Professional Documents
Culture Documents
Citations:
-- Your use of this HeinOnline PDF indicates your acceptance of HeinOnline's Terms and
Conditions of the license agreement available at
https://heinonline.org/HOL/License
-- The search text of this PDF is generated from uncorrected OCR text.
Use QR Code reader to send PDF to your smartphone or tablet device
TRANSBORDER DATA FLOW: REGULATION OF INTERNATIONAL
INFORMATION FLOW AND THE BRAZILIAN EXAMPLE
Dorine R. Seidman*
* B.A., 1967, Simmons College; M.A., 1968, Columbia Univ.; J.D., 1985, Georgetown Univ.
Law Center. The author is a Law Clerk at the District of Columbia Court of Appeals. The author
thanks Robert Goldsteen for his support and Lauren Ackerman, Office of Technology Assessment,
for her assistance.
1. Several terms used frequently in the literature require explanation. "Informatics" refers to
31
32 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
data processing through automatic machines. The merger of informatics and telecommunications
produces "telematics." Finally, the internationalization of telematics has occurred through transborder
data flow. SPECIAL SECRETARIAT OF INFORMATION OF THE NATIONAL SECURITY COUNCIL OF THE PRES-
IDENCY OF THE REPUBLIC OF BRAZIL IN COOPERATION WITH THE MINISTRY OF COMMUNICATIONS OF
BRAZIL, TRANSBORDER DATA FLOW AND BRAZIL: THE ROLE OF TRANSNATIONAL CORPORATIONS, IMPACTS
OF TRANSBORDER DATA FLOWS AND EFFECTS OF NATIONAL POLICIES 5-7 (1982) [hereinafter cited as
BRAZILIAN CASE STUDY].
2. Branscomb, Global Governance of Global Networks: A Survey of Transborder Data Flow in
Transition, 36 VAND. L. REV. 985, 992 (1983).
3. Id. at 994. She maintains that the legal treatment must vary according to the type of
information. Id.
4. Id.
5. U.N. ESCOR Comm. on Transnational Corporations (Agenda Item 7(c)) at I1, U.N. Doc.
E/C.10/1984/14 (1984) [hereinafter cited as UN Report].
6. Id.
7. See Gassmann, The Changing Nature of Transborder Data Flows, in TRANSBORDER DATA
FLOWS: PROCEEDINGS OF AN OECD CONFERENCE HELD DECEMBER 1983 7 (1985) ("increasing use of
electronic information services, data bank services, computer services, software, and telecommuni-
cations services has growing international trade dimensions") [hereinafter cited as Changing Nature
of TDF]. Services can be defined as "all output that does not come from the four goods-producing
sectors: agriculture, mining, manufacturing and construction. The service sector of the United States
thus embraces distributive services such as wholesale and retail trade, communications, transportation
and public utilities; producer services such as accounting, legal counsel, marketing, banking, archi-
tecture, engineering and management consulting; consumer services such as restaurants, hotels and
resorts, laundry and drycleaning establishments, and non-profit and government services such as
education, health, the administration of justice and national defense." Ginsberg & Vojta, The Service
Sector of the U.S. Economy, SCI. AM., March 1981, at 48. See infra notes 146 to 186 and accompanying
text (discussing TDF as an international trade in services problem).
1985]1 TRANSBORDER DATA FLOW 33
23. Id. A 1981 analysis of the United States service industries, prepared under contract for the
Departments of State and Commerce and the Office of the United States Trade Representative,
discusses sixteen service industries and their level of international revenue generation. Using its own
system of weighted variables, the report estimated that for 1980 the United States service industries
generated approximately $60 billion in revenues. The authors note that this figure is roughly equal
to the total United States exports of all food and consumer goods in 1980. The sixteen industries
include accounting; advertising; banking; business, professional and technical services; construction
and engineering; education; employment; franchising; health; information; insurance; leasing; lodging;
motion pictures; tourism; and transportation. Id. at 188-91 (report of Economic Consulting Services,
Inc., International Operations of U.S. Service Industries: Current Data Collection and Analysis). The
top revenue generators and their estimated foreign revenues include: Transportation (including both
airlines and maritime shipping), $13.93 billion; banking, $9.1 billion; insurance, $6 billion; construction
and engineering, $5.36 billion; and tourism, $ 4.15 billion. Id. at 173-74 (statement of Harry L.
Freeman, Senior Vice President, American Express Co., and Joan E. Spero, Vice President, American
Express Co.).
24. See id. at 174 (Statement of Harry L. Freeman, Senior Vice President, American Express
Co., and Joan E. Spero, Vice President, American Express Co.) (accounting, banking, insurance,
and transportation industries could not survive without free flow of information).
25. See id. (United States faces expanding barriers to flow of information).
26. Ennison, Legal Aspects of TDF in Developing Countries: Sovereignty Considerations, 1984
INT'L Bus. L. 163.
27. Id.
28. Id.
29. Trade Hearings, supra note 22, at 74 app. (statement of Geza Feketekuty, Assistant U.S.
Trade Representative for Policy Development)
30. Id. at 75-77.
36 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
Because much of the initial regulation of TDF has been in the areas of data
protection and privacy, the article will next examine those regulatory efforts.
1. Council of Europe
The Council of Europe (COE), composed of twenty-one European countries,
was one of the first international forums to address the privacy issue." The
proposed COE Treaty would be binding on those members that sign and ratify
it. The Treaty is designed to protect an individual's interests in any personal data
that is subject to automatic processing. 42 Its basic principles state that any such
data undergoing automatic processing shall be:
a. obtained and processed fairly and lawfully;
b. stored for specific and legitimate purposes and not used in a
way incompatible with those purposes;
2. A Party shall not, for the sole purpose of the protection of privacy, prohibit or
subject to special authorization transborder flows of personal data going to the territory
of another Party.
b. when the transfer is made from its territory to the territory of a non-
Contracting State through the intermediary of the territory of another Party,
in order to avoid such transfers resulting in circumvention of the legislation
of the Party referred to at the beginning of this paragraph.
