1 JLTech 31

Content downloaded/printed from HeinOnline
Tue Dec 17 08:24:02 2019
Citations:
Bluebook 20th ed.

Dorine R. Seidman, Transborder Data Flow: Regulation of International Information
Flow and the Brazilian Example, 1 J.L. & Tech. 31 (1986).
ALWD 6th ed.

Dorine R. Seidman, Transborder Data Flow: Regulation of International Information
Flow and the Brazilian Example, 1 J.L. & Tech. 31 (1986).
APA 6th ed.

Seidman, D. R. (1986). Transborder data flow: Regulation of international information
flow and the brazilian example. Journal of Law and Technology, 1(1), 31-66.
Chicago 7th ed.

Dorine R. Seidman, "Transborder Data Flow: Regulation of International Information
Flow and the Brazilian Example," Journal of Law and Technology 1, no. 1 (Spring
1986): 31-66
McGill Guide 9th ed.

Dorine R Seidman, "Transborder Data Flow: Regulation of International Information
Flow and the Brazilian Example" (1986) 1:1 J of L & Technology 31.
MLA 8th ed.

Seidman, Dorine R. "Transborder Data Flow: Regulation of International Information
Flow and the Brazilian Example." Journal of Law and Technology, vol. 1, no. 1, Spring
1986, p. 31-66. HeinOnline.
OSCOLA 4th ed.

Dorine R Seidman, 'Transborder Data Flow: Regulation of International Information
Flow and the Brazilian Example' (1986) 1 JL & Tech 31
-- Your use of this HeinOnline PDF indicates your acceptance of HeinOnline's Terms and
Conditions of the license agreement available at
https://heinonline.org/HOL/License
-- The search text of this PDF is generated from uncorrected OCR text.
Use QR Code reader to send PDF to your smartphone or tablet device
TRANSBORDER DATA FLOW: REGULATION OF INTERNATIONAL
INFORMATION FLOW AND THE BRAZILIAN EXAMPLE
Dorine R. Seidman*
World demand for information has increased dramatically. Multinational cor-

porations and governments want to obtain information quickly and cheaply. As
a result, attention has focused upon transborder data flow (TDF), imprecisely
defined as the electronic movement of data between countries.
Transferring data across national boundaries raises a host of difficulties. Ini-
tially, TDF was hampered by the disparity among the privacy laws of nations
engaged in international data communication. Accordingly, early efforts to reg-
ulate TDF addressed concerns over data protection and privacy. International
organizations drafted guidelines and treaties in a concerted effort to remedy the
legal disparities and facilitate the flow of data. Policy concerns over TDF have
shifted, however, as corporate data flow and trade in services have provided
economic incentives for nations to restrict and regulate TDF. Whether the avowed
purpose of the regulation is privacy protection, economic protection, or national
security, the effect has been tighter restraints on the flow of information out of
and into individual countries.
This article first posits a definition for TDF and describes the problems en-
countered by two diverse organizations as illustrations of TDF's expanding role
in the international market. The next section discusses the data protection and
privacy concerns raised by TDF and the most recent British attempt to deal with
them. The business and trade implications of TDF for developed and developing
nations are the subject of the third section. Throughout, the underlying theme
is the tension between the international interest in the free flow of information
and the assertion of national sovereignty over that information. The final section
presents a case study focusing on the response to these sovereignty issues in
Brazil. Brazil's new informatics legislation, perhaps a harbinger of future devel-
opments in other nations, and the Brazilian 1985 Plan are examined. A few
concluding remarks on United States policy interests are also offered.
1. THE INTERNATIONAL IMPACT OF TRANSBORDER DATA FLOW

Initial discussions of TDF emphasized the role of computer technology, such
as electronic data processing in which data originates in one country and gets
* B.A., 1967, Simmons College; M.A., 1968, Columbia Univ.; J.D., 1985, Georgetown Univ.
Law Center. The author is a Law Clerk at the District of Columbia Court of Appeals. The author
thanks Robert Goldsteen for his support and Lauren Ackerman, Office of Technology Assessment,
for her assistance.
1. Several terms used frequently in the literature require explanation. "Informatics" refers to
31
32 THE JOURNAL OF LAW AND TECHNOLOGY [Vol. 1:31
processed in another. However, the proliferation of new communications tech-

nology and its use by the computer industry demands that any discussion of TDF
recognize a broader range of data communications potential. Therefore, this
article will define TDF as the electronic transmission of computer-generated and
machine-readable digital data between countries. This flow of data can occur by
satellite, microwave, cable, or conventional radio; each can transport voice, image,
character, and other symbols in digital bit streams. 2 TDF thus involves the transfer
of massive amounts of information efficiently and inexpensively.
Branscomb has developed a taxonomy of the different types of information
encompassed in this definition of TDF.3 She lists eleven types of information:
personal; political; scientific and technical; strategic and military; health, safety,
and environmental; economic; financial; management; educational; religious and
moral; and news and entertainment.4
Primary users of TDF include governments and multinational corporations.
For example, in the corporate setting, extensive use of TDF occurs in financial
management, marketing and distribution, production, management, and research
and development.' The most important benefit that corporations derive from
6
TDF is increased efficiency, but TDF also opens new business opportunities such
as trade in information services.'
The experience of the community of Malmo, Sweden illustrates the versatility
and importance of TDF. Malmo had its fire alarm system linked to a data base
data processing through automatic machines. The merger of informatics and telecommunications
produces "telematics." Finally, the internationalization of telematics has occurred through transborder
data flow. SPECIAL SECRETARIAT OF INFORMATION OF THE NATIONAL SECURITY COUNCIL OF THE PRES-
IDENCY OF THE REPUBLIC OF BRAZIL IN COOPERATION WITH THE MINISTRY OF COMMUNICATIONS OF
BRAZIL, TRANSBORDER DATA FLOW AND BRAZIL: THE ROLE OF TRANSNATIONAL CORPORATIONS, IMPACTS
OF TRANSBORDER DATA FLOWS AND EFFECTS OF NATIONAL POLICIES 5-7 (1982) [hereinafter cited as
BRAZILIAN CASE STUDY].
2. Branscomb, Global Governance of Global Networks: A Survey of Transborder Data Flow in
Transition, 36 VAND. L. REV. 985, 992 (1983).
3. Id. at 994. She maintains that the legal treatment must vary according to the type of
information. Id.
4. Id.
5. U.N. ESCOR Comm. on Transnational Corporations (Agenda Item 7(c)) at I1, U.N. Doc.
E/C.10/1984/14 (1984) [hereinafter cited as UN Report].
6. Id.
7. See Gassmann, The Changing Nature of Transborder Data Flows, in TRANSBORDER DATA
FLOWS: PROCEEDINGS OF AN OECD CONFERENCE HELD DECEMBER 1983 7 (1985) ("increasing use of
electronic information services, data bank services, computer services, software, and telecommuni-
cations services has growing international trade dimensions") [hereinafter cited as Changing Nature
of TDF]. Services can be defined as "all output that does not come from the four goods-producing
sectors: agriculture, mining, manufacturing and construction. The service sector of the United States
thus embraces distributive services such as wholesale and retail trade, communications, transportation
and public utilities; producer services such as accounting, legal counsel, marketing, banking, archi-
tecture, engineering and management consulting; consumer services such as restaurants, hotels and
resorts, laundry and drycleaning establishments, and non-profit and government services such as
education, health, the administration of justice and national defense." Ginsberg & Vojta, The Service
Sector of the U.S. Economy, SCI. AM., March 1981, at 48. See infra notes 146 to 186 and accompanying
text (discussing TDF as an international trade in services problem).
1985]1 TRANSBORDER DATA FLOW 33
in Cleveland, Ohio.' The Cleveland computer contained information about the

buildings in Malmo such as whether it stored any dangerous chemicals. When
an alarm sounded in Malmo, satellites quickly transferred the information from
Cleveland to Malmo.9 TDF issues are raised by the concern of Malmo citizens
that the United States might suddenly impose export restraints on data, hampering
Malmo's access to the Cleveland data base.
One recent international dispute suggests that Malmo's concerns are well-
founded. Employees of Dresser Industries, located in 100 countries, have daily
access to Dresser's central computers in the United States through a complex
network of terminals and satellites. The computer systems are used to maintain
up-to-date inventory, financial, and design information. When President Reagan
imposed sanctions forbidding United States companies from participating in the
construction of the Soviet pipeline, Dresser was forced to cut all technical com-
munications with its French subsidiary which was involved in one aspect of the
pipeline project. Immediately, an Australian company terminated a $3 million
order with the sub.sidiary because it realized that the subsidiary became almost
inoperable without access to its central data base."o
Both examples demonstrate the pervasive nature of TDF and the potential
impact of barriers to the free flow of information. On the other hand, these
barriers may be necessary for data protection, privacy, and economic growth.
II. THE POLICY CONFLICT BETWEEN SOVEREIGNTY AND FREE FLOW OF

INFORMATION
The tension between protecting, controlling, and denying information, on the

one hand, and importing, exporting, and sharing information, on the other, is
inherent in TDF." Nations, multinational corporations (MNCs), and international
organizations want to control communication between themselves and others. 2
They do this by controlling the content and flow of information." "[P]articipants
in international communication have an interest in attaining and maintaining
control over [data communication and processing technologies] and also benefit
by having freedom to use and direct them."' 4 The relative position of the par-
ticipants as competitors in world markets determines the level of control they
prefer over the access, content, and use of TDF. Novotny explained:
8. Basche, Information Protectionism, ACROSS THE BOARD, Sept. 1983, at 38.

