Category Sponsorship Banner Left

Category Sponsorship Banner Right

Home Page Skin 160x1200 Contractor

Category Sponsorship Banner Middle

Monday, 03 December 2018 08:06

E-commerce provisions in new trade deal claimed to be good for all

Darryn Lim: " security ultimately does not depend on the physical location of the data or the location of the infrastructure supporting it." Darryn Lim: " security ultimately does not depend on the physical location of the data or the location of the infrastructure supporting it." Supplied

Global software industry advocate BSA, the software alliance, says the e-commerce provisions in a trade deal struck by 11 countries, including Australia, recently will allow them to take advantage of the digital economy.

Darryn Lim, director, Policy – APAC, for BSA, said the Comprehensive and Progressive Agreement for Trans-Pacific Partnership's provisions on cross-border data transfers and data localisation would help create business predictability and legal certainty for regional companies operating in cutting-edge 21st century industries.

He said the BSA favoured free movement of data across borders and no data localisation requirements as the organisation saw inherent benefits in such policies.

The CPTPP was formerly known as the Trans-Pacific Partnership Agreement or TPP. But after US President Donald Trump pulled his country out of the trade deal, the other 11 countries went ahead and completed negotiations. The deal has come into force for some and others will join once their parliaments have ratified it.

Lim was interviewed by email to tease out some details about the new treaty.

iTWire: What is BSA's interest in this treaty based on? Whom does the organisation represent in its lobbying for the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP)?

Darryn Lim: As the leading industry association representing the global software industry before governments around the world, BSA is most interested in the agreement’s e-commerce chapter, which creates binding multilateral rules that limit restrictions on international data transfers, prohibit requirements for data localisation, and include added protections for source code, among other things.

These are consistent with the elements that BSA views as essential in any modern trade agreement for the 21st century to drive job creation, competitiveness, and innovation, as set out in BSA’s publication “Modernising Digital Trade: An Agenda for Software”. BSA represents companies like Adobe, Amazon Web Services, Apple, Baseplan Software, Cisco, Microsoft, IBM, Salesforce, Symantec, Workday, and numerous others. These companies are at the forefront of innovative data services driving the global economy, such as cloud computing, data analytics, cyber security, blockchain, machine-learning, and artificial intelligence. All of these services depend on the ability to transfer data globally.

Does this treaty leave open the possibility for other countries — say, like China or India to join later?

The CPTPP allows new member countries to join the agreement, subject to the ability of each candidate to meet the obligations of the agreement, as well as any other terms and conditions imposed by existing CPTPP members. In any event, existing CPTPP member countries would have to agree to allow any new candidate to join the agreement.

Now that seven countries of the 11 involved have ratified the CPTPP, it has been given effect, has it not?

The CPTPP will go into effect on 30 December for six countries (Australia, Canada, Japan, Mexico, New Zealand and Singapore), and on 14 January 2019 for Vietnam. The trigger for the CPTPP going into effect — six countries having ratified the agreement — was met when Australia became the sixth country to ratify it on 31 October. Vietnam ratified the CPTPP on 15 November, hence the slightly later effective date for Vietnam. For the remaining countries (Brunei, Chile, Malaysia, and Peru), the CPTPP will go into effect after they have ratified it.

Why is it so important not to localise data storage? To me, it seems reasonable that a country would want to have data about its citizens' (and other residents) transactions stored within its borders.

For cutting-edge technologies like cloud computing and AI to be available, data needs to be transferred across borders. Data and server localisation requirements limit the availability of these services in the market, which impedes the ability of other local industries to compete, especially in the international market place.

Countries that are looking to have transactional data stored within its borders are often motivated by concerns around security. However, data security ultimately does not depend on the physical location of the data or the location of the infrastructure supporting it. Security is instead a function of the quality and effectiveness of the mechanisms and controls maintained to protect the data in question.

In fact, localising and concentrating data and servers in a country introduces cyber security vulnerabilities by providing a central point of attack for bad actors to target while denying access to the many security benefits that cloud-based technologies can bring, such as redundancy, around-the-clock security monitoring, cloud-based network defence tools, and others.

When it comes to encrypted data, is the BSA's stance any different given its opposition to the encryption bill currently before the Australian Parliament? 

BSA’s stance remains the same as set out in the email interview by iTWire on 21 September. We would, however, clarify that, as mentioned in our submission to the Australian Parliament of 12 October and in our testimony during the public hearing on 19 October, we acknowledge and support the Australian Government's desire to have effective tools to aid in the fight against criminal and terrorist activity and to ensure that the rule of law applies equally to offline and online activity.

Our concerns with the Assistance and Access Bill 2018, as presently drafted, lie in its broad scope coupled with inadequate safeguards for the exercise of the authorities granted under the bill.

For instance, India is now insisting that all data regarding monetary transactions be stored physically within its borders. Would that be considered "unreasonable"?

BSA supports balanced policies that protect personal data and further cyber security. Regarding the data localisation measures that India’s financial services regulator (the Reserve Bank of India) have imposed, we focus on whether these requirements are necessary to achieve the RBI’s objectives. We understand these objectives to be two-fold – the ability for the RBI to perform its regulatory duties, and the need to ensure data integrity and security. Data localisation does not advance either of these goals.

With respect to the ability to perform regulatory duties, other regulators such as those in Singapore and Hong Kong expressly permit data held by financial services institutions to be stored and processed overseas, clearly demonstrating that the location of the data is not critical to the exercise of regulatory functions. With respect to ensuring data integrity and security, we would reiterate our earlier point that security is a function of the quality and effectiveness of the mechanisms and controls maintained to protect the data in question.

The US had an issue some months ago when it could not gain access to data stored by Microsoft in Ireland; the data was said to be needed to investigate a drugs-related case. Now, that has been overcome by passage of a new law, the CLOUD Act. How would the Comprehensive and Progressive Agreement for Trans-Pacific Partnership affect issues like this?

As far as we are aware, the CPTPP does not directly affect this issue, although the agreement does contain a number of co-operation and dialogue mechanisms at which this issue could be discussed.

Given that at least some of the countries involved in the CPTPP do not have digital systems that can deal effectively with some of the treaty changes, what is the use of putting such changes in place?

The e-commerce provisions in the CPTPP will improve the ability of countries to take advantage of the digital economy. Its provisions on cross-border data transfers and data localisation will help create business predictability and legal certainty for regional companies operating in cutting-edge 21st century industries. That is important not only for the software industry, but also for every industry that takes advantage of cloud computing or data analytic services.

In the BSA's view, what are ideal international data rules?

The ideal set of international data rules should facilitate job creation, competitiveness, and innovation. The driving principle should be: no market access barriers and no discrimination against innovative software services. These rules should include commitments by governments to, among other things:

  • allow the free movement of data across borders;
  • not impose data localisation requirements;
  • promote the use of innovative technology in government operations;
  • allow companies and government agencies to use the technology of their choice; and
  • support strong encryption.

These elements and more are set out in our publication “Modernising Digital Trade: An Agenda for Software”

As mentioned above, the digital trade rules in the CPTPP are consistent with these elements that BSA views as essential.

What about ISDS – is it not part of the CPTPP? What is the BSA's view on this?

ISDS, or Investor-State Dispute Settlement, remains part of the CPTPP, although the CPTPP parties did make some limited adjustments to the ISDS provisions of the agreement.

Read 3591 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News