The WTO Work Programme on Electronic Commerce
The WTO is no stranger to e-commerce governance. Its launched its first initiative to regulate e-commerce1 at its 2nd Ministerial Conference in May 1998, a few months before Google was founded. At the Ministerial Conference, WTO Members adopted the Declaration on Global Electronic Commerce,2 which recognized the “new opportunities for trade”, and directed the General Council to “establish a comprehensive work programme to examine all trade-related issues relating to global electronic commerce, including those issues identified by Members.”
Pursuant to the Declaration, the General Council adopted the Work Programme on Electronic Commerce in September 1998.3 Under the Work Program, "electronic commerce" is broadly defined to cover “the production, distribution, marketing, sale or delivery of goods and services by electronic means”. Moreover, the Work Program also includes within its scope “issues relating to the development of the infrastructure for electronic commerce.”
As e-commerce cuts across many different areas, the Work Program divides up the work among different WTO bodies such as the Council for Trade in Services, the Council for Trade in Goods, the Council for TRIPS, and the Committee on Trade and Development. These bodies are required to report their progress to the General Council on a regular basis. In addition, the General Council is also responsible for the review of any cross-cutting trade-related issues and all aspects of the work programme concerning the imposition of customs duties on electronic transmissions. In carrying out its work, these bodies also needs to take into account the work of other intergovernmental organizations as well as relevant non-governmental organizations.
Since then, the Members have conducted many discussions on e-commerce in the various bodies. However, due to the slow progress in the DDA in general, the Members have not been able to reach any decision on the substantive disciplines on e-commerce notwithstanding the ambitious agenda foreseen in the Work Program.4 The only concrete rules on e-commerce ever achieved in the WTO is the moratorium on customs duties on electronic transmissions, which, first established in the 1998 Declaration, has been extended multiple times, most recently in 2019 until the end of 2021.5 However, even the simple act of moratorium extension has become controversial in recent years, when India and South Africa started to challenge the moratorium by citing potential negative impacts on developing countries.6
E-commerce Governance in Free Trade Agreements: Emerging Models
In the absence of e-commerce rules in the WTO, the US turned to free trade agreements as the forum for negotiating e-commerce rules.7 Since its FTA with Jordan in 2000, the US has included e-commerce chapters in every FTA it has signed. Following the example of the US, many other countries also started to include e-commerce chapters in their FTAs. Three distinctive models have emerged from these FTAs, with each represented by one of the main players in e-commerce governance: the United States, the European Union and China.8
a. The US model
As the world’s largest economy and until recently, the largest trader, the US is a highly competitive exporter in both agricultural and industrial goods and services. Thus, the US has been very aggressive in promoting free trade and dismantling trade barriers in its trade agreements. This approach is also carried over into the digital age, with the US trade agreements pioneering the inclusion of digital trade issues with an expansive set of obligations.
In particular, two provisions have become the sine qua non in the digital trade chapters in US trade agreements, with the recently-concluded United States-Mexico-Canada Agreement (“USMCA”) as the leading example: First is the guarantee on free cross-border flow of data by stating that “no Party shall prohibit or restrict the cross-border transfer of information, including personal information, by electronic means”;9 and the second is the prohibition of data localization requirements by stipulating that “no Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory”.10
b. The EU model
The main concern of the European Union, when it comes to e-commerce, is privacy protection. This is demonstrated by the GDPR, which recognizes privacy as not only a consumer right, but also a fundamental human right. The GDPR provides that prior authorization is required before personal data can be transferred to a third country, unless that country is recognized by the European Union as providing an equivalent level of data protection.