9. Id. at 38-39.
10. Spero, Barriers to International Information Flows, TELECOMMUNICATIONS, Nov. 1983 at 67,
68.
11. See generally Novotny, Transborder Data Flows and International Law: A Framework for
Policy-Oriented Inquiry, 16 STAN. J. INT'L L. 141, 144-45 (1980) (analysis of national and international
control measures to develop guidelines that balance restrictive policies and enhancement of free flow
of data).
12. Id.
13. Id. at 145.
14. Id.
Competition between the exclusive interests of information control

and the inclusive interests of unrestricted transfer of information across
national boundaries is the taproot of the controversy. Inclusive interests
include principles, practices, and policies grouped under the general
term free flow of information. These policies promote increased shar-
ing, use, enjoyment, and exchange of transborder data flows. Prin-
ciples, practices, and policies that represent exclusive interests are grouped
under the term sovereignty over information, and promote controlled
use, restricted access, conservation, denial and decreased transfers of
information."
Free flow of information, then, means that information can move and be
accessed with little or no governmental restraint. Sovereignty over information
means regulation of the flow by nations. Multinational corporations oppose such
regulation and advocate the free flow of information, despite a desire to restrict
access to their information by their competitors, for example. The corporations
are supported by a declared international standard of freedom of information.' 6
It appears in the Universal Declaration of Human Rights, 7 which secures the
right "to seek, receive and impart information and ideas through any media and
regardless of frontiers."'"
Those who oppose regulating TDF emphasize that information is vital to the
transition from an industrial to an informational society. "That transition is
characterized by quick and complete gathering, processing, storing, retransmitting,
and use of information." 9 Quick dissemination of information has a number of
benefits. Economically, it causes an efficient allocation of financial resources.
Technical and medical developments are also based on unrestricted information
availability. In addition, international flow of information reduces the gap between
technologically and economically unequal nations. 20 Regulating information, in
this view, would make the information unavailable, subject its transmission to
unbearable burdens, or make its use more expensive.21
For the United States, any restrictions on the free flow of information would
also hamper trade in services.22 The United States is presently the number one
15. Id. (emphasis added).

16. See generally Note, A New International Information Order: The Developing World and the
Free Flow of Information Controversy, 8 SYR. J. INT'L L. & Com. 249, 251-52 (1980) (stating that
ideal of freedom of information has achieved status of customary international law).
17. Id. at 251 (citing G.A. Res. 217, U.N. Doc. A/810, at 71 (1948)).
18. Id. (citing G.A. Res. 217, U.N. Doc. A/810, at 79 (1948)).
19. McKeaver, Is it Best Not to Regulate Transborder Data Flow?, 1984 INT'L Bus. L. 159.
20. Id.
21. Id.
22. Telecommunications and Information Products and Services in International Trade: Hearings
Before the Subcomm. on Telecommunications, Consumer Protection, and Finance of the House
Comm. on Energy and Commerce, 97th Cong., Ist Sess. 174-75 (1981) (Statement of Harry L.
Freeman, Senior Vice President, American Express Co., and Joan E. Spero, Vice President, American
Express Co.) [hereinafter cited as Trade Hearings].
exporter of services in the world, generating close to $60 billion in revenue in

1980.23 Virtually all service industry exports depend on the free flow of infor-
mation. 2 4 There is concern among service industry leaders that trade barriers that
restrict the free flow of information will challenge this leadership position.25
Still, sound reasons exist to assert sovereignty over data. Developing countries
lack the financial and technological means to compete in the production, operation,
distribution, or use of data bases.2 These nations, therefore, take part in the
data market primarily as suppliers of data (data exporters) and consumers of
finished products, with the flow of data travelling from them to the developed
world.27 The desire to receive a greater share of the benefits of the information
resource motivates the developing world to control or regulate this information. 28
Geza Feketekuty, Assistant United States Trade Representative for Policy De-
velopment, has identified a number of government policy goals that can lead to
barriers to international flow of information or trade in telecommunications and
data services. 29
One goal that most countries have already established is the protection of
privacy and data integrity. Legislative attempts to ensure privacy and security
have been motivated by the tremendous data storage capacity of computers and
the fear that the international transfer of data might compromise these interests.
While protecting individual interests in data, many of these laws also ensure
governmental access to vital information regarding public health, safety, and
welfare. 3 0
23. Id. A 1981 analysis of the United States service industries, prepared under contract for the
Departments of State and Commerce and the Office of the United States Trade Representative,
discusses sixteen service industries and their level of international revenue generation. Using its own
system of weighted variables, the report estimated that for 1980 the United States service industries
generated approximately $60 billion in revenues. The authors note that this figure is roughly equal
to the total United States exports of all food and consumer goods in 1980. The sixteen industries
include accounting; advertising; banking; business, professional and technical services; construction
and engineering; education; employment; franchising; health; information; insurance; leasing; lodging;
motion pictures; tourism; and transportation. Id. at 188-91 (report of Economic Consulting Services,
Inc., International Operations of U.S. Service Industries: Current Data Collection and Analysis). The
top revenue generators and their estimated foreign revenues include: Transportation (including both
airlines and maritime shipping), $13.93 billion; banking, $9.1 billion; insurance, $6 billion; construction
and engineering, $5.36 billion; and tourism, $ 4.15 billion. Id. at 173-74 (statement of Harry L.
Freeman, Senior Vice President, American Express Co., and Joan E. Spero, Vice President, American
Express Co.).
24. See id. at 174 (Statement of Harry L. Freeman, Senior Vice President, American Express
Co., and Joan E. Spero, Vice President, American Express Co.) (accounting, banking, insurance,
and transportation industries could not survive without free flow of information).
25. See id. (United States faces expanding barriers to flow of information).
26. Ennison, Legal Aspects of TDF in Developing Countries: Sovereignty Considerations, 1984
INT'L Bus. L. 163.
27. Id.
28. Id.
29. Trade Hearings, supra note 22, at 74 app. (statement of Geza Feketekuty, Assistant U.S.
Trade Representative for Policy Development)
30. Id. at 75-77.
In many countries, telecommunication services are provided by a publicly owned

or regulated telecommunications monopoly. As telecommunications and computer
technology have become more important to society, governments have taken a
greater role in ensuring that these monopolies provide adequate services at a
reasonable price. Regulations designed to protect the public can also protect the
monopolies from private competition.'
In addition to protecting privacy and economic interests, some governments
have implemented programs to prevent the "dilution of indigenous culture" that
may result from the greater availability of foreign information and entertainment. 32
These governments want to incorporate foreign technology into their society but
retain their nation's cultural identity.
Finally, in response to the growing importance of telecommunications and data
processing technologies, some governments have begun to protect domestic pro-
ducers of these technologies. In some instances the protectionist intention is
explicit. Regardless, the purpose is to foster the development of domestic industry
by excluding foreign competition."
The countries that are primarily exporters of data have been very concerned
about their excessive dependence upon foreign data processing services and com-
puter communications networks. Turn summarizes those concerns as follows:
1) The possible erosion of the sovereignty of a country may occur
when large amounts of data about its economy, citizens, or government
operations are transmitted abroad for processing or storage in data
bases. Increased vulnerability to disruption of access to these data and
the lack of control over them can make a country significantly de-
pendent on foreign data processing services.
2) International transmission of data involves complex technical and
procedural difficulties to assure data security and maintain account-
ability. These operations may pass through several transmission link
technologies operated by organizations in many different countries.
International conventions regarding communications further complicate
the situation.
4) There may be adverse effects on the development or continued

existence of local data processing expertise and facilities in countries
that use foreign data processing services. The principal reasons for
using foreign data processing services are economy and the unavail-
ability of desired services in the home country.14
31. Id. at 77-78.

