EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 52023PC0773
Proposal for a COUNCIL DECISION on the signing, on behalf of the European Union, of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data
Proposal for a COUNCIL DECISION on the signing, on behalf of the European Union, of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data
Proposal for a COUNCIL DECISION on the signing, on behalf of the European Union, of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data
COM/2023/773 final
EUROPEAN COMMISSION
Brussels, 1.12.2023
COM(2023) 773 final
2023/0451(NLE)
Proposal for a
COUNCIL DECISION
on the signing, on behalf of the European Union, of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data
EXPLANATORY MEMORANDUM
1.CONTEXT OF THE PROPOSAL
•Reasons for and objectives of the proposal
By decision of 12 July 2023 the Council approved negotiating directives for the Commission to negotiate the inclusion of provisions on cross-border data flows in the Agreement between the European Union and Japan for an Economic Partnership 1 .
On the 24 October 2022, the EU and Japan launched the negotiations on cross-border data flows. The negotiations were concluded in principle on 28 October 2023.
The EU and Japan are among the largest digital economies in the world. The EU seeks to accelerate and harness the benefits of the further digitalisation of the global economy and society. Data governance and cross-border data flows are crucial to this development.
Data is the lifeline of many businesses and a critical component of business models and supply chains across many economic sectors. This agreement brings much needed legal certainty that data flows between the EU and Japan will not be hampered by unjustified data localisation measures, and ensures the benefit from the free flow of data with trust in full compliance with our respective rules on data protection and the digital economy.
The outcome of the negotiations confirms EU and Japan continued commitment to the rules-based international trading system and joint determination to shape global data flow rules that respect shared values and respective regulatory approaches.
•Consistency with existing policy provisions in the policy area
By agreeing on rules addressing unjustified obstacles to data flows while preserving regulatory autonomy in the area of data protection and privacy the proposal contributes to the objectives as laid down in the Communication of 18 February 2021 from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of Regions 2 .
•Consistency with other Union policies
Negotiated rules on cross-border data flows with Japan complement the existing mutual adequacy arrangement between the EU and Japan for personal data 3 , and are in line with the consolidated proposal for provisions on cross-border data flows and protection of personal data and privacy in trade agreements 4 the proposal pursues the Commission’s strategy laid down in the Trade Policy Review, the EU Data Strategy, the Joint Communication on the EU Strategy for Cooperation in the Indo-Pacific 5 and in the Joint Declaration on privacy and the protection of personal data co-signed by the EU and Japan 6 .
In the Trade Policy review the Commission committed to “continue to address unjustified obstacles to data flows while preserving its regulatory autonomy in the area of data protection and privacy”. The EU Data Strategy 7 states: “The EU will continue to address these unjustified obstacles to data flows in bilateral discussions and international fora – including the World Trade Organisation – while promoting and protecting European data processing rules and standards, in full compliance with EU legislation”. Data flows is also identified as an important element of the Joint Communication on the EU Strategy for Cooperation in the Indo-Pacific 8 .
2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
•Legal basis
The substantive legal basis is Article 207 TFEU.
The Protocol for Amendment is to be signed by the Union pursuant to a decision of the Council based on Article 218(5) TFEU and concluded by the Union pursuant to a decision of the Council based on Article 218(6) TFEU, following the European Parliament’s consent.
•Subsidiarity (for non-exclusive competence)
The Protocol for Amendment as presented to the Council does not cover any matters that fall outside the EU’s exclusive competence.
•Proportionality
Trade agreements are the appropriate means to govern market access and the related areas of comprehensive economic relations with a third country outside the EU. No alternative exists to render such commitments and liberalisation efforts legally binding.
This initiative pursues directly the Union's objective in external action and contributes to the political priority of 'EU as a stronger global actor’. It is in line with the EU Global Strategy’s orientations to engage with others and revamp its external partnerships in a responsible way, in order to attain the EU's external priorities. It contributes to the EU’s trade and development objectives.
•Choice of the instrument
This proposal is in accordance with Article 218(5) TFEU, which envisages the adoption by the Council of decisions on the signature of international agreements. No other legal instrument exists that could be used in order to achieve the objective expressed in this proposal.
3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
•Ex-post evaluations/fitness checks of existing legislation
Not applicable
•Stakeholder consultations
Not applicable
•Collection and use of expertise
Not relevant
•Impact assessment
Not relevant
•Regulatory fitness and simplification
Not applicable
•Fundamental rights
The recommendation is consistent with the EU Treaties and the Charter of Fundamental Rights of the European Union. In particular, by tabling the consolidated proposal for provisions on cross-border data flows and protection of personal data and privacy in trade agreements the Commission seeks to preserve the Union’s regulatory autonomy in the area of data protection and privacy.
