Today in Pittsburgh, the newly created EU-US Trade and Tech Council (TCC) holds its first meeting. The stakes are high and according to the official TTC agenda, a new Transatlantic deal on data is not part of the discussions. That’s a mistake.
With the exponential rise in data crossing borders, governments are struggling to keep up. Cross-border flows of data presents novel complexities, such as potential compromises on privacy and security. However, this intangible commodity brings very real benefits and adds new wealth to our economies.
Governments deal with these complications by introducing new regulatory policies, as does the EU. These policies require third countries to fulfil strong conditions to protect the privacy of its citizens before any transfer of personal data can take place. Their stated purpose is to safeguard non-economic objectives for consumers and societies, whilst guaranteeing the seamless transfer of data between countries.
But transfers of personal data between the EU and its biggest trading partner have become a sticky wicket. In July 2020, the EU’s highest court found that the US provided an inadequate level of data privacy for European citizens. It argued that US intelligence law and surveillance practices do not provide a sufficient level of personal data protection.
The court ruling directly resulted in invalidating the data agreement between the EU and the US, called Privacy Shield, which enabled the transfer of data between both economies while bridging the differences between the two data protection regimes. Five years earlier, the European court struck down a previous Transatlantic data deal on similar grounds.
But the Transatlantic data agreement was no longer just about data transfers. Today, entire business models and data-driven innovation activities across the Atlantic depend on data flows. Without the Privacy Shield, thousands of firms active in sectors ranging from accounting and marketing to finance and information services face large-scale disruption.
Our numbers support that claim.
In a joint study with Kearney, a global consultant, we assessed the trade and economic impact of the repeal of the data deal. We first assessed how much trade in digital services reliant on cross-border data flows between the EU and the US is negatively affected by revoking the data pact. In a next step, using a Computable General Equilibrium (CGE) model we projected what this means economically for the Transatlantic relationship.
Our findings show that without the Privacy Shield, digital services trade across the Transatlantic has likely suffered a blow of 5 to 6 percent, for both exports and imports. As expected, businesses heavily reliant on data were hit hardest. Interestingly, however, we also found that this includes firms within sectors less likely to be associated with cross-border data flows, such as healthcare, travel and tourism, and education.
Our calculations also reveal wider economic losses as a result of the invalidation of the Shield which are equivalent to €19-31 billion in economic output every year for the EU economy. To put this into context: this number is three times the European Commission’s innovation budget till 2027. Moreover, given that some sectors such as education and health will become increasingly digitalized and data-dependent, these numbers are probably a lower-bound.
Losses are especially sizable for Small and Medium Sized firms (SMEs). For instance, our study found that 83 percent of the more than two and half thousand European SMEs surveyed have at least one business use for data. Our study showed that SMEs were particularly vulnerable to the invalidation of the Privacy Shield because they often lack the legal and technical capabilities to manage data or applying special measures to supplement its EU data transfers.
Of course, some of the digital trade losses are offset by the EU’s own expansion of digital services. But our model suggests that this won’t be enough to compensate for the decline in the EU’s digital competitiveness. Thus, an open Transatlantic network for data would be the best option for EU businesses, consumers, and the economy.
Meanwhile, there’s still no new data agreement. Both the European Commission and the US government are trying to see whether a new one could be set up, but that’s far from a done deal. Without the Privacy Shield in place, countries must revert to more costly options, such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs).
Although most large companies use these two options, both alternatives are far too expensive for SMEs trading digital services. They are therefore most likely to have been negatively affected following the repeal of the Privacy Shield, despite accounting for the vast majority of businesses actively covered by the Transatlantic data pact. With higher costs in place for Transatlantic SMEs, our study showed that 30 percent of those that trade and use personal data have reduced the transfer, storage, and process of personal data abroad.
Moreover, the move by the European court also called into question the reliability of SCCs as a credible alternative. Therefore, the EC has come up with an updated set of rules for data trading parties, which has started to apply as of June this year. Yet for some this is not enough and state that de facto European data localization is a real threat.
What would be the impact if this became true? If all Transatlantic data flows must be stopped, stored, and processed in the originating jurisdiction, and all data business and innovation must be local, how would it affect trade and the economy? We examined our data, crunched some numbers, and the resulting implications were huge.
We found that a full Transatlantic ban on the flow of data would result in a 31 percent decline in digital services imports from the US into the EU. That would translate to €327 billion loss in economic revenue for the EU, roughly the size of Denmark’s GDP.
Let’s hope the EU and US will realize data should be part of the TTC discussions in the future.
 For the trade wonks among us, the numbers are carefully calibrated. We have set different parameters of the model to obtain a wide set of estimates. For instance, some digitally services are easier to replace locally or through imports from third countries. Equally, some of these services are characterised by a very low degree of substitutability, which are accounted for. As such our results are robust.