32. Id. at 78-79.
33. Id. at 79.
34. Turn, Privacy Protection and Security in Transnational Data Processing Systems, 16 STAN.
J. Int'l L. 67, 68-69 (1980).
1985] TRANSBORDER DATA FLOW 37
Because much of the initial regulation of TDF has been in the areas of data
protection and privacy, the article will next examine those regulatory efforts.
A. TDF AS A DATA PROTECTION AND PRIVACY ISSUE

"Privacy" is the interest individuals have in the collection, processing, storage,
dissemination, and use of personal data and the effect of such activities on
individual rights.35 The term "data protection" is used similarly in Europe, 6 but
the European emphasis is on the protection of information once collected.3
Europeans consider automatic data processing to be the root of threats to in-
dividual privacy and thus prefer to regulate the technology and uses to which it
can be put rather than looking to privacy rights in the relationship between an
individual and government or private entities.3 8 The latter approach is inherent
in United States privacy regulation. 9 Because a country's policy on privacy stops
at its borders, the international community has endeavored to develop procedures
for data protection within each nation and for regulating information flow policies
among countries. The Council of Europe (COE) and the Organization for Eco-
nomic Cooperation and Development (OECD) are principally responsible for these
0
efforts.
1. Council of Europe
The Council of Europe (COE), composed of twenty-one European countries,
was one of the first international forums to address the privacy issue." The
proposed COE Treaty would be binding on those members that sign and ratify
it. The Treaty is designed to protect an individual's interests in any personal data
that is subject to automatic processing. 42 Its basic principles state that any such
data undergoing automatic processing shall be:
a. obtained and processed fairly and lawfully;
b. stored for specific and legitimate purposes and not used in a
way incompatible with those purposes;
35. Id. at 69.

36. Id.
37. Walker, Privacy and Human Rights: A Comparison of U.S. and European Experience, in
PRIVATE INVESTORS ABROAD-PROBLEMS AND SOLUTIONS IN INTERNATIONAL BUSINESS IN 1982 17, 19(M
Landwehr ed. 1982).
38. Id. at 30.
39. Id. at 28.
40. Id. at 38-39. For a discussion and comparison of the two agreements see Note, Transborder
Data Flows: International Privacy Protection and the Free Flow of Information, 6 B.C. INT'L &
CoMP. L. REV. 591 (1983) [hereinafter cited as Privacy Protection).
41. Walker, supra note 37, at 36.
42. Convention for the Protection of Individuals with respect to Automatic Processing of Personal
Data, opened for signature January 28, 1981, art. 1, Europ. T.S. No. 108 [hereinafter cited as COE
Treaty].
c. adequate, relevant and not excessive in relation to the purposes

for which they are stored;
d. accurate and, where necessary, kept up to date;
e. preserved in a form which permits identification of the data
subjects for no longer than is required for the purposes for which
those data are stored.43
The Treaty's provisions regarding TDF" demonstrate a strong interest in un-
regulated TDF so long as the nation importing the data provides "equivalent
protection" to the data as is provided by the exporter-treaty member. Thus, the
Treaty requires that all member countries pass comparable domestic legislation
protecting privacy rights. Without comparable legislation, a country may be denied
permission to import data from a country that complies with the Treaty.45
The United States would need to pass additional privacy regulation in order
to conform to the Treaty's provisions. Unless it does so, the millions of dollars
in revenue that the United States receives from Europe, Canada, and Japan would
remain outside Treaty regulation.46 But the United States has refused to participate
in the COE Treaty because its treatment of privacy protection does not comport
43. Id. at art. 5.

44. Chapter Ill, Article 12 of the COE Treaty provides:
Transborder flows of personal data and domestic law.

1. The following provisions shall apply to the transfer across national borders, by
whatever medium, of personal data undergoing automatic processing or collected with
a view to their being automatically processed.
2. A Party shall not, for the sole purpose of the protection of privacy, prohibit or
subject to special authorization transborder flows of personal data going to the territory
of another Party.
3. Nevertheless, each Party shall be entitled to derogate from the provisions of

paragraph 2:
a. insofar as its legislation includes specific regulations for certain categories

of personal data or of automated personal data files, because of the nature
of those data or those files, except where the regulations of the other Party
provide an equivalent protection;
b. when the transfer is made from its territory to the territory of a non-
Contracting State through the intermediary of the territory of another Party,
in order to avoid such transfers resulting in circumvention of the legislation
of the Party referred to at the beginning of this paragraph.
Id. at art. 12.
45. For a discussion and critique of the COE Treaty provisions in Article 12, see Note, Transborder
Data Flow: Problems with the Council of Europe Convention, or Protecting States from Protectionism,
4 Nw. J. INT'L L. Bus. 601 (1982).
46. Sardinas & Sawyer, Transborder Data Flow Regulation and Multinational Corporations,
TELECOMMUNICATIONS, Nov. 1983, at 59.
with United States policy.47 The chief objection appears to be the Treaty's inclusion
of legal persons and businesses as data subjects." Such an inclusion would restrict
the flow of corporate data and would be unacceptable to United States businesses.49
The OECD Guidelines appear better suited to United States interests.
2. Organization for Economic Cooperation and Development

In 1980, the Organization for Economic Cooperation and Development (OECD)
adopted its "Guidelines on the Protection of Privacy and Transborder Flows of
Personal Data." 0 These Guidelines advocate voluntary measures to ensure data
protection." The United States, Japan, Canada, and the Western European coun-
tries comprise OECD's membership.5 2 The member countries seek to promote a
set of minimum standards to protect privacy and TDF 3 while maximizing the
free flow of information.s4
The objectives of the Guidelines include:
. . . reducing differences between relevant domestic rules and prac-
tices of Member countries to a minimum;
... ensuring that . . . they take into consideration . .. the need to
avoid undue interference with flows of personal data between Member
countries; and
* . . eliminating, as far as possible, reasons which might induce
Member countries to restrict transborder flows of personal data because
of the possible risks associated with such flows. 5
The "Basic Principles of National Application," Part Two of the Guidelines,
enunciate general standards for data collection limitation, data quality, purpose
47. Walker, supra note 37, at 37.

48. Privacy Protection, supra note 40, at 618. The COE Treaty, Art. 3, § 2(b), provides in part:
Itlhat [any State] will also apply this convention's [Treaty provisions] to information
relating to groups of persons, associations, foundations, companies, corporations and
any other bodies consisting directly or indirectly of individuals, whether or not such
bodies possess legal personality ....
49. Id. at 622.

50. ORGANIZATION FOR EcONOMIC COOPERATION AND DEVELOPMENT, GUIDELINES ON THE PROTEC-
TION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA22-36 (1981) [hereinafter cited as OECD
Guidelines].
51. Privacy Protection, supra note 40, at 622.
52. The Organization for Economic Cooperation and Development was set up in December 1960.
The Member Countries include Australia, Austria, Belgium, Canada, Denmark, Finland, France, the
Federal Republic of Germany, Greece, Iceland, Ireland, Norway, Portugal, Spain, Sweden, Switzerland,
Turkey, the United Kingdom, and the United States. OECD GUIDELINES, supra note 50, at 2.
53. Walker, supra note 37, at 38. Australia, Canada, Ireland, Turkey and the United Kingdom
abstained from voting on the Guidelines. New OECD Guidelines on PRIVACY, THE OECD OBSERVER,
Nov. 1980, at 36 n.1.
54. OECD GUIDELINES, supra note 50, at 19.
55. Id. at 22.
specification, use limitation, security safeguards, openness, individual participa-

tion, and accountability.1 6 These principles operate to limit the use of personal
data, inform the data subject that such data has been collected, protect and
provide access by the data subject to that data, and charge an individual with
implementing these principles and overseeing their continued observance.
56. Id. at 10-11. Part Two of the OECD Guidelines states:
[Collection Limitation Principle.) There should be limits to the collection of personal

