What the EU-UK Trade and Cooperation Agreement could mean for companies in the Digital Trade space
Just as a Brexit agreement was looking increasingly unlikely during the last few weeks of 2020, the EU and the UK surprised many with the announcement - made on 24th December 2020 - that a EU-UK Trade and Cooperation Agreement (‘TCA’) had been reached.
The resulting agreement is, first and foremost, a framework: it sets out the main principles by which both blocs intend for their future relationship to be governed.
As such, the relation between the EU and the UK is likely to be subject to a number of updates over the coming years, as well as to conflicting interpretations - disputes which, under the new agreement, will be covered by the inter-state arbitration mechanism or the EU-UK Partnership Council.
Despite these uncertainties, the TCA constitutes a useful indicator for economic stakeholders looking to gain some broad-bush insight into what the EU-UK relationship could look like going forward.
The TCA includes a section on Digital Trade which extends to just 7 pages (see pages 130 to 137 of the agreement). The insertion of a section on Digital Trade nonetheless represents a positive development in and of itself: as indicated in the UK government’s ‘summary explainer ‘of the TCA, the original approach was for some policy aspects to “form separate agreements rather than be incorporated into one overall one” and this is the first time that the EU has agreed to provisions on data in the context of a free trade agreement.
The title on Digital Trade appears to be an attempt to strike a balance between the prohibition of unjustified barriers to digital trade and high-level standards for data protection. Looking at the TCA agreement itself, as well as the language employed in the FAQs and summary explainers provided by the UK government and the EU, Gerrish Legal reviews what is included and what is missing from the TCA’s provisions on digital trade and discusses what the agreement could mean for businesses evolving in this space.
Regulatory Autonomy and the Protection of personal data and privacy
From the very get go, the title on Digital Trade reaffirms both parties’ right to regulate within their respective territories.
Article DIGIT.3 lists the different legitimate policy objectives which may justify increased regulation in the digital trade space, notably: the protection of public health, social services, public education, safety, the environment, and privacy and data protection.
This last provision on privacy and data protection enjoys an article of its own (DIGIT.7), in which both parties recognise that individuals have a right to the protection of personal data and privacy. It is expressly stated that nothing in the TCA shall prevent either bloc from adopting or maintaining measures aimed at protecting this right, including measures affecting cross-border data transfers.
This provision seems to reflect the EU’s strong interest in preserving its “policy space regarding the protection of personal data” (EU Commission’s ‘Questions & Answers: EU-UK Trade and Cooperation Agreement’, 2020).
It also echoes the arrangement which was agreed to regarding the interim period for the transmission of personal data between the two blocs (which can be found further down in the TCA, at FINPROV.10A on page 427) and through which the EU reserves the right to terminate the provisional continued application of the GDPR framework for data-transfers to the UK, should the country come to amend its applicable data protection regime.
Data localisation requirements
One of the stronger commitments which seems to transpire from the title on Digital Trade is the prohibition of data localisation obstacles.
Article DIGIT.6 lists the restrictive practices which both parties are committed to staying clear of - whether these practices include requirements (for data to be process or stored in one territory for example or for certain territory-specific computing facilities or network elements to be used), prohibitions (to store or process data in one territory for instance) or conditions (such as making cross-border data transfers contingent upon localisation rules).
Despite the unequivocal language employed, the provision doesn’t seem entirely foolproof for companies evolving in the digital trade space: it clearly states and includes a three year review period, meaning in three years’ time, both or either party could decide to add restrictions to the list (in which case cross-border date flows would be further liberalized) or to remove restrictions from the list (in which case cross-border data transactions may be more difficult).
Electronic documents and authentification services
Notwithstanding a few exceptions, the section on Digital Trade also includes a guarantee that neither the EU nor the UK shall deny the legal admissibility and effect of documents (such as contracts) and signatures concluded electronically (articles DIGIT.10 and DIGIT.11).
Digital Trade and Intellectual Property
Article DIGIT.12 reaffirms the importance of software source code as “valuable intellectual property” (to paraphrase the language used in the UK government’s ‘International Treaty: Summary Explainer’, 2020). The TCA protects both natural and legal persons who are owners of source code from forced transfer or requirements to grant access to their intellectual property.
Open government data
One of the more non-committal provisions in the Digital Trade section concerns arrangements surrounding open-government data (DIGIT.15).
Both parties recognise that facilitating access to and use of government data contributes to economic and social development growth and competitiveness. The two blocs also state their intention to facilitate cooperation over and enable access to open government data going forward. Rather than a binding commitment, the article reads like a statement of intention on both sides and seems “inspired by recent discussions at the WTO” (UK government ‘International Treaty: Summary Explainer’, 2020).
All in all, the terms of the TCA are encouraging as digital trade - which is so key to both economies and constitutes the future of business on so many levels - is indeed referred to and included in the TCA - even if to a limited extent.
Of course, as with many points regarding Brexit, there is a lot of uncertainty in the provisions, not least the potential for review and negotiation. For now, it seems that business specializing in the field of digital trade (or indeed using digital tools such as e-signatures) in the UK and in the EU can carry on more or less as normal - for now. However, there are specific points that need to be addressed in respect of GDPR compliance, not least the requirement to appoint an EU Representative.
Of course, the position does become more complex if the digital trade extends to banking and finance or regulated sectors, or indeed where the digital trade also extends to the export and import of hardware where a different regime under the TCA is likely to apply depending on the origin of the goods.
This article is of course just an overview of the provisions in the TCA - and we will provide more updates as we find out more from our involvement in live deals in this field.
As usual f you have any questions regarding Brexit or in relation to digital and technology law – or even if you’d simply like to share your thoughts on the topic - please do not hesitate to contact us!
Article by Leila Saidi @ Gerrish Legal, January 2021 / Cover photo by Ramón Salinero on Unsplash