Id. at art. 12.
45. For a discussion and critique of the COE Treaty provisions in Article 12, see Note, Transborder
Data Flow: Problems with the Council of Europe Convention, or Protecting States from Protectionism,
4 Nw. J. INT'L L. Bus. 601 (1982).
46. Sardinas & Sawyer, Transborder Data Flow Regulation and Multinational Corporations,
TELECOMMUNICATIONS, Nov. 1983, at 59.
1985] TRANSBORDER DATA FLOW 39
with United States policy.47 The chief objection appears to be the Treaty's inclusion
of legal persons and businesses as data subjects." Such an inclusion would restrict
the flow of corporate data and would be unacceptable to United States businesses.49
The OECD Guidelines appear better suited to United States interests.
Itlhat [any State] will also apply this convention's [Treaty provisions] to information
relating to groups of persons, associations, foundations, companies, corporations and
any other bodies consisting directly or indirectly of individuals, whether or not such
bodies possess legal personality ....
[Data Quality Principle.] Personal data should be relevant to the purposes for which
they are to be used, and, to the extent necessary for those purposes, should be accurate,
complete and kept up-to-date.
[Purpose Specification Principle.) The purposes for which personal data are collected
should be specified not later than at the time of data collection and the subsequent use
limited to the fulfillment of those purposes or such others as are not incompatible with
those purposes and as are specified on each occasion of change of purpose.
[Use Limitation Principle.] Personal data should not be disclosed, made available or
otherwise used for purposes other than those specified in accordance with Paragraph 9
except:
Id.
1985]1 TRANSBORDER DATA FLOW 41
Two aspects of these Guidelines are particularly noteworthy. First, they are
designed only to protect "personal data."" The Guidelines are concerned with
living persons," not with legal persons, although some members suggested ex-
tending coverage to the latter. 9 By contrast, the new 1985 OECD Declaration
discussed below appears to have a broader scope.M
Second, it is significant that the Guidelines address TDF in a privacy context.
The OECD effort aimed at protecting personal data while promoting the free
flow of information. Member countries were concerned that the different levels
of data protection and different laws be reconciled in order to facilitate the free
flow of information among member countries and ensure the security of personal
data.6 ' These concerns are reflected in Part Three of the Guidelines.6 2
The international principles set forth later in this article are closely related to
the national principles in Part Two of the Guidelines. They emphasize security
of data and respect for each nation's interest in preserving privacy and protecting
data. 6 The restrictions on free flow of personal data between member countries
should be abandoned once the requirements of the Guidelines for protecting
privacy and individual liberties have been substantially fulfilled."6 The international
16. Member countries should take all reasonable and appropriate steps to ensure
that transborder flows of personal data, including transit through a Member country,
are uninterrupted and secure.
17. A Member country should refrain from restricting transborder flows of personal
data between itself and another Member country except where the latter does not yet
substantially observe these Guidelines or where the re-export of such data would cir-
cumvent its domestic privacy legislation. A Member country may also impose restrictions
in respect of certain categories of personal data for which its domestic privacy legislation
includes specific regulations in view of the nature of those data and for which the other
Member country provides no equivalent protection.
18. Member countries should avoid developing laws, policies and practices in the
name of the protection of privacy and individual liberties, which would create obstacles
to transborder flows of personal data that would exceed requirements for such protection.
Id. at 11-12.
63. Id. at 32-34.
64. Id.
42 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
principles promote the free flow of information provided that legitimate and
effective privacy and data protection policies are in place. As noted above, the
Guidelines disclaim any intent to limit the rights of member countries to regulate
international flow of personal data in the fields of free trade, tariffs, employment,
and related economic areas, noting that these areas are outside the Guideline's
mandate.65
Thus, the effect of the OECD Guidelines can be to restrict TDF among member
nations that have not substantially complied with them to restrict TDF to any
nonmember nations, and to restrict TDF when the restrictions are economically
motivated. Further, as voluntary guidelines, they need not be adopted at all.
Their chief benefit has been to suggest a set of privacy and data protection
principles for personal data that promote a unified approach to TDF. As such,
they can be extremely useful.
3. Privacy Regulation
The COE Treaty and the OECD Guideliies were two international responses
to the privacy and data protection regulations passed by individual nations during
the 1970's.66 The Swedish Data Act, which went into effect in 1974, was the first
national act restricting the flow of information in the interests of privacy.6 1 Similar
to subsequent legislation elsewhere, it formed a national regulatory body, required
registration or licensing and prior authorization for transmitting data out of the
country, and imposed limits on the length of time data may be stored.68 The Act
has been invoked many times to deny transborder data flow of personal infor-
mation. For example, a German company, Siemens, could not store Swedish
employee information in Germany since Germany did not have a reciprocal privacy
law at that time.69 This Act was amended in 1980 to eliminate the requirement
that the data collector obtain permission before releasing information to be
processed abroad.1o
Norway, passing privacy regulations in 1978, was the first nation to extend
privacy protection to legal persons,7 a controversial aspect of the COE Treaty. 72
The laws of Austria, Denmark, and Luxemburg also protect the privacy of legal
persons .
