Digitrade Digest #97

Korea wants a digital trade pact with EU, European Parliament passes draft law on AI, China tightens control over cross border flow of its data and more…



Thanks for reading Digital’s Substack! Subscribe for free to receive new posts and support my work.


The Post-Brexit Push For Deregulation in Global Data Governance

Wednesday, June 21, 2023 at 9AM ET (New York), 2PM BST (London), 3PM CET (Brussels)

Register now

Please join the Digital Trade Alliance for a timely webinar to discuss a new report about the United Kingdom’s post-Brexit strategy to promote deregulation in global digital trade and data governance through a number of new free trade agreements and domestic data protection reforms.

The UK government aims to become the world’s most attractive data hub and marketplace,shifting away from the EU data governance frameworks and towards a closer alignment with the United States and Indo-Pacific region. The UK’s accession to the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and other recent UK agreements with countries in the region like Japan, Singapore and Australia prioritize digital trade and data flows over consumer protections.

To align with the data regimes of CPTPP countries, the UK is transforming its domestic data protection framework to depart from the EU approach in areas such as identifiable information, research, automated decisions, data rights, and business obligations. These reforms openly tilt the balance towards the needs of business by reducing consumer digital rights and could jeopardise the existing arrangements for free flow of data between the UK and the EU, which would cause major economic turmoil.


  • Javier Ruiz, Digital Trade Alliance
  • Ioannis Kouvakas, Privacy International
  • Alex Lawrence‑Archer, AW
  • Deepika Yadav, Digital Trade Alliance (moderator)

Register to receive the link to join via zoom


Korea seeks digital trade pact with EU

KoreaTimes: Korea will push to clinch a bilateral pact on digital trade with the European Union to facilitate trade in the digital realm and to enhance industry cooperation, the industry ministry said Tuesday.

There have been calls for the need to devise broader and specific rules on digital trade between the two sides, as their digital transactions and exchanges via various online platforms have risen and there are only two related clauses under their Free Trade Agreement (FTA).

As a preparatory step of envisioned negotiations for a deal, South Korea will hold a public hearing on the issue in Seoul on Thursday involving experts and relevant business entities, according to the Ministry of Trade, Industry and Energy.

The EU is Korea’s third-largest trading partner, with bilateral trade reaching an all-time high of $136.3 billion last year. Their FTA took effect in 2011.

Last year, Korea signed a bilateral digital trade agreement with Singapore, the first of its kind for Korea.

Earlier this month, it also acceded to the Digital Economy Partnership Agreement (DEPA), becoming the first partner outside of its founding members of Chile, New Zealand and Singapore.

As the world’s first plurilateral digital pact, the DEPA calls for the establishment of key rules on digital trade issues, such as digital identities, cross-border data flows and artificial intelligence.

U.S. House committee voices backing for initial Taiwan-U.S. trade deal

FocusTaiwan: The U.S. House of Representatives Ways and Means Committee on Tuesday unanimously passed legislation affirming its support for the initial agreement reached under the U.S.-Taiwan Initiative on 21st Century Trade.

The bill, which was jointly announced last week by committee chair Jason Smith (R-MO) and ranking member Richard Neal (D-MA), as well as by Senate Finance Committee Chair Ron Wyden (D-OR) and ranking member Mike Crapo (R-ID), cleared the committee by a vote of 42-0.

Taiwan and the United States signed a first agreement under their “21st century” trade initiative on June 1, which covered customs and border procedures, regulatory practices and small business in a bid to make trade and investment between the two sides easier.

Following the signing, the sides said they planned to begin negotiations on other, more complicated issues, such as agriculture, digital trade, labor, environmental and nonmarket policies and practices as well as state-owned enterprises and standards.

In a press release Tuesday, the committee said the bill confirms Congress’ support for the first agreement under the trade initiative, and also seeks to require congressional consultation and approval for any subsequent agreements that are reached.

More specifically, the bill’s latter section refers to an ongoing dispute between the White House and lawmakers of both U.S. parties over the Biden administration’s pursuit of limited trade pacts that bypass Congress, another example being a deal on EV battery materials struck with Japan in March.

Procedural debates aside, Smith told the committee he supported the administration’s efforts to pursue closer trade relations with Taiwan and believed the substance of the first agreement under the initiative was “sound.”

“The people of the United States and the people of Taiwan share an invaluable economic partnership; we share democratic values; and we have strong individual ties between our two nations,” Smith said.

Neal, meanwhile, said it was vital for Congress and for American trade policy to support democratic Taiwan amid the “incredible pressure” it faces from its authoritarian neighbor in China.

With the bill’s passage in committee, it will be advanced for an eventual vote in the full House. After clearing the House, it would need to be passed by the Senate and signed by the president in order to become law.


Europeans Take a Major Step Toward Regulating A.I.


TheNewYorkTimes: The European Union took an important step on Wednesday toward passing what would be one of the first major laws to regulate artificial intelligence, a potential model for policymakers around the world as they grapple with how to put guardrails on the rapidly developing technology.

The European Parliament, a main legislative branch of the European Union, passed a draft law known as the A.I. Act, which would put new restrictions on what are seen as the technology’s riskiest uses. It would severely curtail uses of facial recognition software, while requiring makers of A.I. systems like the ChatGPT chatbot to disclose more about the data used to create their programs.

The vote is one step in a longer process. A final version of the law is not expected to be passed until later this year.

The European Union is further along than the United States and other large Western governments in regulating A.I. The 27-nation bloc has debated the topic for more than two years, and the issue took on new urgency after last year’s release of ChatGPT, which intensified concerns about the technology’s potential effects on employment and society.