In its RTAs, we have yet to see the European Union aggressively pushing for privacy provisions. Nor has it been keen to include provisions on data flows in its FTAs.11 Instead, the EU seems to prefer handling data flow issues through bilateral “adequacy” recognitions, which so far has only been granted to a dozen countries.12 In many of its latest FTAs, data flow issues were left out in the main text, with a separate adequacy decision adopted. This is, for example, the case of its Economic Partnership Agreement (EPA) with Japan, where the adequacy decision13 was adopted separately from the EPA, which does not include commitments on free flow of data.14 While its recent FTA with Vietnam lacks not only provisions on data flow & localization, but also any plan for an adequacy decision.
c. The China model
In contrast with the European Union and the United States, China has traditionally taken a cautious approach to e-commerce in trade agreements. Until very recently, it has not even included e-commerce chapters in its RTAs. This only changed with its FTAs with Australia and Korea, which were both signed in 2015. Moreover, the provisions in these two FTAs are rather modest, as they mainly address trade facilitation-related issues, such as a moratorium on customs duties on electronic transmission, recognition of electronic authentication and electronic signature, protection of personal information in e-commerce, paperless trading, domestic legal frameworks governing electronic transactions, and the need to provide consumers using electronic commerce a level of protection equivalent to that in traditional forms of commerce.
A major breakthrough was made in the Regional Comprehensive Economic Partnership (RCEP) Agreement, which China signed along with other 14 countries in the region in November 2020. Under the Chapter on E-commerce, China like all other RCEP Members agreed to not “require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that Party’s territory”,15 or “prevent cross-border transfer of information by electronic means where such activity is for the conduct of the business of a covered person”.16 Yet, due to China’s obsession with “data security”, the chapter is subject to extensive exceptions on either national security and public policy grounds.
d. Why different models?
The diverging approaches reflect deeper differences in the respective commercial interests and regulatory approaches among the three major players:
First, the global e-commerce market is largely dominated by China and the United States. Among the ten biggest digital trade firms in the world, six are American and four are Chinese.17 Of course, this does not necessarily mean that they must share the same position. Upon closer examination, one can see that the US firms on the list tend to be pure digital service firms. Firms like Facebook, Google and Netflix do not sell physical products, but only provide digitalized services such as online search, social network or content services. In contrast, two of the top three Chinese firms – Alibaba and JD.com – sell mainly physical goods. This is why the United States focuses on the “digital” side while China focuses on the traditional “trade” side when it comes to digital trade, as I argued in another paper.18
One may argue that China also has giant pure digital firms like Baidu and Tencent, which are often referred to, respectively, as the Google and the Facebook of China. However, because they serve almost exclusively the domestic Chinese market and most of their facilities and operations are based in China, they do not share the demands for free cross-border data flow like their US counterparts, which have data centres in strategic locations around the world.
As for the European Union, with no major players in the game, their restrictive privacy rules could be viewed as a form of “digital protectionism”19 to fend off the invasions of American and Chinese firms into Europe.
The second influence is their different domestic regulatory approaches. In the United States, the development of the sector has long benefited from its “permissive legal framework”,20 which aims to minimize government regulation on the internet and relies heavily on self-regulation in the sector. Such policy is even codified in the law, with the Telecommunication Act of 1996 explicitly stating that it is "the policy of the United States … to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation".21 Therefore, it is no surprise that the United States wishes to push for deregulation and the free flow of information at the international level, a long-standing policy that can be traced back to the Framework for Global Electronic Commerce announced by the Clinton Administration in 1997.22 At the same time, the United States does not have a comprehensive privacy protection framework. Instead, it relies on a patchwork of sector-specific laws,23 which provides privacy protection for consumers of a variety of sectors such as credit reports and video rental. This is further complemented by case-by-case enforcement actions by the Federal Trade Commission (FTC), and self-regulation by firms themselves. This explains why, in its RTAs, the United States does not mandate uniform rules on personal information protection but allows members to adopt their own domestic laws.
On the other hand, in China, the internet has always been subject to heavy government regulations, which not only dictate the hardware one must use to connect to international networks, but also the content that may be transmitted online.24 Many foreign websites are either filtered or blocked in China, which confirms China’s cautious position on free flow of data. Moreover, in 2017, China also adopted the Cybersecurity Law, which requires the operators of critical information infrastructure to store locally personal information they collected or generated in China. This is at odds with the US demand to prohibit data localization requirements. Privacy protection is also weak in China, as it was only incorporated into the Chinese legal system in 2009, along with extensive exemptions for the government.
