In 1998, WTO Members first addressed digital issues, agreeing to prohibit customs duties on electronic transmissions. In that year, according to the International Telecommunication Union (ITU), there were just over 1 million broadband connections in the world. Two decades later, there are over 7 billion broadband subscriptions connecting 4 billion people, tens of billions of devices, and over one hundred million businesses, to the Internet.
This global expansion of the Internet is powering digitally enabled trade. Firms in every industry are leveraging digital services and technologies, often supplied across borders, to drive internal efficiencies, enhance customer offerings, and better compete globally. Small and micro enterprises have been major beneficiaries of this digitalization. Data analytics, cloud computing, and online platforms allow small businesses to keep costs low, scale up quickly without costly infrastructure investments, and compete against larger, more established firms.
Barriers to digital trade threaten the ability of all firms – including small businesses – to benefit from the advantages of the digital economy. When governments impose unnecessary barriers to cross-border data flows or discriminate against foreign digital services, local firms are often hurt the most, as they cannot take advantage of cross-border digital services that facilitate global competitiveness.
That is why USTR focuses on achieving strong, binding rules on digital trade in all of its negotiations. The U.S.-Mexico-Canada Agreement and the U.S.-Japan Digital Trade Agreement include the most comprehensive and advanced digital trade rules ever negotiated, which USTR hopes will serve as a template for similarly strong and comprehensive rules elsewhere. After 20 years, WTO Members have renewed their focus on digital issues, as the United States and many other Members work toward a high-standard agreement on digital trade that would meaningfully reduce digital trade barriers around the world.
In this year’s National Trade Estimate (NTE), USTR continues its focus on barriers to digital trade. The key barriers to digital trade identified in the 2020 NTE include:
China’s Restrictions on Cross-Border Data Flows and Data Localization Requirements
- China’s 2016 Cybersecurity Law provides for sweeping restrictions on cross-border data transfers and broad-based data localization mandates. A range of implementing regulations for this law would prohibit or severely restrict routine cross-border transfers of information, including a broad range of information falling into the undefined category of being “important.” The law also imposes data localization requirements on some companies, including those that operate “critical information infrastructure,” a vaguely defined term that has been interpreted to include entire sectors of the economy.
China’s Cloud Computing Restrictions
- China prohibits foreign companies from directly providing cloud computing services to customers in China, requiring foreign service suppliers to partner with a Chinese company and to turn over to that partner their technology, intellectual property, know-how, and brands in order to enter the market.
China’s Web Filtering and Blocking of Legitimate Websites
- China continues to engage in extensive blocking of legitimate websites, including communications, networking, online retailing, app stores, news, and other sites. China currently blocks 10 of the top 30 global sites and over 10,000 domains in total, affecting billions of dollars in potential U.S. business.
Digital Services Taxes
- In 2019, France adopted a tax on gross revenues of large digital companies from supplying digital interface services and targeted advertising, including on companies without a physical presence in the France. In 2019, USTR initiated an investigation of France’s digital services tax under Section 301 of the Trade Act of 1974 and issued a report finding that France’s digital services tax is unreasonable or discriminatory and burdens or restricts U.S. commerce. Austria, the Czech Republic, Italy, Spain, Turkey, and the United Kingdom have adopted or are considering similar proposals. The United States opposes proposals that single out digital services for tax purposes. In addition, to the extent that these proposals are aimed at U.S. companies, they raise concerns about discriminatory effects on U.S. suppliers.
India's Restrictions on Cross-Border Data Flows and Data Localization Requirements
- In late 2019, India began considering a revised draft privacy law that would impose significant restrictions on cross-border data transfers and impose requirements to store copies of personal data in India. The draft law would also grant the government the authority to access non-personal or anonymized data held by data fiduciaries, which is unrelated to the goal of protecting privacy and raises concerns about businesses’ ability to protect intellectual property. This draft law would add to other recent measures that restrict the cross-border flow of data and create onerous data localization requirements, including a 2018 measure requiring payment service suppliers to store all information related to electronic payments by Indian citizens within India.
Indonesia’s Data Localization Requirements
- In 2019, Indonesia instituted a new regulation replacing its long-standing data localization measure. The new rules permit private sector electronic system operators to transfer, process, and store data outside of Indonesia. The Indonesian government has not yet issued detailed implementing regulations.
