Last week, the New Zealand Ministry of Foreign Affairs & Trade has made public the text of the Trans-Pacific Partnership (TPP) Agreement. While the text of the TPP has been negotiated over the past seven years, several provisions relating to electronic commerce are remarkably timely and address key considerations for companies doing business abroad. Highlighted below are key initial takeaways from Article 14 of the TPP, on “Electronic Commerce:”
- Consumer Protection: Article 14.7 requires that the Parties “adopt or maintain consumer protection laws,” including “with respect to online commercial activities.”
- Protections of Personal Information: Article 14.8 requires each Party “maintain a legal framework that provides for the protection of personal information for users of electronic commerce.” Notably, the TPP contemplates that either a comprehensive privacy law (such as what in place in the EU) or sectors-specific laws (such as those which are place in the United States), would satisfy this obligation.
- Data Transfers: Article 14.11 permits countries to establish their own requirements on data transfers, but they “shall allow cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person.”
- Data Localization: Article 14.13 notes that each Party “may have its own regulatory requirements regarding the use of computing facilities, including requirements that seek to ensure the security and confidentiality of communications,” but that “no party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”
- Cybersecurity Cooperation: Article 14.16 “recognizes the importance” of cybersecurity cooperation; however, it does not go further than asking Parties to use “existing collaboration mechanisms” to mitigate threats.
- Source Code Access: Article 14.17 notes that “no Party shall require the transfer of, or access to, source code of software…as a condition for import, distribution, sale, or use of such software,” although it carves out critical infrastructure software.
While Article 14 sets forth the general guidelines and prohibitions on these (and other) key issue areas, the text of the TPP must be read as a whole. Several of these guideposts are subject to key caveats and limitations, particularly for companies doing business in regulated areas such as financial services which are specifically addressed by the TPP in separate Articles.