The British Response. In 1984, the United Kingdom passed the Data Protection
Act as a prelude to ratification of the COE Treaty. 7 4 Rumbelow notes that the
United Kingdom had previously taken the less restrictive "leave-it-alone" stance
regarding regulation of TDF, unlike Scandinavia, Germany, and France.75 The
Act requires all persons and organizations that hold "personal data" on individuals
to register with the Data Protection Registrar.16 This requirement also extends to
persons and organizations that provide processing services or use of processing
equipment.77 "The application must contain descriptions of the data held, the
purposes for which they are held, their sources, the persons to whom they are
to be disclosed, and the countries (if any) outside the U.K. to which the data
are to be transferred." 78
The Registrar is the key person in the scheme of the Act.79 He has responsibilty
for maintaining and supervising the system of registration and ensuring that
persons involved in processing personal data observe the eight data protection
principles.so He is thus charged with generally monitoring compliance with the
Act."' The principles "require that personal data are obtained and processed
fairly, held only for specific purposes, are not used or disclosed in a manner
inconsistent with such specific purpose, are accurate and up to date, are not kept
longer than necessary, are available for inspection by the data subject and ap-
propriate security measures are taken". 82 The Registrar is given the authority to
decide on a case by case basis whether a particular data user is in breach of
these general principles.8 1
The Act gives the data subject four new rights. First, he has the right to request
access to any personal data that a data user holds concerning him. 8 4 Second,
"the Act creates a novel statutory civil liability, that of processing inaccurate
data." 85 Third, the Act gives the right to claim damages suffered from the loss
or unauthorized destruction or disclosure of data. 6 Finally, the Act provides the
74. Eisenschitz, The Data Protection Act 1984, 7 EUR. INTELL. PRoP. REV. 143 (1985).
75. Rumbelow, Privacy and Transborder Data Flow in the United Kingdom and Europe, 1984
INT'L Bus. L. 153.
76. Data Protection Act, § 4(l). Section 1(1) of The Act defines "personal data" as "data
consisting of information which relates to a living individual."
77. Id.
78. Austin, The Data Protection Act 1984, 1984 LLOYD'S MAR. 0. Com. L.Q. 663, 664.
79. Savage & Edwards, The Data Protection Act 1984, 1984 J. Bus. L. 463, 464.
80. Id.
81. Id.
82. Id. at 465. These principles are expressed in very general terms leaving the Registrar as the
enforcer rather than the courts. Id.
83. Id.
84. Data Protection Act, § 21. The data subject must pay a fee to cover expenses and a copy
of the data must be supplied by the data user within 40 days. Data Protection Act. §§ 21(2), 21(6).
21(6).
85. Savage & Edwards, supra note 79, at 466. Where the data are an accurate record of information
provided by the subject or by a third party, there will be no liability if the provider of the data is
noted and if any challenge to the accuracy of the data by the data subject has been noted. In addition,
the Act provides a general defense of reasonable care in ensuring the accuracy of the data. Id.
86. Data Protection Act, § 23.
44 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
limited right to apply to the courts for correction or erasure of erroneous data."
Thus, a British data subject has important rights to access data about himself,
to rectify and erase inaccurate data, and to receive compensation for damages
suffered. What is not clear is the extent to which the defense of reasonable care
and the plea that the data accurately reflects that supplied by the data subject
or the third party will limit the right of recovery.
Despite these new rights, exemptions to the Act may limit the protection
afforded. Exemptions may be granted from some or all of the Act's requirements.
For example, payrolls, pensions, and accounting data are exempt from registration
as are membership details of clubs and data held for statistical or research
purposes."' Other personal data held for the purposes of crime prevention or
detection, prosecution of offenders, or tax assessment or collection are exempt
from subject access and nondisclosure provisions if the purpose would be prej-
udiced by permitting subject access or ensuring absolute nondisclosure. 9 Personal
data held for national security purposes, which are defined broadly, are also
exempt from substantial portions of the Act. A Cabinet Minister or the Attorney
General has total authority to certify that data is held for this purpose." Gov-
ernment agencies that hold personal data may be exempt in order to protect
the public from loss due to dishonesty, incompetence, or malpractice in the area
of financial services. 9 Other public sector exemptions may include health and
social work information. 92
There has been criticism of the Act. One critic, writing before the bill passed,
believes that industrial efficiency will suffer greatly from this legislation.93 He
notes that lawyers, business organizations, and many others unsuccessfully ob-
jected to the registration system. While agreeing that some protection is needed
in the public sector, he argues that private sector information is given voluntarily.
Thus, he concludes that the need to specify the data's purpose and use is
unnecessary and cumbersome."
Regardless of the Act's merit, the decision of the United Kingdom to
protect privacy and ensure data security by legislation is significant. The United
States and Japan, in rejecting the COE/United Kingdom approach, may find
themselves alone in their lack of reciprocal privacy laws. Perhaps the height-
ened interest of the United States in developing an information policy" and
the push to include trade in services in the GATT discus-
sions"6 indicates an awareness of the potential isolation and its effect on United
States business.
Interest in restricting and regulating data flow is not motivated only by privacy
concerns. Economic self-interest also plays an important role.
with international information flow) [hereinafter cited as HOUSE REPORT]; A. Bushkin & J. Yurow,
THE FOUNDATION OF UNITED STATES INFORMATION POLICY, U.S. DEP'T OF COMMERCE 1 (1980) (United
States international information flow policies must reflect foundations of domestic information policy
aims and national interests) [hereinafter cited as NTIA Report].
96. See infra notes 151 to 172 and accompanying text (discussing opposing views regarding inclusion
of trade in services in GATT).
97. See Changing Nature of TDF, supra note 7, at 8 (worldwide buildup of international data
communications networks caused interest to focus on technical, financial and legal conditions of their
use).
98. See id. at 9 (multinational users oppose policy of public telecommunications administrations
which would require large companies to use public data communications services at rates sensitive
to volume).
99. Spero, supra note 10, at 68.
46 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
1. Developed Countries
Restrictions on TDF exist throughout the developed world. In Japan, the
Ministry of Posts and Telecommunications, working through the international
telecommunications authority, KDD, has erected barriers to the use of private,
leased communications lines by large data users. These lines are generally the
most efficient means for transmitting data. Both by denying private leased lines
and limiting their use, Japan's restrictions have detrimentally affected United
States companies.102 In West Germany, the Deutsche Bundespost has attempted
to protect the revenues of its telecommunications system in several ways. It allows
use of international leased lines only if at least part of the data processing is
performed in Germany. Further, West Germany intends to charge "usage-sen-
sitive" rates in addition to fixed charges, even if the other conditions of its laws
are met. 03
Canada is also concerned about the effect of data flow, especially to the United
States, on its economy. It has required that all banks operating in Canada maintain
and perform the initial processing of all data on Canadian citizens in Canada.
