data realm in opposing data flow liberalization and data localization limitations.167 Alternatively, these countries could take advantage of the current situation to rethink how to regulate trade in data, which is different than trade in goods or services. Perhaps Member States could find agreement on a new framing based on data types, as suggested by Aaronson and by Sen.168 Many cross-border data flows are not directly associated with a traditional trade transaction. Moreover, each type of data may pose different regulatory issues (e.g. metadata vs. personal data; proprietary data vs. public data). Policymakers could build on the WTO’s two regulatory agreements: the Agreement on Technical Barriers to Trade (TBT) and the Agreement on the Application of Sanitary and Phytosanitary Measures (SPS). These agreements ensure that when Member States regulate they do not create disguised barriers to trade. VIII. CONCLUSION China, the EU, and the USA have established three distinct data realms, but the differences between the realms risk creating an important digital divide between rule makers (the three realms) and the rule takers who lack comparative advantage in these new data-driven sectors. The growing strength of these realms could undermine the legitimacy and relevance of the WTO in the global economy. However, the three realms could also provide a new logic for collective action, prodding those without a comparative advantage in data-driven sectors as well as the data behemoths to collaborate at the WTO. FUNDING The George Washington University Institute of International Economic Policy and the University of Ottawa's CN-Paul M. Tellier Chair on Business and Public Policy provided funding for research assistance. The authors would like to thank Kimberly Bullard and Wang Zhiduo for their able research assistance with this article. They would also like to thank Robert Wolfe for his comments on a previous version of this article. Footnotes 1 Peter Temin, ‘Mediterranean Trade in Biblical Times’, 3-12 MIT Department of Economics Working Papers (2003), at 14–16. 2 Software provides a good example. The Congressional Research Service reported that the value of embedded software represents a substantial and growing share of the value of many manufactured products from pacemakers to cars. Marc Levinson, The Meaning of ‘Made in the USA’, R44755 (Washington, DC: Congressional Research Service, 2017), https://fas.org/sgp/crs/misc/R44755.pdf (visited 9 March 2018). 3 Dan Ciuriak, ‘Digital Trade: Is Data Treaty-Ready?’ 162 Centre for International Governance Innovation Papers (2018), https://www.cigionline.org/publications/digital-trade-data-treaty-ready; Susan ArielAaronson, ‘Information Please: A Comprehensive Approach to Digital Trade Provisions in NAFTA 2.0’, 154 Centre for International Governance Innovation Papers (2017), https://goo.gl/DLbif7; Nivedita Sen, ‘Understanding the Role of the WTO in International Data Flows: Taking the Liberalization or the Regulatory Autonomy Path?’, 21 Journal of International Economic Law 323 (2018). 4 Jonah Force Hill and Matthew Noyes, ‘Rethinking Data, Geography, and Jurisdiction: Towards a Common Framework for Harmonizing Global Data Flow Controls’, in Ryan Ellis and Vivek Mohan (eds), Rewired: Cybersecurity Governance (Wiley Publishing, 2018), https://goo.gl/FwuLcB; Bertrand de La Chappelle and Paul Fehlinger, ‘Jurisdiction on the Internet: From Legal Arms Race to Transnational Cooperation’, 28 Centre for International Governance Innovation Papers (2016), https://goo.gl/o9tNRT. 5 See Sen, above n 3, at 5; Susan Ariel Aaronson, ‘What Are We Talking About When We Discuss Digital Protectionism?’ (4 September 2017). Working Paper for the Economic Research Institute of Asia (Eria), July 2017. Available at SSRN: https://ssrn.com/abstract=3032108 or http://dx.doi.org/10.2139/ssrn.3032108. 6 International Centre for Trade and Sustainable Development (ICTSD), ‘African Group Submits Proposal on E-commerce Ahead of WTO Ministerial’, 28 November 2017, https://www.ictsd.org/bridges-news/bridges-africa/news/african-group-submits-proposal-on-e-commerce-ahead-of-wto (visited 7 April 2018). 7 International Centre for Trade and Sustainable Development (ICTSD), ‘TiSA Ministerial Cancelled, Officials to Prepare for 2017’, 24 November 2016, https://www.ictsd.org/bridges-news/bridges/news/tisa-ministerial-cancelled-officials-to-prepare-for-2017 (visited 9 March 2018); Mira Burri, ‘The Governance of Data and Data Flows in Trade Agreements: The Pitfalls of Legal Adaptation’, 51 UC Davis Law Review (2017), at 65, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=306797 (visited 20 April 2018). 8 Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), signed by Member States at Santiago, 8 March 2018, https://goo.gl/QU3CzX. 9 For the United States, see US Executive Office of the President, National Science and Technology Council, Preparing for the Future of Artificial Intelligence (Washington, DC: US Executive Office of the President, 2016) https://goo.gl/9XN4eB; for France, see Cédric Villani, For A Meaningful Artificial Intelligence: Towards a French and European Strategy (Paris: AI for Humanity, 2018), https://goo.gl/AhRFKB; for Canada, see Canadian Institute for Advanced Research (CIFAR), ‘Pan-Canadian Artificial Intelligence Strategy Overview’, 30 March 2017, https://goo.gl/PZ58vT; and for United Kingdom, see Dame Wendy Hall and Jérôme Pesenti, Growing the Artificial Intelligence Industry in the UK (London: UK Department for Digital, Culture, Media and Sport and Department for Business, Energy & Industrial Strategy, 2017), https://goo.gl/duiQxJ. 10 Xavier Amatriain, ‘In Machine Learning, What is Better: More Data or Better Algorithms’, June 2016, https://goo.gl/w1tJQu; Avi Goldfarb and Daniel Trefler, ‘AI and International Trade’, in Ajay K. Agrawal, Joshua Gans and Avi Goldfarb (eds), The Economics of Artificial Intelligence: An Agenda (Cambridge, MA: National Bureau of Economic Research (NBER), 2018). 11 For a comparison of the Chinese and US approaches to digital trade, see Henry Gao, ‘Digital or Trade? The Contrasting Approaches of China and US to Digital Trade’, 21 Journal of International Economic Law 297 (2018). 12 Data are unprocessed facts. When data are processed, organized, structured, or presented in a meaningful or useful manner, they become information. Diffen, ‘Data vs. Information’, http://www.diffen.com/difference/Data_vs_Information (visited 8 March 2018); Sen, above n 3, at 3. 13 Organisation for Economic Co-operation and Development (OECD), ‘OECD Glossary of Statistical Terms’, http://stats.oecd.org/glossary/detail.asp?ID=4721 (visited 8 March 2018). 14 Javier López González and Marie-Agnes Jouanjean, ‘Digital Trade: Developing a Framework for Analysis’, 205 OECD Trade Policy Papers (2017), http://dx.doi.org/10.1787/524c8c83-en. 15 European Commission, Communication on Data-Driven Economy, Law, 2 July 2014, https://ec.europa.eu/digital-single-market/en/news/communication-data-driven-economy. 16 James Manyika et al., Digital Globalization: The New Era of Global Flows (USA: McKinsey Global Institute, 2016) 23, https://goo.gl/ejeDBE. 17 Andrea Ariu, ‘Services Versus Goods Trade: Are They the Same?’ 237 National Bank of Belgium Working Paper Research (2012), https://www.nbb.be/doc/ts/publications/wp/wp237en.pdf. 18 Jessica R. Nicholson and Ryan Noonan, Digital Economy and Cross-Border Trade: The Value of Digitally-Deliverable Services (Washington, DC: US Department of Commerce, 2014) 1, http://esa.doc.gov/sites/default/files/digitaleconomyandcross-bordertrade.pdf. 19 OECD, ‘Measuring Digital Trade: Towards a Conceptual Framework’, STD/CSSP/WPTGS (2017)3, 6 March 2017, https://goo.gl/v2Jd7D (visited 9 March 2018). 20 Dan Ciuriak and Maria Ptashkina, The Digital Transformation and the Transformation of International Trade (Inter-American Development Bank and International Centre for Trade and Sustainable Development, RTA Exchange: 2018), http://e15initiative.org/wp-content/uploads/2015/09/RTA-Exchange-Digital-Trade-Ciuriak-and-Ptashkina-Final.pdf (visited 9 March 2018). 21 See Sen, above n 3, at 20. 22 See Aaronson, above n 3; See Aaronson, above n 5. 23 US International Trade Commission (USITC), Digital Trade in the US and Global Economies, Part 1, Investigation No. 332-532 (Washington, DC: 2013), https://www.usitc.gov/publications/332/pub4415.pdf; USITC, Digital Trade in the U.S. and Global Economies, Part 2, Investigation No. 332-540 (Washington, DC: 2014) 1, https://www.usitc.gov/publications/332/pub4485.pdf; See López González and Jouanjean, above n 15. 24 Ciuriak and Ptashkina, above n 20, at 6; Nigel Cory, ‘Cross-border Data Flows: Where Are the Barriers, and What Do They Cost?’, Information Technology & Innovation Foundation (ITIF) (2017), http://www2.itif.org/2017-cross-border-data-flows.pdf (visited 9 March 2018); Martina F. Ferracane, ‘Restrictions on Cross-Border Data Flows: a Taxonomy’, 1/2017 European Centre for International Political Economy (ECIPE) Working Paper (2017), https://goo.gl/VfbF3m; Sen, above n 3, at 5. 25 Susan Ariel Aaronson, ‘What might have been and could still be: The Trans-Pacific Partnerships potential to encourage an open internet and digital rights’, 2(2) Journal of Cyber Policy 232 (2017), at 232. 26 Ibid, at 232. 27 See de La Chappelle and Fehlinger, above n 4. 28 Ibid. 29 Carl Bildt, ‘A Victory for the Internet’, New York Times, 5 July 2012, https://goo.gl/hree6E (visited 9 March 2018); Sarah Box, ‘Internet Openness and Fragmentation: Toward Measuring the Economic Effects’, 36 Centre for International Global Innovation and Chatham House Paper Series (2016), https://goo.gl/9JKyYY. 30 Christian Tietje, ‘Global Information Law: Some Systemic Thoughts’, in Mira Burri and Thomas Cottier (eds), Trade Governance in the Digital Age: World Trade Forum (New York: Cambridge University Pres, 2012) 45-64. 31 Force Hill and Noyes, above n 4; de La Chapelle and Fehlinger, above n 4. 32 See Burri, above n 7. 33 The Ministerial Declaration on Trade in Information Technology Products (the ITA) was concluded by 29 participants at the Singapore Ministerial Conference in December 1996. Now it has 82 countries. See World Trade Organization, ‘Information Technology Agreement’, https://www.wto.org/english/tratop_e/inftec_e/inftec_e.htm (visited 9 March 2018). 34 World Trade Organization, ‘Intellectual property: protection and enforcement’, https://www.wto.org/english/thewto_e/whatis_e/tif_e/agrm7_e.htm (visited 9 March 2018); World Trade Organization, ‘Frequently asked questions about TRIPS [ trade-related aspects of intellectual property rights] in the WTO’, www.wto.org/english/tratop_e/trips_e/tripfq_e.htm (visited 9 March 2018). 35 Sen, above n 3, at 7. 36 WTO General Council, Work Programme on Electronic Commerce, S/L/74, Adopted on 27 July 1999; Sen, above n 3, at 9. 37 Article XIV of the General Agreement on Trade in Services (GATS), done at Marrakesh, 4 April 1994; Article XIV of the GATS. 38 Jack Goldsmith and Tim Wu, Who Controls the Internet? Illusions of a Borderless World (New York: Oxford University Press, 2006); For a discussion of the compatibility of restrictions on data flows and existing WTO obligations, see Sen, above n 3, at 13. 39 WTO. General Exceptions: Article XIV of the GATS, https://www.wto.org/english/tratop_e/dispu_e/repertory_e/g4_e.htm. 40 Mira Burri, Should There be New Multilateral Rules for Digital Trade? (Geneva: International Centre for Trade and Sustainable Development, 2013); Hosuk Lee-Makiyama, ‘Future-proofing World Trade in Technology: Turning the WTO IT Agreement (ITA) into the International Digital Economy Agreement (IDEA)’, 04/2011 European Centre for International Political Economy (ECIPE) Working Paper (2011), https://goo.gl/wzyCua. 41 World Trade Organization, ‘Electronic Commerce’, https://www.wto.org/English/tratop_E/ecom_e/ecom_e.htm (visited 9 March 2018). 42 Inside US Trade, ‘New TISA Round Kicks Off in Geneva, To Include Ministerial Review,’ 27 May 2016, https://goo.gl/185BPy; Inside US Trade, ‘EU, US Consumer Groups Demand Carve out for Data Protections in TISA’, https://goo.gl/u3hSpi. 43 See Goldsmith and Wu, above n 38; and Sacha Wunsch-Vincent, ‘The Internet, Cross-Border Trade in Services and the GATS: Lessons from US Gambling’, 5 (3) World Trade Review (2006), at 319. 44 WTO Appellate Body, United States – Measures Affecting the Cross-Border Supply of Gambling and Betting Services, WT/DS285/AB/R, adopted on 20 April 2005, DSR 2005: XII, 5663 (and Corr.1, DSR 2006: XII, 5475). 45 WTO Appellate Body, China – Measures Affecting Trading Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products, WT/DS363/AB/R, adopted on 19 January 2010, DSR 2010: I, 3. 46 Aaditya Mattoo and Ludger Schuknecht, ‘Trade Policies for Electronic Commerce’, World Bank Policy Research Working Paper (2000), http://elibrary.worldbank.org/doi/pdf/10.1596/1813-9450-2380, pp. 19–20; See Goldsmith and Wu, above n 38. 47 Susan Ariel Aaronson, ‘The Digital Trade Imbalance and Its Implications for Internet Governance’, 25 Centre for International Governance Innovation Papers (2016). 48 The CPTPP language on data flows is in the e-commerce chapter, which was not adjusted after the USA left the agreement. See CPTPP, above n 8. 49 See Goldfarb and Trefler, above n 10; Aaronson, above n 3. 50 Internet World Stats: Usage and Population Statistics, ‘Internet Users and 2017 Population in North America’, https://goo.gl/3unC4m (visited 9 March 2018); Statista, ‘Market Capitalization of the Biggest Internet Companies Worldwide as of May 2017 (in billion US dollars)’, https://goo.gl/vSba2p (visited 9 March 2018). 51 Katherine Noyes, ‘Four US Companies Rule the world Cloud Infrastructure’, Computer World, 1 August 2016, https://goo.gl/PirYHB. 52 Mary Meeker, ‘Internet Trends 2014 – Code Conference’, Kleiner Perkins (KPCB), 28 May 2014, http://www.kpcb.com/blog/2014-internet-trends. 53 The World Bank, World Development Report 2016: Digital Dividends (Washington, DC: International Bank for Reconstruction and Development/The World Bank, 2016), http://www.worldbank.org/en/publication/wdr2016. 54 Will Knight, ‘China and the US are Bracing for an AI Showdown—in the Cloud’, MIT Technology Review, 31 January 2018, https://goo.gl/gEXyjr; Bob Davis, ‘China’s Authoritarian State Has an Edge in Artificial Intelligence Development’, Wall Street Journal, 25 February 2018, https://goo.gl/yZpbrW. 55 William J. Clinton, Memorandum for the Heads of Executive Departments and Agencies: Electronic Commerce (Washington, DC: The White Office of the Press Secretary, 1997), https://goo.gl/VSEFVW. 56 See SG/EC ((98)9/Final, endorsed by Ministers October 1999. For WTO, ‘Briefing Notes: E-commerce: Duties on Hold While Impact Discussed’, http://www.wto.org/english/tratop_e/dda_e/status_e/ecom_e.htm (visited 17 July 2014). 57 See Clinton, above n 55. 58 Zoe Fox, ‘On Internationalization of Internet Users’, 18 October 2013, http://mashable.com/2013/10/28/google-monthly-traffic/ (visited 7 April 2018); Ruslan Enikeev, ‘The Map of the Internet’, The Internet map, http://internet-map.net/; and the Internet timeline, http://www.infoplease.com/ipa/A0193167.html (visited 7 April 2018); The Economist, ‘The Biggest Internet Companies’, 11 July 2014, http://www.economist.com/news/business/21606850-biggest-internet-companies (visited 7 April 2018). 59 Aaronson, 2016, note 25. 60 Aaronson, 2017, note 47 has a comprehensive history. 61 Google, ‘Enabling Trade in the Era of Information Technologies: Breaking Down Barriers to the Free Flow of Information’, Google Public Policy Blog, 15 November 2010, https://goo.gl/9CGxam; OpenNet Initiative, ‘On ONI’, https://opennet.net/about-oni (visited 7 April 2018). 62 Art. 15.8 of the Free Trade Agreement between the United States of America and the Republic of Korea (KORUS FTA), 30 June 2007. 63 Aaronson, 2016, note 25. 64 William Drake, Vinton Cerf and Wolfgang Kleinwächter, ‘Future of the Internet Initiative White Paper Internet Fragmentation, An Overview’, World Economic Forum, January 2016, http://www3.weforum.org/docs/WEF_FII_Internet_Fragmentation_An_Overview_2016.pdf, 36; Aaronson, 2016, note 25. 65 Niels Nagelhus Schia and lars Gjesvik, ‘China’s Cyber Sovereignty’, 2 Norwegian Institute of International Affairs (2017), https://goo.gl/NxYcm; Paul R. Burgman, Jr, ‘Securing Cyberspace: China Leading the Way in Cyber Sovereignty’, The Diplomat, 18 May 2016, https://goo.gl/DGUpRZ. 66 Michael Froman, Trade, Growth, and Jobs: US Trade Policy in the Obama Administration (Washington, DC: US Executive Office of the President, 2017), https://goo.gl/avHszY. 67 Office of the United States Trade Representative (USTR), Findings of the Investigation into China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation Under Section 30’1 of the Trade Act of 1974 (Washington, DC: USTR, 2018), https://goo.gl/ifbZ8n; USTR, ‘Following President Trump’s Section 301 Decisions, USTR Launches New WTO Challenge Against China’, https://goo.gl/L99cxs. 68 Martin Samsun, ‘Internet Library of Law and Court Decisions’, http://www.Internetlibrary (visited 7 April 2018). 69 The White House, ‘We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online’, 23 February 2012, https://goo.gl/1zGTDx. 