Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

The TPP Agreement and Privacy

By Privacy and Cybersecurity Group
December 28, 2015
  • Data Transfers
  • Marketing, Cookies & Spam
  • New and Proposed Laws
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The Trans-Pacific Partnership Agreement (the “TPP Agreement”) is a regional trade and investment agreement negotiated by 12 Pacific Rim countries representing 40 percent of the global economy. Canada, the United States, Mexico, Japan, Malaysia, Vietnam and Australia are signatories. The TPP Agreement, which has 30 Chapters, ushers in a comprehensive program of tariff reduction for goods and services and establishes binding rules in a wide-range of subject areas, including financial services, cross border trade in services, investment, competition policy, intellectual property, telecommunications and electronic commerce. The TPP Agreement also touches on a number of privacy-related issues, including the cross-border flow of information, spam and encryption technology.

Cross-Border Flow of Information

The free flow of information across borders is important for international commerce and the trade in services, particularly information technology services. However, a number of countries regulate the export of data to other jurisdictions and/or require that service providers use local data servers, equipment and infrastructure as a condition of doing business. This has raised concerns that restrictions on cross-border information flows and data localization requirements may be misused as disguised trade barriers to favour domestic service providers.

Under the TPP Agreement, each Party must allow the cross-border transfer of information by electronic means, including personal information, in the course of business activities. In addition, no Party can require a service provider to use or locate computing facilities in its territory as a condition for conducting business in the territory. Exceptions are permitted in order to achieve a legitimate public policy objective, provided that the measure adopted is proportional to the objective and the measure is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade.

Unsolicited Commercial Electronic Messages

Unsolicited commercial electronic messages (CEMs) – also known as spam – can be exploited to deliver malware, spyware and other related network threats, which can undermine network security and privacy. The TPP Agreement requires each Party to adopt or maintain measures to minimize unsolicited CEMs, but provides each Party with flexibility on how to address the problem. A Party may either require organizations that send CEMs to obtain prior consent from recipients or provide recipients with the ability to prevent ongoing reception of those messages (unsubscribe mechanism).

Canada’s current anti-spam legislation (“CASL”) meets (and far exceeds) the obligations under the Agreement. CASL generally requires both opt-in consent and an unsubscribe mechanism for CEMs and sets out a myriad of disclosure and form requirements. It also implemented a strict enforcement regime.

Encryption

Encryption protects the security, confidentiality and privacy of data by converting data (plaintext) into unreadable data (ciphertext) through the use of a cryptographic algorithm. The use of encryption technology is a major policy issue with technology companies adopting strong encryption for devices (full-disk encryption) and communications on the internet (end-to-end encryption) to ensure data security and protect user privacy. National security agencies and law enforcement allege though, that the use of encryption undermines their ability to investigate criminals and terrorists, and are subsequently pressuring technology companies (and lawmakers) to allow for access to decrypted data (“backdoors”).

The TPP Agreement wades into this debate to ensure that encryption policies are not obstacles to trade, particularly with respect to Information and Communication Technology (ICT) products. Under the Agreement, a Party is not permitted to require a manufacturer or supplier of a commercial product that uses encryption to transfer a decryption key to the Party or integrate a particular encryption in the product as a condition for conducting business in the territory.

However, there are a number of important exceptions to this rule. First, the section does not apply to products used by a government entity. Second, the section does not preclude law enforcement authorities from requesting unencrypted communications pursuant to lawful authority (i.e. court order).  Third, the section does not apply to investigations by financial market regulators. Finally, the section is subject to the Security Exception in Chapter 29 of the TPP Agreement that permits a Party to apply any measure that it considers necessary to maintain or restore international peace and security, including the protection of its own essential security interests.

The TPP Agreement demonstrates that with the growth in digital trade and electronic commerce, international trade and investment agreements will increasingly address privacy-related issues.

For more information on the TPP Agreement or any of the subjects covered in this note, please contact a member of our team.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
data transfer, encryption, spam, TPP, Trans-Pacific Partnership Agreement
Privacy and Cybersecurity Group

About Privacy and Cybersecurity Group

Our Privacy and Cybersecurity lawyers operate at the intersection of technology and law. We understand that data is one of your core assets, driving insights and enabling development of valuable new products and services. Our global Privacy and Cybersecurity group works across all sectors offering a full complement of counseling and advice, regulatory and litigation services.

All posts

RELATED POSTS

  • New and Proposed Laws
  • Privacy Rights

“Explicit consent” under the new Data Protection Regulation

The new EU Data Protection Regulation redefines consent of individuals.  No longer, will it be sufficient for consents to be […]

By Nick Graham
  • Canada
  • Consumer Protection
  • Enforcement
  • Marketing, Cookies & Spam
  • United States

CRTC enters into MOU with FTC on spam and unlawful telemarketing

By Margot Patterson
  • Data Transfers
  • Europe
  • General
  • United States

Agreement For A New Trans-Atlantic Data Privacy Framework Announced

On March 25, 2022, the United States and European Commission announced by joint statement an agreement in principle on a […]

By Allison Bender, Todd Daubert, Simon Elliott, and Michael Kar

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site