As reported in last month’s blog, after five years work, government ministers from the 12 Trans-Pacific Partnership (TPP) countries announced the conclusion of their TPP trade negotiations. The result of the talks is a free trade agreement that seeks to liberalise trade and investment between 12 Pacific Rim countries.

The negotiations were shrouded in secrecy but, after a further month to enable officials to write up the results of last minute horse-trading, the text has been made public.

While people new to the topic may expect to see reference to privacy in international instruments on human rights such as in the United Nations International Covenant on Civil and Political Rights, they may at first be surprised to find it in a trade treaty. But on reflection they will realise that information underpins so much of business and trade these days. 

The part of TPP most relevant to privacy is Chapter 14: Electronic Commerce. More particularly, Article 14.8 (Personal Information Protection) which should be read together with the preceding Article 14.7 (Online Consumer Protection).

Article 14.7: Online consumer protection

1. The parties recognise the importance of adopting and maintaining transparent and effective measures to protect consumers from fraudulent and deceptive commercial activities as referred to in Article 16.7.2 (Consumer Protection) when they engage in electronic commerce.

2. Each party shall adopt or maintain consumer protection laws to proscribe fraudulent and deceptive commercial activities that cause harm or potential harm to consumers engaged in online commercial activities.

3. The parties recognise the importance of cooperation between their respective national consumer protection agencies or other relevant bodies on activities related to cross-border electronic commerce in order to enhance consumer welfare. To this end, the parties affirm that the cooperation sought under Article 16.7.5 and Article 16.7.6 (Consumer Protection) includes cooperation with respect to online commercial activities.

 

Article 14.8: Personal information protection

1. The parties recognise the economic and social benefits of protecting the personal information of users of electronic commerce and the contribution that this makes to enhancing consumer confidence in electronic commerce.

2. To this end, each party shall adopt or maintain a legal framework that provides for the protection of the personal information of the users of electronic commerce. In the development of its legal framework for the protection of personal information, each party should take into account principles and guidelines of relevant international bodies.

3. Each party shall endeavour to adopt non-discriminatory practices in protecting users of electronic commerce from personal information protection violations occurring within its jurisdiction.

4. Each party should publish information on the personal information protections it provides to users of electronic commerce, including how:

(a) individuals can pursue remedies; and

(b) business can comply with any legal requirements.

5. Recognising that the parties may take different legal approaches to protecting personal information, each party should encourage the development of mechanisms to promote compatibility between these different regimes. These mechanisms may include the recognition of regulatory outcomes, whether accorded autonomously or by mutual arrangement, or broader international frameworks. To this end, the parties shall endeavour to exchange information on any such mechanisms applied in their jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility between them.

Article 14.8 includes two footnotes:

A note to Article 14.8 provides that “Brunei Darussalam and Viet Nam are not required to apply this article before the date on which that party implements its legal framework that provides for the protection of personal data of the users of electronic commerce”. This would seem to imply that the other TPP states (Australia, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, United States, and Vietnam) are confident that their existing legal frameworks meet the requirements of the article.

The further note is attached to article 14.8(2) and states that “for greater certainty, a party may comply with the obligation in this paragraph by adopting or maintaining measures such as a comprehensive privacy, personal information or personal data protection laws, sector-specific laws covering privacy, or laws that provide for the enforcement of voluntary undertakings by enterprises relating to privacy”. This note recognises the diversity of legal approaches to privacy protection across the TPP economies from the sectoral approach of the United States to the omnibus laws in Australia and New Zealand.

 

Image credit: Ships at Jervois Quay in Wellington - painting by Albert Henry Fullwood (ca.1900) via Alexander Turnbull Library.

International, data