Executive Summary

• The United States Trade Representative (USTR) withdrew its support for World Trade Organization (WTO) proposals that promoted cross-border data flows and restricted requirements for data localization and source code transfers.
• While the decision has been cited as an effort to maintain sufficient “policy space” and control Big Tech, small and medium-sized enterprises (SMEs) may disproportionately suffer as a result of the USTR’s decision.
• The decision has been immediately criticized by bipartisan Representatives, who may want to consider passing a bill overriding the USTR’s stance on digital trade.

Introduction

On October 25th, 2023, the USTR announced its withdrawal of WTO e-commerce proposals introduced in 2019 by the Trump administration. The original proposals advocated for the preservation of cross-border data flows, limiting the implementation of tariffs on digital trade. Additionally, they proposed restrictions on data localization and source code transfer requirements. In the decision to remove this proposal from WTO e-commerce negotiations, the USTR has cited the importance of sufficient regulatory power in the technology sector. Supporters of the USTR’s decision argue the proposal would have favored Big Tech monopolies, but the proposal’s removal may primarily harm SMEs. If Congress decides the USTR’s decision hurts American businesses, it could pass a law overriding the decision, and get the proposals back into WTO e-commerce negotiations.

Impacts of Data Regulations on Firms

The withdrawn Trump administration proposals would have set a liberalized regulatory standard on digital trade for all 164 WTO members, a motion that could have reshaped digital trade policy around the world. The proposals would likely have sparked the most significant change in stricter-regulated countries such as China, who would have been restricted from implementing data localization policies and requiring submissions of software source code. This liberalized approach to technology regulation could have resulted in more global access to data from China and other strictly regulated countries.  

Data localization practices, which are currently implemented in some form in over 100 countries including Australia, Brazil, China, and Japan, may undermine cybersecurity for businesses required to comply with these regulations. Requiring local storage of data for international firms means companies are unable to utilize universal data storage practices, complicating the collection, storage, and analysis of data, potentially creating insecure operating processes. Additionally, data localization policies pose a significant regulatory burden for firms operating in countries all over the globe, considering many countries have unique data storage requirements. While large firms may be able to ensure safe data management processes internationally and comply with unique international regulatory requirements, these digital trade barriers may be more difficult for SMEs with less capital and smaller work forces to overcome.

While data localization practices may be both a security risk and regulatory burden for international firms, they also limit the availability of data across borders. For companies with global operations, cross-border data flows are crucial to decision-making. If firms cannot access all their data, or are unable to store data collectively, it may limit their ability to make effective operating decisions, potentially harming technological innovation. Big businesses have significantly more access to data than SMEs, putting smaller firms at an informational disadvantage that could be remedied by cross-border data flows.

Requiring the transfer of source code to regulators may be a security risk for firms whose product relies on software code. Upon the transferal of code to regulators, the transfer process could be vulnerable to intellectual property theft. Once source code is received by regulators, they are responsible for the safety and security of it, and any lack of responsible practices could threaten the security of valuable source code. Large firms may be able to recover from intellectual property theft, but it may be more difficult for SMEs to recoup their losses from such instances. With the artificial intelligence sector growing rapidly, protecting the code and data of technology firms may be crucial for technological innovation.  

Mixed Support for Digital Protectionism

The USTR’s decision to withdraw its support of cross-border data flows align with the Biden administration’s digital trade policies outlined in the Indo-Pacific Economic Framework (IPEF), which states “the need for flexibilities to achieve public policy objectives,” seemingly granting IPEF members individual jurisdiction on data governance. However, the decision to take a digital protectionist stance does not align with the United States-Mexico-Canada Agreement (USMCA) which prohibits potential barriers to digital trade and passed through Congress with overwhelming bipartisan support in 2020. 

The decision has faced bipartisan criticism since it was announced, with Co-Chairs of the Digital Trade Caucus Darin LaHood (R-IL) and Suzan DelBene (D-WA) releasing a statement urging the Biden administration to reconsider, arguing the USTR has abandoned the bipartisan-supported policies outlined in USMCA “without the consent of Congress.” The USTR’s digital protectionist decision has also been seemingly criticized in a statement by the G7 trade ministers, who vowed to “remain committed to tackling unjustified data localization measures,” citing the increased data management costs for SMEs brought on by digital trade restrictions.

Considering the bipartisan support of USMCA, which passed through the House of Representatives 385-41 and the Senate 89-10 in 2020, along with recent bipartisan and international criticism, the USTR’s decision to withdraw support for a liberalized WTO cross-border data flow standard does not appear a well-supported policy. If Congress decides the USTR has overstepped its jurisdiction by withdrawing these proposals, it may want to consider a bill vetoing the USTRs decision or crafting a new proposal themselves.

Conclusion

The USTR’s decision to withdraw proposals promoting cross-border data flows, limiting data localization, and restricting source code requirements could be detrimental to U.S. businesses. While the USTR argues the proposals would have deprived the United States of sufficient regulatory power in the technology sector, it seems SMEs would have benefitted from the freer flow of data and increased data security offered by the proposals. While large technology firms are indeed harmed by the USTR’s lost support for cross-border data flows, SMEs disproportionately suffer from the decision. The Biden administration’s restrictive stance on digital trade policy may not have widespread congressional support and goes directly against USMCA. Congress may want to consider a bill overriding the USTR’s decision to withdraw these proposals and getting them back into WTO e-commerce negotiations.