Nov 182015

Trans-Pacific Partnership Agreement Touches Global Electronic Commerce

Alan Charles Raul and Vivek K. Mohan
, , ,

Last week, the New Zealand Ministry of Foreign Affairs & Trade has made public the text of the Trans-Pacific Partnership (TPP) Agreement. While the text of the TPP has been negotiated over the past seven years, several provisions relating to electronic commerce are remarkably timely and address key considerations for companies doing business abroad. Highlighted below are key initial takeaways from Article 14 of the TPP, on “Electronic Commerce:”

  • Consumer Protection: Article 14.7 requires that the Parties “adopt or maintain consumer protection laws,” including “with respect to online commercial activities.”
  • Protections of Personal Information: Article 14.8 requires each Party “maintain a legal framework that provides for the protection of personal information for users of electronic commerce.” Notably, the TPP contemplates that either a comprehensive privacy law (such as what in place in the EU) or sectors-specific laws (such as those which are place in the United States), would satisfy this obligation.
  • Data Transfers: Article 14.11 permits countries to establish their own requirements on data transfers, but they “shall allow cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person.”
  • Data Localization: Article 14.13 notes that each Party “may have its own regulatory requirements regarding the use of computing facilities, including requirements that seek to ensure the security and confidentiality of communications,” but that “no party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”
  • Cybersecurity Cooperation: Article 14.16 “recognizes the importance” of cybersecurity cooperation; however, it does not go further than asking Parties to use “existing collaboration mechanisms” to mitigate threats.
  • Source Code Access: Article 14.17 notes that “no Party shall require the transfer of, or access to, source code of software…as a condition for import, distribution, sale, or use of such software,” although it carves out critical infrastructure software.

While Article 14 sets forth the general guidelines and prohibitions on these (and other) key issue areas, the text of the TPP must be read as a whole. Several of these guideposts are subject to key caveats and limitations, particularly for companies doing business in regulated areas such as financial services which are specifically addressed by the TPP in separate Articles.

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Vivek K. Mohan

vmohan@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

Substantial changes to Hong Kong’s privacy laws coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.

It Is Now More Difficult For International Pharma To Transfer Data Out Of China

China’s new Measures for the Security Assessment of Outbound Data Transfers (the “Measures”) came into force on September 1, 2022. Pharma companies now have until February 28 to work out whether their activities mean they are affected, and to apply for the new type of data security assessment if they need it.