Much of the negotiation over the future of NAFTA is about automobiles, softwood lumber or milk. But a key part of the NAFTA renegotiation is focussed on the digital economy – on cross-border data flows, e-commerce, cloud computing and the secrecy surrounding computer source code.
These issues have been put there by the U.S., which seeks to dominate the digital economy, at the behest of major digital companies such as Microsoft, Amazon, Google, and eBay. All seek to expand their operations in Canada with minimum Canadian regulation. But Canadian Global Affairs Minister Chrystia Freeland also says Canada wants to “modernize” NAFTA so that “all sectors of our economy can realize the full benefits of the digital revolution.”
Yet the interests of the two countries are not aligned. While the U.S. would like to see Canada as an unfettered extension of the U.S. digital world, Canada has its countervailing interests of national security, privacy and competition. These are of fundamental importance: How do we square the tension between the goal of more open trade versus the need to protect individual privacy and national security, ensure fair competition as the tech giants become increasingly powerful, or even to determine who actually owns the data that tech giants collect. As The Economist put it earlier this year, “the world’s most valuable resource is no longer oil, but data.”
As the abundance of data grows – and it will as the world becomes ever more digital – the current Big Tech firms that dominate the cloud will become even more powerful, unless there are new rules to counter this corporate power. According to some estimates, in 2015-2025 data could grow nearly 20 times to 180 trillion gigabytes (180 zettabytes).The fact that a small number of U.S corporations dominate this field has also raised concerns that the U.S. may use this data for its own purposes, a concern heightened by the Snowden revelations.
In its NAFTA demands, the U.S. says wants to “establish rules that NAFTA countries do not impose measures that restrict cross-border data flows and do not require the use or installation of local computing facilities.” But Canada should be ultra-cautious on what it agrees to. We do not want a new NAFTA to impose strict constraints on our ability to address current or future privacy, security or competition issues.
In fact, we should agree to as little as possible until we – as well as governments in Europe, post-Brexit Britain, Japan and other countries – have a much better idea of the best ways to address digital issues. Europe, for example, is in the midst of developing new rules on data flows, privacy, security and competition. In a recent report for Britain’s Royal Institute of International Affairs – Regulating the Data that Drive 21st-Century Economic Growth – a former senior adviser in the Obama administration, Christopher Smart, argues that “the rules that govern the collection, transmission and storage of data are perhaps one of the more surprising controversies in the Trans –Atlantic relationship.” A key element in the debate is “how commercial firms should exploit the opportunities of global networks and ‘big data’ while protecting national interests and privacy.”
Starting next May, the European Union will implement its General Data Protection Regulation, which states that data should only be gathered under strict control for legitimate purposes, extends rights to individuals on the portability of their data, and reinforces protections on information disseminated online, with huge fines for infractions. The U.S. and the European Union are trying to reconcile differences on these issues, but Canada should be included since we have trade pacts with both the U.S. and Europe.
For its part, the federal government, in July 2016, published its cloud adoption strategy, with a major shift to leasing cloud space owned and operated in the private sector (presumably by U.S. corporations) rather than establishing its own facilities. But the government said it would demand high-security standards and insisted that “to ensure Canada’s sovereign control over its data, all sensitive or protected data under government control will be stored in Canada”. It planned a Private Cloud, which would be a non-commercially available cloud available only to government. This Canadian Public Sector Community Cloud would be based in Canada and be available to the federal government, provincial and territorial governments, municipalities, universities, schools and hospitals. But progress has been slow. British Columbia and Nova Scotia also have legislation requiring the storage of government data, including health records of residents, in Canada. That means that companies such as Microsoft, Amazon and Apple have to establish cloud services based in Canada. This is known as localization and is something the U.S. generally opposes.
As the NAFTA negotiations proceed, we should pay more attention to the digital issues. At a time when the digital world is transforming but with the implications and how to deal with them not well understood, it’s no time for accepting binding NAFTA rules that would close our options in the future.
David Crane can be reached at [email protected].