Thus, banks have been coerced into the costly process of duplicating their data
bases."
The Canadian example illustrates the concern of many developed nations over
United States control of information resources.' The vast majority of automated
data bases are located in the United States, and most data exchanges between
the United States and its partners consist of the supply of processed data by the
100. Id.
101. HOUSE REPORT, supra note 95, at 3.
102. Spero, supra note 10, at 68.
103. Id.
104. Id.
105. Fishman, Introduction to Transborder Data Flows, 16 STAN. J. INT'L L. 1, 8 (1980).
1985] TRANSBORDER DATA FLOW 47
United States to other nations.'" The fear among some developed nations is that
if the current trend is not halted, the United States will have an unhealthy
dominance over other nations.'0" A government report in France in 1978 strongly
expressed that fear. Known as the Nora-Minc Report, it states:
106. Id.
107. Id. at 8-9.
108. Id. at 9 (citing S. NORA AND A. MINC, L'INFORMATISATION DE LA SOCIETE [REPORT ON THE
COMPUTERIZATION OF SOCIETY] (1978) (for the Inspection Generale des Finances)).
109. Fishman, supra note 105, at 9.
110. Id. at 10.
111. The EC Commission quoted a letter from representatives of the largest European companies
active in the information technology field in which they stated:
The figures of market share, i.e. European industry commanding only ten percent of
the world market and less than forty percent of its own indigenous market, make stark
reading. Not only is the situation in itself of great concern but the low market share
means that the volume of sales and profit is inadequate to provide the essential investment
needed to safeguard the future. Even worse, all the indications are that the situation
is deteriorating rather than improving.
European Communities Commission, Prospectsfor the Development of New Policies: Research and
Development, Energy and New Technologies, BULL. EUROPEAN COMMUNITIES, 1983, No. 5 Supp., at
26.
112. See generally Ramsey, Europe Responds to the Challenge of the New Information Technologies:
A Teleinformatics Strategy for the 1980's, 14 CORNELL INT'L L.J. 237, 238 n.3 (1981) (Europeans
have examined fields of transborder data flow, privacy protection laws, telecommunications policies,
and policy initiatives in areas of informatics, data processing, microelectronics, and social problems
48 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
launched the first five year phase of a ten year research and development program
in this area. Entitled ESPRIT, the European Strategic Programme for Research
and Development in Information Technologies, it consists of research and de-
velopment projects for which the EC provides approximately fifty percent of the
funding."' ESPRIT areas of activity include: advanced microelectronics capability;
software technologies; advanced information processing; office systems; computer
integrated manufacture; and infrastructure actions.'' 4
ESPRIT's broad scope encompasses the role of telecommunications in infor-
mation technology."s As part of the EC effort to ensure that information exchange
capabilities will be adequate for all, a number of ESPRIT work programs are
developing the telecommunications capabilities of the infrastructure of partici-
pating nations." 6 More recently, a commission of the EC "called for an expression
of interest in the use of advanced information and technologies.""' The Com-
mission reported that it had begun to investigate future requirements and op-
portunities for concerted actions in advanced information technologies. The
Commission intends to study applications in medical research and services, meth-
ods for improving road and transport safety, and techniques for enhancing research
and development productivity in high technology."' Thus, there appears to be
an effort in the telecommunications area to stimulate the kind of research that
ESPRIT was intended to support.
The EC's interest in technological development is not only threatened by the
United States itself. The power of MNCs has received much critical attention.
These corporations appear to some to have acquired supranational powers that
make them independent of any local government."' Where the interests of MNCs
and the United States appear to coincide is in the desire that information generated
in the private sector remain generally inaccessible and unavailable, except on
terms set by the organization possessing it.' 20 The United States' view is that
corporate and privately held information should flow freely among nations with
no government or national regulation. Freedom from regulation would prevent
a foreign government from interfering with or accessing any business information.
of new technologies in context of objectives set forth in the treaty establishing the European Economic
Community, March 11, 1957, 298 U.N.T.S. 11). In early 1986, Spain and Portugal became the
eleventh and twelveth members of the European Economic Community, joining original members,
France, West Germany, Italy, Belgium, the Netherlands, Luxembourg, and later members Britain,
Ireland, Denmark and Greece. Wall St. J., Jan. 2, 1986, at 1, col. 3.
113. 27 O.J. EUR. COMM. (No. L 67) 54-55 (1984). The program was officially adopted on February
28, 1984. Id.
114. Id. at 57-59 annex.
115. 28 O.J. EUR. COMM. (No. L 55) 5 (1985).
116. 26 OJ. EUR. Comm. (No. C 321) 25-26 (1983).
117. 28 OJ. EUR. Comm. (No. C 194) at 7 (1985).
118. Id. at 7-8.
119. Fishman, supra note 105, at 10.
120. See NTIA Report, supra note 95, at 6-9 (discussing United States policy regarding information
dissemination). The American policy favoring dissemination and availability of information, as reflected
in the privacy laws, appears to be limited to information generated by the government. Id. at 6.
1985]1 TRANSBORDER DATA FLOW 49
Thus, United States policy favoring free flow of information in the private sector
is consistent with the interests of multinational corporations. Developed nations,
other than the United States, while generally supporting the free flow of infor-
mation, would impose restrictions to reduce the MNCs' impact on domestic
industry and employment.