data and any such data should be obtained by lawful and fair means and, where
appropriate, with the knowledge or consent of the data subject.
[Data Quality Principle.] Personal data should be relevant to the purposes for which
they are to be used, and, to the extent necessary for those purposes, should be accurate,
complete and kept up-to-date.
[Purpose Specification Principle.) The purposes for which personal data are collected
should be specified not later than at the time of data collection and the subsequent use
limited to the fulfillment of those purposes or such others as are not incompatible with
those purposes and as are specified on each occasion of change of purpose.
[Use Limitation Principle.] Personal data should not be disclosed, made available or
otherwise used for purposes other than those specified in accordance with Paragraph 9
except:
a) with the consent of the data subject; or

b) by the authority of law.
[Security Safeguards Principle.] Personal data should be protected by reasonable

security safeguards against such risks as loss or unauthorized access, destruction, use,
modification or disclosure of data.
[Openness Principle.] There should be a general policy of openness about develop-

ments, practices and policies with respect to personal data. Means should be readily
available of establishing the existence and nature of personal data, and the main purposes
of their use, as well as the identity and usual residence of the data controller.
[Individual Participation Principle.] An individual should have the right:
a) to obtain from a data controller, or otherwise, confirmation of whether or

not the data controller has data relating to him;
b) to have communicated to him, data relating to him
i) within a reasonable time;

ii) at a charge, if any, that is not excessive;
iii) in a reasonable manner; and
iv) in a form that is readily intelligible to him;
c) to be given reasons if a request made under subparagraphs (a) and (b) is
denied, and to be able to challenge such denial; and
d) to challenge data relating to him and, if the challenge is successful, to have
the data erased, rectified, completed or amended.
[Accountability Principle.] A data controller should be accountable for complying

with measures which give effect to the principles stated above.
Id.
Two aspects of these Guidelines are particularly noteworthy. First, they are
designed only to protect "personal data."" The Guidelines are concerned with
living persons," not with legal persons, although some members suggested ex-
tending coverage to the latter. 9 By contrast, the new 1985 OECD Declaration
discussed below appears to have a broader scope.M
Second, it is significant that the Guidelines address TDF in a privacy context.
The OECD effort aimed at protecting personal data while promoting the free
flow of information. Member countries were concerned that the different levels
of data protection and different laws be reconciled in order to facilitate the free
flow of information among member countries and ensure the security of personal
data.6 ' These concerns are reflected in Part Three of the Guidelines.6 2
The international principles set forth later in this article are closely related to
the national principles in Part Two of the Guidelines. They emphasize security
of data and respect for each nation's interest in preserving privacy and protecting
data. 6 The restrictions on free flow of personal data between member countries
should be abandoned once the requirements of the Guidelines for protecting
privacy and individual liberties have been substantially fulfilled."6 The international
57. Id. at 26.

58. Id. at 24.
59. See generally id. (arguing protection desired for individuals is same as that desired by groups
with or without legal personality). Despite this restriction to personal data and physical persons,
multinational corporations viewed any restrictions as potential barriers and greeted all privacy pro-
tection laws with some trepidation. Changing Nature of TDF, supra note 7, at 8.
60. See infra notes 173 to 186 and accompanying text (discussing the 1985 OECD Declaration).
61. See generally OECD GUIDELINES, supra note 50, at 32-34 (discussing principles individual
nations should adopt to insure secure and uninterupted international data flow).
62. Id. at 11-12. Part Three of the OECD Guidelines, "Basic Principles of International Appli-
cation: Free Flow and Legitimate Restrictions," provide:
15. Member countries should take into consideration the implications for other
Member countries of domestic processing and re-export of personal data.
16. Member countries should take all reasonable and appropriate steps to ensure
that transborder flows of personal data, including transit through a Member country,
are uninterrupted and secure.
17. A Member country should refrain from restricting transborder flows of personal
data between itself and another Member country except where the latter does not yet
substantially observe these Guidelines or where the re-export of such data would cir-
cumvent its domestic privacy legislation. A Member country may also impose restrictions
in respect of certain categories of personal data for which its domestic privacy legislation
includes specific regulations in view of the nature of those data and for which the other
Member country provides no equivalent protection.
18. Member countries should avoid developing laws, policies and practices in the
name of the protection of privacy and individual liberties, which would create obstacles
to transborder flows of personal data that would exceed requirements for such protection.
Id. at 11-12.
63. Id. at 32-34.
64. Id.
principles promote the free flow of information provided that legitimate and
effective privacy and data protection policies are in place. As noted above, the
Guidelines disclaim any intent to limit the rights of member countries to regulate
international flow of personal data in the fields of free trade, tariffs, employment,
and related economic areas, noting that these areas are outside the Guideline's
mandate.65
Thus, the effect of the OECD Guidelines can be to restrict TDF among member
nations that have not substantially complied with them to restrict TDF to any
nonmember nations, and to restrict TDF when the restrictions are economically
motivated. Further, as voluntary guidelines, they need not be adopted at all.
Their chief benefit has been to suggest a set of privacy and data protection
principles for personal data that promote a unified approach to TDF. As such,
they can be extremely useful.
3. Privacy Regulation
The COE Treaty and the OECD Guideliies were two international responses
to the privacy and data protection regulations passed by individual nations during
the 1970's.66 The Swedish Data Act, which went into effect in 1974, was the first
national act restricting the flow of information in the interests of privacy.6 1 Similar
to subsequent legislation elsewhere, it formed a national regulatory body, required
registration or licensing and prior authorization for transmitting data out of the
country, and imposed limits on the length of time data may be stored.68 The Act
has been invoked many times to deny transborder data flow of personal infor-
mation. For example, a German company, Siemens, could not store Swedish
employee information in Germany since Germany did not have a reciprocal privacy
law at that time.69 This Act was amended in 1980 to eliminate the requirement
that the data collector obtain permission before releasing information to be
processed abroad.1o
Norway, passing privacy regulations in 1978, was the first nation to extend
privacy protection to legal persons,7 a controversial aspect of the COE Treaty. 72
The laws of Austria, Denmark, and Luxemburg also protect the privacy of legal
persons .
65. Id. at 34.