70 Cameron S. Kerry, the Commerce Department’s General Counsel under former US President Barack Obama, noted 3000 companies participate in Safe Harbor with the EU; he also stressed that the USA had adopted the Asia Pacific Economic Cooperation’s Cross Border Privacy Rules. Cameron S. Kerry, ‘Cameron F. Kerry Keynote Address at the European Data Protection and Privacy Conference’, US National Telecommunications and Information Administration, 6 December 2011, https://goo.gl/nPi777. 71 US Department of Commerce, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework (Washington, DC: US Department of Commerce, 2010) 44, 54, https://goo.gl/cEEcMD; US Department of Commerce, ‘Welcome to the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks’, https://2016.export.gov/safeharbor. 72 USTR, Summary of Objectives for NAFTA Renegotiations, November 2017, https://ustr.gov/sites/default/files/files/Press/Releases/Nov%20Objectives%20Update.pdf. 73 Net neutrality is the principle that individuals should be free to access all content and applications equally, regardless of the source and without internet service providers discriminating against specific online services or websites. Public Knowledge, ‘Net Neutrality’, https://www.publicknowledge.org/issues/net-neutrality (visited 7 April 2018). 74 In 2015, the Federal Communications Commission (FCC) decided that several internet firms were dominating the market and jeopardizing access and fair pricing. The FCC Commissioners agreed to regulate broadband and mobile internet service providers as a utility to ensure that these providers did not achieve monopoly prices in markets where competition was limited. These rules, they argued, would promote net neutrality. However, President Trump named several new FCC Commissioners who voted to cancel this regulation, preferring a ‘hands-off’ approach to regulating the internet within its borders. 75 Callum Borchers, ‘Trump’s FCC Chairman is Pitching Internet Deregulation as a Return to Bill Clinton’s Policy’, The Washington Post, 27 November 2017, https://goo.gl/owa9d3-. 76 David Kravets, ‘Facebook, Google, Twitter tell Congress their Platforms Spread Russian-Backed Propaganda’, 31 October 2017, Arstechnica, https://goo.gl/xTfKhB; Steven Lee Myers and Sui-Lee Wee, ‘As US Confronts Internet’s Disruptions, China Feels Vindicated’, New York Times, 16 October 2017, https://goo.gl/rBMz1x. 77 Cade Metz, ‘China’s Blitz to Dominate A.I.’, New York Times, 13 February 2018, https://goo.gl/LJuYmW. 78 See Internet World Stats: Usage and Population Statistics, above n 50. 79 European Commission, ‘Why We Need a Digital Single Market’, https://ec.europa.eu/commission/sites/beta-political/files/dsm-factsheet_en.pdf (visited 8 March 2018). 80 Matthias Bauer and Fredrik Erixon, ‘Competition, Growth and Regulatory Heterogeneity in Europe’s Digital Economy’, 2/2016 European Centre for International Political Economy (ECIPE) (2016), https://goo.gl/GWN2hu. 81 European Commission, ‘Final Results of the European Data Market Study Measuring the Size and Trends of the EU Data Economy’, 2 May 2017, https://goo.gl/qhdVKw (visited 8 March 2018). 82 European Commission, Proposal for a Regulation of the European Parliament and of the Council on a Framework for the Free Flow of Non-personal Data in the European Union (Brussels: European Commission, 2017), http://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-495-F1-EN-MAIN-PART-1.PDF. 83 European Commission, ‘Building a European Data Economy’, https://ec.europa.eu/digital-single-market/en/policies/building-european-data-economy (visited 8 March 2018). European Commission, Staff Working Document on the Free Flow of Data and Emerging Issues of the European Data Economy (Brussels: European Commission, 2017), https://goo.gl/5swiF4. 84 European Commission, ‘Synopsis Report of the Public Consultation on Building a European Data Economy’, 7 September 2017, https://ec.europa.eu/digital-single-market/en/news/synopsis-report-public-consultation-building-european-data-economy (visited 8 March 2018). 85 See Bauer and Erixon, above n 80. 86 The Council of Europe promotes common and democratic principles based on the European Convention on Human Rights and other reference texts on the protection of individuals. It is also home to the European Court of Human Rights, which clarifies European law related to human rights. Parliamentary Assembly, ‘The Protection of Privacy and Personal Data on the Internet and Online Media’ (Strasbourg, France: Council of Europe, 2011), http://assembly.coe.int/CommitteeDocs/2011/RihterviepriveeE.pdf. 87 Council of Europe, Convention for the Protection of Individuals with Regard to the Automatic Processing of Individual Data, 28 January 1981, ETS 108. 88 Ibid. 89 European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ 1995 L 281, 23 November 1995 P. 0031 – 0050. 90 See US Department of Commerce, above n 71. 91 European Parliament and Council Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119 (59), 4 May 2016, P. 1-89; European Parliament and Council Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ 2016 L 119 (59), 4 May 2016, P. 89-132. 92 Economic Commission, Proposal for a Regulation of the European Parliament and of the Council Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (Brussels: European Commission, 2017), http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017PC0010&from=EN. 93 Ibid. 94 Mehreen Khan, ‘Companies Face High Cost to Meet New EU Data Protection Rules’, Financial Times, 10 November 2017, https://www.ft.com/content/0d47ffe4-ccb6-11e7-b781-794ce08b24dc (visited 8 March 2018). 95 Robert Atkinson, ‘Can Nations Actually Collaborate in the Digital Economy?’ Connect World (2017), at 11, https://goo.gl/3Z5CSc. 96 Regarding Philippine adoption of legislation, based on the EU Data Protection Directive 95/46/EC and accords with APEC policies, Zambo Times, ‘Senate Ratifies Bicam Report on Data Privacy Act’, 7 June 2012. 97 European Commission, ‘Adequacy of the Protection of Personal Data in Non-EU Countries. How the EU Determines if a Non-EU Country has an Adequate Level of Data Protection’, https://goo.gl/8a4Sds. 98 European Commission, ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, on the Mid-Term Review on the implementation of the Digital Single Market Strategy, A Connected Digital Single Market for All’, SWD (2017) 155 final, 78, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017DC0228. 99 Brett Fortnam, ‘EU Punts on Data Flow Language in Japan Deal, Leaving Position Unresolved’, Inside U.S. Trade, 6 July 2017, https://goo.gl/8x9t9L; Brett Fortnam, ‘Japan Urges EU to Develop Data Flow Provisions Despite Political Agreement on FTA’, Inside US Trade, 7 July 2017, https://goo.gl/RqP24i. 100 European Commission, ‘EU-Mexico Free Trade Agreement, EU Textual Proposal, Title on Digital Trade’, April 2017, http://trade.ec.europa.eu/doclib/docs/2017/may/tradoc_155518.pdf. 101 See Fortnam, above n 99. 102 European Commission, ‘Horizontal Provisions for Cross-border Data Flows and for personal Data Protection (in EU trade and Investment Agreements)’, https://goo.gl/ZtPJ6i. 103 Frans Timmermans et al. to Kiril Yurukov, Chair of Trade and Policy Committee Services and Investment, The European Council, 2/09/2018, Ref. Ares 2018766616. 104 Xinhua, ‘China’s Digital Economy Accounts for 30% of 2016 GDP: Report’, ChinaDaily.com, 4 December 2017, http://www.chinadaily.com.cn/business/4thwic/2017-12/05/content_35212111.htm (visited 28 February 2018). 105 UNESCO, ‘China, India Now World’s Largest Internet Markets’, 15 September 2016, https://goo.gl/LgAqsC (visited 9 March 2018). 106 Jonathan Woetzle et al., ‘China’s Digital Economy: A Leading Global Force’, McKinsey Global Institute (2017), https://goo.gl/Sutpwg (visited 9 March 2018). 107 Jingli Song, ‘IDC Predicts 55% of China's Economy to be Digital by 2021’, ChinaDaily.com, 13 November 2017, http://www.chinadaily.com.cn/business/2017-11/13/content_34484309.htm (visited 28 February 2018). 108 Clifford Coonan, ‘Great Firewall is Harming EU Business in China, says Chamber’, The Irish Times, 17 February 2015, https://goo.gl/nMLqH7 (visited 9 March 2019); USTR, 2016 National Trade Estimate Report on Foreign Trade Barriers (Washington, DC: USTR, 2016), https://ustr.gov/sites/default/files/2016-NTE-Report-FINAL.pdf. 109 Paul Mozur, ‘Inside China’s Big Tech Conference, New Ways to Track Citizens’, New York Times, 5 December 2017, https://goo.gl/V4cHtQ (visited 9 March 2018). 110 Ibid; Mark Bergen and David Ramil, ‘China’s Plan for World Domination in AI Isn’t So Crazy After All’, Bloomberg, 14 August 2017, https://goo.gl/4j2gur (visited 1 March 2018); Nigel Cory, ‘The Worst Innovation Mercantilist Policies of 2017’, Information Technology & Innovation Foundation (2018), at 7, http://www2.itif.org/2018-worst-mercantilist-policies-2017.pdf (visited 1 March 2018). 111 Martina F. Ferracane and Hosuk Lee-Makiyama, China’s Technology Protectionism and its Non-Negotiable Rationales (Brussels: European Centre for International Political Economy, 2017), at 3, http://ecipe.org/publications/chinas-technology-protectionism/. 112 Nectar Gan, ‘China’s Security Chief Calls for Greater Use of AI to Predict Terrorism and Social Unrest’, South Morning China Post, 21 September 2017, http://www.scmp.com/news/china/policies-politics/article/2112203/china-security-chief-calls-greater-use-ai-predict (visited 1 March 2018). 113 See Ferracane and Lee-Makiyama, above n 111, at 4. 114 Ibid, at 8. 115 Freedom House, ‘Freedom on the Net 2017: Manipulating Social Media to Undermine Democracy’, https://freedomhouse.org/report/freedom-net/freedom-net-2017 (visited 9 March 2018). 116 USTR, 2017 Report to Congress on China’s WTO Compliance (Washington, DC: USTR, 2018), https://goo.gl/DxwM4U. 117 Associated Press, ‘China Clamping Down on Use of VPNs to Evade Great Firewall’, CNBC, 20 July 2017, https://goo.gl/PSAvA3 (visited 9 March 2018). 118 European Chamber, ‘European Business in China – Business Confidence Survey 2017’, 20, http://www.europeanchamber.com.cn/en/publications-archive/516/Business_Confidence_Survey_2017 (visited 1 March 2018). 119 The US-China Business Council, ‘Optimizing Connectivity: Updated Recommendations to Improve China’s Information Technology Environment’, February 2018, 1, https://www.uschina.org/reports/optimizing-connectivity-updated-recommendations-improve-china’s-information-technology-environment (visited 1 March 2018). 120 Freedom House, above n 115, at 6. 121 Steven Lee Myers and Sui-Lee Wee, ‘As U.S. Confronts Internet’s Disruptions, China Feels Vindicated’, New York Times, 16 October 2017, https://www.nytimes.com/2017/10/16/world/asia/china-internet-cyber-control.html (visited 9 March 2018). 122 Ibid. 123 Ferracane and Lee-Makiyama, above n 111, at 7. 124 Yuan Yang, Lucy Hornby and Emily Feng, ‘China Disrupts Global Companies’ Web Access as Censorship Bites’, Financial Times, 16 January 2018, https://www.ft.com/content/80e50a6c-fa8a-11e7-9b32-d7d59aace167 (visited 1 March 2018). 125 Saheli Roy Choudhury, ‘Apple Removes VPN Apps in China as Beijing Doubles Down on Censorship’, CNBC, 31 July 2017, https://www.cnbc.com/2017/07/31/apple-removes-vpn-apps-in-china-app-store.html (visited 9 March 2018). 126 ‘Virtual panic’, The Economist, 6 January 2018, at 28 (visited 8 March 2018). 127 Freedom House, above n 115, at 2. 128 Ferracane and Lee-Makiyama, above n 111, at 8. 129 Ibid. 130 Freedom House, above n 115, at 7. 131 Ferracane and Lee-Makiyama, above n 111, at 8. Lee Myers and Wee, above n 121. 132 Jiang Sijia, ‘China Holds Drill to Shut Down ′Harmful′ Websites’, Reuters, 3 August 2017, http://www.reuters.com/article/us-china-internet-idUSKBN1AJ1XL (visited 9 March 2018). 133 Ronald J. Deibert, Black Code: Inside the Battle for Cyberspace (Toronto: Signal, 2013). 134 Bill Marczak et al., China’s Great Cannon (Toronto: The Citizen Lab, Munk School of Global Affairs, University of Toronto, Research Brief, April 2015), https://citizenlab.ca/wp-content/uploads/2009/10/ChinasGreatCannon.pdf (visited 5 March 2018). 135 Paul Mozur, ‘China Presses its Internet Censorship Program across the Globe’, The New York Times, 2 March 2018, https://www.nytimes.com/2018/03/02/technology/china-technology-censorship-borders-expansion.html (visited 9 March 2018). 136 Ferracane and Lee-Makiyama, above n 111, at 13. 137 Ibid, at 8. 138 Ibid, at 13. 139 Cory, above n 110, at 8. 140 Ferracane and Lee-Makiyama, above n 111, at 14. 141 USTR, above n 116, at 21; Nigel Cory, ‘Post-Hearing Written Submission Before the United States International Trade Commission Regarding Investigations Global Digital Trade 1 (No. 332-562) and Global Digital Trade 2 (No. 332-563)’ (Washington: Information Technology & Innovation Foundation, 29 March 2018) 10, http://www2.itif.org/2018-testimony-global-digital-trade.pdf (visited 7 April 2018). 142 Stephen Nellis and Cate Cadell, ‘Apple Moves to Store iCloud Keys in China, Raising Human Rights Fears’, Reuters, 24 February 2018, https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (visited 1 March 2018). 143 Zhizheng Wang, ‘Systematic Government Access to Private-Sector Data in China’, 2(4) International Data Privacy Law 220 (2012), at 221. 144 Freedom House, above n 115, at 22. 145 Ferracane and Lee-Makiyama, above n 111, at 14. 146 Ibid. 147 Wang, above n 143, at 221. 148 ‘Public Pushback’, The Economist, 27 January 2018, 35 (US edition). 149 Zen Soo, ‘The Increasing Use of Artificial Intelligence is Stoking Privacy Concerns in China’, The South China Morning Post, 6 March 2018, http://www.scmp.com/business/companies/article/2135713/increasing-use-artificial-intelligence-stoking-privacy-concerns (visited 9 March 2018). 150 Josephine Wolfe, ‘The Internet Censor’s Dilemma’, Slate, 5 March 2018, https://slate.com/technology/2018/03/virtual-private-networks-become-more-popular-as-countries-restrict-their-use.html (visited 9 March 2018). 151 Global Web Index, ‘VPN Usage around the World’, https://insight.globalwebindex.net/vpn-usage-around-the-world (visited 9 March 2018). 152 An Baijie, ‘China, Chile “landmark” FTA Seen as a Boon’, China Daily, 23 November 2017, http://europe.chinadaily.com.cn/business/2017-11/23/content_34882792.htm (visited 2 March 2018). 153 Australia, Department of Foreign Affairs and Trade, ‘Joint Leaders’ Statement on the Negotiations for the Regional Economic Comprehensive Partnership’, 14 November 2017, Manila, the Philippines, http://dfat.gov.au/trade/agreements/rcep/news/Pages/joint-leaders-statement-on-the-rcep-negotiations-14-november-2017-manila-philippines.aspx (visited 9 March 2018); Asian Trade Center, ‘RCEP and TPP 11 Compared’ (Policy Brief Number: 17-12, November 2017), https://static1.squarespace.com/static/5393d501e4b0643446abd228/t/5a1c16398165f542d6cb5c6b/1511790142681/Policy+Brief+17-12+TPP11+and+RCEP+Compared.pdf (visited 9 March 2018); Asia Trade Center, ‘E- Commerce and Digital Trade Proposals for RCEP’ (Working Paper, Auckland Round, June 2016), https://static1.squarespace.com/static/5393d501e4b0643446abd228/t/575a654c86db438e86009fa1/1465541967821/RCEP+E-commerce+June+2016.pdf (visited 9 March 2018). 154 Aaronson 2016, above n 47; and Nuala O’Connor, Reforming the U.S. Approach to Data Protection and Privacy, Council on Foreign Relations, 8 January 2018, https://www.cfr.org/report/reforming-us-approach-data-protection. 155 Lucy Hornby, ‘Cash Colours Chinese Curbs on Corporate Internet Access’, Financial Times, 23 January 2018. 156 Andrew Moody and Cheng Yu, ‘“Digital silk road” expected to link world’, China Daily, 8 December 2017, http://africa.chinadaily.com.cn/weekly/2017-12/08/content_35257746.htm (visited 28 February 2018). 157 Geist, Michael, ‘Data Rules in Modern Trade Agreements: Toward Reconciling an Open Internet with Privacy and Security Safeguards’ (Waterloo: Centre for International Governance Innovation, 2018), https://www.cigionline.org/articles/data-rules-modern-trade-agreements-toward-reconciling-open-internet-privacy-and-security (visited 7 April 2018). 158 Aaronson, above n 3. 159 For a discussion of which of the Chinese or US approach to digital trade developed and developing countries might prefer, see Gao, above n 11, at 31. 160 Jaron Lanier, Who Owns the Future? (New York: Simon and Schuster, 2013). 161 Eudardo Porter, ‘Getting Tech Giants to Pay You for Your Data’, New York Times, 17 March 2018, https://www.nytimes.com/2018/03/06/business/economy/user-data-pay.html (visited 9 March 2018). 162 Sen, above 3, at 16. 163 WTO, ‘Members Debate Cyber Security and Chemicals at Technical Barriers to Trade Committee’, 14–15 June 2017, https://www.wto.org/english/news_e/news17_e/tbt_20jun17_e.htm (visited 9 March 2018). 164 WTO, ‘Communication from the United States Communication from the United States: Measures Adopted and Under Development by China Relating to Its Cybersecurity Law’ (Council for Trade in Services, S/C/W/376, 23 February 2018), https://goo.gl/xoGA6f (visited 9 March 2018). 165 Chris Mirasola, ‘An Update on Chinese Cybersecurity and the WTO’, Lawfare, 2 March 2018, https://lawfareblog.com/update-chinese-cybersecurity-and-wto (visited 9 March 2018). 166 See Burri, above n 7. 167 Sen, above n 3, at 17; Gao, above n 12, at 24. 168 Ibid, at 23; Aaronson, above n 3 and n 24. © The Author(s) 2018. Published by Oxford University Press. All rights reserved. This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/about_us/legal/notices) http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Journal of International Economic Law Oxford University Press

