Screen full of alphanumerics depicting encryption and the word password emphasized by a magnifying glass

Brussels has ruled out a German push to include data protection rules in a proposed EU-US free trade pact, arguing that it could derail the talks and ultimately weaken Europeans’ rights to privacy.

Viviane Reding, vice-president of the European Commission and the EU’s top justice official, said that data protection was outside of the scope of the Transatlantic Trade and Investment Partnership negotiation.

“The Commission’s view and the position taken by all leaders at the recent European Council is clear: let’s not mix up the phone tapping issue with the ongoing trade talks,” Ms Reding told the Financial Times.

“Including data protection in the trade talks is like opening Pandora’s box. The EU is not ready to lower its own standards . . . That is why the free trade agreement negotiations are not going to include privacy standards.”

EU officials stressed that at present there are no common transatlantic standards on data protection and therefore they fear that finding a middle ground with the US would only lower overall EU privacy standards.

Berlin has floated the idea of including some elements of data protection into the trade deal specifically to combat industrial espionage, rather than broader standards enshrining the right to privacy. But it is unclear how the distinction would be drawn.

Europe and the US have very different rules and approaches to data protection. For the EU, privacy is considered a fundamental right and remains highly regulated. Meanwhile, in the US, it is deemed a consumer right and is lightly regulated.

Privacy advocates also warned that Germany’s call to include commercial spying rules in the trade talks would inadvertently favour tech groups such as Google and Facebook that have been trying to water down EU attempts to set tough standards.

Lobbyists for the US technology industry have long wanted to introduce data protection in the Transatlantic Trade and Investment Partnership negotiations as they believe it would give them a better chance to set less stringent standards than the ones currently proposed by the European Commission and EU lawmakers.

US companies argue that the current EU legislation is unworkable because, they claim, it gives little legal certainty on how businesses can use individuals’ personal information. They also want to scrap a clause that would limit the US government’s ability to obtain information on EU citizens without the European data protection watchdog’s consent.

“The protection of citizens rights in respect of their data is important. But how workable some of the proposals are is questionable and that message isn’t necessarily being heard so far in the legislative process,” said Paula Barrett, data regulation expert at global law firm Eversheds.

Eduardo Ustaran, a privacy lawyer at Field Fisher Waterhouse, said that if the EU and US signed a trade deal that included weaker transatlantic privacy standards it could force Brussels to rewrite its entire current plan from scratch.

“The proposal is still on the table . . . if [data protection] became part of the trade talks it would have a serious impact on the current legislation. They will have to change it to include what the two sides have agreed,” Mr Ustaran said.

Jeffery Chester, executive director of the Centre for Digital Democracy, a consumer protection group, urged in a letter last May to the US Trade Representative not to address data protection in the TTIP talks, stressing that the “US is woefully inadequate in protecting the privacy of its own consumers and citizens”.

“A number of US industry groups . . . want the US to seek a trade deal that would allow our ineffective privacy regime to be considered “interoperable” with the EU’s human rights and civil liberties robust approach,” he warned.

Privacy campaigners say that the US and EU ways of approaching protection are so far apart that the most likely outcome of including the issue in wider trade talks would be the compromise of “mutual recognition” or interoperability.

An ‘interoperable’ regime would de facto allow US groups to operate under American privacy rules while doing business in Europe, which would put them in a position to bypass tougher EU data protection standards in the future.

Prominent US law firms speaking “on behalf of an informal coalition of tech and Internet companies” argued it was essential to include privacy in the TTIP as it would be in the best interests of American business.

“To date, US businesses operating online in the EU or engaged in transatlantic digital trade have encountered significant obstacles and impediments,” wrote Alan Charles Raul, a partner at Sidley Austin law firm, which represent US tech groups.

“The obstacles that US tech . . . companies face in the EU are analogous to classic technical barriers to trade – they disfavour US business in cloud computing, social media, mobile apps and other internet services without any substantial justification.”

Get alerts on World when a new story is published

Copyright The Financial Times Limited 2021. All rights reserved.
Reuse this content (opens in new window)

Follow the topics in this article