66. Austria, Canada, Denmark, France, the Federal Republic of Germany, Luxemburg, Norway,
Sweden, the United Kingdom, and the United States have enacted privacy laws. McGuire, The
Information Age: An Introduction to Transborder Data Flow, 20 JURIMETRICS J. 1, 4 (1979); McKeaver,
supra note 19, at 159; The Data Protection Act, 1984, ch. 35. Belgium, the Netherlands, Spain,
Australia, Finland, Iceland, Italy, Japan, New Zealand, Switzerland, and Yugoslavia are all in various
stages of developing privacy laws. McGuire, supra, at 4.
67. McGuire, supra note 66, at 4.
68. Id.
69. Id. at 5.
70. Privacy Protection, supra note 40, at 614.
72. See supra notes 47 to 49 and accompanying text (discussing the protection of legal persons
in the COE Treaty).
1985]1 TRANSBORDER DATA FLOw 43
The British Response. In 1984, the United Kingdom passed the Data Protection
Act as a prelude to ratification of the COE Treaty. 7 4 Rumbelow notes that the
United Kingdom had previously taken the less restrictive "leave-it-alone" stance
regarding regulation of TDF, unlike Scandinavia, Germany, and France.75 The
Act requires all persons and organizations that hold "personal data" on individuals
to register with the Data Protection Registrar.16 This requirement also extends to
persons and organizations that provide processing services or use of processing
equipment.77 "The application must contain descriptions of the data held, the
purposes for which they are held, their sources, the persons to whom they are
to be disclosed, and the countries (if any) outside the U.K. to which the data
are to be transferred." 78
The Registrar is the key person in the scheme of the Act.79 He has responsibilty
for maintaining and supervising the system of registration and ensuring that
persons involved in processing personal data observe the eight data protection
principles.so He is thus charged with generally monitoring compliance with the
Act."' The principles "require that personal data are obtained and processed
fairly, held only for specific purposes, are not used or disclosed in a manner
inconsistent with such specific purpose, are accurate and up to date, are not kept
longer than necessary, are available for inspection by the data subject and ap-
propriate security measures are taken". 82 The Registrar is given the authority to
decide on a case by case basis whether a particular data user is in breach of
these general principles.8 1
The Act gives the data subject four new rights. First, he has the right to request
access to any personal data that a data user holds concerning him. 8 4 Second,
"the Act creates a novel statutory civil liability, that of processing inaccurate
data." 85 Third, the Act gives the right to claim damages suffered from the loss
or unauthorized destruction or disclosure of data. 6 Finally, the Act provides the
74. Eisenschitz, The Data Protection Act 1984, 7 EUR. INTELL. PRoP. REV. 143 (1985).
75. Rumbelow, Privacy and Transborder Data Flow in the United Kingdom and Europe, 1984
INT'L Bus. L. 153.
76. Data Protection Act, § 4(l). Section 1(1) of The Act defines "personal data" as "data
consisting of information which relates to a living individual."
77. Id.
78. Austin, The Data Protection Act 1984, 1984 LLOYD'S MAR. 0. Com. L.Q. 663, 664.
79. Savage & Edwards, The Data Protection Act 1984, 1984 J. Bus. L. 463, 464.
80. Id.
81. Id.
82. Id. at 465. These principles are expressed in very general terms leaving the Registrar as the
enforcer rather than the courts. Id.
83. Id.
84. Data Protection Act, § 21. The data subject must pay a fee to cover expenses and a copy
of the data must be supplied by the data user within 40 days. Data Protection Act. §§ 21(2), 21(6).
21(6).
85. Savage & Edwards, supra note 79, at 466. Where the data are an accurate record of information
provided by the subject or by a third party, there will be no liability if the provider of the data is
noted and if any challenge to the accuracy of the data by the data subject has been noted. In addition,
the Act provides a general defense of reasonable care in ensuring the accuracy of the data. Id.
86. Data Protection Act, § 23.
limited right to apply to the courts for correction or erasure of erroneous data."
Thus, a British data subject has important rights to access data about himself,
to rectify and erase inaccurate data, and to receive compensation for damages
suffered. What is not clear is the extent to which the defense of reasonable care
and the plea that the data accurately reflects that supplied by the data subject
or the third party will limit the right of recovery.
Despite these new rights, exemptions to the Act may limit the protection
afforded. Exemptions may be granted from some or all of the Act's requirements.
For example, payrolls, pensions, and accounting data are exempt from registration
as are membership details of clubs and data held for statistical or research
purposes."' Other personal data held for the purposes of crime prevention or
detection, prosecution of offenders, or tax assessment or collection are exempt
from subject access and nondisclosure provisions if the purpose would be prej-
udiced by permitting subject access or ensuring absolute nondisclosure. 9 Personal
data held for national security purposes, which are defined broadly, are also
exempt from substantial portions of the Act. A Cabinet Minister or the Attorney
General has total authority to certify that data is held for this purpose." Gov-
ernment agencies that hold personal data may be exempt in order to protect
the public from loss due to dishonesty, incompetence, or malpractice in the area
of financial services. 9 Other public sector exemptions may include health and
social work information. 92
There has been criticism of the Act. One critic, writing before the bill passed,
believes that industrial efficiency will suffer greatly from this legislation.93 He
notes that lawyers, business organizations, and many others unsuccessfully ob-
jected to the registration system. While agreeing that some protection is needed
in the public sector, he argues that private sector information is given voluntarily.
Thus, he concludes that the need to specify the data's purpose and use is
unnecessary and cumbersome."
Regardless of the Act's merit, the decision of the United Kingdom to
protect privacy and ensure data security by legislation is significant. The United
States and Japan, in rejecting the COE/United Kingdom approach, may find
themselves alone in their lack of reciprocal privacy laws. Perhaps the height-
ened interest of the United States in developing an information policy" and
the push to include trade in services in the GATT discus-

88. Data Protection Act, §§ 32, 33, 33(6).
90. Data Protection Act, § 27(6).
93. Rumbelow, supra note 75, at 157.
94. See id. at 156-57 (suggesting the Register is given overbroad powers and the system of
enforcement is markedly inefficient).
95. See generally HOUSE COMM. ON Gov'T OPERATIONS, INTERNATIONAL INFORMATION FLOW: FORG-
ING A NEW FRAMEWORK, H.R. REP. No. 1535, 96th Cong., 2d Sess. I (1980) (suggesting that the
United States must respond to changes in the technology of and laws of foreign nations contending
sions"6 indicates an awareness of the potential isolation and its effect on United
States business.
Interest in restricting and regulating data flow is not motivated only by privacy
concerns. Economic self-interest also plays an important role.
B. TDF AS A BUSINESS ISSUE

Several years ago, a shift in TDF policy occurred in many nations. The concern
over data protection and privacy, prevalent until 1980, dwindled as interest in
business communication intensified.9" In this context large multinational corpo-
rations have clashed with the often publicly owned telecommunications admin-
istrations that want to optimize use of their communication networks." Many
restrictions on the free flow of information have been implemented to serve this
interest. Moreover, there has been a desire to exert national sovereignty over
information to protect domestic industries. MNCs fear, however, that any re-
strictions on the free flow of information and access to their own data bases will
diminish their efficiency.
Impediments to data flow can occur in a variety of ways. A simple means to
restrict data flow is to eliminate choice in the communications market place.
Nations might also introduce arbitrary requirements that adversely affect the
ability of international businesses to compete.99 One United States corporate
executive states that these restrictions often resemble classic barriers to trade and
take forms such as:
[1] discriminatory pricing of data transmission services;
[21 mandated use of national public data networks, eliminating the
ability to meet specialized needs with a technically appropriate and
cost-efficient communications link;
[3] denial of leased lines, or restrictions on their use that take away
the user's ability to offer competitive services;
[4] local content laws requiring the processing of data within the
country of origin as a part of the user's transmission requirements;
with international information flow) [hereinafter cited as HOUSE REPORT]; A. Bushkin & J. Yurow,
THE FOUNDATION OF UNITED STATES INFORMATION POLICY, U.S. DEP'T OF COMMERCE 1 (1980) (United
States international information flow policies must reflect foundations of domestic information policy
aims and national interests) [hereinafter cited as NTIA Report].
96. See infra notes 151 to 172 and accompanying text (discussing opposing views regarding inclusion
of trade in services in GATT).
97. See Changing Nature of TDF, supra note 7, at 8 (worldwide buildup of international data
communications networks caused interest to focus on technical, financial and legal conditions of their
use).
98. See id. at 9 (multinational users oppose policy of public telecommunications administrations
which would require large companies to use public data communications services at rates sensitive
to volume).
99. Spero, supra note 10, at 68.
[5] restrictions on the impact of equipment, spare parts, or software;

and
[6] emerging policies which can provide the basis for customs duties
and value-added taxes on classes of information as that information
enters or leaves a country via modern communication links.0"
The United States plays an important role in the information explosion, es-
pecially because the interest of MNCs in free information flow apparently coincides
with United States policy.o' 0 As a result of this linkage and because so many
MNCs are based in the United States, even developed nations have sought to
place limits on data flow to protect privacy and their economies.
These types of restrictions are similar throughout the world. The content and
the severity of those restrictions as they impact MNCs and free data flow, however,
will vary according to the needs of the countries. This variation is most visible
between developed and developing nations.
1. Developed Countries
Restrictions on TDF exist throughout the developed world. In Japan, the
Ministry of Posts and Telecommunications, working through the international
telecommunications authority, KDD, has erected barriers to the use of private,
leased communications lines by large data users. These lines are generally the
most efficient means for transmitting data. Both by denying private leased lines
and limiting their use, Japan's restrictions have detrimentally affected United
States companies.102 In West Germany, the Deutsche Bundespost has attempted
to protect the revenues of its telecommunications system in several ways. It allows
use of international leased lines only if at least part of the data processing is
performed in Germany. Further, West Germany intends to charge "usage-sen-
sitive" rates in addition to fixed charges, even if the other conditions of its laws
are met. 03
Canada is also concerned about the effect of data flow, especially to the United
States, on its economy. It has required that all banks operating in Canada maintain
and perform the initial processing of all data on Canadian citizens in Canada.
Thus, banks have been coerced into the costly process of duplicating their data
bases."
The Canadian example illustrates the concern of many developed nations over
United States control of information resources.' The vast majority of automated
data bases are located in the United States, and most data exchanges between
the United States and its partners consist of the supply of processed data by the
100. Id.
101. HOUSE REPORT, supra note 95, at 3.
102. Spero, supra note 10, at 68.
103. Id.
104. Id.
105. Fishman, Introduction to Transborder Data Flows, 16 STAN. J. INT'L L. 1, 8 (1980).
United States to other nations.'" The fear among some developed nations is that
if the current trend is not halted, the United States will have an unhealthy
dominance over other nations.'0" A government report in France in 1978 strongly
expressed that fear. Known as the Nora-Minc Report, it states:
Foreign firms (primarily IBM) must not be allowed to be instruments