Another Digital Divide: The Rise of Data Realms and its Implications for the WTO

Loading next page...
 
/lp/ou_press/another-digital-divide-the-rise-of-data-realms-and-its-implications-IhJzsgYE8y
Publisher
Oxford University Press
Copyright
© The Author(s) 2018. Published by Oxford University Press. All rights reserved.
ISSN
1369-3034
eISSN
1464-3758
D.O.I.
10.1093/jiel/jgy019
Publisher site
See Article on Publisher Site

Abstract

Abstract Individuals, businesses, and governments increasingly use data to create new services delivered via the internet. In so doing, they are creating a new economy built on cross-border data flows. The USA, the European Union, and China are using domestic and foreign policies to reap data-based economies of scale and scope. Essentially, they have created three distinct data realms with different approaches to data governance. As a result, they have fostered a new digital divide: between the three data behemoths and other countries that are rule takers. This situation presents the WTO with a challenge and an opportunity. These three data realms could undermine the ability of the WTO to govern trade in data flows, but it also creates pressures for the three data realms to use WTO mechanisms to find common ground among their approaches. Moreover, it could provide an incentive to WTO members to create new rules governing trade in data. I. INTRODUCTION As long as humans have traded, they have traded data (facts or statistics) about the world they encountered. For example, the ancients communicated information about which tribes could be trusted or engaged in piracy.1 Traders have always used data as an input to improve quality, efficiency, and price. But in recent years, the role of data in trade has changed. Today, individuals, businesses, and governments also use data to create new sectors and services delivered via the internet such as the cloud, apps, and artificial intelligence.2 In so doing, they are creating a new economy built on cross-border data flows.3 With the advent of cloud (and other data-driven) services, data in one country are increasingly stored, processed, and analyzed in another country. In this regard, data are essentially traded among individuals, firms, and states.4 Yet, there is no universal or even plurilateral system of rules to govern these cross-border data flows. Many people believe that the right place to regulate such flows should be the WTO. However, members of the WTO and its predecessor, the GATT, have not even directly debated what constitutes legitimate regulation of cross-border data flows (e.g. data protection and censorship regulations) and what is trade distorting (such as server location requirements).5 All that they have agreed to is to refrain from imposing customs duties on electronic transmissions.6 Although the WTO’s dispute settlement bodies have asserted that WTO rules apply to data flows, the WTO has not kept up with the new data-driven economy.7 This is why some countries are instead relying on bilateral and regional free trade agreements (FTAs) to govern cross-border data flows. The Comprehensive and Progressive Agreement on Trans-Pacific Partnership, established by 11 countries bordering the Pacific, provides a good example of such an approach.8 Meanwhile other economies rely on these agreements not only to achieve shared rules but also to achieve economies of scale and scope regarding data. Several countries have put forward plans to encourage data-driven sectors such as artificial intelligence (AI) in the new data-driven economy.9 With more access to various types of personal and other types of data, computer scientists can more easily test and improve algorithms, apps, and services built on data.10 Their policymakers and business leaders appear determined to maintain that advantage through domestic regulations and/or trade strategies.11 But the USA, the EU, and China have taken the clearest steps to dominating these sectors. We refer to these three economic behemoths and their approach to data governance as ‘data realms’. Each of the three realms has adopted a different approach to developing an appropriate enabling environment for these data-driven sectors, relying on a mix of tax, transparency, intellectual property protection, competition, and data protection policies among others. In the US realm, policymakers have put few limits on cross-border data flows. They use trade agreements to develop economies of scale and scope in data and to ban practices such as data and server localization requirements, which could distort trade as well as undermine US comparative advantage in data-driven sectors. In contrast, the EU has made personal data protection the top priority for its realm, in the belief that it will build trust and help netizens feel more comfortable as firms use their personal data. Finally, policymakers in the Chinese realm restrict the free flow of data and information not only across borders but also within China. In so doing, Chinese officials maintain social stability and the power of the Communist Party, while simultaneously nurturing knowledge-based sectors such as artificial intelligence. We argue that this focus on creating data realms is perpetuating a new digital divide. First, given their comparative advantage in these new data-driven sectors, their early investment and large market share, the three realms set the rules for data flows. Moreover, to enhance their access to data and their market dominance, they seek to bring other countries under their realm through incentives (such as a trade agreement or capacity building) or coercion (if you want market access you must behave in x way). As a result, many smaller countries without significant capacity in these new data-driven sectors will be left out of the data rule-making process. Officials in these smaller or less advanced states will likely face considerable pressure to choose one realm over the others, because they already have significant trade relations with that realm or because they favour that realm’s approach to data governance. Unfortunately, because many countries have significant economic relations with more than one realm, it will be difficult for policymakers to choose among the realms unless the rule takers and rule makers can agree on strategies of interoperability. Moreover, by pursuing different approaches, the three data realms are making it more difficult to devise global rules to govern cross-border data flows and, thereby, create a level-playing field for all Member States. As the data-driven economy becomes more important over time, this situation could undermine the WTO. Yet, paradoxically, this digital divide also creates an opportunity for the WTO. The internet giants of the USA and China could pressure the three data realms to resolve disputes or develop mechanisms for interoperability at the WTO. Alternatively, WTO Member States without significant comparative advantage in data could be incentivized to find common ground on rules at the WTO. This article proceeds as follows. We begin by defining ‘data’, ‘information’, ‘e-commerce’, ‘digital trade’, and ‘data-driven economy’. These distinctions are important because the data-driven economy does not always involve what we traditionally consider trade: when two parties exchange money to receive a good or service. We then explain the growing importance of the data-driven economy and the role of trade agreements in regulating cross-border flows. While the WTO implicitly governs cross-border data flows through its General Agreement on Trade in Services (GATS), policymakers have so far used e-commerce chapters of FTAs to govern (or not) cross-border data flows and the many types of services they create. Next, we describe how the USA, the EU, and China have relied on a mix of trade and domestic regulatory policies to create their data realms. In particular, we focus on the regulation and promotion of data flows. However, due to space constraints, we ignore important but related issues such as taxation, intermediary liability, and intellectual property rights. We end with a discussion of the implications of this digital divide for the WTO. II. THE ROLE OF DATA AND NEED FOR GOVERNANCE Data and information12 have long been a key component of trade. In recent years, they have helped to stimulate new forms of trade. However, all forms of data-driven trade are not the same. We define e-commerce as sales of goods and services online between business and consumers and between businesses. E-commerce is conducted over computer networks by methods specifically designed to place or receive orders.13 The OECD defines digital trade as trade built on the movement of data. Data are a means of production, an asset that can be traded, and the means through which some services are traded and global value chains (GVCs) are organized. While there is no single definition of digital trade, there is a consensus that it encompasses digitally-enabled transactions in trade in goods and services that can be either digitally or physically delivered involving consumers, firms, and governments.14 Finally, we define the data-driven economy as an economy built on new services such as personalized healthcare and sectors such as apps, internet-connected devices (Internet of Things [IoT]), and artificial intelligence (AI), which cloud-service providers often facilitate.15 In 2016, the McKinsey Global Institute estimated that around 50% of the world’s traded services are in digital form, while e-commerce accounts for approximately 12% of all goods traded across borders.16 Many services from payroll to data analytics rely on access to cross-border data flows. As such, data and information can be a good, a service or both. On the one hand, physical and digital goods are similar. Physical goods can be stored; some of their characteristics are observable before purchase; their consumption always follows production; and they move in space over means of transportation.17 These same characteristics also apply to digital goods such as films and music. But the key difference is that trade in the same digital good can occur simultaneously in seconds. On the other hand, trade in digital services differs from trade in other services, because suppliers and consumers do not need to be in the same physical location for a transaction to occur. Researchers and policymakers disagree on how to characterize cross-border data flows. For example, the US government distinguishes among categories of transactional data flows based on the relationship between the sender and recipient and the type of transaction that connects them.18 In contrast, the Organization for Economic Co-operation and Development (OECD) focuses on three attributes: whether data are digitally ordered, whether they are a good, a service or information, and who is engaged in the transaction: businesses, consumers, or government.19 Ciuriak and Ptashkina suggest a third taxonomy based on delivery modes and the nature of the parties to the transactions.20 Sen and Aaronson take a more granular approach. Sen distinguishes among personal data, company data, business data, and social data, and refers to metadata as business and social data.21 Aaronson differentiates between personal data, public data, confidential business data, machine-to-machine data, and metadata (Figure 1).22 Both Sen and Aaronson note that control should be a key factor in any taxonomy or set of rules, because it influences the benefits that firms and consumers can reap from trade. Figure 1. View largeDownload slide Types of data traded across borders. Note: Metadata is aggregated and supposedly anonymized personal data. Figure 1. View largeDownload slide Types of data traded across borders. Note: Metadata is aggregated and supposedly anonymized personal data. Although researchers have made some progress in defining the costs of barriers to digital trade and data flows,23 they are still just beginning to categorize them.24 The USA is currently the only country to define digital protectionism, but its definition keeps evolving.25 Thus, until nations develop a consensus on defining digital trade barriers, they remain less likely to find common ground on how to regulate these barriers.26 Moreover, trade in data is fluid and frequent and, as a result, location is hard to determine for the borderless network. Hence, analysts cannot always determine if the flows are an import or export. They also struggle to ascertain when information is subject to domestic law (e.g. intellectual property law) and what type of trans-border enforcement is appropriate.27 Finally, policymakers cannot easily determine jurisdiction, because data and information flows may travel through several countries before they reach their destination.28 Given these unique characteristics, policymakers are just beginning to figure out how and where to regulate cross-border data flows. They understand that the internet’s dynamism depends to a great degree on its openness and stability. When one or more governments censor the internet, it can reduce the platform’s openness and stability.29 Hence, in developing norms and rules, decision-makers must define how and when governments can control data and limit their flows. They must ensure that these rules are internationally accepted and transparent to ensure predictability and accountability. With shared understanding, the internet would be less likely to fragment, more people would have greater access to information, and individuals could create and share more information.30 Without shared rules, costs and legal disputes could escalate, while individuals and firms have fewer incentives to innovate.31 III. TRADE AGREEMENTS AND THE GOVERNANCE OF CROSS-BORDER DATA FLOWS The WTO is the best place to set rules to govern cross-border data flows for two reasons. First, it covers 85% (164) of all nations. Second, WTO rules are transparent, disputable and designed to be flexible as technologies, markets, and political conditions evolve. As of 2018, the WTO has several agreements that implicitly relate to digital trade.32 These agreements include the Information Technology Agreement (ITA), which eliminates duties for trade in computing and information technology equipment;33 the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), which protects trade-related intellectual property pertinent to information technology such as computer programs;34 and the General Agreement on Trade in Services (GATS), which has annexes on financial services, computer services, and telecommunications. However, none of these agreements explicitly addresses data flows, the different types of data flowing across borders, or the many types of new services created by and for the internet.35 The WTO has nevertheless taken some steps to assert its authority over data flows. In July 1999, the GATS Council on Services found that much of e-commerce falls within the GATS’ scope and that GATS obligations cover measures affecting the electronic delivery of services. The Council noted that governments are free to regulate such services at the national level but must do so in a way that does not constitute unnecessary barriers to trade. Finally, it announced that the GATS applies even as technology changes a service’s delivery.36 The GATS’ architects recognized there would be times when states would need to breach the rules to achieve important domestic policy goals.37 Under these exceptions, signatory countries can restrict trade in the interest of protecting public health, public morals, privacy, national security or intellectual property, if such restrictions are necessary and proportionate and do not discriminate among WTO Member States. The public order exception may be invoked only when a genuine and sufficiently serious threat is posed to one of society’s fundamental interests. Moreover, WTO dispute settlement bodies have found that ‘measures must be applied in a manner that does not constitute arbitrary or unjustifiable discrimination or a disguised restriction on trade in services’. Finally, when they use these exceptions, WTO members should