The Trouble with the TPP and privacy, which includes weak privacy laws, restrictions on data localization, bans on data transfer restrictions, and a failure to obtain privacy assurances from the U.S., also includes the agreement’s weak anti-spam standards. Given the fact that nearly all TPP countries have some form of anti-spam law (with the exception of Brunei), the inclusion of anti-spam provision in the TPP was not surprising, yet the agreement sets the bar far lower than that found in many countries. Article 14.14 states:
Each Party shall adopt or maintain measures regarding unsolicited commercial electronic messages that:
(a) require suppliers of unsolicited commercial electronic messages to facilitate the ability of recipients to prevent ongoing reception of those messages;
(b) require the consent, as specified according to the laws and regulations of each Party, of recipients to receive commercial electronic messages; or
(c) otherwise provide for the minimisation of unsolicited commercial electronic messages.
The TPP provision features two key requirements: anti-spam laws that provide for a binding unsubscribe mechanism and some form of consent. Yet with the standard of consent left wide open, countries are free to adopt weak, ineffective standards and still comply with the TPP requirements. In fact, since spam raises global concerns that frequently requires cross-border co-operation, the TPP would have been an ideal mechanism to strengthen international anti-spam rules and enforcement.
Read more ›
The Trouble with the TPP series focus on privacy has thus far examined weak privacy laws, restrictions on data localization requirements, and a ban on data transfer restrictions. The data transfer restriction post cited one of my recent technology law columns in concluding that the net effect of a recent European privacy case and the TPP provisions is that Canada could end up caught in a global privacy battle in which Europe restricts data transfers with Canada due to surveillance activities and the TPP restricts Canada’s ability address European concerns.
Interestingly, at least one TPP country identified the potential risk of a clash between European privacy rules and the TPP. Australia obtained a side letter with the United States that largely addresses the concern. The letter states:
Read more ›
The Trouble with the TPP yesterday examined the barriers to data localization requirements, an emerging policy choice for countries concerned with weak privacy protections once personal data is transferred outside the country. The TPP goes further in undermining potential privacy protections, however, as it also establishes a ban on data transfer restrictions (prior posts in the series include Day 1: US Blocks Balancing Provisions, Day 2: Locking in Digital Locks, Day 3: Copyright Term Extension, Day 4: Copyright Notice and Takedown Rules, Day 5: Rights Holders “Shall” vs. Users “May”, Day 6: Price of Entry, Day 7: Patent Term Extensions, Day 8: Locking in Biologics Protection, Day 9: Limits on Medical Devices and Pharma Data Collection, Day 10: Criminalization of Trade Secret Law, Day 11: Weak Privacy Standards, Day 12: Restrictions on Data Localization Requirements).
Data transfer restrictions are a key element of the European approach to privacy, which restricts data transfers to those countries with laws that meet the “adequacy” standard for protection. That approach is becoming increasingly popular, particularly in light of the Snowden revelations about governmental surveillance practices. Several TPP countries, including Malaysia, Singapore and Chile, are moving toward data transfer restrictions as are countries such as Brazil and Hong Kong.
Read more ›
If all TPP countries implemented similarly strong privacy protections, there would be little need to consider alternative mechanisms to enhance public confidence in their privacy through additional legal safeguards. However, the Trouble with the TPP is that it actually weakens privacy protections by treating voluntary undertakings as equivalent to comprehensive privacy laws (prior posts include Day 1: US Blocks Balancing Provisions, Day 2: Locking in Digital Locks, Day 3: Copyright Term Extension, Day 4: Copyright Notice and Takedown Rules, Day 5: Rights Holders “Shall” vs. Users “May”, Day 6: Price of Entry, Day 7: Patent Term Extensions, Day 8: Locking in Biologics Protection, Day 9: Limits on Medical Devices and Pharma Data Collection, Day 10: Criminalization of Trade Secret Law, Day 11: Weak Privacy Standards). The TPP goes further in harming privacy, however, by restricting the use of data localization requirements that might otherwise be used to provide privacy protection.
Data localization has emerged as an increasingly popular legal method for providing some additional assurances about the privacy protection for personal information. Although heavily criticized by those who fear that it harms the free flow of information, requirements that personal information be stored within the local jurisdiction is an unsurprising reaction to concerns about the lost privacy protections if the data is stored elsewhere. Data localization requirements are popping up around the world with European requirements in countries such as Germany, Russia, and Greece; Asian requirements in Taiwan, Vietnam, and Malaysia; Australian requirements for health records, and Latin America requirements in Brazil. Canada has not been immune to the rules either with both British Columbia and Nova Scotia creating localization requirements for government data.
Read more ›
The link between health care and the TPP’s intellectual property chapter is easy to spot, but there are other chapters with implications for the issue. The Trouble with the TPP series today considers Chapter 8, which covers Technical Barriers to Trade (TBT). The chapter contains some surprising restrictions on the ability for national regulators to require the disclosure of certain information as part of the regulatory review process for pharmaceutical products and medical devices (prior posts include Day 1: US Blocks Balancing Provisions, Day 2: Locking in Digital Locks, Day 3: Copyright Term Extension, Day 4: Copyright Notice and Takedown Rules, Day 5: Rights Holders “Shall” vs. Users “May”, Day 6: Price of Entry, Day 7: Patent Term Extensions, Day 8: Locking in Biologics Protection).
The Canadian government summary of the TBT chapter does not disclose that there are data collection restrictions. In fact, the only reference to the issue states that the chapter “improves regulatory transparency in the areas of cosmetics, medical devices, and pharmaceutical products.” Yet the chapter does far more than address regulatory transparency. For example, Annex 8-C 7bis requires each party to makes its determination on whether to grant marketing authorization for a specific pharmaceutical product on the basis on factors such as clinical data, manufacturing quality, and labelling information. However, it also states that:
Read more ›