of foreign (primarily United States) dominance.
. . . Post, Telephone, and Telegraph administrations (PTT's) should
be restructured so that the telecommunications portion can be redirected
to work more closely with other high-technology agencies.
. . . Mastery of component technology is as important as nuclear
mastery for national independence."'s
The Nora-Minc Report initiated a serious French government effort to retain and
control its own information.'*
Significantly, West Germany, France, and Canada, usually allies on United
States policy, have sufficient domestic concern that they have parted from the
United States policy advocating the free flow of information. Another aspect of
that fear, not limited to these nations, is that local businesses operating on a
smaller scale than United States industry will be unable to compete as access to
information becomes increasingly vital in industrial and economic competition,
leading to fear that local employment will be adversely affected." 0
Responding to a growing concern that European nations will fall far behind
in the information technology arena,' the European Economic Community (EC)I1 2
106. Id.
107. Id. at 8-9.
108. Id. at 9 (citing S. NORA AND A. MINC, L'INFORMATISATION DE LA SOCIETE [REPORT ON THE
COMPUTERIZATION OF SOCIETY] (1978) (for the Inspection Generale des Finances)).
109. Fishman, supra note 105, at 9.
110. Id. at 10.
111. The EC Commission quoted a letter from representatives of the largest European companies
active in the information technology field in which they stated:
The figures of market share, i.e. European industry commanding only ten percent of
the world market and less than forty percent of its own indigenous market, make stark
reading. Not only is the situation in itself of great concern but the low market share
means that the volume of sales and profit is inadequate to provide the essential investment
needed to safeguard the future. Even worse, all the indications are that the situation
is deteriorating rather than improving.
European Communities Commission, Prospectsfor the Development of New Policies: Research and
Development, Energy and New Technologies, BULL. EUROPEAN COMMUNITIES, 1983, No. 5 Supp., at
26.
112. See generally Ramsey, Europe Responds to the Challenge of the New Information Technologies:
A Teleinformatics Strategy for the 1980's, 14 CORNELL INT'L L.J. 237, 238 n.3 (1981) (Europeans
have examined fields of transborder data flow, privacy protection laws, telecommunications policies,
and policy initiatives in areas of informatics, data processing, microelectronics, and social problems
launched the first five year phase of a ten year research and development program
in this area. Entitled ESPRIT, the European Strategic Programme for Research
and Development in Information Technologies, it consists of research and de-
velopment projects for which the EC provides approximately fifty percent of the
funding."' ESPRIT areas of activity include: advanced microelectronics capability;
software technologies; advanced information processing; office systems; computer
integrated manufacture; and infrastructure actions.'' 4
ESPRIT's broad scope encompasses the role of telecommunications in infor-
mation technology."s As part of the EC effort to ensure that information exchange
capabilities will be adequate for all, a number of ESPRIT work programs are
developing the telecommunications capabilities of the infrastructure of partici-
pating nations." 6 More recently, a commission of the EC "called for an expression
of interest in the use of advanced information and technologies.""' The Com-
mission reported that it had begun to investigate future requirements and op-
portunities for concerted actions in advanced information technologies. The
Commission intends to study applications in medical research and services, meth-
ods for improving road and transport safety, and techniques for enhancing research
and development productivity in high technology."' Thus, there appears to be
an effort in the telecommunications area to stimulate the kind of research that
ESPRIT was intended to support.
The EC's interest in technological development is not only threatened by the
United States itself. The power of MNCs has received much critical attention.
These corporations appear to some to have acquired supranational powers that
make them independent of any local government."' Where the interests of MNCs
and the United States appear to coincide is in the desire that information generated
in the private sector remain generally inaccessible and unavailable, except on
terms set by the organization possessing it.' 20 The United States' view is that
corporate and privately held information should flow freely among nations with
no government or national regulation. Freedom from regulation would prevent
a foreign government from interfering with or accessing any business information.
of new technologies in context of objectives set forth in the treaty establishing the European Economic
Community, March 11, 1957, 298 U.N.T.S. 11). In early 1986, Spain and Portugal became the
eleventh and twelveth members of the European Economic Community, joining original members,
France, West Germany, Italy, Belgium, the Netherlands, Luxembourg, and later members Britain,
Ireland, Denmark and Greece. Wall St. J., Jan. 2, 1986, at 1, col. 3.
113. 27 O.J. EUR. COMM. (No. L 67) 54-55 (1984). The program was officially adopted on February
28, 1984. Id.
114. Id. at 57-59 annex.
115. 28 O.J. EUR. COMM. (No. L 55) 5 (1985).
116. 26 OJ. EUR. Comm. (No. C 321) 25-26 (1983).
117. 28 OJ. EUR. Comm. (No. C 194) at 7 (1985).
118. Id. at 7-8.
120. See NTIA Report, supra note 95, at 6-9 (discussing United States policy regarding information
dissemination). The American policy favoring dissemination and availability of information, as reflected
in the privacy laws, appears to be limited to information generated by the government. Id. at 6.
Thus, United States policy favoring free flow of information in the private sector
is consistent with the interests of multinational corporations. Developed nations,
other than the United States, while generally supporting the free flow of infor-
mation, would impose restrictions to reduce the MNCs' impact on domestic
industry and employment.
2. Developing Countries
Despite similar concerns, the developed and developing nations have disparate
approaches to the regulation of TDF. 2'^ Developed nations seek to protect their
industries and enhance their international competitive position, thus gaining econ-
omic self-sufficiency. The developing nations also view TDF in economic terms
but not necessarily with an eye to competing with developed nations. On the
contrary, their primary goal is to develop their own domestic information industries
and to control the use of their information. They wish to prevent developed
nations from unfairly benefitting from their raw information. 22
The phenomenal growth of the service sector in developing countries is over-
taking the growth of the industrial sector. For example, in Singapore, two-thirds
of the total output is generated though services and over thirty-five percent of
these services involve producing and distributing information.' 23 The result of
this growth is a gradual shifting of developing countries' investment and devel-
opment strategies.' 24 Developing nations fear that they will be relegated to their
traditional role as exporters of raw data and importers of advanced information
systems.' 25 The exportation of data without any regulation or measurement causes
loss of reimbursement for the data collection and handling costs, while adding
to the wealth of the importing nation.126
Domestic enterprises in developing countries are at a competitive and tech-
nological disadvantage with respect to MNCs. The use of TDF could balance the
competitive inequity. The principle obstacle to greater use of TDF appears to be
the absence of local telecommunications networks in those countries.127 Multi-
national Corporations, however, have indicated a willingness to establish telecom-
munication systems as soon as local conditions allow.128 Until that time, it may
be necessary for domestic enterprises to create their own TDF networks since the
capacity for transnational communication will make these enterprises more com-
petitive in world markets. The failure to participate in a TDF network may cause
the competitive position of domestic enterprises to suffer. 29

122. See id. at 23-25 (discussing Third World interests).
123. Jussawalla & Cheah, Emerging Economic Constraints on Transborder Data Flows, 7 TELE-
COMMUNICATIONS POLICY 285, 286 (1977),
124. See id. (shrinking agricultural base and stagnating industries helping services to grow).
125. Id. at 288.
126. Id. at 289.
127. UN Report, supra note 5, at 10.
128. Id.
129. Id. at 17.
The greatest economic concern is that TDF will hinder the establishment of
domestic information resources. 3 0 Where information resources are located at
regional or corporate centers that can be accessed easily, less market pressure
will be exerted to establish domestic information centers. Since internationally
available resources usually are more reliable, domestic users will prefer them over
infant, local ones. Thus, the growth of these domestic industries will be stifled.
The effect of this inability will be felt by the country's labor force and reflected
in its balance of payments."'
The importance of TDF to developing countries is clear. It is significant,
however, that only a small number have even begun to investigate the economic
implications of TDF, whether through studies, policy formulations, or regulation.
Bolivia, Ecuador, Niger, Phillipines, Uganda, Venezuela, Yugoslavia, and Zaire
have all undertaken studies of TDF issues. 3 2 Costa Rica, Mexico, and the Republic
of Korea are compiling reports for the United Nations Commission on Trans-
national Corporations.' 3 Brazil, the focus of the next section of this article, has
completed its study. 3 4 The primary focus of these studies has been on the
technological and administrative issues relating to upgrading access to international
data bases. The goal appears to be to strengthen the local infrastructure for TDF
because an inadequate infrastructure will severely hamper the nation's role in
TDF. 3
The desire to exert sovereignty and control over information flowing out of a
country is based in large part on an interest in collecting payment for that data
and helping domestic industries and local employment. But restrictions of TDF
may mean that access to international data bases and networks will be limited.
This will have a serious impact on domestic businesses trying to compete in a
world market. Developing countries are faced with the impossible task of pro-
tecting their own economic development in the informatics arena by opening
access to TDF while trying to restrict the export of data.
The amount of protectionism incorporated into a developing nation's TDF
policy depends largely on the level of technological development within a country.
For example, developing African countries have consistently supported the free
flow of information, maintaining that the concept of permanent sovereignty has
no place in TDF.' 6 One study found that "the level of use of computer com-
munication in Africa is only [three percent] versus [fifty percent] outside Africa".' 7
African countries appear to recognize a greater need to access foreign technology
than to control the little presently operating within their boundaries. Other "more
130. Id. at 18.