ensure they use them in a reasonable manner so that they do not deny the rights of other members.38 As the internet became more important to trade, some Member States demanded greater clarity on the regulation of internet-derived services. In 2011, the USA questioned whether WTO commitments under trade in goods or services should govern digital trade and if these rules could cover the mobile internet and cloud computing.39 Academics and business leaders have also argued that the WTO’s rules are incomplete, outdated, and in need of clarification.40 Some Member States have worked on three tracks to develop rules to govern cross-border data flows. First, they have agreed to continue a ban on cross-border e-commerce duties; however, they have been unable to agree on new rules.41 Second, through the Trade in Services Agreement (TiSA), the EU and 22 other states have engaged in a plurilateral negotiation aimed at liberalizing specific services, including those linked to cross-border data flows. They have, however, not achieved significant progress yet.42 Third, some Member States have sought greater clarity on these implicit provisions through trade disputes.43 The WTO’s Dispute Settlement Body has adjudicated two trade disputes related to information flows. In the internet gambling case, the WTO ruled that governments could restrict service exports to protect public morals if these barriers were necessary, proportionate and non-discriminatory (not discriminating between foreign and domestic providers).44 The WTO’s Appellate Body also examined China’s restrictions on publications and audiovisual products, noting that commitments for distribution of audiovisual products must extend to the distribution of such products on the internet.45 However, neither dispute provided clarity regarding key issues such as whether censorship and filtering or onerous cyber security regulations are trade-distorting or can be justified under the GATS exceptions.46 Meanwhile, in the absence of WTO progress on cross-border data flows, the USA, the EU, China, and other countries have actively pursued FTAs to govern the ever-changing digital economies. Hence, they drafted chapters to govern e-commerce, to which they have, in very limited instances, added language to encourage digital trade and, more recently, the data-driven economy.47 While China remains focused on limited aspirational language, the USA and the EU have increasingly moved to include in their FTAs binding language banning certain types of trade-distorting behaviour. As of early 2018, only one FTA, the CPTPP, includes explicit, binding rules to govern cross-border data flows. CPTPP establishes that states cannot require that data be stored or processed locally (data localization) or that firms disclose their proprietary source code (the original executable commands in a program).48 However, even CPTPP’s language may be insufficient to facilitate new services such as personal assistants (e.g. Apple’s SIRI) or personal health apps (e.g. Doctor on Demand).49 IV. THE US DATA REALM Since the internet came into wide use in the 1990s, the USA has led the global data-driven economy. It is home to the top ten internet brands and to seven out of the 10 internet companies with the largest market value worldwide. These companies include Amazon, Apple, Facebook, Google, Intel, and Microsoft; they provide the hardware, software and platforms for digital trade.50 Four US companies provide more than one half of the worldwide cloud-computing capacity.51 The US market is, however, relatively saturated. Hence, it is growing more slowly than in other countries where internet penetration is lower. Meanwhile, firms from many other countries are gaining ground on US competitors.52 Policymakers must establish an effective enabling environment to maintain success in innovative sectors.53 However, under President Donald Trump’s leadership, US trade and domestic policies in support of the data-driven economy have become increasingly incoherent. US executives and some policymakers are increasingly concerned about what they see as the United States’ declining competitiveness, especially in AI, as well as US taxpayers’ unwillingness to invest in government-sponsored research and development.54 A. Trade policy In 1997, President Bill Clinton’s administration put forward the first set of global principles regarding the governance of cross-border flows—the Framework for Global Electronic Commerce. Even then, the USA viewed maintaining market access as a top priority. It stated: ‘The US government supports the broadest possible free flow of information across international borders […] The Administration […] will develop an informal dialogue with key trading partners […] to ensure that differences in national regulation […] do not serve as disguised trade barriers.’55 The Clinton administration used this framework to build common ground on governing international data flows. For example, the USA was a leading force behind the WTO’s moratorium on taxes on cross-border data flows.56 President Clinton directed the Department of Commerce to develop a uniform international commercial legal framework that recognizes, facilitates, and enforces electronic transactions worldwide and to work with the private sector to develop national online privacy standards. The World Bank and the United Nations Conference on Trade and Development (UNCTAD) began to support efforts to disseminate ideas about an effective enabling environment in the developing world.57 In this regard, the USA was pushing a shared conception regarding the appropriate enabling environment for e-commerce. The George W. Bush administration included e-commerce chapters in many of its FTAs, but the language did not keep up with the rapidly moving internet world. More people from other countries were going online and building domestic companies to serve local internet needs. Companies outside of the USA found a niche in providing services, cyber security, apps, or games.58 Hence for the first time, US internet giants started to see competition. Meanwhile, policymakers outside the USA were increasingly determined to control the internet within their borders. In some cases, they also wanted to facilitate the rise of domestic internet firms. Finally, they had different conceptions about the appropriate enabling environment for data flows that were not directly related to e-commerce.59 By 2009, executives from US digital firms began to worry about increasing barriers to their digital exports.60 They appealed to US officials to limit barriers to cross-border data flows. For example, Google used the OpenNet Initiative’s (a Canadian think tank) research to document how more than 40 governments instituted broad-scale restrictions on information flows.61 President Barack Obama’s administration made digital trade issues a major focus. Obama’s team was determined to respond to policies that influential US internet companies deemed protectionist. Given the dearth of action at the WTO, the USA turned to bilateral and regional trade agreements to regulate such practices. In 2012, the USA and the Republic of Korea became the first states to include specific language related to the free flow of information in their FTA’s e-commerce chapter. The agreement’s Article 15.8 states that ‘the Parties shall endeavour to refrain from imposing or maintaining unnecessary barriers to electronic information flows across borders’.62 However, this provision neither forbids the use of such barriers nor defines necessary or unnecessary barriers.63 After the US–Korea FTA, the Obama administration decided to make the language in its future agreements binding and disputable (i.e. one state may challenge another country’s policies as trade-distorting). In this way, the USA could gain greater leverage to ensure barriers to data flows would be limited. The USA made the Trans-Pacific Partnership (TPP) the first test of this strategy. US policymakers wanted to establish the free flow of information as a default, with limits to digital protectionism and a privacy floor.64 At the same time, Obama administration officials were worried about China’s efforts to enforce its concept of cyber sovereignty, defined as banning unwanted influence in a country’s information space.65 They believed TPP could provide an answer to the Chinese challenge, since, if approved, it would include some 40% of the world’s current internet users. Hence, TPP could set the norms for cross-border information flows.66 Alas, immediately after his inauguration, President Donald Trump pulled the USA out of TPP. Nevertheless, the USA under President Trump has also made clear it was increasingly worried about Chinese competition in data-driven sectors and willing to respond with protectionist measures.67 B. Personal data protection Although President Clinton’s Framework for Global Electronic Commerce stressed that strong data protection is essential to building trust, the USA has not been a strong advocate of data protection in trade agreements. The USA has essentially said that countries must establish a privacy floor, but has said little about how its trade agreement partners should protect personal data. In contrast to the EU, where online privacy is both a human and a consumer right, the USA considers privacy strictly a consumer right. Moreover, the USA uses a sectoral approach that relies on a mix of legislation, regulation, and business self-regulation. US laws contain minimal guarantees of an individual’s right to not have confidential personal information exposed online.68 Unlike the EU, the USA does not have one broad privacy law related to data protection. US laws do not require companies to get informed consent to use personal data, nor do they establish a baseline commercial data privacy framework. In February 2012, the Obama White House announced the Consumer Privacy Bill of Rights, a set of data privacy guidelines. The Department of Commerce convened companies, privacy advocates and other stakeholders to develop and implement enforceable privacy policies based on it.69 However, as of March 2018, Congress had not approved legislation to strengthen US data protection or been able to find common ground on new legislation. Under President Obama, the USA stated it wanted to make its approach to privacy interoperable with its international partners’ privacy frameworks.70 For its part, the Trump administration has said little about this issue. Since Congress has not written legislation on privacy in cross-border data flows, US officials have worked to accommodate the strategies of key trade partners that have made personal data protection more of a priority (e.g. the EU and Switzerland). For example, the Department of Commerce developed the US–EU Safe Harbor Framework (now revised and called Privacy Shield), which permits data for commercial purposes to flow across the Atlantic to the USA, with Federal Trade Commission (FTC) enforcement as a backstop. Companies (except financial institutions and telecommunications common carriers) may apply to qualify for a safe harbour. Companies that accept the relevant voluntary, enforceable code are safeguarded (i.e. they are given a certification) so long as their practices do not deviate from the code’s approved provisions. However, those firms that fail to comply with the code’s provisions could be subject to an enforcement action by the FTC or a state attorney general. Similarly, a company’s failure to follow the terms of its privacy policy or other information practice commitments may lead to investigation and enforcement under current US policy.71 C. Trump’s incoherent approach to digital trade and the data-driven economy The Trump administration has taken a radically different approach to trade than its predecessors. One of Trump’s first acts as president was to withdraw from TPP. In addition, President Trump has threatened to withdraw from the North American Free Trade Agreement (NAFTA) if negotiators could not achieve a better deal for the USA. Finally, the Trump administration has stated it will focus on bilateral trade deals, rather than on regional or multilateral agreements. Nevertheless, with respect to digital trade, the Trump administration has built its proposals on those of the Obama administration (namely, the TPP).72 The Trump administration has taken some steps that reduce American credibility to advocate for the free flow of information across borders. First, domestic regulators have rejected the net neutrality principle,73 whereby individuals should be free to access all content and applications equally, regardless of the source, without Internet Service Providers (ISPs) discriminating against specific online services or websites.74 Critics have contended that this new ‘hands-off’ approach allows America’s providers to discriminate among services, service providers, and websites.75 Second, in the wake of election-hacking revelations, Republican and Democratic congressional members are pressuring internet platforms such as Google, Facebook, and Twitter to do more to fight false information and stop foreign infiltration. To some observers, this smells like censorship.76 Finally, several analysts have criticized US policymakers for not focusing sufficiently on Chinese efforts to dominate AI. They have noted that US firms are increasingly moving AI research to China to take advantage of the country’s large supply of data as well as the low level of protection accorded to personal data. Moreover, the Trump administration proposed reducing science and technology funding, which could over time reduce American innovation in AI and other data-driven sectors. Thomas Kalil, who led White House efforts under President Obama, warned that the Trump administration is headed in the wrong direction and that the USA is losing its comparative advantage in digital trade.77 Taken in sum, these policy changes weaken US credibility to demand the free flow of information in trade agreements. V. THE EU DATA REALM Although the inventor of the World Wide Web Tim Berners-Lee is Swiss and British, European governments and firms did not play a major role in the internet’s development. Today, there are no European firms among the top 15 digital firms by market value or any household names among Europe’s top 20 digital firms.78 Some EU members such as the UK (soon to Brexit), Sweden, and Germany have strong AI, robotics, apps, and software firms. However, while Europe has many strong global competitors in the software and telecommunications sector, it is still just beginning to build new data-based firms. While the EU is the biggest exporter of digital services, US firms control some 54% of the EU’s digital market, compared with 46% for European firms.79 In 2016, Bauer and Erixon calculated the EU–US digital performance gap at 43%.80 Although EU Member States consist of mature industrialized economies, their digital markets have significant room to grow.81 Unlike the USA, the EU is relying on domestic trade policies to build its data realm. In 2010, EU policymakers recognized that EU Member States should work collectively to build a unified market, just as they did for goods and services. They created the Digital Agenda for Europe (DAE), a roadmap for a Digital Single Market (DSM) that would allow them to pool resources, share governance and create economies of scale and scope in data while ensuring personal data protection. The DAE has seven pillars: achieving the digital single market; enhancing interoperability and standards; strengthening online trust and security; promoting fast internet access for all; investing in research and innovation; promoting digital literacy, skills and inclusion; and enabling ICT benefits for society. The EU also announced separate plans for data flows involving personal and non-personal data.82 To build the DSM, policymakers had to find ways to reduce trade barriers between EU Member States. In January 2017, the European Commission adopted its Building a European Data Economy policy. In the Staff Working Document that accompanied the policy, it looked at the rules