European Affairs

Edit

ICT in the TTIP – an Opportunity to Enhance Services Trade and Cybersecurity     Print Email
By Patricia Paoletta, Partner Wiltshire & Grannis LLP


Editors Note—the following article is another in the ongoing series published by European Affairs on the important trade negotiations between the EU and U.S.

patriciaThe Transatlantic Trade and Investment Partnership (TTIP) is expected to be “a high-standard agreement that will benefit U.S. workers, manufacturers, service suppliers, farmers, ranchers, innovators, creators, small- and medium- sized businesses and consumers.”[1] In part, this “high-standard” will be achieved by a “deep dive” into regulation. . With the globe’s two largest markets already having substantially open markets, particularly in information, communications and technology (ICT), regulatory convergence will be at the center of discussions, which means that the rules and authority of regulatory bodies will be front and center. For ICT, the key challenge will be facilitating the free flow of data over the cloud while protecting privacy rights and data security. A subsidiary challenge will be covering – while not fettering – services that enable social media and other “apps” that did not exist the last time services trade was included in a multilateral agreement.

The negotiations will cover traditional areas of trade discussions – lower customs, government procurement, phyto-sanitary measures(i.e. related to control of agricultural disease) intellectual property protection, services liberalization, etc. Indeed, TTIP could serve as the gold standard of services liberalization. But the intended heart of the discussions will be on harmonizing the respective regulatory frameworks of the U.S. and the EU. As one USTR official recently remarked, TTIP will go “deeper in regulation” than ever before in the history of trade negotiations. The Federal Register Notice seeking public comment asks for input on opportunities “for greater transatlantic regulatory compatibility” and “to reduce unnecessary costs and administrative delays stemming from regulatory differences”.[2] At a panel held recently at The European Institute, the Minister-Counselor and Head of the Trade Section at the Delegation of the European Union, Hiddo Houben, articulated the European goal of the “equivalence of regulation” -- a single transatlantic standard achieved by mutual recognition of regulation.[3]

Likewise, the White House lead agency on regulatory policy – the Office of Information and Regulatory Affairs (OIRA) – has stated that through transatlantic regulatory cooperation “we will help businesses to grow, create jobs, and succeed in an increasingly competitive global market.” But more interestingly, they added “Enhanced cooperation will also help the United States and the EU to achieve their respective domestic regulatory objectives in a more effective and efficient manner.”[4] Is TTIP convergence seen by trade experts as a way to force Europe to be more efficient?

The U.S. and EU administrations have comparable, but inverse, challenges regarding regulatory convergence. The European Commission faces a challenge of “competency” (the legal jurisdiction over the matter at hand), since the Member States’ national bodies still retain much of Europe’s regulatory authority, such as in the field of intellectual property and privacy protection and radiofrequency spectrum management. While some European Commission bodies set standards, controlling market entry and enforcement remain at the national level.

The U.S. federal system has a competency issue as well, with many of the State regulatory agencies having the primary role in consumer protection regulation. The number of areas where the U.S. federal government has preempted state regulatory authority – such as in spectrum management and Voice over Internet Protocol market entry - is limited. However, the U.S. Administration has an additional challenge – its questionable authority to bind the actions of “independent” federal regulatory agencies. Agencies like the Federal Trade Commission (leading on privacy), the Federal Communications Commission (FCC) and the Securities and Exchange Commission derive their authority directly from Congress, which has “delegated” its Constitutional authority to regulate commerce “with foreign Nations and among the several States” to these agencies through statute. While the President has the authority to nominate Commissioners for these independent agencies, there is a legal question on whether the Executive branch could bind their regulatory authority in a trade agreement. There is a political question too, with Republican Senators routinely challenging the prudence of binding the U.S. in international treaties, such as the United Nations’ Law of the Sea. And of course, the U.S. House of Representatives, where Republicans are in the Majority, will inevitably scrutinize any policy goal of a Democrat Administration. Where Congress has the primacy of authority, such as with the independent agencies, U.S. commitments to bind these “creatures of Congress” will be more challenging.

There are precedents where trade agreements have bound independent regulatory agencies. In 1997, with Republicans the Majority in the House, the Clinton Administration successfully concluded protocols under the General Agreement on Trade in Services (GATS) which bound FCC actions through the Additional Commitments of a Reference Paper. In the Reference Paper, the FCC and other WTO Members’ regulators agreed to make impartial decisions relative to all market participants, rather than favor a domestically-owned telecom provider. At the time, there were some in Congress – Democrat Members of the House – who argued that such commitments required legislation, but the Clinton Administration, and pro-trade Republicans, responded that because the commitments scheduled existing statutory provisions, no new legislation was warranted. The FCC, which had been at the table with USTR, subsequently issued an order that it would interpret that the public interest was served by investment in telecommunications by companies headquartered in WTO members.