131. Id.
132. Id. at 20.
133. Id. at 20-21.
134. Id. at 21; see infra notes 187 to 254 and accompanying text (discussing Brazil's approach to
TDFs).
135. UN Report, supra note 5, at 21.
136. Ennison, supra note 26, at 168.
137. Id.
developed" developing"" countries, with more domestic industry at stake, have

a greater interest in maintaining sovereignty.
Fonseca writes that a "technological nationalism" is emerging in many devel-
oping countries.' 39 This "nationalism" is chiefly due to the difficult choice between
using more efficient technology and maintaining current levels of employment.'"
At issue is a form of "technological dualism" in which conventional production
processes coexist with islands of high technology."' The more traditional processes,
usually practiced by local, medium- and small-sized companies, eventually lose
out to the quality and cost efficiencies of the more advanced technology used
primarily by large foreign companies.142 Developing countries also face the enor-
mous challenge of establishing the scientific and economic base to conduct effective
research and development. 43 The governments may provide various forms of
financial incentives and legal protection to companies that endeavor to generate
jobs and enter the international market.'" Technological nationalism has emerged
as the cornerstone of the developing nations' policy on TDF.
Multinational Corporations attempt to counterbalance the effects of such pol-
icies by offering their products at competitive prices, using specifications that
inhibit the compatability of their machines with those of a particular country or
simply buying out the domestic competitor. 45 Overall, MNCs are a serious obstacle
to the technological growth of developing nations. Perhaps of greater concern
to less developed nations is the international movement to liberalize trade in
services that will result in significantly reduced barriers to such trade. Because
trade in services relies heavily on, and in many cases requires, TDF, agreements
to liberalize trade in services will also reduce barriers to information flow.
C. TDF AS A TRADE ISSUE
The current TDF debate, which began in 1982, focuses on trade in services. 46
Trade in services refers to trade in all service industries that depend upon tele-
138. Perhaps a more useful division among nations is the one utilized by Luiz Fonseca, Manpower
Secretariat to the Brazilian Ministry of Labor. He distinguishes among the central, intermediate, and
peripheral countries. Central countries are the highly developed ones. Intermediate countries are those,
like Brazil, that comprise the developing countries. These countries have distinct advantages over
peripheral countries whose industries are rather undeveloped. Peripheral countries are primarily the
so-called Third World countries. L. Fonseca, HIGH TECHNOLOGY DEVELOPMENT IN BRAZIL 1-6 (Dec.
1984) (unpublished work) (on file with the Journal of Law and Technology).
139. Id. at 6. Although he does not specifically define the term, Fonseca appears to mean the
creation of "barriers against the invasion of foreign technology." Id.
140. Id. at 5.
141. Id.
142. Id.
143. See id. at 5-6 (suggesting economic factors, market structures and presence of transnational
corporations inhibit growth of domestic science and technology research and development programs).
144. See id. at 6 (noting incentive mechanisms include government declared support, market reserve
or import restrictions, fiscal incentives and tax exemptions).
145. Id.
146. Changing Nature of TDF, supra note 7, at 9-10.
communications, such as banking, tourism, transportation, and manufacturing."'

Trade in services increasingly entails the use of information, data bank, computer,
software, and telecommunications services.148
The United States has consistently emphasized the importance of TDF to trade
in services and to world trade in general.14 9 There has been concern that restrictions
on the free flow of information, often in place for a variety of social goals, will
seriously disrupt trade in services and, increasingly, in goods as well. 5 0 Consistent
with this position, the United States has sought to expand the coverage of GATT
to include trade in services. The United States also urged that the OECD pass
a declaration on TDF that would include trade in services. Both approaches have
met with some success.
1. GA TT
First proposed in 1947, the General Agreement on Tariffs and Trade' (GATT)
is a multilateral agreement of close to ninety member nations that aims to loosen
trade barriers.' Its members account for more than four-fifths of the world's
trade.' Presently, GATT does not apply to international trade in services; member
nations are not precluded from creating barriers to trade in services. 1
The dollar volume of trade in services alone makes it an important issue in
the TDF debate. According to one estimate, the world's trade in service exceeded
$350 billion in 1980.'" In addition, because of data collection difficulties, the
estimate is probably too low. 5 6 The growth of the service industry worldwide
147. See Dougan, Keynote Addresses, in TRANSBORDER DATA FLOWS: PROCEEDINGS OF AN OECD
CONFERENCE HELD DECEMBER 1983 55, 60 (1985) (virtually every important sector of international
economy dependent on modern communication for work of daily business).
148. Changing Nature of TDF, supra note 7, at 9.
149. See UNITED STATES GOVERNMENT, UNITED STATES NATIONAL STUDY ON TRADE IN SERVICES 9
(1984) (suggesting that, as information and knowledge have become more marketable, their importance
to trade in services has also increased) [hereinafter cited as TRADE IN SERVICES].
150. See Trade Hearings, supra note 22, at 65-75 (statement of Geza Feketekuty, Assistant U.S.
Trade Representative for Policy Development) (reviewing key issues revolving around restrictions
placed on TDFs). Feketekuty identified the major areas of concern to the business community: (1)
regulation of TDF; (2) restriction on the use of foreign data processing facilities; (3) regulation of
telecommunications services, especially private lines; (4) establishment of discriminatory standards for
telecommunications services; and (5) discriminatory implementation of government regulations in the
communication and data/information industries. Id. at 69-71.
151. General Agreement on Tariffs and Trade, opened for signature Oct. 30, 1947, 61 Stat. A3,
A7 T.I.A.S. No. 1700, 55 U.N.T.S. 187.
152. UNITED STATES TRADE REPRESENTATIVE, A PREFACE TO TRADE 5 (1982).
153. Id. For a discussion of GATT principles, see id. at 5-10. See also E. McGOVERN, INTERNATIONAL
TRADE REGULATION (1982) for a complete discussion of GATT provisions.
154. Note, Legal Problems in Expanding the Scope of GA TT to Include Services, 7 INT'L TRADE
L.J. 281 (1982-83) [hereinafter cited as Expanding GATT).
155. TRADE IN SERVICES, supra note 149, at 8.
156. See id. (stating that due to inherent difficulties in collecting service industry trade data,
undervaluation of trade in services transactions is likely to be widespread among GATT contracting
parties).
has led to an increased dependence on the international exchange of information.,5 7

The United States is the leading service exporter, with approximately ten percent
of the world's total, and the United Kingdom, France, and Germany are not far
behind.5 8 Significantly however, eight lesser industrialized countries appear in the
top twenty-five service exporting nations.'5 9 Thus, both highly industrialized and
lesser developed countries have important service industries that must compete
in the world market.'6 Accordingly, varying segments of the world economy
would benefit from the liberalization of international trade in services.
The vehicle for such liberalization is the expansion of GATT to include trade
in services.' 6 ' The ultimate goal is to draft.a code of regulations for international
trade in services.162 The United States sought to achieve this expansion of GATT
in 1982.6 The results demonstrate the difficulty encountered. The GATT ministers
only agreed to study the issues further.'" Nations supporting the United States
effort at liberalization at that time included Great Britain, Germany, and Sweden
and to a lesser extent, Switzerland, Netherlands, Norway, Finland, Canada, Japan,
and Australia.' 6 Opposed to this effort were France and Italy and most of the
developing countries, especially India and Brazil.' 66
In November 1985, GATT members agreed to convene a preparatory committee
to "chart the course of a new round of world trade talks" scheduled to begin
in the fall of 1987.167 The Deputy United States Trade Representative, Michael
B. Smith, claimed victory, asserting that this new round would result in an
expansion of GATT to include trade in services.' 68 Brazil also claimed victory,
noting that the ministers formed the preparatory committee "without any pre-
conditions."' 69 The United States has indicated that if services are not included
in the next GATT round, the United States will not participate and will seek
bilateral trade pacts.17 0 The United States appears to have the votes necessary to
place services on the agenda."' If GATT were to cover trade in services, the
157. Id. at 9.
158. Id.
159. These nations are Mexico, Singapore, Korea, Yugoslavia, Greece, Saudi Arabia, Isreal, and
Egypt. Id.
160. Id. at 11.
161. See Krommenacker, Trade-Related Services and GATT, 13 WORLD TRADE L. 510 (1979)
(discussing the evolution of trade in services and its relation to GATT since the 1950's suggesting
possible GATT activities in this sector of trade).
162. Expanding GATT, supra note 154, at 285.
163. Id.
164. Id.
165. Id. at 286, n.32.
166. Id.
167. Wash. Post, Nov. 29, 1985, at D9, col. 3.
168. Id.
169. Id.
170. Id.; see Expanding GATT, supra note 154 (discussing how GATT might apply to trade in
services).
171. See Wash. Post, Nov. 29, 1985, at D9, col. 3 (United States claims support of 51 percent of
member countries to force inclusion of services in trade talks).
impact on TDF will be significant. The GATT principles of reciprocity, mutual