and regulations impeding the free flow of data. It also presented options to remove unjustified or disproportionate data location restrictions. Finally, it outlined legal issues regarding access to and transfer of data, data portability, and liability of non-personal, machine-generated digital data.83 The Commission also launched a public consultation and dialogue with stakeholders to better understand public concerns.84 In so doing, it acknowledged that EU Member States still had many roadblocks to the free flow of information. For example, the Brussels-based European Centre for International Political Economy found 22 data localization measures whereby EU Member States imposed restrictions on the transfer of data to another Member State. The most common restrictions target company records, accounting data, banking, telecommunications, gambling, and government data. In addition, there are at least 35 restrictions on data usage that could indirectly localize data within certain Member States.85 A. Privacy and personal data protection The European data realm is characterized by its strong commitment to maintaining online trust. As members of the Council of Europe, all EU Member States are required to ensure personal data protection under human rights law.86 Every EU citizen has the right to personal data protection, and firms can only collect data under specific conditions.87 The EU also requires Member States to investigate privacy violations.88 The first iteration of the EU’s commitment to online data protection was the Directive on Data Protection.89 It prohibits the transfer of personal data to non-EU countries that do not meet the ‘adequacy’ standard for privacy protection. To become adequate, the EU requires other countries to create independent government data protection agencies, register databases with those agencies and, in some instances, obtain prior approval from the European Commission before personal data processing may begin.90 As new technologies emerged, policymakers and the public realized the data protection framework needed updating. In 2016, the EU adopted the General Data Protection Regulation (GDPR), which replaces the Data Protection Directive. The GDPR took effect on 25 May 2018 and provides rules on the use of data that can be attributed to a person or persons.91 In October 2017, the European Commission proposed another regulation to complement the GDPR.92 This new regulation concerns ‘the respect for private life and the protection of personal data in electronic communications’; it is meant to replace the outdated e-Privacy Directive.93 The EU’s commitment to data protection has costs and benefits. On the one hand, the EU’s approach to elevating data protection is attractive to many countries and netizens. On the other hand, it is extremely costly to digital firms that must comply with the GDPR. They must hire staff to interpret and enact these regulations.94 Moreover, the EU (like China) is increasingly requiring its trade partners to accept the EU commitment as non-negotiable. In 2017, a French court required that websites outside of France must block foreign content to enforce the EU’s ‘right to be forgotten’. In so doing, the EU is imposing its values upon other suppliers and consumers of data.95 Because the EU is a major market, several countries are adopting EU data protection policies or working towards being deemed ‘adequate’.96 To date, the European Commission has recognized Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and the USA (limited to the Privacy Shield framework) as providing adequate protection, while Japan and South Korea are in discussions with the EU.97 The EU has also introduced a new approach to regulating the use of algorithms, designed to protect the privacy of users and empower them to contest misuse. Since 25 May 2018, the GDPR’s Article 21 gives anyone the right to opt out of algorithm-tailored ads (such as what one finds when one searches on Google). Article 22 allows EU citizens to contest legal or significant decisions made by algorithms and appeal for human intervention. With these regulations, the EU has made clear that consumers should oversee their data. B. Trade policy The European Commission has committed to using FTAs to set rules for cross-border data flows and tackle new forms of digital protectionism in compliance with the EU’s personal data protection rules.98 However, until early 2018 it was not able to develop shared language for trade agreements. Its trade and justice directorates-general were reportedly at odds over how to address cross-border data flows in trade agreements while ensuring that personal data are protected. As a result, EU trade agreements contain only aspirational language related to cross-border data flows.99 This situation was in evidence during the FTA negotiations between the EU and Japan. The parties initially drafted a digital trade chapter that contained binding language regulating some aspects of digital protectionism.100 However, because the Commission could not find common ground on the appropriate binding language, the EU and Japan agreed instead that their FTA would only include a review clause that allows the two sides to revisit the issue once the EU has a stated position.101 On 8 February 2018, the European Commission finally found a workable compromise based on three pillars: (i) a horizontal clause covering the free flow of both personal and non-personal data; (ii) a ban on data and server localization requirements; (iii) language that safeguards the EU’s right to regulate personal data, including language that the first two pillars cannot be subject to investor-state challenges or included in regulatory dialogues.102 With this compromise, the EU signalled that it plans to adopt trade agreements as a tool to tackle protectionist practices, while preserving the EU’s acquis on the protection of personal data. It also made clear that, as a result, it would ‘take a lead in shaping global rules on digital trade’.103 VI. THE CHINESE DATA REALM China is the world’s largest digital market, with 731 million internet users, according to the China Internet Network Information Centre.104 It accounts for more than 40% of global e-commerce transactions. It processes 11 times more mobile payment transactions than the USA in terms of value. It is one of the top three global locations for venture-capital investment in key types of digital technology, including virtual reality, autonomous vehicles, 3-D printing, robotics, drones, and AI.105 It has one third of the world’s 262 unicorns (start-ups valued at over $1 billion).106 By 2021, more than half of its economy will be digital.107 China’s innovation occurs under the Great Firewall, a system of censorship, filtering and technological requirements put in place by the Chinese Communist Party (CCP). Although the Chinese internet economy is very innovative, it is also highly regulated, opaque and seen as discriminatory.108 The government plays an active role in building world-class infrastructure to support digitization as an investor, developer, and consumer. Because Chinese citizens are generally supportive of AI and seem to be less concerned about privacy than those in the US or EU realms, the Chinese government shares personal data with firms and vice versa. As a result, China has quickly been able to achieve data economies of scale and scope, thereby helping its firms to develop AI. As reporter Paul Mozur noted, ‘China’s unabashed fervour for collecting such data, combined with its huge population, could eventually give its artificial intelligence companies an edge over American ones […] If Silicon Valley is marked by a libertarian streak, China’s vision offers something of an antithesis, one where tech is meant to reinforce and be guided by the steady hand of the state’.109 A. China’s data governance regime The Chinese government justifies its strong controls over data in the name of national security; however, restrictive or discriminatory policies also serve to facilitate the emergence of Chinese national champions by reducing competition from abroad.110 The internet and its associated digital flows are an important driver of China’s economic future. They are also seen as a potential threat to CCP rule. As a result, the government wants not only to control information that comes from outside China but also data that circulate within the country. For instance, the State Security Law, enacted in 1993, allows Chinese security institutions to access ‘any information or data held by an entity in China whenever they deem it necessary’.111 The Chinese government is also looking at feeding data into AI systems to predict social unrest and terrorist attacks, whereby ‘security services should break down any barriers in data sharing to enable the smooth integration of various systems’.112 Finally, China blocks cross-border data flows. Since 2007, the government has increasingly relied on restrictive measures related to digital information and data. Ferracane and Lee-Makiyama count 16 measures for digital policies (12 since 2007), eight measures for content access (six since 2007), and six measures for online sales and transactions (five since 2007).113 For instance, the government blocks sites by IP address and blocks and filters uniform research locators (URLs) and search engine results. Such censorship is made easier because all telecommunication operators in China remain under the government's ownership. In addition, foreigners are not allowed to invest in internet publishing.114 According to Freedom House, China had the most internet restrictions in the world in 2017, more than Syria, Ethiopia, and Iran.115 Chinese restrictions appear to distort trade and investment.116 The American Chamber of Commerce in China reported that 79% of US companies in China experienced blocked access to web tools and services, which raised their business costs.117 For its part, the European Chamber of Commerce in China found that 49% of its surveyed members indicated that the tightening of the Great Firewall was making it harder for them to do business in China. A quarter indicated that they experienced lower productivity in the office, faced difficulties in exchanging data and documents with headquarters, partners and customers, and/or were unable to properly search for information and engage in research.118 Finally, the US–China Business Council reported that 82% of its members ‘are concerned about China’s approach to information flows and technology’.119 The Cyberspace Administration of China (CAC) is now the main governance body for China’s cyberspace. It was created in 2014 out of the State Internet Information Office, which was responsible to overseeing telecommunications companies.120 The CAC is also responsible for regulating and supervising internet content, after having taken over other agencies.121 It reports to the Central Internet Security and Informatization Leading Group, which President Xi Jinping directs. Lee Myers and Wee assert the CAC ‘is now seen as an institution as important as the defense ministry’.122 B. Censorship China’s Great Firewall (GFW) controls China’s internet access. According to Ferracane and Lee-Makiyama, ‘[t]his system is based on centralized control over international gateways, filtering online content or blocking access entirely to some of the most common websites on the public internet’.123 For example, unless accessed through virtual private networks (VPNs), which help circumvent the GFW, applications like Facebook, YouTube, Google’s search engine and maps, and Twitter are blocked in China. Foreign media websites like The New York Times or The Economist are also blocked. The GFW increasingly blocks access to VPNs themselves, including custom-built ones used by global firms as well as embassies in some cases.124 Since 2017, the Chinese government requires that VPNs be approved for sale in China. For instance, in late July 2017, Apple had to remove many VPN services from its iTunes app in China, because they had become illegal.125 Businesses worry that their in-house VPNs will no longer be allowed and they will have to use those approved by the Chinese government, which would make spying and data access restrictions easier to conduct.126 New regulations issued in May 2017 also require websites that provide online news and information services to be licensed.127 But it goes even further. According to Ferracane and Lee-Makiyama, the ‘new regulations require all services – including all political, economic, military, or diplomatic reports or opinion articles, whether they feature on blogs, websites, forums, search engines, instant messaging apps or any other platform – to be managed by party-sanctioned editorial staff’.128 In addition to the Chinese government relying on paid censors to identify inappropriate content, digital service and content providers (telecom operators, mobile apps, websites, cloud services, etc.) are now required to monitor their users’ behaviour on their platforms to ensure ‘public safety’.129 Specifically, these firms are supposed to ensure that only appropriate content is published, check the identity of customers, and report violations to the authorities. Inappropriate content includes ‘independent evaluations of China’s human rights record, critiques of government policy, discussions of politically and socially sensitive topics, and information about the authorities’ treatment of ethnic and religious minorities’.130 Firms that fail to prevent or eliminate banned content could be fined, lose their licences, or even be charged criminally.131 Furthermore, on 3 August 2017, all internet data centres and cloud companies located in China were ordered to participate in a three-hour drill to hone their emergency response skills. They were essentially ordered to practise taking down websites that had been deemed harmful.132 China does not only censor and restrict market access in its home market. Since 2008, researchers have found evidence that the Chinese government has exported censorship beyond its borders. For instance, Deibert argues that China has used distributed denial of service (DDoS) attacks in Tibet, the USA, UK, Canada and elsewhere. These attacks deny access to information by disabling directly the sources of information rather than blocking requests for information as filtering systems do.133 In 2015, Marczak et al. identified a new, more powerful external censorship tool, which they called the ‘Great Cannon’. This tool ‘manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack’.134 The attack took place in March 2015 and was directed at GreatFire.org’s rented proxy servers, which were used to make blocked websites accessible in China. In addition, Western firms are increasingly using self-censorship or apologizing for actions and policies that the Chinese government dislikes.135 C. Data localization and transfers China’s new Cybersecurity Law, which took effect in June 2017, requires firms operating in China to store data collected in China to be kept on servers located in the country. Such a requirement is not new, but it had not been formalized until then.136 In addition, any publisher of online content must locate their ‘necessary technical equipment, related servers and storage devices’ in China.137 Firms and individuals storing and processing personal financial and population health information must store the data in China. Online maps must also be kept on a server inside China.138 In addition to localizing data in China, a significant portion of data cannot be transferred outside of the country without official approval, following a security assessment.139 For instance, any cross-border transfer of personal data requires government approval.140 Finally, foreign firms cannot offer cloud-computing services without a Chinese partner owning at least 50% of the joint venture.141 Hence, Apple, which has signalled that protecting personal data is key to its mission, in February 2018, began hosting the iCloud accounts of its Chinese customers in a new data centre located in China whose ownership is shared 50–50 with