Policymakers everywhere from Washington to Beijing are now racing to control an evolving technology that is alarming even some of its earliest creators. In the United States, the White House has released policy ideas that include rules for testing A.I. systems before they are publicly available and protecting privacy rights. In China, draft rules unveiled in April would require makers of chatbots to adhere to the country’s strict censorship rules. Beijing is also taking more control over the ways makers of A.I. systems use data.

How effective any regulation of A.I. can be is unclear. In a sign that the technology’s new abilities are emerging seemingly faster than lawmakers are able to address them, earlier versions of the E.U. law did not give much attention to so-called generative A.I. systems like ChatGPT, which can produce text, images and video in response to prompts.

Under the latest version of Europe’s bill passed on Wednesday, generative A.I. would face new transparency requirements. That includes publishing summaries of copyrighted material used for training the system, a proposal supported by the publishing industry but opposed by tech developers as technically infeasible. Makers of generative A.I. systems would also have to put safeguards in place to prevent them from generating illegal content.

Francine Bennett, acting director of the Ada Lovelace Institute, an organization in London that has pushed for new A.I. laws, said the E.U. proposal was an “important landmark.”

“Fast-moving and rapidly repurposable technology is of course hard to regulate, when not even the companies building the technology are completely clear on how things will play out,” Ms. Bennett said. “But it would definitely be worse for us all to continue operating with no adequate regulation at all.”

The European bill takes a “risk-based” approach to regulating A.I., focusing on applications with the greatest potential for human harm. This would include where A.I. systems were used to operate critical infrastructure like water or energy, in the legal system, and when determining access to public services and government benefits. Makers of the technology would have to conduct risk assessments before putting the tech into everyday use, akin to the drug approval process.

A tech industry group, the Computer & Communications Industry Association, said the European Union should avoid overly broad regulations that inhibit innovation.

“The E.U. is set to become a leader in regulating artificial intelligence, but whether it will lead on A.I. innovation still remains to be seen,” said Boniface de Champris, the group’s Europe policy manager. “Europe’s new A.I. rules need to effectively address clearly defined risks, while leaving enough flexibility for developers to deliver useful A.I. applications to the benefit of all Europeans.”

One major area of debate is the use of facial recognition. The European Parliament voted to ban uses of live facial recognition, but questions remain about whether exemptions should be allowed for national security and other law enforcement purposes.

Another provision would ban companies from scraping biometric data from social media to build out databases, a practice that drew scrutiny after the facial-recognition company Clearview AI used it.

Tech leaders have been trying influence the debate. Sam Altman, the chief executive of OpenAI, the maker of ChatGPT, has in recent months visited with at least 100 American lawmakers and other global policymakers in South America, Europe, Africa and Asia, including Ursula von der Leyen, president of the European Commission. Mr. Altman has called for regulation of A.I., but has also said the European Union’s proposal may be prohibitively difficult to comply with.

After the vote on Wednesday, a final version of the law will be negotiated by representatives of the three branches of the European Union — the European Parliament, the European Commission and the Council of the European Union. Officials said they hoped to reach a final agreement by the end of the year.


China tightens controls on cross-border data transfer

NikkeiAsia: According to the Measures for Security Assessment of Cross-border Data Transfer, which took effect Sept. 1, companies that process personal data involving more than 1 million people should undergo a security assessment if they want to transfer data overseas.

The measures require the companies to submit self-assessment reports to local cyber authorities and the Cyberspace Administration of China (CAC) for two rounds of review. Currently, a company can legally transfer Chinese data overseas by signing a contract with an overseas recipient and filing it with a local cyber authority, or by having the data pass a security assessment by the country’s top internet watchdog.

Even though these measures have been in place for nine months, Xu said their implementation has been slow in practice as there are too many such companies in China and not enough manpower to handle their assessment reports.

By the end of April, Shanghai’s cyberspace regulator had received more than 400 assessment reports, of which only 0.5% were approved by the CAC.

The situation is similar elsewhere. Nationwide, authorities have received more than 1,000 applications to transfer data overseas, of which fewer than 10 have made it through two rounds of review, a lawyer familiar with the matter told Caixin.

Caixin has learned that at the national level, while a data bureau of the CAC is responsible for reviewing and approving assessment reports, more of the work is actually done by special assessment personnel from a CAC subsidiary, which is a cybersecurity technical center called CNCERT/CC. The center and the bureau have a combined staff of about 100 people.

In addition to staffing constraints, a lack of clarity of the review criteria is slowing down the approval process, with regulators and companies not seeing eye-to-eye on why the requested data transfers are necessary, the above-mentioned lawyer said. The measures for security assessment require applicants to explain why it is justified, legal and necessary for their data to flow overseas and for overseas recipients to process it, but not much more is specified.

Xu warned that taking “one-size-fits-all” measures may lead to overly strict restrictions on some industries, which is not conducive to balancing the needs of national security and the free flow of data, as not all industries pose national security concerns.

With the implementation of the measures on the standard contract this month, regulators will shift more of their efforts to helping these contracts complete the filing process, which in turn will speed up their approval of security assessments, a source close to the cyber authorities told Caixin.

However, He Yuan, executive director of Shanghai Jiao Tong University’s data law research center, noted the workload on local regulators could increase substantially as firms with fewer than 1 million people will also need to sign a standard contract starting June.

Thanks for reading Digital’s Substack! Subscribe for free to receive new posts and support my work.