2. Developing Countries
Despite similar concerns, the developed and developing nations have disparate
approaches to the regulation of TDF. 2'^ Developed nations seek to protect their
industries and enhance their international competitive position, thus gaining econ-
omic self-sufficiency. The developing nations also view TDF in economic terms
but not necessarily with an eye to competing with developed nations. On the
contrary, their primary goal is to develop their own domestic information industries
and to control the use of their information. They wish to prevent developed
nations from unfairly benefitting from their raw information. 22
The phenomenal growth of the service sector in developing countries is over-
taking the growth of the industrial sector. For example, in Singapore, two-thirds
of the total output is generated though services and over thirty-five percent of
these services involve producing and distributing information.' 23 The result of
this growth is a gradual shifting of developing countries' investment and devel-
opment strategies.' 24 Developing nations fear that they will be relegated to their
traditional role as exporters of raw data and importers of advanced information
systems.' 25 The exportation of data without any regulation or measurement causes
loss of reimbursement for the data collection and handling costs, while adding
to the wealth of the importing nation.126
Domestic enterprises in developing countries are at a competitive and tech-
nological disadvantage with respect to MNCs. The use of TDF could balance the
competitive inequity. The principle obstacle to greater use of TDF appears to be
the absence of local telecommunications networks in those countries.127 Multi-
national Corporations, however, have indicated a willingness to establish telecom-
munication systems as soon as local conditions allow.128 Until that time, it may
be necessary for domestic enterprises to create their own TDF networks since the
capacity for transnational communication will make these enterprises more com-
petitive in world markets. The failure to participate in a TDF network may cause
the competitive position of domestic enterprises to suffer. 29
The greatest economic concern is that TDF will hinder the establishment of
domestic information resources. 3 0 Where information resources are located at
regional or corporate centers that can be accessed easily, less market pressure
will be exerted to establish domestic information centers. Since internationally
available resources usually are more reliable, domestic users will prefer them over
infant, local ones. Thus, the growth of these domestic industries will be stifled.
The effect of this inability will be felt by the country's labor force and reflected
in its balance of payments."'
The importance of TDF to developing countries is clear. It is significant,
however, that only a small number have even begun to investigate the economic
implications of TDF, whether through studies, policy formulations, or regulation.
Bolivia, Ecuador, Niger, Phillipines, Uganda, Venezuela, Yugoslavia, and Zaire
have all undertaken studies of TDF issues. 3 2 Costa Rica, Mexico, and the Republic
of Korea are compiling reports for the United Nations Commission on Trans-
national Corporations.' 3 Brazil, the focus of the next section of this article, has
completed its study. 3 4 The primary focus of these studies has been on the
technological and administrative issues relating to upgrading access to international
data bases. The goal appears to be to strengthen the local infrastructure for TDF
because an inadequate infrastructure will severely hamper the nation's role in
TDF. 3
The desire to exert sovereignty and control over information flowing out of a
country is based in large part on an interest in collecting payment for that data
and helping domestic industries and local employment. But restrictions of TDF
may mean that access to international data bases and networks will be limited.
This will have a serious impact on domestic businesses trying to compete in a
world market. Developing countries are faced with the impossible task of pro-
tecting their own economic development in the informatics arena by opening
access to TDF while trying to restrict the export of data.
The amount of protectionism incorporated into a developing nation's TDF
policy depends largely on the level of technological development within a country.
For example, developing African countries have consistently supported the free
flow of information, maintaining that the concept of permanent sovereignty has
no place in TDF.' 6 One study found that "the level of use of computer com-
munication in Africa is only [three percent] versus [fifty percent] outside Africa".' 7
African countries appear to recognize a greater need to access foreign technology
than to control the little presently operating within their boundaries. Other "more
138. Perhaps a more useful division among nations is the one utilized by Luiz Fonseca, Manpower
Secretariat to the Brazilian Ministry of Labor. He distinguishes among the central, intermediate, and
peripheral countries. Central countries are the highly developed ones. Intermediate countries are those,
like Brazil, that comprise the developing countries. These countries have distinct advantages over
peripheral countries whose industries are rather undeveloped. Peripheral countries are primarily the
so-called Third World countries. L. Fonseca, HIGH TECHNOLOGY DEVELOPMENT IN BRAZIL 1-6 (Dec.
1984) (unpublished work) (on file with the Journal of Law and Technology).
139. Id. at 6. Although he does not specifically define the term, Fonseca appears to mean the
creation of "barriers against the invasion of foreign technology." Id.
140. Id. at 5.
141. Id.
142. Id.
143. See id. at 5-6 (suggesting economic factors, market structures and presence of transnational
corporations inhibit growth of domestic science and technology research and development programs).
144. See id. at 6 (noting incentive mechanisms include government declared support, market reserve
or import restrictions, fiscal incentives and tax exemptions).
145. Id.
146. Changing Nature of TDF, supra note 7, at 9-10.
52 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
1. GA TT
First proposed in 1947, the General Agreement on Tariffs and Trade' (GATT)
is a multilateral agreement of close to ninety member nations that aims to loosen
trade barriers.' Its members account for more than four-fifths of the world's
trade.' Presently, GATT does not apply to international trade in services; member
nations are not precluded from creating barriers to trade in services. 1
The dollar volume of trade in services alone makes it an important issue in
the TDF debate. According to one estimate, the world's trade in service exceeded
$350 billion in 1980.'" In addition, because of data collection difficulties, the
estimate is probably too low. 5 6 The growth of the service industry worldwide
147. See Dougan, Keynote Addresses, in TRANSBORDER DATA FLOWS: PROCEEDINGS OF AN OECD
CONFERENCE HELD DECEMBER 1983 55, 60 (1985) (virtually every important sector of international
economy dependent on modern communication for work of daily business).
148. Changing Nature of TDF, supra note 7, at 9.
149. See UNITED STATES GOVERNMENT, UNITED STATES NATIONAL STUDY ON TRADE IN SERVICES 9
(1984) (suggesting that, as information and knowledge have become more marketable, their importance
to trade in services has also increased) [hereinafter cited as TRADE IN SERVICES].
150. See Trade Hearings, supra note 22, at 65-75 (statement of Geza Feketekuty, Assistant U.S.
Trade Representative for Policy Development) (reviewing key issues revolving around restrictions
placed on TDFs). Feketekuty identified the major areas of concern to the business community: (1)
regulation of TDF; (2) restriction on the use of foreign data processing facilities; (3) regulation of
telecommunications services, especially private lines; (4) establishment of discriminatory standards for
telecommunications services; and (5) discriminatory implementation of government regulations in the
communication and data/information industries. Id. at 69-71.