state-owned Guizhou—Cloud Big Data Industry Co Ltd. In line with a draft encryption law released in April 2017, Apple also agreed to store the cryptographic keys to unlock the iCloud accounts in these Chinese data centres. Apple had always kept the keys in the USA, which would force Chinese authorities to use US courts to try to obtain access to information held on Chinese users’ accounts. Chinese law will now apply, whereby the courts are reportedly not required to issue warrants.142 D. Privacy and protection of personal data and information The Chinese government has not made protection of personal data a priority. Wang notes that the term ‘right of privacy’ did not even exist in Chinese laws and regulations before the end of 2009, when the Tort Liability Law was enacted. However, this law does not affect public law. Moreover, the government has established many exemptions that give it extensive rights and generous room for flexibility for investigation, seizures and search, especially in the areas of state security or for maintaining social order.143 For instance, on top of requiring that personal data be kept on servers within China, the new Cybersecurity Law demands that firms providing online services register their users under their real names.144 For its part, the State Security Law requires that relevant government entities have access, without due process, ‘to any information help by companies in China’.145 The more recent Counterterrorism Law states that internet services providers and telecommunication operators must also provide technical support to security authorities.146 Given the above, it should not come as a surprise to know that privacy as a fundamental human right is a relatively new concept in China. According to Wang, there are five reasons for this. First, the word for privacy ‘yinsi’ means ‘illicit secrets and selfish, conspiratorial behaviour’. Second, Chinese people tend to see privacy in terms of being left alone from their fellow citizens, not from the government, since they are used to the latter collecting information on them. Third, they have been subject to government propaganda on the importance of data collection for security and social stability. Fourth, possibly because of the above-mentioned reasons, their awareness of government intrusion remains ‘vague and weak’. Fifth and most importantly, there is no real representative system for the people’s interests.147 Nevertheless, Chinese people’s concern with online privacy is gradually increasing. In 2018, The Economist reported that Chinese citizens are anxious about protecting their personal data from fraudulent use such as theft rather than with government authorities collecting information on them.148 Yet attitudes are changing. For example, state broadcaster China Central Television (CCTV) and Tencent Research surveyed 8000 respondents on their attitudes towards AI as part of CCTV’s China Economic Life Survey. A total of 76% of those polled see certain forms of AI as a threat to their privacy, even as they believe that AI holds much development potential and will permeate different industries.149 In addition, people are increasingly relying on VPNs to get around internet censorship in China, even as censorship increases. VPN providers are very reluctant to disclose how many users they have, much less where those users are located, both for business purposes and fear of attracting attention from regimes trying to crack down on these services.150 However, according to a survey by the Global Web Index, almost one-third (31%) of internet users in China used a VPN to achieve greater privacy online.151 E. Trade policy China has not used its FTAs to build its data realm. China’s FTAs do not contain binding rules on data flows or language to limit digital protectionism. In its recent agreements with Korea and Australia, China has encouraged e-commerce, a sector where it is very competitive with firms like Alibaba and JD.com. China has also included provisions for facilitating cross-border e-commerce in its updated FTA with Chile.152 China is also part of the Regional Economic Comprehensive Economic Partnership (RCEP) negotiations, which include the Association of Southeast Asian Nations (ASEAN), Australia, India, Japan, South Korea, and New Zealand. The language for RCEP’s e-commerce chapter has not been made public or leaked but some Member States are pushing for binding language on the free flow of data, language on privacy, and language banning some forms of digital protectionism.153 At the time of writing (April 2018), it is unclear whether China would agree to such provisions. VII. DISCUSSION: THREE DATA REALMS, A DIGITAL DIVIDE, AND THE WTO The USA, the EU, and China are using domestic and foreign policies to reap data-based economies of scale and scope. They are creating three distinct data realms with different approaches to data governance. The USA has a patchwork of data protection rules; the US approach has been to let business set the rules and to self-regulate privacy in the belief that consumers will punish firms that do not do a good enough job of data (and cyber security) protection.154 While the USA has included language that includes data protection as a floor (as in TPP/now CPTPP), it has not proposed such language for NAFTA. So, thus far, the USA has not communicated that data protection is a priority. Meanwhile, it has used trade agreements to get other countries to limit restrictions on the free flow of data across borders. In light of recent privacy scandals (e.g. Russian meddling in the 2017 elections) and the AI challenge posed by China, the US government is facing strong pressures to rethink its approach to data protection. In contrast, the EU has relied on internal trade policies and domestic regulations to create a digital single market where personal data and privacy are strongly protected. The EU views this approach as the only way to maintain trust online, which it considers a precondition to a successful digital market. It has restricted firms’ ability to move data outside Europe unless recipient countries’ data protection regimes are deemed to be ‘adequate’ by the European Commission. Recently, the EU agreed to include binding language on the free flow of data and to limit data localization in trade agreements, but it made clear that its approach to data protection is non-negotiable. Finally, China has relied on domestic regulations to restrict cross-border data flows and limit personal data protection, to promote its data-driven economy and ensure domestic political stability and security. With a large consumer population and relatively low data protection standards, China offers its firms an attractive environment to develop new digital products and services, especially in AI. A. Another digital divide These three digital trade giants have provided other countries some incentives to join their realms. While the USA and the EU have relied on access to their wealthy, active, and sizeable digital markets to attract other countries to their realms, China has offered to help the countries that are part of its Belt and Road Initiative to build an internet infrastructure modelled on the Great Firewall.155 According to Chen Zhaoxiong, Vice Minister of China’s Ministry of Industry and Information Technology, the aim is to ‘promote the ‘digital silk road’ to construct a community of common destiny in cyberspace’.156 But these three realms’ existence poses a challenge for other countries: their policymakers could eventually be forced to choose which realm to associate with. For example, both Canada and Mexico have FTAs with the USA and EU. While the USA is Canada’s largest trade partner for goods and services and the Canadian regulatory approach more resembles that of the USA, Canadians may feel more comfortable with the EU's approach and its strong commitment to data protection. However, Canada’s commitments under CPTPP and possibly under NAFTA 2.0 could make it more difficult to meet the EU’s GDPR requirements.157 Mexico is also increasingly committed to data protection and has included some rights embedded in EU law into Mexican law. Moreover, given the Trump administration’s bullying of Mexico, Mexican officials and citizens want to increase trade with Europe to be less dependent on the US market. They too might ultimately be more comfortable with the EU approach.158 Meanwhile, countries in Africa face a choice between the Chinese and EU data realms. While Africa has close trade ties to Europe, policymakers may seek to gain more Chinese investment in the region. In South America, the pull could be three ways rather than two. Traditionally, the Americans and Europeans have vied for influence in the region, but China has made significant inroads. Given that existing FTAs in Latin America do not address data flows, countries in the region face a difficult choice, unless they have already committed to the TPP model. Finally, in the Asia-Pacific region, countries face a choice between the Chinese and US models. With the CPTPP, Japan and other Member States have managed to ensure that the US data realm continues to be an attractive option for countries in the region.159 Many countries may struggle with the decision to choose a realm to govern data flows. While they may have a significant base in e-commerce, they do not yet have significant data-driven sectors. These states may be suppliers of personal data, but they do not control or process data. Policymakers in these states may want to wait and see how the data-driven economy develops rather than picking the wrong realm to latch onto. Alternatively, they may try to devise rules that are interoperable with at least two of the three data realms; yet that is easier said than done given the different data realm strategies. Alternatively, policymakers may decide to shape their own markets by developing rules that require companies to pay them for personal data.160 In so doing, they gain leverage related to these sectors and could influence comparative advantage in the data-driven economy.161 B. Implications for the WTO The three data realms both undermine and bolster the WTO. On the one hand, given that WTO members have made little progress on e-commerce or TiSA, some countries that seek modernized rules to govern data flows are turning to FTAs. In so doing, they are weakening the WTO, as its purview will not include key new sectors. Moreover, relying on FTAs to govern data flows only risks aggravating the digital divide between countries, since FTAs will only serve to promote (and protect) the three giants’ data realms. On the other hand, countries recognize that the WTO provides the only legitimate forum to clarify rules and resolve disputes. Moreover, the WTO has significant experience balancing demands for open markets with demands to restrict markets to achieve important domestic policy goals. And there is growing evidence that members are turning to the WTO to provide guidance and stimulate discussion. For instance, several Member States have submitted ‘non-papers’ on data-related provisions to the WTO since 2016.162 In addition, in June 2017, WTO members debated if cyber security strategies were a technical barrier to trade. Some members were concerned that cyber security regulations would negatively impact trade in IT products, potentially discriminating against foreign companies and technologies and possibly leading to unnecessary disclosure of commercially confidential and technical information. Others argued that cyber security rules are needed to address national security issues and ensure consumer privacy and the measures in question were non-discriminatory.163 In March 2018, at the United States’ behest, WTO members discussed whether China’s cyber security regulations undermined the free flow of data across borders.164 They are also using this venue to discuss Vietnam’s cyber security laws as a barrier to data flows.165 With such discussions, the three data realms are bolstering the WTO—prodding members to find common ground on important questions.166 However, a lot of work remains. Although the EU and the USA broadly support the free flow of data across borders with restrictions on data localization, other Member States such as the Africa Group are aligned with the Chinese data realm in opposing data flow liberalization and data localization limitations.167 Alternatively, these countries could take advantage of the current situation to rethink how to regulate trade in data, which is different than trade in goods or services. Perhaps Member States could find agreement on a new framing based on data types, as suggested by Aaronson and by Sen.168 Many cross-border data flows are not directly associated with a traditional trade transaction. Moreover, each type of data may pose different regulatory issues (e.g. metadata vs. personal data; proprietary data vs. public data). Policymakers could build on the WTO’s two regulatory agreements: the Agreement on Technical Barriers to Trade (TBT) and the Agreement on the Application of Sanitary and Phytosanitary Measures (SPS). These agreements ensure that when Member States regulate they do not create disguised barriers to trade. VIII. CONCLUSION China, the EU, and the USA have established three distinct data realms, but the differences between the realms risk creating an important digital divide between rule makers (the three realms) and the rule takers who lack comparative advantage in these new data-driven sectors. The growing strength of these realms could undermine the legitimacy and relevance of the WTO in the global economy. However, the three realms could also provide a new logic for collective action, prodding those without a comparative advantage in data-driven sectors as well as the data behemoths to collaborate at the WTO. FUNDING The George Washington University Institute of International Economic Policy and the University of Ottawa's CN-Paul M. Tellier Chair on Business and Public Policy provided funding for research assistance. The authors would like to thank Kimberly Bullard and Wang Zhiduo for their able research assistance with this article. They would also like to thank Robert Wolfe for his comments on a previous version of this article. Footnotes 1 Peter Temin, ‘Mediterranean Trade in Biblical Times’, 3-12 MIT Department of Economics Working Papers (2003), at 14–16. 2 Software provides a good example. The Congressional Research Service reported that the value of embedded software represents a substantial and growing share of the value of many manufactured products from pacemakers to cars. Marc Levinson, The Meaning of ‘Made in the USA’, R44755 (Washington, DC: Congressional Research Service, 2017), https://fas.org/sgp/crs/misc/R44755.pdf (visited 9 March 2018). 3 Dan Ciuriak, ‘Digital Trade: Is Data Treaty-Ready?’ 162 Centre for International Governance Innovation Papers (2018), https://www.cigionline.org/publications/digital-trade-data-treaty-ready; Susan ArielAaronson, ‘Information Please: A Comprehensive Approach to Digital Trade Provisions in NAFTA 2.0’, 154 Centre for International Governance Innovation Papers (2017), https://goo.gl/DLbif7; Nivedita Sen, ‘Understanding the Role of the WTO in International Data Flows: Taking the Liberalization or the Regulatory Autonomy Path?’, 21 Journal of International Economic Law 323 (2018). 4 Jonah Force Hill and Matthew Noyes, ‘Rethinking Data, Geography, and Jurisdiction: Towards a Common Framework for Harmonizing Global Data Flow Controls’, in Ryan Ellis and Vivek Mohan (eds), Rewired: Cybersecurity Governance (Wiley Publishing, 2018), https://goo.gl/FwuLcB; Bertrand de La Chappelle and Paul Fehlinger, ‘Jurisdiction on the Internet: From Legal Arms Race to Transnational Cooperation’, 28 Centre for International Governance Innovation Papers (2016), https://goo.gl/o9tNRT. 5 See Sen, above n 3, at 5; Susan Ariel Aaronson, ‘What Are We Talking About When We Discuss Digital Protectionism?’ (4 September 2017). Working Paper for the Economic Research Institute of Asia (Eria), July 2017. Available at SSRN: https://ssrn.com/abstract=3032108 or http://dx.doi.org/10.2139/ssrn.3032108. 