Indonesia’s Tariffs on Digital Products
- In 2018, Indonesia issued a new regulation establishing tariff lines for digital products transmitted electronically, such as software, apps, video, and music. Although tariffs are currently set at zero, imposing duties on digital products would raise concerns regarding Indonesia’s longstanding WTO commitment—renewed on a multilateral basis in December 2017—not to impose duties on electronic transmissions. Similarly, customs reporting requirements, even in the absence of a duty, would be highly disruptive of existing trade. The potential for such measures – duties and reporting requirements – could have a significant negative effect on Indonesia’s digital economy, expected to be worth $150 billion by 2025, much of which is driven by cross-border data flows involving U.S. firms.
Kenya’s Data Localization Requirements
- In 2019, Kenya passed a new data protection law that includes unclear and potentially restrictive provisions governing the cross-border transfer of personal information, including “proof” that personal data will be secure as a condition for cross-border transfer, consent for transfer of a broad range of personal data deemed “sensitive,” and official discretion to prohibit cross-border transfer of certain categories of personal data. Such restrictions could hamper the development of Kenya’s digital economy and may undermine data security without providing any meaningful benefit to data privacy.
Korea’s Restrictions on Cross-Border Data Flows
- Korea restricts the export of geo-location data, disadvantaging international suppliers that incorporate services such as traffic updates and navigation into their products. As far as we are aware, Korea is the only market in the world that maintains such a restriction. In addition, while Korea has taken steps to expand cloud computing opportunities in its territory, restrictions on the cross-border use of cloud computing for financial services remain a serious impediment to the competitiveness of foreign cloud computing suppliers in the Korean market.
Nigeria’s Data Localization Requirements
- Nigeria requires businesses to store all data concerning Nigerian citizens in Nigeria. This requirement disproportionately affects foreign businesses, which distribute their data storage and processing globally.
Russia’s Data Localization Requirements
- Russian law requires that companies process and store in Russia certain data on Russian citizens that they collect electronically. U.S.-based services have been blocked for failure to comply with this law, including numerous IP addresses associated with U.S. cloud services providers.
Russia’s Local Software Requirements
- In 2019 Russia passed a law requiring the pre-installation of Russian software applications on certain consumer electronic products (e.g., smartphones, computers, tablets, and smart TVs). Russia has identified relevant categories of software to include search engine, mapping and navigation, anti-virus, national payment, and social network applications. Stakeholders note that the law appears intended to disadvantage software imports, and that it could expose devices and services to potentially insecure or unreliable technology.
Saudi Arabia's Data Localization Requirements
- In 2018, Saudi Arabia issued the Cloud Computing Regulatory Framework, requiring localization for certain types of data. The framework also increases liability for Internet service providers and creates broad regulatory powers to require cloud and other ICT service providers to install government filtering software. Such requirements may create market access barriers for many ICT services provided by foreign companies.
Turkey’s Data Localization Requirements
- Turkey maintains multiple data localization requirements in various laws and regulations, including limitations on transfers of personal data abroad, requirements that suppliers of electronic payment services maintain information systems within Turkey, and requirements that publicly traded companies keep their primary and secondary information systems and data in Turkey. In addition, in 2019, Turkey enacted a measure prohibiting public institutions from using cloud computing.
Vietnam’s Restrictions on Online Advertising
- Vietnam requires advertisers to contract with a local services supplier as a condition of placing advertisements on foreign websites targeting Vietnam. This requirement is burdensome and impractical, given that the online advertising market typically functions through automated, real-time auctions for ad space.
Vietnam’s Restrictions on Online Video Services
- Vietnam is proposing to extend its broadcasting regulatory regime to online video services, including applying onerous new requirements related to licensing, local presence, local content quotas, pre-editing and translation, and advertising to these services. Vietnam has also pressed smart TV manufacturers to remove pre-installed applications and hardware facilitating user access to these services.
Vietnam’s Data Localization Requirements
- In 2018, Vietnam passed a law on cybersecurity that requires online service suppliers to store data, and establish a local presence, in Vietnam. Vietnam is currently considering implementing regulations that could potentially narrow the scope of such requirements and apply them only after a company fails to comply with specific provisions of the law, such as failing to meet 24-hour takedown requirements for a wide array of online content. However, the requirements would still apply to a range of digital services and, as such, would remain problematic.