Week 10: Concluding session: International Trade and Data Protection.
Is the EU taking a large risk in not terminating the Safe Harbour?
GATS Article XIV(c)(ii) specifically authorizes the European privacy regulations to restrict cross-border services provided that the measures are not used to discriminate between trading partner countries and provided that the measures are not used as a disguised restriction on trade in services.
Internal EU compliance problems are not relevant because the GATS obligation, known as MFN, relates to favoring one non-EU country over another non-EU country. Since the 2004 EC study and the 2001 study each showed important compliance deficiencies, third countries such as Australia have a very strong argument that the EU is impermissibly favoring the US in that the EU appears to be holding third countries to a higher standard of "adequacy." WTO Appellate Body Decision in the EC-Bananas III case specifically said that de facto discrimination was as valid a basis for an MFN claim as de jure discrimination.
Even with respect to disguised restrictions, Reidenberg thinks the US would have a very difficult case since European data protection agencies do enforce national data privacy laws, even if the level of enforcement is weak. EU would have serious trade issues if EU data protection agencies were to take enforcement actions only against US companies transferring data from Europe. This form of discrimination is an entirely different type of trade problem -- a violation of the GATS national treatment obligation-- that is independent of the Safe Harbour. The issue is differential treatment of companies within Europe based on their nationality rather than differential treatment of destinations.