6 International Centre for Trade and Sustainable Development (ICTSD), ‘African Group Submits Proposal on E-commerce Ahead of WTO Ministerial’, 28 November 2017, https://www.ictsd.org/bridges-news/bridges-africa/news/african-group-submits-proposal-on-e-commerce-ahead-of-wto (visited 7 April 2018). 7 International Centre for Trade and Sustainable Development (ICTSD), ‘TiSA Ministerial Cancelled, Officials to Prepare for 2017’, 24 November 2016, https://www.ictsd.org/bridges-news/bridges/news/tisa-ministerial-cancelled-officials-to-prepare-for-2017 (visited 9 March 2018); Mira Burri, ‘The Governance of Data and Data Flows in Trade Agreements: The Pitfalls of Legal Adaptation’, 51 UC Davis Law Review (2017), at 65, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=306797 (visited 20 April 2018). 8 Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), signed by Member States at Santiago, 8 March 2018, https://goo.gl/QU3CzX. 9 For the United States, see US Executive Office of the President, National Science and Technology Council, Preparing for the Future of Artificial Intelligence (Washington, DC: US Executive Office of the President, 2016) https://goo.gl/9XN4eB; for France, see Cédric Villani, For A Meaningful Artificial Intelligence: Towards a French and European Strategy (Paris: AI for Humanity, 2018), https://goo.gl/AhRFKB; for Canada, see Canadian Institute for Advanced Research (CIFAR), ‘Pan-Canadian Artificial Intelligence Strategy Overview’, 30 March 2017, https://goo.gl/PZ58vT; and for United Kingdom, see Dame Wendy Hall and Jérôme Pesenti, Growing the Artificial Intelligence Industry in the UK (London: UK Department for Digital, Culture, Media and Sport and Department for Business, Energy & Industrial Strategy, 2017), https://goo.gl/duiQxJ. 10 Xavier Amatriain, ‘In Machine Learning, What is Better: More Data or Better Algorithms’, June 2016, https://goo.gl/w1tJQu; Avi Goldfarb and Daniel Trefler, ‘AI and International Trade’, in Ajay K. Agrawal, Joshua Gans and Avi Goldfarb (eds), The Economics of Artificial Intelligence: An Agenda (Cambridge, MA: National Bureau of Economic Research (NBER), 2018). 11 For a comparison of the Chinese and US approaches to digital trade, see Henry Gao, ‘Digital or Trade? The Contrasting Approaches of China and US to Digital Trade’, 21 Journal of International Economic Law 297 (2018). 12 Data are unprocessed facts. When data are processed, organized, structured, or presented in a meaningful or useful manner, they become information. Diffen, ‘Data vs. Information’, http://www.diffen.com/difference/Data_vs_Information (visited 8 March 2018); Sen, above n 3, at 3. 13 Organisation for Economic Co-operation and Development (OECD), ‘OECD Glossary of Statistical Terms’, http://stats.oecd.org/glossary/detail.asp?ID=4721 (visited 8 March 2018). 14 Javier López González and Marie-Agnes Jouanjean, ‘Digital Trade: Developing a Framework for Analysis’, 205 OECD Trade Policy Papers (2017), http://dx.doi.org/10.1787/524c8c83-en. 15 European Commission, Communication on Data-Driven Economy, Law, 2 July 2014, https://ec.europa.eu/digital-single-market/en/news/communication-data-driven-economy. 16 James Manyika et al., Digital Globalization: The New Era of Global Flows (USA: McKinsey Global Institute, 2016) 23, https://goo.gl/ejeDBE. 17 Andrea Ariu, ‘Services Versus Goods Trade: Are They the Same?’ 237 National Bank of Belgium Working Paper Research (2012), https://www.nbb.be/doc/ts/publications/wp/wp237en.pdf. 18 Jessica R. Nicholson and Ryan Noonan, Digital Economy and Cross-Border Trade: The Value of Digitally-Deliverable Services (Washington, DC: US Department of Commerce, 2014) 1, http://esa.doc.gov/sites/default/files/digitaleconomyandcross-bordertrade.pdf. 19 OECD, ‘Measuring Digital Trade: Towards a Conceptual Framework’, STD/CSSP/WPTGS (2017)3, 6 March 2017, https://goo.gl/v2Jd7D (visited 9 March 2018). 20 Dan Ciuriak and Maria Ptashkina, The Digital Transformation and the Transformation of International Trade (Inter-American Development Bank and International Centre for Trade and Sustainable Development, RTA Exchange: 2018), http://e15initiative.org/wp-content/uploads/2015/09/RTA-Exchange-Digital-Trade-Ciuriak-and-Ptashkina-Final.pdf (visited 9 March 2018). 21 See Sen, above n 3, at 20. 22 See Aaronson, above n 3; See Aaronson, above n 5. 23 US International Trade Commission (USITC), Digital Trade in the US and Global Economies, Part 1, Investigation No. 332-532 (Washington, DC: 2013), https://www.usitc.gov/publications/332/pub4415.pdf; USITC, Digital Trade in the U.S. and Global Economies, Part 2, Investigation No. 332-540 (Washington, DC: 2014) 1, https://www.usitc.gov/publications/332/pub4485.pdf; See López González and Jouanjean, above n 15. 24 Ciuriak and Ptashkina, above n 20, at 6; Nigel Cory, ‘Cross-border Data Flows: Where Are the Barriers, and What Do They Cost?’, Information Technology & Innovation Foundation (ITIF) (2017), http://www2.itif.org/2017-cross-border-data-flows.pdf (visited 9 March 2018); Martina F. Ferracane, ‘Restrictions on Cross-Border Data Flows: a Taxonomy’, 1/2017 European Centre for International Political Economy (ECIPE) Working Paper (2017), https://goo.gl/VfbF3m; Sen, above n 3, at 5. 25 Susan Ariel Aaronson, ‘What might have been and could still be: The Trans-Pacific Partnerships potential to encourage an open internet and digital rights’, 2(2) Journal of Cyber Policy 232 (2017), at 232. 26 Ibid, at 232. 27 See de La Chappelle and Fehlinger, above n 4. 28 Ibid. 29 Carl Bildt, ‘A Victory for the Internet’, New York Times, 5 July 2012, https://goo.gl/hree6E (visited 9 March 2018); Sarah Box, ‘Internet Openness and Fragmentation: Toward Measuring the Economic Effects’, 36 Centre for International Global Innovation and Chatham House Paper Series (2016), https://goo.gl/9JKyYY. 30 Christian Tietje, ‘Global Information Law: Some Systemic Thoughts’, in Mira Burri and Thomas Cottier (eds), Trade Governance in the Digital Age: World Trade Forum (New York: Cambridge University Pres, 2012) 45-64. 31 Force Hill and Noyes, above n 4; de La Chapelle and Fehlinger, above n 4. 32 See Burri, above n 7. 33 The Ministerial Declaration on Trade in Information Technology Products (the ITA) was concluded by 29 participants at the Singapore Ministerial Conference in December 1996. Now it has 82 countries. See World Trade Organization, ‘Information Technology Agreement’, https://www.wto.org/english/tratop_e/inftec_e/inftec_e.htm (visited 9 March 2018). 34 World Trade Organization, ‘Intellectual property: protection and enforcement’, https://www.wto.org/english/thewto_e/whatis_e/tif_e/agrm7_e.htm (visited 9 March 2018); World Trade Organization, ‘Frequently asked questions about TRIPS [ trade-related aspects of intellectual property rights] in the WTO’, www.wto.org/english/tratop_e/trips_e/tripfq_e.htm (visited 9 March 2018). 35 Sen, above n 3, at 7. 36 WTO General Council, Work Programme on Electronic Commerce, S/L/74, Adopted on 27 July 1999; Sen, above n 3, at 9. 37 Article XIV of the General Agreement on Trade in Services (GATS), done at Marrakesh, 4 April 1994; Article XIV of the GATS. 38 Jack Goldsmith and Tim Wu, Who Controls the Internet? Illusions of a Borderless World (New York: Oxford University Press, 2006); For a discussion of the compatibility of restrictions on data flows and existing WTO obligations, see Sen, above n 3, at 13. 39 WTO. General Exceptions: Article XIV of the GATS, https://www.wto.org/english/tratop_e/dispu_e/repertory_e/g4_e.htm. 40 Mira Burri, Should There be New Multilateral Rules for Digital Trade? (Geneva: International Centre for Trade and Sustainable Development, 2013); Hosuk Lee-Makiyama, ‘Future-proofing World Trade in Technology: Turning the WTO IT Agreement (ITA) into the International Digital Economy Agreement (IDEA)’, 04/2011 European Centre for International Political Economy (ECIPE) Working Paper (2011), https://goo.gl/wzyCua. 41 World Trade Organization, ‘Electronic Commerce’, https://www.wto.org/English/tratop_E/ecom_e/ecom_e.htm (visited 9 March 2018). 42 Inside US Trade, ‘New TISA Round Kicks Off in Geneva, To Include Ministerial Review,’ 27 May 2016, https://goo.gl/185BPy; Inside US Trade, ‘EU, US Consumer Groups Demand Carve out for Data Protections in TISA’, https://goo.gl/u3hSpi. 43 See Goldsmith and Wu, above n 38; and Sacha Wunsch-Vincent, ‘The Internet, Cross-Border Trade in Services and the GATS: Lessons from US Gambling’, 5 (3) World Trade Review (2006), at 319. 44 WTO Appellate Body, United States – Measures Affecting the Cross-Border Supply of Gambling and Betting Services, WT/DS285/AB/R, adopted on 20 April 2005, DSR 2005: XII, 5663 (and Corr.1, DSR 2006: XII, 5475). 45 WTO Appellate Body, China – Measures Affecting Trading Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products, WT/DS363/AB/R, adopted on 19 January 2010, DSR 2010: I, 3. 46 Aaditya Mattoo and Ludger Schuknecht, ‘Trade Policies for Electronic Commerce’, World Bank Policy Research Working Paper (2000), http://elibrary.worldbank.org/doi/pdf/10.1596/1813-9450-2380, pp. 19–20; See Goldsmith and Wu, above n 38. 47 Susan Ariel Aaronson, ‘The Digital Trade Imbalance and Its Implications for Internet Governance’, 25 Centre for International Governance Innovation Papers (2016). 48 The CPTPP language on data flows is in the e-commerce chapter, which was not adjusted after the USA left the agreement. See CPTPP, above n 8. 49 See Goldfarb and Trefler, above n 10; Aaronson, above n 3. 50 Internet World Stats: Usage and Population Statistics, ‘Internet Users and 2017 Population in North America’, https://goo.gl/3unC4m (visited 9 March 2018); Statista, ‘Market Capitalization of the Biggest Internet Companies Worldwide as of May 2017 (in billion US dollars)’, https://goo.gl/vSba2p (visited 9 March 2018). 51 Katherine Noyes, ‘Four US Companies Rule the world Cloud Infrastructure’, Computer World, 1 August 2016, https://goo.gl/PirYHB. 52 Mary Meeker, ‘Internet Trends 2014 – Code Conference’, Kleiner Perkins (KPCB), 28 May 2014, http://www.kpcb.com/blog/2014-internet-trends. 53 The World Bank, World Development Report 2016: Digital Dividends (Washington, DC: International Bank for Reconstruction and Development/The World Bank, 2016), http://www.worldbank.org/en/publication/wdr2016. 54 Will Knight, ‘China and the US are Bracing for an AI Showdown—in the Cloud’, MIT Technology Review, 31 January 2018, https://goo.gl/gEXyjr; Bob Davis, ‘China’s Authoritarian State Has an Edge in Artificial Intelligence Development’, Wall Street Journal, 25 February 2018, https://goo.gl/yZpbrW. 55 William J. Clinton, Memorandum for the Heads of Executive Departments and Agencies: Electronic Commerce (Washington, DC: The White Office of the Press Secretary, 1997), https://goo.gl/VSEFVW. 56 See SG/EC ((98)9/Final, endorsed by Ministers October 1999. For WTO, ‘Briefing Notes: E-commerce: Duties on Hold While Impact Discussed’, http://www.wto.org/english/tratop_e/dda_e/status_e/ecom_e.htm (visited 17 July 2014). 57 See Clinton, above n 55. 58 Zoe Fox, ‘On Internationalization of Internet Users’, 18 October 2013, http://mashable.com/2013/10/28/google-monthly-traffic/ (visited 7 April 2018); Ruslan Enikeev, ‘The Map of the Internet’, The Internet map, http://internet-map.net/; and the Internet timeline, http://www.infoplease.com/ipa/A0193167.html (visited 7 April 2018); The Economist, ‘The Biggest Internet Companies’, 11 July 2014, http://www.economist.com/news/business/21606850-biggest-internet-companies (visited 7 April 2018). 59 Aaronson, 2016, note 25. 60 Aaronson, 2017, note 47 has a comprehensive history. 61 Google, ‘Enabling Trade in the Era of Information Technologies: Breaking Down Barriers to the Free Flow of Information’, Google Public Policy Blog, 15 November 2010, https://goo.gl/9CGxam; OpenNet Initiative, ‘On ONI’, https://opennet.net/about-oni (visited 7 April 2018). 62 Art. 15.8 of the Free Trade Agreement between the United States of America and the Republic of Korea (KORUS FTA), 30 June 2007. 63 Aaronson, 2016, note 25. 64 William Drake, Vinton Cerf and Wolfgang Kleinwächter, ‘Future of the Internet Initiative White Paper Internet Fragmentation, An Overview’, World Economic Forum, January 2016, http://www3.weforum.org/docs/WEF_FII_Internet_Fragmentation_An_Overview_2016.pdf, 36; Aaronson, 2016, note 25. 65 Niels Nagelhus Schia and lars Gjesvik, ‘China’s Cyber Sovereignty’, 2 Norwegian Institute of International Affairs (2017), https://goo.gl/NxYcm; Paul R. Burgman, Jr, ‘Securing Cyberspace: China Leading the Way in Cyber Sovereignty’, The Diplomat, 18 May 2016, https://goo.gl/DGUpRZ. 66 Michael Froman, Trade, Growth, and Jobs: US Trade Policy in the Obama Administration (Washington, DC: US Executive Office of the President, 2017), https://goo.gl/avHszY. 67 Office of the United States Trade Representative (USTR), Findings of the Investigation into China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation Under Section 30’1 of the Trade Act of 1974 (Washington, DC: USTR, 2018), https://goo.gl/ifbZ8n; USTR, ‘Following President Trump’s Section 301 Decisions, USTR Launches New WTO Challenge Against China’, https://goo.gl/L99cxs. 68 Martin Samsun, ‘Internet Library of Law and Court Decisions’, http://www.Internetlibrary (visited 7 April 2018). 69 The White House, ‘We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online’, 23 February 2012, https://goo.gl/1zGTDx. 70 Cameron S. Kerry, the Commerce Department’s General Counsel under former US President Barack Obama, noted 3000 companies participate in Safe Harbor with the EU; he also stressed that the USA had adopted the Asia Pacific Economic Cooperation’s Cross Border Privacy Rules. Cameron S. Kerry, ‘Cameron F. Kerry Keynote Address at the European Data Protection and Privacy Conference’, US National Telecommunications and Information Administration, 6 December 2011, https://goo.gl/nPi777. 71 US Department of Commerce, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework (Washington, DC: US Department of Commerce, 2010) 44, 54, https://goo.gl/cEEcMD; US Department of Commerce, ‘Welcome to the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks’, https://2016.export.gov/safeharbor. 72 USTR, Summary of Objectives for NAFTA Renegotiations, November 2017, https://ustr.gov/sites/default/files/files/Press/Releases/Nov%20Objectives%20Update.pdf. 73 Net neutrality is the principle that individuals should be free to access all content and applications equally, regardless of the source and without internet service providers discriminating against specific online services or websites. Public Knowledge, ‘Net Neutrality’, https://www.publicknowledge.org/issues/net-neutrality (visited 7 April 2018). 74 In 2015, the Federal Communications Commission (FCC) decided that several internet firms were dominating the market and jeopardizing access and fair pricing. The FCC Commissioners agreed to regulate broadband and mobile internet service providers as a utility to ensure that these providers did not achieve monopoly prices in markets where competition was limited. These rules, they argued, would promote net neutrality. However, President Trump named several new FCC Commissioners who voted to cancel this regulation, preferring a ‘hands-off’ approach to regulating the internet within its borders. 75 Callum Borchers, ‘Trump’s FCC Chairman is Pitching Internet Deregulation as a Return to Bill Clinton’s Policy’, The Washington Post, 27 November 2017, https://goo.gl/owa9d3-. 76 David Kravets, ‘Facebook, Google, Twitter tell Congress their Platforms Spread Russian-Backed Propaganda’, 31 October 2017, Arstechnica, https://goo.gl/xTfKhB; Steven Lee Myers and Sui-Lee Wee, ‘As US Confronts Internet’s Disruptions, China Feels Vindicated’, New York Times, 16 October 2017, https://goo.gl/rBMz1x. 77 Cade Metz, ‘China’s Blitz to Dominate A.I.’, New York Times, 13 February 2018, https://goo.gl/LJuYmW. 78 See Internet World Stats: Usage and Population Statistics, above n 50. 79 European Commission, ‘Why We Need a Digital Single Market’, https://ec.europa.eu/commission/sites/beta-political/files/dsm-factsheet_en.pdf (visited 8 March 2018). 