While much of the attention on the Trans Pacific Partnership has focused on the intellectual property chapter, the e-commerce chapter raises potentially significant privacy implications. The details of the e-commerce chapter remain unknown – the chapter has not been leaked as the latest Singapore meeting wrapped up without a deal – but the leaked country-by-country position paper suggests that the participants are fairly close to consensus on at least two privacy related provisions.
First, the U.S. remains the only hold-out on privacy obligations that include information exchange. With all other countries agreeing to the provision, it is unclear whether the TPP would require privacy law reforms to facilitate cross-border privacy disclosures.
Second, there is emerging consensus on a provision related to local server requirements with only Vietnam opposing (New Zealand and Chile have reserved their position). Local server requirements envision establishing limits on the ability for countries to enact legislation restricting data transfers to cloud-based services. The creation of local server requirements seems likely to become an increasingly popular legislative solution in response to mounting surveillance concerns. Indeed, both British Columbia and Nova Scotia have a form of these requirements for government data. The major U.S. business groups are on record as supporting prohibitions on local server requirements, but the leaked document suggests that the TPP may contain a modified prohibition based on an unknown “necessity test.” This issue could have significant implications for Canadian privacy law, yet the provisions themselves remain shrouded in secrecy.