151. General Agreement on Tariffs and Trade, opened for signature Oct. 30, 1947, 61 Stat. A3,
A7 T.I.A.S. No. 1700, 55 U.N.T.S. 187.
152. UNITED STATES TRADE REPRESENTATIVE, A PREFACE TO TRADE 5 (1982).
153. Id. For a discussion of GATT principles, see id. at 5-10. See also E. McGOVERN, INTERNATIONAL
TRADE REGULATION (1982) for a complete discussion of GATT provisions.
154. Note, Legal Problems in Expanding the Scope of GA TT to Include Services, 7 INT'L TRADE
L.J. 281 (1982-83) [hereinafter cited as Expanding GATT).
155. TRADE IN SERVICES, supra note 149, at 8.
156. See id. (stating that due to inherent difficulties in collecting service industry trade data,
undervaluation of trade in services transactions is likely to be widespread among GATT contracting
parties).
1985]1 TRANSBORDER DATA FLOW 53
157. Id. at 9.
158. Id.
159. These nations are Mexico, Singapore, Korea, Yugoslavia, Greece, Saudi Arabia, Isreal, and
Egypt. Id.
160. Id. at 11.
161. See Krommenacker, Trade-Related Services and GATT, 13 WORLD TRADE L. 510 (1979)
(discussing the evolution of trade in services and its relation to GATT since the 1950's suggesting
possible GATT activities in this sector of trade).
162. Expanding GATT, supra note 154, at 285.
163. Id.
164. Id.
165. Id. at 286, n.32.
166. Id.
167. Wash. Post, Nov. 29, 1985, at D9, col. 3.
168. Id.
169. Id.
170. Id.; see Expanding GATT, supra note 154 (discussing how GATT might apply to trade in
services).
171. See Wash. Post, Nov. 29, 1985, at D9, col. 3 (United States claims support of 51 percent of
member countries to force inclusion of services in trade talks).
54 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
172. Reciprocity refers to the exchange of equivalent concessions. Nondiscrimination refers to rules
governing most-favored-nations (MFN) status and national treatment. MFN obligations prohibit
discrimination between goods from different importing countries. National treatment obligations
prohibit discrimination between domestic and imported goods. Expanding GATT, supra note 154, at
288 nn.39-43.
173. OECD, Declaration on Transborder Data Flows (Press Release Apr. 11, 1985) [hereinafter
cited as OECD Declaration].
174. Id.
175. Id.
176. Id.
177. See supra notes 50 to 65 and accompanying text (discussing OECD Privacy Guidelines).
178. See OECD Declaration, supra note 173 (the fields of computers, information and commu-
nications are leading to changes in economies and trade of member countries).
179. Id.
180. Id.
1985] TRANSBORDER DATA FLOW 55
181. Id.
182. Id. (emphasis in original).
183. Id.
184. See supra note 50-65 and accompanying text (discussing OECD Privacy Guidelines).
185. OECD Declaration, supra note 173.
186. Id. at 2. The Declaration reads in part:
Bearing in mind the intention expressed above, and taking into account the work
being carried out in other international fora, the GOVERNMENTS OF OECD MEMBER
COUNTRIES,
Agree that further work should be undertaken and that such work should concentrate
56 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
thus become more ambitious, seeking a consensus among themselves that will
facilitate TDF and lower barriers in the trade and business arenas. In so doing,
members may recognize that efforts to assert sovereignty over information, protect
domestic monopolies, and regulate data flow will prove to be costly both eco-
nomically and socially.
Brazil, the focus of the following section, has gambled that such regulation
will lead to economic growth and increased international competitiveness. A
developing country with the most advanced regulatory schemes, Brazil is a case
study in the impact of barriers upon the information industry.
A. BACKGROUND
1. Telecommunications
Recognition of the disunity of the telecommunications network in Brazil led,
in 1962, to a complete overhaul.' The reorganization included creation of a
Ministry of Communications, a long-distance telecommunication company (EM-
BRATEL), and, in 1972, a telecommunication holding company (TELEBRAS).'*
By 1982, the TELEBRAS system consisted of 25 corporations, employing 100,000
workers and operating 8.5 million telephones."'9 The establishment of TELEBRAS
at the outset on issues emerging from the following types of transborder data flows:
Id. at 3.
187. BRAZILIAN CASE STUDY, supra note 1, at 184.
188. Id. For an explanation of these terms see supra note 1.
189. BRAZILIAN CASE STUDY, supra note 1, at 185.
190. Id.
191. Id.
1985] TRANSBORDER DATA FLOW 57
2. Informatics
The beginning of the informatics sector in Brazil was marked by the creation
of the Coordinating Commission for Data Processing Activities (CAPRE) in 1972.
CAPRE was originally established to "rationalize the use of electronic data
processing by Government agencies."" 9 After the devastating effect of the oil
crisis on the balance of payments in 1974 and after four years of operations,
CAPRE was given the additional task of formulating an industrial policy for
informatics. In addition, to serve the purpose of protecting the informatics
industry, CAPRE was given some authority over the importation of data proc-
essing equipment, particularly parts and components."
CAPRE was succeeded by the Special Secretariat of Informatics (SEI), created
in 1979. SEI received greatly expanded authority, adding micro-electronics, te-
lematics, and real-time control systems to its purview."' The policy objectives
remained similar: to enhance the ability of national corporations to manufacture
increasingly complex technologies.' 98 The Presidential Guidelines established SEI's
responsibilities.' 99 In general, SEI's mandate was to stimulate and develop all
informatics technologies, promote and protect national companies that produce
systems and equipment, provide incentives for national service and software
industries, create a national network for data communications, and devise legal
and technical means to protect the privacy of data regarding individuals.2 oo This