80 Matthias Bauer and Fredrik Erixon, ‘Competition, Growth and Regulatory Heterogeneity in Europe’s Digital Economy’, 2/2016 European Centre for International Political Economy (ECIPE) (2016), https://goo.gl/GWN2hu. 81 European Commission, ‘Final Results of the European Data Market Study Measuring the Size and Trends of the EU Data Economy’, 2 May 2017, https://goo.gl/qhdVKw (visited 8 March 2018). 82 European Commission, Proposal for a Regulation of the European Parliament and of the Council on a Framework for the Free Flow of Non-personal Data in the European Union (Brussels: European Commission, 2017), http://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-495-F1-EN-MAIN-PART-1.PDF. 83 European Commission, ‘Building a European Data Economy’, https://ec.europa.eu/digital-single-market/en/policies/building-european-data-economy (visited 8 March 2018). European Commission, Staff Working Document on the Free Flow of Data and Emerging Issues of the European Data Economy (Brussels: European Commission, 2017), https://goo.gl/5swiF4. 84 European Commission, ‘Synopsis Report of the Public Consultation on Building a European Data Economy’, 7 September 2017, https://ec.europa.eu/digital-single-market/en/news/synopsis-report-public-consultation-building-european-data-economy (visited 8 March 2018). 85 See Bauer and Erixon, above n 80. 86 The Council of Europe promotes common and democratic principles based on the European Convention on Human Rights and other reference texts on the protection of individuals. It is also home to the European Court of Human Rights, which clarifies European law related to human rights. Parliamentary Assembly, ‘The Protection of Privacy and Personal Data on the Internet and Online Media’ (Strasbourg, France: Council of Europe, 2011), http://assembly.coe.int/CommitteeDocs/2011/RihterviepriveeE.pdf. 87 Council of Europe, Convention for the Protection of Individuals with Regard to the Automatic Processing of Individual Data, 28 January 1981, ETS 108. 88 Ibid. 89 European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ 1995 L 281, 23 November 1995 P. 0031 – 0050. 90 See US Department of Commerce, above n 71. 91 European Parliament and Council Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119 (59), 4 May 2016, P. 1-89; European Parliament and Council Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ 2016 L 119 (59), 4 May 2016, P. 89-132. 92 Economic Commission, Proposal for a Regulation of the European Parliament and of the Council Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (Brussels: European Commission, 2017), http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017PC0010&from=EN. 93 Ibid. 94 Mehreen Khan, ‘Companies Face High Cost to Meet New EU Data Protection Rules’, Financial Times, 10 November 2017, https://www.ft.com/content/0d47ffe4-ccb6-11e7-b781-794ce08b24dc (visited 8 March 2018). 95 Robert Atkinson, ‘Can Nations Actually Collaborate in the Digital Economy?’ Connect World (2017), at 11, https://goo.gl/3Z5CSc. 96 Regarding Philippine adoption of legislation, based on the EU Data Protection Directive 95/46/EC and accords with APEC policies, Zambo Times, ‘Senate Ratifies Bicam Report on Data Privacy Act’, 7 June 2012. 97 European Commission, ‘Adequacy of the Protection of Personal Data in Non-EU Countries. How the EU Determines if a Non-EU Country has an Adequate Level of Data Protection’, https://goo.gl/8a4Sds. 98 European Commission, ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, on the Mid-Term Review on the implementation of the Digital Single Market Strategy, A Connected Digital Single Market for All’, SWD (2017) 155 final, 78, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017DC0228. 99 Brett Fortnam, ‘EU Punts on Data Flow Language in Japan Deal, Leaving Position Unresolved’, Inside U.S. Trade, 6 July 2017, https://goo.gl/8x9t9L; Brett Fortnam, ‘Japan Urges EU to Develop Data Flow Provisions Despite Political Agreement on FTA’, Inside US Trade, 7 July 2017, https://goo.gl/RqP24i. 100 European Commission, ‘EU-Mexico Free Trade Agreement, EU Textual Proposal, Title on Digital Trade’, April 2017, http://trade.ec.europa.eu/doclib/docs/2017/may/tradoc_155518.pdf. 101 See Fortnam, above n 99. 102 European Commission, ‘Horizontal Provisions for Cross-border Data Flows and for personal Data Protection (in EU trade and Investment Agreements)’, https://goo.gl/ZtPJ6i. 103 Frans Timmermans et al. to Kiril Yurukov, Chair of Trade and Policy Committee Services and Investment, The European Council, 2/09/2018, Ref. Ares 2018766616. 104 Xinhua, ‘China’s Digital Economy Accounts for 30% of 2016 GDP: Report’, ChinaDaily.com, 4 December 2017, http://www.chinadaily.com.cn/business/4thwic/2017-12/05/content_35212111.htm (visited 28 February 2018). 105 UNESCO, ‘China, India Now World’s Largest Internet Markets’, 15 September 2016, https://goo.gl/LgAqsC (visited 9 March 2018). 106 Jonathan Woetzle et al., ‘China’s Digital Economy: A Leading Global Force’, McKinsey Global Institute (2017), https://goo.gl/Sutpwg (visited 9 March 2018). 107 Jingli Song, ‘IDC Predicts 55% of China's Economy to be Digital by 2021’, ChinaDaily.com, 13 November 2017, http://www.chinadaily.com.cn/business/2017-11/13/content_34484309.htm (visited 28 February 2018). 108 Clifford Coonan, ‘Great Firewall is Harming EU Business in China, says Chamber’, The Irish Times, 17 February 2015, https://goo.gl/nMLqH7 (visited 9 March 2019); USTR, 2016 National Trade Estimate Report on Foreign Trade Barriers (Washington, DC: USTR, 2016), https://ustr.gov/sites/default/files/2016-NTE-Report-FINAL.pdf. 109 Paul Mozur, ‘Inside China’s Big Tech Conference, New Ways to Track Citizens’, New York Times, 5 December 2017, https://goo.gl/V4cHtQ (visited 9 March 2018). 110 Ibid; Mark Bergen and David Ramil, ‘China’s Plan for World Domination in AI Isn’t So Crazy After All’, Bloomberg, 14 August 2017, https://goo.gl/4j2gur (visited 1 March 2018); Nigel Cory, ‘The Worst Innovation Mercantilist Policies of 2017’, Information Technology & Innovation Foundation (2018), at 7, http://www2.itif.org/2018-worst-mercantilist-policies-2017.pdf (visited 1 March 2018). 111 Martina F. Ferracane and Hosuk Lee-Makiyama, China’s Technology Protectionism and its Non-Negotiable Rationales (Brussels: European Centre for International Political Economy, 2017), at 3, http://ecipe.org/publications/chinas-technology-protectionism/. 112 Nectar Gan, ‘China’s Security Chief Calls for Greater Use of AI to Predict Terrorism and Social Unrest’, South Morning China Post, 21 September 2017, http://www.scmp.com/news/china/policies-politics/article/2112203/china-security-chief-calls-greater-use-ai-predict (visited 1 March 2018). 113 See Ferracane and Lee-Makiyama, above n 111, at 4. 114 Ibid, at 8. 115 Freedom House, ‘Freedom on the Net 2017: Manipulating Social Media to Undermine Democracy’, https://freedomhouse.org/report/freedom-net/freedom-net-2017 (visited 9 March 2018). 116 USTR, 2017 Report to Congress on China’s WTO Compliance (Washington, DC: USTR, 2018), https://goo.gl/DxwM4U. 117 Associated Press, ‘China Clamping Down on Use of VPNs to Evade Great Firewall’, CNBC, 20 July 2017, https://goo.gl/PSAvA3 (visited 9 March 2018). 118 European Chamber, ‘European Business in China – Business Confidence Survey 2017’, 20, http://www.europeanchamber.com.cn/en/publications-archive/516/Business_Confidence_Survey_2017 (visited 1 March 2018). 119 The US-China Business Council, ‘Optimizing Connectivity: Updated Recommendations to Improve China’s Information Technology Environment’, February 2018, 1, https://www.uschina.org/reports/optimizing-connectivity-updated-recommendations-improve-china’s-information-technology-environment (visited 1 March 2018). 120 Freedom House, above n 115, at 6. 121 Steven Lee Myers and Sui-Lee Wee, ‘As U.S. Confronts Internet’s Disruptions, China Feels Vindicated’, New York Times, 16 October 2017, https://www.nytimes.com/2017/10/16/world/asia/china-internet-cyber-control.html (visited 9 March 2018). 122 Ibid. 123 Ferracane and Lee-Makiyama, above n 111, at 7. 124 Yuan Yang, Lucy Hornby and Emily Feng, ‘China Disrupts Global Companies’ Web Access as Censorship Bites’, Financial Times, 16 January 2018, https://www.ft.com/content/80e50a6c-fa8a-11e7-9b32-d7d59aace167 (visited 1 March 2018). 125 Saheli Roy Choudhury, ‘Apple Removes VPN Apps in China as Beijing Doubles Down on Censorship’, CNBC, 31 July 2017, https://www.cnbc.com/2017/07/31/apple-removes-vpn-apps-in-china-app-store.html (visited 9 March 2018). 126 ‘Virtual panic’, The Economist, 6 January 2018, at 28 (visited 8 March 2018). 127 Freedom House, above n 115, at 2. 128 Ferracane and Lee-Makiyama, above n 111, at 8. 129 Ibid. 130 Freedom House, above n 115, at 7. 131 Ferracane and Lee-Makiyama, above n 111, at 8. Lee Myers and Wee, above n 121. 132 Jiang Sijia, ‘China Holds Drill to Shut Down ′Harmful′ Websites’, Reuters, 3 August 2017, http://www.reuters.com/article/us-china-internet-idUSKBN1AJ1XL (visited 9 March 2018). 133 Ronald J. Deibert, Black Code: Inside the Battle for Cyberspace (Toronto: Signal, 2013). 134 Bill Marczak et al., China’s Great Cannon (Toronto: The Citizen Lab, Munk School of Global Affairs, University of Toronto, Research Brief, April 2015), https://citizenlab.ca/wp-content/uploads/2009/10/ChinasGreatCannon.pdf (visited 5 March 2018). 135 Paul Mozur, ‘China Presses its Internet Censorship Program across the Globe’, The New York Times, 2 March 2018, https://www.nytimes.com/2018/03/02/technology/china-technology-censorship-borders-expansion.html (visited 9 March 2018). 136 Ferracane and Lee-Makiyama, above n 111, at 13. 137 Ibid, at 8. 138 Ibid, at 13. 139 Cory, above n 110, at 8. 140 Ferracane and Lee-Makiyama, above n 111, at 14. 141 USTR, above n 116, at 21; Nigel Cory, ‘Post-Hearing Written Submission Before the United States International Trade Commission Regarding Investigations Global Digital Trade 1 (No. 332-562) and Global Digital Trade 2 (No. 332-563)’ (Washington: Information Technology & Innovation Foundation, 29 March 2018) 10, http://www2.itif.org/2018-testimony-global-digital-trade.pdf (visited 7 April 2018). 142 Stephen Nellis and Cate Cadell, ‘Apple Moves to Store iCloud Keys in China, Raising Human Rights Fears’, Reuters, 24 February 2018, https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (visited 1 March 2018). 143 Zhizheng Wang, ‘Systematic Government Access to Private-Sector Data in China’, 2(4) International Data Privacy Law 220 (2012), at 221. 144 Freedom House, above n 115, at 22. 145 Ferracane and Lee-Makiyama, above n 111, at 14. 146 Ibid. 147 Wang, above n 143, at 221. 148 ‘Public Pushback’, The Economist, 27 January 2018, 35 (US edition). 149 Zen Soo, ‘The Increasing Use of Artificial Intelligence is Stoking Privacy Concerns in China’, The South China Morning Post, 6 March 2018, http://www.scmp.com/business/companies/article/2135713/increasing-use-artificial-intelligence-stoking-privacy-concerns (visited 9 March 2018). 150 Josephine Wolfe, ‘The Internet Censor’s Dilemma’, Slate, 5 March 2018, https://slate.com/technology/2018/03/virtual-private-networks-become-more-popular-as-countries-restrict-their-use.html (visited 9 March 2018). 151 Global Web Index, ‘VPN Usage around the World’, https://insight.globalwebindex.net/vpn-usage-around-the-world (visited 9 March 2018). 152 An Baijie, ‘China, Chile “landmark” FTA Seen as a Boon’, China Daily, 23 November 2017, http://europe.chinadaily.com.cn/business/2017-11/23/content_34882792.htm (visited 2 March 2018). 153 Australia, Department of Foreign Affairs and Trade, ‘Joint Leaders’ Statement on the Negotiations for the Regional Economic Comprehensive Partnership’, 14 November 2017, Manila, the Philippines, http://dfat.gov.au/trade/agreements/rcep/news/Pages/joint-leaders-statement-on-the-rcep-negotiations-14-november-2017-manila-philippines.aspx (visited 9 March 2018); Asian Trade Center, ‘RCEP and TPP 11 Compared’ (Policy Brief Number: 17-12, November 2017), https://static1.squarespace.com/static/5393d501e4b0643446abd228/t/5a1c16398165f542d6cb5c6b/1511790142681/Policy+Brief+17-12+TPP11+and+RCEP+Compared.pdf (visited 9 March 2018); Asia Trade Center, ‘E- Commerce and Digital Trade Proposals for RCEP’ (Working Paper, Auckland Round, June 2016), https://static1.squarespace.com/static/5393d501e4b0643446abd228/t/575a654c86db438e86009fa1/1465541967821/RCEP+E-commerce+June+2016.pdf (visited 9 March 2018). 154 Aaronson 2016, above n 47; and Nuala O’Connor, Reforming the U.S. Approach to Data Protection and Privacy, Council on Foreign Relations, 8 January 2018, https://www.cfr.org/report/reforming-us-approach-data-protection. 155 Lucy Hornby, ‘Cash Colours Chinese Curbs on Corporate Internet Access’, Financial Times, 23 January 2018. 156 Andrew Moody and Cheng Yu, ‘“Digital silk road” expected to link world’, China Daily, 8 December 2017, http://africa.chinadaily.com.cn/weekly/2017-12/08/content_35257746.htm (visited 28 February 2018). 157 Geist, Michael, ‘Data Rules in Modern Trade Agreements: Toward Reconciling an Open Internet with Privacy and Security Safeguards’ (Waterloo: Centre for International Governance Innovation, 2018), https://www.cigionline.org/articles/data-rules-modern-trade-agreements-toward-reconciling-open-internet-privacy-and-security (visited 7 April 2018). 158 Aaronson, above n 3. 159 For a discussion of which of the Chinese or US approach to digital trade developed and developing countries might prefer, see Gao, above n 11, at 31. 160 Jaron Lanier, Who Owns the Future? (New York: Simon and Schuster, 2013). 161 Eudardo Porter, ‘Getting Tech Giants to Pay You for Your Data’, New York Times, 17 March 2018, https://www.nytimes.com/2018/03/06/business/economy/user-data-pay.html (visited 9 March 2018). 162 Sen, above 3, at 16. 163 WTO, ‘Members Debate Cyber Security and Chemicals at Technical Barriers to Trade Committee’, 14–15 June 2017, https://www.wto.org/english/news_e/news17_e/tbt_20jun17_e.htm (visited 9 March 2018). 164 WTO, ‘Communication from the United States Communication from the United States: Measures Adopted and Under Development by China Relating to Its Cybersecurity Law’ (Council for Trade in Services, S/C/W/376, 23 February 2018), https://goo.gl/xoGA6f (visited 9 March 2018). 165 Chris Mirasola, ‘An Update on Chinese Cybersecurity and the WTO’, Lawfare, 2 March 2018, https://lawfareblog.com/update-chinese-cybersecurity-and-wto (visited 9 March 2018). 166 See Burri, above n 7. 167 Sen, above n 3, at 17; Gao, above n 12, at 24. 168 Ibid, at 23; Aaronson, above n 3 and n 24. © The Author(s) 2018. Published by Oxford University Press. All rights reserved. This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/about_us/legal/notices)

Journal

Journal of International Economic LawOxford University Press

Published: May 15, 2018

There are no references for this article.

You’re reading a free preview. Subscribe to read the entire article.


DeepDyve is your
personal research library

It’s your single place to instantly
discover and read the research
that matters to you.

Enjoy affordable access to
over 18 million articles from more than
15,000 peer-reviewed journals.

All for just $49/month

Explore the DeepDyve Library

Search

Query the DeepDyve database, plus search all of PubMed and Google Scholar seamlessly

Organize

Save any article or search result from DeepDyve, PubMed, and Google Scholar... all in one place.

Access

Get unlimited, online access to over 18 million full-text articles from more than 15,000 scientific journals.

Your journals are on DeepDyve

Read from thousands of the leading scholarly journals from SpringerNature, Elsevier, Wiley-Blackwell, Oxford University Press and more.

All the latest content is available, no embargo periods.

See the journals in your area

DeepDyve

Freelancer

DeepDyve

Pro

Price

FREE

$49/month
$360/year

Save searches from
Google Scholar,
PubMed

Create lists to
organize your research

Export lists, citations

Read DeepDyve articles

Abstract access only

Unlimited access to over
18 million full-text articles

Print

20 pages / month

PDF Discount

20% off