4.BUDGETARY IMPLICATIONS
Not relevant
5.OTHER ELEMENTS
•Implementation plans and monitoring, evaluation and reporting arrangements
Not applicable
•Explanatory documents (for directives)
Not applicable
•Detailed explanation of the specific provisions of the proposal
The proposal consists of 7 articles.
Article 1 concerns the amendment of the table of contents.
Article 2 principally concerns the addition of definition of “covered person” defining the scope of the provisions concerned.
Article 3 concerns the rules for cross-border transfer of information by electronic means based on a closed list of prohibited measures restricting cross-border flow of information and relevant exceptions.
Article 4 concerns personal data protection. In line with EU practice and with the consolidated proposal for provisions on cross-border data flows and protection of personal data and privacy in trade agreements it recognises each Party's right to determine the appropriate level of privacy and personal data protection.
Article 5 provides for the deletion of the provision concerning financial data.
Article 6 concerns the entry into force.
Article 7 concerns the authentic languages in which the Protocol is drawn up.
2023/0451 (NLE)
Proposal for a
COUNCIL DECISION
on the signing, on behalf of the European Union, of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 207(4), first subparagraph, in conjunction with Article 218(5) thereof,
Having regard to the proposal from the European Commission,
The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on [date of the opinion],
Whereas:
(1)On 12 July 2023, the Council authorised the Commission to negotiate the inclusion of provisions on cross-border data flows in the Agreement between the European Union and Japan for an Economic Partnership ('the Agreement').
(2)On 28 October 2023, the negotiations of the provisions on cross-border data flows to be included in the Agreement were concluded.
(3)Therefore, the Protocol amending the Agreement should be signed on behalf of the Union, subject to its conclusion at a later date,
HAS ADOPTED THIS DECISION:
Article 1
The signing of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data ('the Protocol') is hereby approved on behalf of the Union, subject to the conclusion of the Protocol.
The text of the Protocol is attached to this Decision.
Article 2
The Council Secretariat General shall establish the instrument of full powers to sign the Protocol on behalf of the Union, subject to its conclusion, for the person(s) indicated by the negotiator of the Protocol.
Article 3
This Decision shall enter into force on the day of its adoption.
Done at Brussels,
For the Council
The President
EUROPEAN COMMISSION
Brussels, 1.12.2023
COM(2023) 773 final
ANNEX
to the
Proposal for a Council Decision
on the signing, on behalf of the European Union, of the Protocol amending the Agreement between the European Union and Japan for an Economic Partnership regarding free flow of data
ANNEX
PROTOCOL
AMENDING THE AGREEMENT
BETWEEN THE EUROPEAN UNION
AND JAPAN
FOR AN ECONOMIC PARTNERSHIP
THE EUROPEAN UNION and JAPAN (hereinafter referred to as "the Parties"),
HAVING reassessed the need for inclusion of provisions on the free flow of data into the Agreement between the European Union and Japan for an Economic Partnership, signed at Tokyo on 17 July 2018 (hereinafter referred to as "the Agreement"), in accordance with Article 8.81 of the Agreement,
HAVE AGREED AS FOLLOWS:
ARTICLE 1
The table of contents of the Agreement shall be amended by deleting the words "Articles 8.70 to 8.81" and replacing them with the words "Articles 8.70 to 8.72".
ARTICLE 2
Article 8.71 of the Agreement shall be amended by deleting the word "and" of subparagraph (a), by deleting the period of subparagraph (b)(ii) and replacing it with a semicolon, and by inserting the following subparagraphs immediately after subparagraph (b)(ii):
"(c) "covered person" means:
(i) a covered enterprise;
(ii) an entrepreneur of a Party; and
(iii) a service supplier of a Party; and
(d) "personal data" means any information, relating to an identified or identifiable natural person."
ARTICLE 3
Article 8.81 of the Agreement shall be replaced by the following:
"ARTICLE 8.81
Cross-border transfer of information by electronic means
1. The Parties are committed to ensuring the cross-border transfer of information by electronic means where this activity is for the conduct of the business of a covered person.
