The short answer is that WTO regulations do not
explicitly prohibit data localization laws. That said, there
is an emerging body of scholarship – undertaken by various
"think tanks", governmental agencies, academics, and
other interested parties – encouraging the WTO to expand its
sphere of influence on the restrictions to trade that may result
from data localization laws. For example, a November 2015 Congressional Research Service
report stated that
[t]he 161 members of the WTO negotiated and have maintained a
basic set of multilateral rules in the form of the 'GATS'
(implemented in 1995). However, the GATS is largely viewed
as limited in scope, pre-dating significant technological
developments over the past two decades, and in need of expansion if
it is to be an effective instrument of trade liberalization. At
present, it seems as if the efforts of the WTO members to expand on
these rules have stalled, with little prospect of success at least
in the foreseeable future.
Daniel Castro and Alan McQuinn, in an article entitled Cross-Border Data Flows Enable Growth in All
Industries, have argued that barriers to cross-data
flows may measurably harm international trade; yet the damage is
difficult to measure because the WTO does not track statistics that
would enable specific calculations. See also the Congressional Research Service Report.
Both of the aforementioned publications cite data localization laws
as barriers to cross-data flow and, consequently, to international
Castro and McQuinn suggest several action options, one being an
expansion to the WTO definitions of localization barriers to trade
– a difficult task because all signatory nations would have
to approve the change. Another approach may be to put into place a
new agreement that would require signatories to hold each other
more accountable for positive data-flow practices and considering
and restricting trade-distorting practices, which would include
data localization laws. To that point, WTO regulation
enforcement occurs through signatory nations bringing complaints
against other signatory nations. To date, however, there
have been no complaints raised against data localization laws by
any WTO member against any other WTO member; and there are no robust regulations under which such
(presently-hypothetical) complaints might survive at this time.
As recently as October 2015, the Information Technology Industry Council
("ITI") has advocated during G20, B20, and
International Chamber of Commerce meetings that "the WTO can
remain and become more relevant to the business community if it can
begin meaningful work on promoting digital trade and address
forced localization measures, including data localization
requirements." It appears that the Trans-Pacific Partnership
("TPP"), agreed-to in early October 2015 – perhaps
a model for ITI's recommendations for the WTO – will
directly address data localization laws. That said, Russia is not a
signatory to the TPP.
In summary, Russia's data localization law does not directly
violate WTO regulations, as they are currently written, though the
recent calls to action may inspire – or perhaps require
– the WTO to mobilize and strengthen its stance on this topic
in the not-so-distant future.
Disclaimer:This Alert has been
prepared and published for informational purposes only and is not
offered, nor should be construed, as legal advice. For more
information, please see the firm's
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Brexit will have fundamental implications for the UK data protection regime. Until Brexit takes place, there will be a period during which its precise form and implications for UK data protection laws are not clear.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
The EU Commission has now formally adopted the EU-US Privacy Shield arrangement for the legal transfer of personal data from the EU/EEA to the US.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).