The 1994 GATS agreement addressed non-discriminatory access to basic telecom services as a vehicle for other services like information processing, and fostered market access commitments in value-added services by WTO members, like email and database services. The 1997 WTO agreement addressed market access commitments in basic telecom. Today, digitally-enabled trade is growing faster than other service exports.[5] The challenge now will be securing commitments for access to online networks as a vehicle for other services and uses, like cloud and social media, un-encumbered by government mandates for routing or local infrastructure builds. At the same time, these commitments must reflect the legitimate need for cybersecurity on both sides of the Atlantic.

Cybersecurity is one of the most important areas for the U.S and the EU to attempt to harmonize regulatory rules. The dangers our online networks face are increasingly evident. The TTIP offers the European Commission and the U.S. Administration a forum to harmonize cybersecurity rules, while attempting to balance the competing goals of free flow of transborder data, privacy interests, and national security. With cybersecurity, OIRA’s statement that enhanced cooperation will help both regions meet their domestic goals more effectively rings true.

Cybersecurity regulation in both forums is a work in progress. In the U.S., the degree of privacy protections in cybersecurity legislation is still being negotiated and the President’s Executive Order and Policy Directive just beginning to be implemented. The European Commission announced its cybersecurity strategy in February 2013, including legislative proposals on risk management and incident reporting that must be considered and debated before a final directive may be adopted.[6] As attendees at the European Institute’s March 5, 2013 Roundtable on Cybersecurity learned, cooperation on cybersecurity between the U.S. and the EU is underway.[7] Meanwhile, the European Parliament is still considering the proposed new data protection regulation, which the Commission hopes will be adopted next year.[8]

Traditionally, countries have taken broad exceptions to trade commitments for security. If the U.S. and EU do so in the TTIP, without thoughtfully tackling issues related to the delivery of digitally-enabled services, they will have missed an opportunity to realize our shared goals of effective cybersecurity and efficient service delivery. Moreover, forced localization requirements to build facilities in a country as a condition of market entry – often tolerated as a relatively harmless way to secure political support for trade agreements – would erode cloud efficiencies. Requirements to locate data servers in particular countries would seriously impair the benefits of cloud services. The benefit of cloud services is that customers pay only for the amount of infrastructure, platform, storage or processing that they use at a time, rather than spending capital on their own dedicated infrastructure and maintenance. Localization requirements undermine efficiencies gained by optimized network topologies. Affordable, as-you-need-them cloud services have led to an explosion of social media and other apps for enterprises and consumers.

Likewise, for both security and privacy protection, some countries have restricted consumer data from leaving the consumer’s country. This restriction on cross-border data flow undermines the cost benefits of cloud computing, without necessarily enhancing privacy or data protection. External storage of data should be authorized under TTIP and governments prevented from dictating routing paths as a condition of market access.

To succeed with meaningful cloud, social media and other ICT commitments, the independent agencies will have to be at the table. The FTC, which has the lead in privacy, and the FCC – the communications regulator – should be part of the initial request/offer process, and on the U.S. delegation negotiating the TTIP going forward. Those agencies’ authorizing Committees in Congress must also be engaged. To make U.S. offers attractive to Europe, the U.S. States must also be brought into discussions at an early stage.

Industry has an opportunity to shape the focus of discussions between the U.S. and Europe, with comments due May 10, 2013. USTR and its sister agencies will hold a hearing on U.S. interests and priorities on TTIP soon after, on May 29-30, 2013. Following the 90-day notice period, USTR is required to provide Congress, negotiations on a text should begin approximately June 20, 2013, and are expected to continue for at least 18 months.

Transatlantic trade and investment among and between the United States and the twenty-seven Member States of the European Union represent the largest economic relationship in the world, accounting for half of global economic output and nearly one trillion dollars in goods and services trade. Both need jobs and growth but are fiscally constrained. Both need to grow their way out of debt, rather than spend. The breadth and regulatory depth of the TTIP will be un-paralleled, and if the talks result in Europe and the U.S. being both more prosperous and impervious to cyber-attacks, a true success.

Patricia Paoletta is former Telecommunications Trade Director at the U.S. Trade Representative.



[2] Id.

[3] A Discussion with Hiddo Houben, Minister-Counselor & Head of the Trade Section, Delegation of the European Union, Prospects for the Transatlantic Trade & Investment Partnership, The European Institute Transatlantic Roundtalbe on Trade & Investment (April 9, 2013).

[6] See Remarks by EU High Representative Catherin Ashton (7 February 2013) available at http://www.consilium.europa.eu/uedocs/cms_Data/docs/pressdata/EN/foraff/135287.pdf

[7] See http://www.europeaninstitute.org/component/option,com_fjrelated/Itemid,118/id,825/layout,blog/view,fjrelated/