2. To that end, a Party shall not adopt or maintain measures which prohibit or restrict the cross-border transfer of information set out in paragraph 1 by:
(a) requiring the use of computing facilities or network elements in the territory of the Party for information processing, including by requiring the use of computing facilities or network elements that are certified or approved in the territory of the Party;
(b) requiring the localisation of information in the territory of the Party for storage or processing;
(c) prohibiting storage or processing of information in the territory of the other Party;
(d) making the cross-border transfer of information contingent upon use of computing facilities or network elements in the territory of the Party or upon localisation requirements in the territory of the Party;
(e) prohibiting the transfer of information into the territory of the Party; or
(f) requiring the approval of the Party prior to the transfer of information to the territory of the other Party.1
3. Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraphs 1 and 2 to achieve a legitimate public policy objective2, provided that the measure:
(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade; and
(b) does not impose restrictions on transfers of information that are greater than necessary to achieve the objective.3
4. Nothing in this Article shall prevent a Party from adopting or maintaining measures on the protection of personal data and privacy, including with respect to cross-border transfers of information, provided that the law of the Party provides for instruments enabling transfers under conditions of general application4 for the protection of the information transferred.
5. This Article does not apply to cross-border transfer of information held or processed by or on behalf of a Party.
6. A Party may at any time propose to the other Party to review the measures listed in paragraph 2.
_________________
1For greater certainty, subparagraph 2(f) does not prevent a Party from:
(a)subjecting the use of a specific transfer instrument or a particular cross-border transfer of information to approval on grounds relating to the protection of personal data and privacy, in compliance with paragraph 4;
(b)requiring the certification or conformity assessment of ICT products, services and processes, including Artificial Intelligence, before their commercialisation or use in its territory, to ensure compliance with laws and regulations consistent with this Agreement or for cybersecurity purposes, in compliance with paragraphs 3 and 4, and Articles 1.5, 8.3 and 8.65; or
(c)requiring that re-users of information protected by intellectual property rights or confidentiality obligations resulting from domestic laws and regulations consistent with this Agreement, respect such rights or obligations when transferring the information across borders, including with regard to access requests by courts and authorities of third countries, in compliance with Article 8.3.
2For the purpose of this Article, "legitimate public policy objective" shall be interpreted in an objective manner and shall enable the pursuit of objectives such as the protection of public security, public morals, or human, animal or plant life or health, or the maintenance of public order or other similar objectives of public interest, taking into account the evolving nature of digital technologies.
3For greater certainty, this provision does not affect the interpretation of other exceptions in this Agreement and their application to this Article and the right of a Party to invoke any of them.
4For greater certainty, in line with the horizontal nature of the protection of personal data and privacy, "conditions of general application" refer to conditions formulated in objective terms that apply horizontally to an unidentified number of economic operators and thus cover a range of situations and cases."
ARTICLE 4
The following Article shall be inserted after Article 8.81 of the Agreement:
"ARTICLE 8.82
Protection of Personal Data
1. The Parties recognise that individuals have a right to the protection of their personal data and privacy as provided for by the laws and regulations of each Party and that high standards in this regard contribute to trust in the digital economy and to the development of trade. Each Party recognises the right of the other Party to determine the appropriate level of the protection of personal data and privacy, to be provided for by their respective measures.
2. Each Party shall endeavour to adopt measures that protect individuals, without discrimination based on grounds such as nationality or residence, from personal data protection violations occurring within its jurisdiction.
3. Each Party shall adopt or maintain a legal framework that provides for the protection of personal data related to electronic commerce. In the development of its legal framework for the protection of personal data and privacy, each Party should take into account the principles and guidelines of relevant international bodies. The Parties also recognise that high standards of privacy and data protection as regards government access to privately held data, such as those outlined in the OECD Principles for Government Access to Personal Data held by Private Sector Entities, contribute to trust in the digital economy.
4. Each Party shall publish information on the protection of personal data and privacy it provides to users of electronic commerce, including:
(a) how individuals can pursue remedies for a breach of the protection of personal data or privacy arising from digital trade; and
(b) guidance and other information regarding compliance of businesses with applicable legal requirements for the protection of personal data and privacy."
ARTICLE 5
Article 8.63 of the Agreement shall be deleted.
ARTICLE 6
This Protocol shall enter into force in accordance with paragraphs 1 and 2 of Article 23.2 of the Agreement.
ARTICLE 7
1. This Protocol, in conformity with Article 23.8 of the Agreement, is drawn up in duplicate in the Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, Swedish and Japanese languages, all of these texts being equally authentic.
2. In case of any divergence of interpretation, the text of the language in which this Protocol was negotiated shall prevail.
IN WITNESS WHEREOF, the undersigned, duly authorised to this effect, have signed this Protocol.
DONE at XXX, on the XX day of [MONTH], in the year XXXX.
For the European Union
For Japan