The European Union, in contrast, has a long tradition of human rights protection, partly in response to the atrocities of the Second World War. Coupled with the absence of major digital players wielding significant market power and the lack of a strong central government with overriding security concerns, this translates into a strong emphasis on privacy in the digital sphere. Moreover, the European Union is also able to transcend the narrow mercantilist confines of the United States,25 and recognize privacy as not only a consumer right, but also a fundamental human right that is recognized in several fundamental EU instruments26 and the constitution of many member states. Such a refreshing perspective is probably the biggest contribution made by the European Union to digital trade issues.
Joint Statement Initiative on E-commerce
Frustrated with the lack of progress in the WTO Work Programme on e-commerce, the proponents of the e-commerce negotiation started to explore alternative ways to advance the negotiation. This was recognized by the Ministerial Declaration at the Nairobi Ministerial Conference in December 2015, which acknowledged that some members “believe new approaches are necessary to achieve meaningful outcomes in multilateral negotiations”.27
After Nairobi, e-commerce gained “renewed interest” among WTO members.28 On 1 July 2016, the first post-Nairobi submission was made by the US, which reiterated the US proposals in the negotiations of the Trade in Services Agreement and Trans-Pacific Partnership Agreement and brought into the WTO new issues such as free flow of data, bans on data localization and forced transfer of source code for the first time.29
The US submission spurred a new wave of activity from other members, with major players such as Japan, the EU, Brazil, Canada and Singapore all making submissions within the same month.30 The work intensified over the next sixteen months, and at the 11th Ministerial Conference held in December 2017 in Buenos Aires, 71 Members led by three co-conveners - Australia, Japan and Singapore - launched a joint statement to “initiate exploratory work together toward future WTO negotiations” on e-commerce. The Joint Statement Initiative (JSI) negotiations were formally launched by 76 Members, including China,31 at the side-lines of the World Economic Forum Annual Meeting in Davos on 25 January 2019.
Since its launch, the JSI has grown to include eighty-six members as of 23 October 2021, with Ecuador the newest participant. Together, they represent more than 90 per cent of global trade and over half of the WTO’s membership. In addition, the JSI also remains open for participation by non-members, which include Senegal, the LDC signatory of the Osaka Declaration on e-commerce, which has yet to join the JSI as a formal member.32
Currently, the JSI was framed around six themes: (1) enabling digital trade/e-commerce; (2) openness and digital trade/e-commerce; (3) trust and digital trade/e-commerce; (4) cross-cutting issues, including development, transparency and cooperation; (5) telecommunications; and (6) market access. The six themes were further divided into fifteen sub-themes and thirty-five selected issues/topics. In addition, the JSI formed 10 small groups to work on specific issues for early harvests, such as consumer protection; spam; e-signatures and electronic authentication; paperless trading; digital trade facilitation; source code; open government data; market access; customs duties on electronic transmissions, and open Internet access.33 As of 23 October 2021, the Members have agreed to clean texts on unsolicited commercial messages; e-signatures and authentication; e-contracts; open government data and online consumer protection.
Despite the proliferation of e-commerce chapters in free trade agreements, the major players still return to Geneva to hammer out the rules for e-commerce governance. This is largely because e-commerce, and its associated data flows, are inherently global and borderless. At the same time, from the perspectives of the businesses, fragmented rules on privacy and data security lead to high, duplicating compliance costs and it is much more preferrable to have a unified framework on these issues. Yet, in view of their different approaches, is it even possible for the major players to reach agreement on e-commerce governance?
The answer is a qualified yes. Notwithstanding the differences in their starting positions, the major players have started to learn from each other with converging trajectories, as illustrated by examples such as restrictions on WeChat and TikTok in the US, the Huawei 5G ban in the EU, and the acceptance of data flow and localization disciplines by China in the RCEP (and its recent applications to the CPTPP and DEPA), as well as its new GDPR-style Personal Information Protection Law. Looking forward, an agreement on e-commerce governance is indeed possible in the WTO, especially one that is modelled after the Trade Facilitation Agreement, with tiered obligations corresponding to the individual level of development of different members around a core set of commonly accepted basic principles.34