206. Id.
207. This policy began in 1978 under CAPRE. Id.
208. Id.
209. Id. For an explanation of this schema, see infra note 214 and accompanying text.
210. Id. at 190-91.
211. Id. at 136.
212. Id. at 191.
213. Id. The Brazilian case study includes examples of applications suited to SEI's requirements,
those approved after negotiations, and those deferred. One company approved after negotiations was
a foreign affiliate manufacturing electronic office equipment. The company initially sought approval
to perform several functions abroad, including support of local production, financial planning and
analysis, management of human resources and marketing, and maintenance of equipment the company
sold in Brazil. Although some of the functions were already performed abroad, the SEI believed that
establishing a transnational computer link would increase Brazil's dependence on foreigners. After
negotiations, the company and SEI arrived at an acceptable solution requiring that the company
60 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
The policy has spawned two national data-service companies, both for com-
modity quotations. 2 4 Applications by a "news agency and for a currency quotation
service" were also nearing final approval. 2 51 Overall, Brazil's TDF policy "can
be said to have generally neutralized a number of those impacts of links that
would otherwise have been negative." 2 16
In relation to Brazil's general objectives regarding information re-
sources, the country's [TDF] policies have led to the increased location
of computers, software, data bases and skilled human resources in the
country and more extensive national control over them. As a result
of Brazil's policy, [TDF] links are not being used to export information
resources and do not increase the country's international economic or
political vulnerability. In the few cases in which Brazil's objectives
were at stake, negotiations between the applicants and SEI led to
mutually satisfactory results. The country's [TDF] policy has also
contributed positively to the emergence of a national data industry,
especially its data-base segment. Since the same policy has strengthened
information resources in other sectors of the economy, it has, in fact,
contributed to the country's overall socio-economic development.2 "
Brazil appears to have chosen the path of controlling its information industries
and information flow. Much of the effort contravenes the MNCs' desire for
unregulated information flow. Data processing is restricted outside of Brazil.
Anyone accessing data bases is likewise encouraged to use Brazilian suppliers.
Even person-to-person data communication is regulated through a protected in-
dustry. Brazil has used traditional trade barriers to place an economic value on
information, not by simple taxation, but rather by utilizing information as a
resource. As such, it has become the raw material for industrial growth and job
creation. In the process, Brazil has taken a great risk in hoping that it can compete
successfully with MNCs on an international level.
import a large computer into Brazil to accomplish most of the functions. Strategic planning, which
was part of a world wide effort, would still take place overseas, but the company link would not
be used to place the Brazilian affiliate in a peripheral role. Id. at 158-59.
214. Id. at 161.
215. Id.
216. Id. at 193.
217. Id.
1985]1 TRANSBORDER DATA FLOW 61
IBM has sought to join with Brazilian manufacturers to get around restrictions
on foreign companies. It is offering to share its technology and marketing system
with Brazilian companies, enabling IBM to enter restricted markets. IBM had
been talking to twelve Brazilian companies about joint ventures and licensing
arrangements.229 Under the new law, however, no joint ventures between Brazilian
and foreign firms would be allowed unless "there is no availability of corre-
sponding technology within the country." 2 0 Thus, IBM may be unable to enter
into joint ventures with Brazilian companies in the mini and microcomputer arena.
The cost to the consumer of excluding IBM is illustrated by the fact that in mid-
1984 a Brazilian computer similar to the IBM-PC sold for $10,500.231 Thus,
opponents of market reserve note that MNCs could produce higher quality prod-
ucts within the country and sell them to consumers at a lower price than domestic
producers.2 2
The new law also requires manufacturers to disclose technical information
needed for interconnection with other units.23 3 The extent of the required disclosure
is not clear from the law, although it appears that, for example, IBM would be
required to disclose enough information so that a minicomputer produced in
Brazil could be connected to one of its computers. Undoubtedly, IBM would
object to such disclosure requirements.
Although the law says little about TDF, it appears that regulation of information
flow will continue, especially in light of the new law's tightened controls over
information. Whether Brazil envisions taxing information flow or requiring all
flow to use public lines is not clear. However, Brazil apparently will exercise
even greater control over information flow in the future. Proposals to make
Brazilian privacy and data protection laws consistent with the OECD Guidelines
seem to have been rejected in favor of control over information. Moreover, Brazil
opposes expansion of GATT to include trade in services.
Brazil's new informatics legislation will enable the country to continue its policy
of fostering the creation of a more independent informatics sector through leg-
islation and incentives designed to stimulate research and development and nurture
domestic industry. The government has committed itself to this policy. It has
placed the new CONIN at the cabinet level reporting directly to the president. 234
Further, CONIN is under civilian rather than military control, suggesting that
this policy is truly aimed at economic development.
2. CONIN's 1985 Plan
On September 30, 1985, CONIN submitted the first National Informatics
Plan (PLANIN) to the Brazilian Congress as required by the Informatics
law."' The Plan stressed the positive effects of the informatics policy, emphasizing
the increased participation of Brazilian firms in total sales and in the installed
computer base, the systematic reduction in the price differential between national
and foreign products, and the employment of 20,000 people, one-third of whom
hold college degrees. 236
The Plan announced three objectives: 1) to increase economic and political/
military autonomy; 2) to increase the economy's productivity; and 3) to spread
the benefits of the informatics revolution to the Brazilian public. 31 To meet these
objectives, the Plan presents an external and an internal strategy.
The external strategy calls for the "safeguarding of the principles of national
informatics policy on both bilateral and multilateral levels." 238 The Plan recom-
mends organizing international cooperation programs to develop new technologies,
"especially with developing countries."'2 9 Specific countries mentioned as potential
partners are China, Argentina, Mexico, and India. 240 A desire for cooperation
with Germany, Switzerland, and France is also expressed. 24 ' The external strategy
also calls for preparing domestic informatics firms to export their products. 242
Such products will be exempt from export taxes. 243
The internal strategy focuses upon four areas:
1) diffusion of the benefits of the informatics process by better social
services, creating mechanisms to enable workers to participate in the
benefits of increased productivity; 2) consolidation of the production
of goods and services with special attention to microelectronics and
software; 3) strengthening R & D activities by executing integrated R
& D programs involving research centers, universities, and businesses
. . . ; [and] 4) increased formation of human resources by prioritizing
and upgrading programs offered in the informatics area and by granting
overseas scholarships for doctoral studies where no domestic program
is available. 244
The Plan also requires foreign firms to invest five percent of their annual sales
in areas of R & D that CONIN designates as having a high priority.2 45
Finally, financial incentives for various activities identified in the Plan will
total approximately $126 million per year over three years. 246 Of this amount, R
235. Telegram from American Embassy in Brazil to Sec'y of State (Oct. 1985).
236. Id.
237. Id.
238. Id. at 2.
239. Id.
240. Id. at 2-3.
241. Id.at 3.
242. Id. at 1.
243. Id. at 6.
244. Id. at 1.
245. Id.
246. This figure is a relatively modest one. IBM do Brasil alone invested $120 million in 1985.
Id. at 6.
