Data flows and national security: a conceptual framework to assess restrictions on data flows under GATS security exception

The paper aims to explore the national security implications of a potential for a World Trade Organization (WTO) dispute on data flow restrictions. It proposes a basic conceptual framework to assess data flows’ restrictions under General Agreement on Trade in Services (GATS) security exception.

If a case were to be brought before the WTO dispute settlement, the defender could support its case by invoking the security exception. This paper analyzes three main arguments that could be brought up: protection from cyber espionage, protection from cyberattacks on critical infrastructure and access to data needed to prevent terrorist threats. These three cases are analyzed both legally and technically to assess the relevance of restrictions on data flows under GATS security exception. This analysis can, more generally, inform the debate on the protection of national security in the digital era.

In the three cases, restrictions on data considered critical for national security might raise the cost of certain attacks. However, the risks would remain pervasive and national security would not be significantly enhanced both legally and technically. The implementation of good security standards and encryption techniques appears to be a more effective way to ensure a better response to cyber threats. All in all, it will be important to investigate on a case by case basis whether the scope of the measure (sectors and data covered) is considered proportionate and whether the measure in question in practice reduces the exposure of the country to cyber espionage, cyberattacks and terrorist threats.

This paper represents a contribution to the literature because it is the first paper to address systematically the issue of data flows and national security in the context of a GATS dispute and because it provides a unique perspective that looks both at legal and technical arguments.