Cross Border Data Flows and International Trade Law: The Relationship between EU Data Protection Law and the GATS

The purpose of this article is to analyse the interactions between data localization measures and obligations deriving from the World Trade Organization (WTO), using as a tool the EU data protection regulation on transfers of data from the Union’s territory to third countries. The latter provides a valuable test to address a number of issues of topical relevance for the WTO and its Member States. In particular, recent technological developments have raised the question of the adaptability of WTO obligations to digital trade and of the identification of the applicable legal regime to electronically delivered products and services. Moreover, the analysis will shed some light on the space for Member States’ regulatory autonomy within the General Agreement on Trade in Services (GATS), in order to understand to what extent domestic concerns on privacy protection may justify the adoption of measures conflicting with the main obligations on services liberalisation. The article is divided into three main sections. The first consists in a brief overview of EU data protection rules on data transfers to third countries, which takes into account the recent developments in the caselaw of the Court of Justice of the European Union (CJEU). The second is devoted to the assessment of the applicable legal regime amongst WTO rules to the case of data transfers. This allows to identify in the GATS the main body of law to look at when verifying compliance of data localization measures with prohibitions of barriers to trade.