1985]1 TRANSBORDER DATA FLOW 65
& D projects account for approximately two-thirds. Reflecting the Plan's emphasis
on microelectronics, research in this area will receive the greatest support.24 1
CONIN retains discretion in deciding which projects will qualify for these fiscal
incentives. 2 4 8
The Plan appears to be a generalized set of principles granting great flexibility
to CONIN. 2 4 9 It says little about controversial issues such as market reserve, joint
ventures, and free trade zones, all part of the original Informatics law. 25 0 Software
protection is also given low priority, with regulation of the commercialization of
software a more important short term goal."'
The Plan continues the country's long-standing regulatory approach with no
startling exceptions. Despite controversy and both internal and external opposition,
Brazil remains committed to developing an informatics industry that will compete
effectively in the world market and benefit the nation's populace.
Brazil has become a model to other developing nations for exerting control
over an important national resource: information. In so doing, it is trying to
reverse the traditional international role of a developing nation as a resource for
a developed one. Brazil is attempting to control MNCs and prevent an increase
in the disparity between itself and developed nations. Brazil has had some success
in this effort. The informatics policy has "been instrumental in fostering the
establishment and growth of a sizable number of national firms engaged in the
design and assembly of computer systems and peripherals." 25 2 These national
firms have increased in size, number, and market shares quite rapidly.2 11 Perhaps
Brazil studied Japan's recent history and concluded that many things are possible
with proper planning, government support, and investment in scientific research
and development.
Fonseca has summarized the Brazilian situation:
[I]t can be said that there is today in Brazil a favorable attitude of
confidence and expectation with regard to the coming of computeri-
zation. In spite of many . . . problems, the structural conditions of
the country, as a whole, are favorable and practically all the anticipatory
and preventive actions that should have been taken have been taken.
In this way, Brazil seems to be prepared to fight this battle and with
fairly good chances of winning it. 254
247. Id. at 1-2. Financial incentives for informatics sectors include amortizing purchase costs of
software over three years, exemptions from import costs, accelerated depreciation, and income tax
deductions. Id. at 6.
248. Id. at 1.
249. See supra notes 238 to 245 (discussing the wide-range of goals available to CONIN).
250. Id. See supra notes 195 to 203 and accompanying text.
251. Id. at 2. References to software protection appeared in an annex not presented to CONIN.
Id. See Brazil Prepares to Institute New Computer Software Protection Despite U.S. Protest, I INT'L
TRADE REP. (BNA) (1984) (describing the proposed software protection bill).
252. C. FRISCHTAK, supra note 231, at 1.
253. Id. at 2.
254. Fonseca, supra note 139, at 17.
66 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
V. CONCLUSION
United States policy regarding transborder data flow has been relatively con-
sistent over the last six years. 2 " The government agencies most involved with
TDF issues are the Departments of State and Commerce and the Office of the
United States Trade Representative. These agencies have endeavored to work
closely with United States corporations to reduce barriers to the free flow of
information while maintaining the integrity of corporate information flow. In so
doing, the United States has actively sought to expand OECD and GATT to
include trade in services. 25 6 Implicit in these goals is the belief that service trade
and TDF are closely entwined and that barriers to either severely handicap the
other. This policy has been opposed by countries like Brazil that view liberalized
trade in services as the death-knell to their effort to compete with highly indus-
trialized nations.257
Even within the United States, companies facing competition in services from
abroad, as well as relaxed antitrust laws, have begun to cooperate in research
and development efforts. 2 For example, IBM has joined AT & T and General
Electric among others in semiconductor research while several companies including
General Dynamics, Boeing, Grumman, Bendix, and Northrop have been studying
ways to develop computer software for military projects. In the electronics area,
twenty-one companies plan to spend up to $700 million over ten years to develop
advanced computer technology.2 9
Thus, it appears that ideas like ESPRIT and Brazil's Informatics efforts will
not go unanswered. United States initiatives to maintain dominance in the service
arena may result in increased barriers to the flow of information. As countries
attempt to exert more sovereignty, however, their ability to compete diminishes
as market forces are restricted. Protectionism in trade in goods has not benefitted
the world economy. Protectionism in the flow of information threatens to be
even more harmful.
This article has focused upon the privacy and data protection issues raised by
TDF and on the struggle between free information flow and national sovereignty
in corporate and trade areas. The unique case of Brazil was discussed as an
example of the use of national information policy to foster economic growth. In
exploring some of the more significant issues in TDF, this article has demonstrated
how economic issues may override other concerns in setting TDF policy. The
ideal of the free flow of information may be doomed as national self-interest
motivates policy. In any case, the struggle will persist for a long while.
255. See e.g., International Data Flow: Hearings Before a Subcomm. of the House Comm. on
Gov't. Operations, 96th Cong., 2d Sess. (1980) (discussing several aspects of United States policy on
TDF since 1980); NTIA Report, supra note 95 (same); TRADE IN SERVICES, supra note 149 (same).
256. International Telecommunications and Information Policy: Hearings Before a Subcomm. of
the House Comm. on Gov't Operations, 97th Cong., Ist Sess. (1982) (statement of Richard B. Self,
Acting Ass't U.S. Trade Representative).
257. See supra notes 205 to 208 and accompanying text.
258. N.Y. Times, Jan. 14, 1986, at DI, col. 3.
259. Id.