The European Commission has published the final text of the EU-Singapore trade agreement. 1 Chapter eight contains implicit and explicit cross-border data flow commitments, with insufficient safeguards. This makes the agreement incompatible with the EU fundamental right to data protection.
Noteworthy, a few months ago the EU commission adopted a new, stronger, data protection safeguard for use in trade agreements. The EU-Singapore trade agreement text does not contain this stronger safeguard.
I note elsewhere that the agreement arguably contains ACTA-plus damages.
Singapore does not seem to provide an adequate level of data protection. According to Hannah YeeFen Lim, Singapore’s data protection law is “a light touch regime that offers some control to individuals over their personal data, certainly a far cry from the rigorous requirements of the GDPR”. Shane Harris describes Singapore’s surveillance.
Implicit cross-border data flow commitments
The EU-Singapore trade agreement’s chapter eight contains cross-border services commitments. These imply cross-border data flow commitments. 2 The safeguard is a GATS article XIV kind of exception with many conditions. 3 The many conditions weaken the safeguard. 4
The implicit cross-border data flow commitments do not have a sufficient safeguard. This is not compatible with the EU fundamental rights system.
Explicit data flow commitment
Article 8.54 contains an explicit data flow commitment regarding financial data. It is covered by two safeguards, the one mentioned above and article 8.54 (2):
“Each Party shall, adopt or maintain appropriate safeguards to protect privacy and personal data, including individual records and accounts, as long as these safeguards are not used to circumvent the provisions of this Agreement.”
This is a commitment (“shall”) with a condition (“as long as”). This is not a strong safeguard as it seems hardly enforceable, and the condition undermines it even further. The explicit cross-border data flow commitment does not have sufficient safeguards. This is not compatible with the EU Fundamental rights system.
For more information on EU trade agreements with cross-border data flow commitments and safeguards, see, generally, EU-Japan trade agreement not compatible with EU data protection, and Marija Bartl and Kristina Irion, The Japan EU Economic Partnership Agreement: Flows of Personal Data to the Land of the Rising Sun.
Investor-to-state dispute settlement
The trade agreement comes with a separate investment protection agreement with far reaching substantive and procedural rights for foreign investors. Supranational investment adjudicators would not have to read provisions in the light of the EU Charter of fundamental rights, as the EU Court of Justice would do. The agreement would undermine data protection, see, generally, section 5, Investment protection renders trade exceptions ineffective.
Furthermore, the EU and Singapore shall pursue (article 3.12) the establishment of a multilateral investment tribunal and appellate mechanism. Such a tribunal and mechanism would strengthen investments vis-à-vis democracy and fundamental rights and risk undermining data protection (section 4.2).
I noted above that a few months ago the EU commission adopted a new, stronger, data protection safeguard for use in trade agreements. Article B.4 excludes data protection safeguards from investor-to-state dispute settlement (here: “Investment Court System”).
Again, the EU-Singapore trade agreement does not contain this new, stronger safeguard. The commission doesn’t walk its talk.
April 2018, post legal scrub, the text to be ratified. The trade part is EU only; no ratification by EU national parliaments is needed. The investment agreement is a mixed competence agreement, needs ratification by EU and national parliaments.
Chapter Eight, Section B, Cross-border Supply of Services, articles 8.5 Market Access and 8.6, National Treatment. This implies data flows, see page 1 (after the Roman numerals) K. Irion, S. Yakovleva and M. Bartl, “Trade and Privacy: Complicated Bedfellows? How to achieve data protection-proof free trade agreements”, independent study commissioned by BEUC et al., published 13 July 2016, Amsterdam, Institute for Information Law (IViR).
Section G, Exceptions, Article 8.62 (e)