University of Miami International and Comparative Law Review


The first decades of the 21st century have been characterized by the growth of digital trade fueled by new business models based on cross-border data flows. With data taking a central role in the digital economy, governments and their constituents have become increasingly concerned about the commercial handling and commoditization of personal data. Consequently, governments have entered the business of regulating cross-border data flows, especially with the aim of protecting the privacy of their citizens. This regulatory trend does not occur in a vacuum: The World Trade Organization (WTO) through the General Agreement on Trade in Services (GATS) regulates the types of measures and treatment that governments may adopt regarding foreign providers of digital services. Further, several Free Trade Agreements (FTAs) include electronic commerce or digital trade chapters establishing obligations regarding cross-border data flows. This paper focuses on cross-border data flow restrictions aimed at protecting privacy and the assessment of their WTO-consistency. This perspective covers a broader range of measures and offers a more comprehensive understanding of privacy regulations before trade fora than the existing literature does. In particular, this paper draws attention to the assessment of privacy-based restrictions under the GATS exceptions and argues that the necessity test and chapeau requirements will prove critical in any future adjudication over complaints against a country’s policies restricting cross-border data transfers. This analysis highlights that the linkage between trade and privacy will continue to intensify and that this linkage will be further shaped by countries being taken to court.