One of the avowed reasons for scrapping the North American Free Trade Agreement (NAFTA) and replacing it with a new agreement was that “digital trade” did not even exist in 1994 when NAFTA came into force. Accordingly, The Office of the United States Trade Representative’s Fact Sheet on the new United States-Mexico-Canada Agreement (USMCA) touts the new deal as “Modernizing NAFTA into a 21st Century Trade Agreement.” Among the “modern” changes is a new chapter on Digital Trade (Article 19). With its typical understated tone, the White House claims that the USMCA contains “the strongest measures on digital trade of any agreement”.
Although digital trade is not specifically defined in the Chapter, the Chapter by its terms applies to “measures adopted or maintained by a Party that affect trade by electronic means”.
According to the Fact Sheet, the new Digital Trade chapter will:
- Prohibit customs duties and other discriminatory measures from being applied to digital products distributed electronically (e-books, videos, music, software, games, etc.).
- Ensure that data can be transferred cross-border, and that limits on where data can be stored and processed are minimized, thereby enhancing and protecting the global digital ecosystem.
- Ensure that suppliers are not restricted in their use of electronic authentication or electronic signatures, thereby facilitating digital transactions.
- Guarantee that enforceable consumer protections, including for privacy and unsolicited communications, apply to the digital marketplace.
- Limit governments’ ability to require disclosure of proprietary computer source code and algorithms, to better protect the competitiveness of digital suppliers.
- Promote collaboration in tackling cybersecurity challenges while seeking to promote industry best practices to keep networks and services secure.
- Promote open access to government-generated public data, to enhance innovative use in commercial applications and services.
- Limit the civil liability of Internet platforms for third-party content that such platforms host or process, outside of the realm of intellectual property enforcement, thereby enhancing the economic viability of these engines of growth that depend on user interaction and user content.
In the areas of privacy, cyber-security and consumer protection, the “modernization” of NAFTA does not appear poised to have much impact on US businesses, with the possible exception of users and suppliers of internet platforms. The USMCA favors “risk-based” measures and self-policing according to “consensus-based standards” over more prescriptive regulations.
With respect to on-line consumer protections, protection of personal information and privacy, access to the internet and cyber-security, the USMCA essentially recognizes the importance of such matters to digital trade and commits the Parties to undertake or maintain appropriate safeguards. For example, with respect to privacy protections (Article 19.8), the Parties commit to “adopt and maintain a legal framework providing protection of personal information of users of digital trade.” Note 5 to Paragraph 2 of that Article states that a party may comply by “adopting or maintaining measures such as a comprehensive privacy, personal information or personal data protection laws, sector specific laws covering privacy, or laws that provide for the enforcement of voluntary undertakings by enterprises relating to privacy.”
Article 19.15 dispenses with cyber-security issues in two short paragraphs that do little more than recognize the threat to digital trade. Parties are asked to build their incident response capabilities and to strengthen their collaboration mechanisms, but are not required to act through regulation.
On the other hand, providers of “interactive computer services” (read “internet platforms”) may take some comfort in Article 19.17 of the USMCA which endeavors to provide some protection from regulation by the Parties based on content. “Interactive computer service” is defined as “any system or service that provides or enables electronic access by multiple users to a computer server.” Parties are prohibited from treating suppliers or users of interactive computer services as content providers “except to the extent the supplier or user has, in whole or in part, created, or developed the information.”
Furthermore, Parties to the USMACA are prohibited from imposing “liability on a supplier or user of an interactive computer service on account of: (a) any action voluntarily taken in good faith by the supplier or user to restrict access to or availability of material that is accessible or available through its supply or use of the interactive computer services and that the supplier or user considers to be harmful or objectionable; or (b) any action taken to enable or make available the technical means that enable an information content provider or other persons to restrict access to material that it considers to be harmful or objectionable.” In essence, as long as a supplier or user of interactive computer services acts in good faith, under the USMCA it may censor or remove “harmful or objectionable” content on its platform or provide the technical means for a content provider to restrict access to such content.
The safe harbor provided by Article 19.17 is subject a number of important exceptions, including for enforcement of intellectual property rights and criminal law. It is also worth noting that Mexico will not be subject to the Article until three years following the effective date of the USMCA.