advantage, and nondiscrimination 7 1 would upset the barriers already in place that
protect privacy and national sovereignty over information. Current efforts to
preserve public monopolies in telecommunications and data processing, data-
bank, and computer equipment manufacturing might also be severely restricted.
At the same time, the MNCs would encounter fewer limits to entering domestic
markets, accessing and processing data, and generally moving information. The
1987 agenda and round of talks may prove to be historic.
2. OECD Declaration on Transborder Data Flows

While GATT members may successfully oppose extension of GATT to trade
in services, OECD member countries have recently expanded their TDF debate
to encompass trade in services. In April 1985, OECD member countries adopted
a declaration on TDF that "represents the first international effort to address
economic issues raised by the information revolution."' The Declaration ad-
dresses policy issues that arise from TDF, such as data and information flow in
trade, "intracorporate flows, [computerized] information services and scientific
and technological exchanges." 7 4 The Declaration acknowledges the increasingly
important role that TDF plays in "the economies of Member countries and in
international trade and services."' 7 OECD members have reaffirmed their desire
to facilitate access to data and information.' 76 Notably excluded, however, is the
more restrictive term "personal data" that appears in the OECD Guidelines of
Privacy.' 77 Instead, the Declaration refers to computerized data in the context of
trade and general economic concerns. 78
The Declaration thus broadens the range of TDF issues to be discussed by
member countries. It begins with a series of statements acknowledging the general
impact and importance of TDF in the economic and social structure of member
countries.'7 9 The Declaration also contains statements recognizing the inherent
differences among the economic and social. goals of members, the means used
to achieve those goals, and the members' capacity to benefit from TDF.8 0 The
172. Reciprocity refers to the exchange of equivalent concessions. Nondiscrimination refers to rules
governing most-favored-nations (MFN) status and national treatment. MFN obligations prohibit
discrimination between goods from different importing countries. National treatment obligations
prohibit discrimination between domestic and imported goods. Expanding GATT, supra note 154, at
288 nn.39-43.
173. OECD, Declaration on Transborder Data Flows (Press Release Apr. 11, 1985) [hereinafter
cited as OECD Declaration].
174. Id.
175. Id.
176. Id.
177. See supra notes 50 to 65 and accompanying text (discussing OECD Privacy Guidelines).
178. See OECD Declaration, supra note 173 (the fields of computers, information and commu-
nications are leading to changes in economies and trade of member countries).
179. Id.
180. Id.
thrust of the Declaration, however, is a set of "intentions." Member countries

apparently realize the benefits derived from access to information sources and
efficient and effective information services-their common interest in TDF-and
the need to reconcile their different policy objectives.' 8 ' In this context, OECD
members announced their intention to:
a) Promote access to data and information and related services,
and avoid the creation of unjustified barriers to the international
exchange of data and information;
b) Seek transparency in regulations and policies relating to infor-
mation, computer and communications services affecting trans-
border data flows;
c) Develop common approaches for dealing with issues related to
transborder data flows and, when appropriate, develop har-
monized solutions; [and]
d) Consider possible implications for other countries when dealing
with issues related to transborder data flows.'12
Thus, member countries have adopted a common approach to TDF and have
agreed to consult and cooperate in order to promote the free flow of information.'"
The contrast between this Declaration and the Privacy Guidelines of 1980 is
striking. While both seek free information flow, the Guidelines only cover personal
data. In addition, the Guidelines provide member countries with a framework in
which data flow can be restricted or impeded.' 8 4 The Declaration, on the other
hand, states that member countries will endeavor to avoid erecting barriers to
TDF. Instead, they will seek transparency in regulations, develop common ap-
proaches and harmonized solutions, and consider possible implications for other
countries.' 5 The Declaration, unlike the abstract dialogue that emerged from the
1980 Guidelines, facilitates commitment to unrestricted data flow.
This near-commitment to promote the free flow of information is broad in
scope. The Declaration states that member countries agree to work on data flow
issues in trade in services and business communications.' OECD members have
181. Id.
182. Id. (emphasis in original).
183. Id.
184. See supra note 50-65 and accompanying text (discussing OECD Privacy Guidelines).
185. OECD Declaration, supra note 173.
186. Id. at 2. The Declaration reads in part:
Bearing in mind the intention expressed above, and taking into account the work
being carried out in other international fora, the GOVERNMENTS OF OECD MEMBER
COUNTRIES,
Agree that further work should be undertaken and that such work should concentrate
thus become more ambitious, seeking a consensus among themselves that will
facilitate TDF and lower barriers in the trade and business arenas. In so doing,
members may recognize that efforts to assert sovereignty over information, protect
domestic monopolies, and regulate data flow will prove to be costly both eco-
nomically and socially.
Brazil, the focus of the following section, has gambled that such regulation
will lead to economic growth and increased international competitiveness. A
developing country with the most advanced regulatory schemes, Brazil is a case
study in the impact of barriers upon the information industry.
IV. INFORMATION POLICY IN BRAZIL
Brazil has viewed the increased availability of information as a tool to lessen

inequalities among nations.' Transborder Data Flow plays a particularly signif-
icant role in this process. Accordingly, Brazil has implemented coordinated policies
in telecommunications, informatics, telematics, and TDF.'" In 1984, the Brazilian
government introduced legislation aimed at furthering Brazilian development in
these areas. This section of the article describes the Brazilian policy and procedures
in regulating its information industry and concludes with a look at the new
Informatics legislation.
A. BACKGROUND
1. Telecommunications
Recognition of the disunity of the telecommunications network in Brazil led,
in 1962, to a complete overhaul.' The reorganization included creation of a
Ministry of Communications, a long-distance telecommunication company (EM-
BRATEL), and, in 1972, a telecommunication holding company (TELEBRAS).'*
By 1982, the TELEBRAS system consisted of 25 corporations, employing 100,000
workers and operating 8.5 million telephones."'9 The establishment of TELEBRAS
at the outset on issues emerging from the following types of transborder data flows:
i) Flows of data accompanying international trade;

ii) Marketed computer services and computerized information services; and
iii) Intra-corporate data flows.
The GOVERNMENTS OF OECD MEMBER COUNTRIES AGREED to co-operate

and consult with each other in carrying out this important work, and in furthering the
objectives of this Declaration.
Id. at 3.
187. BRAZILIAN CASE STUDY, supra note 1, at 184.
188. Id. For an explanation of these terms see supra note 1.
189. BRAZILIAN CASE STUDY, supra note 1, at 185.
190. Id.
191. Id.
began the second stage of Brazil's telecommunication development: the preperation

of an adequate infrastructure for telematics services; the digitalization of public
networks; and the development of a national technological capacity in this area.192
The impetus from these developments, aided by significant government pro-
motion of research and development, has sparked growth in the national data
industry and local technology. As a result, the TELEBRAS system has been able
to reduce its acquisitions from domestic affiliates of foreign corportions from
ninety percent in 1978 to forty-one percent in 1980." "[Tlhe Brazilian telecom-
munications policy has met successfully an increasing demand for better domestic
and international telecommunication . .. [and] has stimulated industrial devel-
opment and encouraged the emergence of a viable Brazilian-owned telecommun-
ication industry."' 94
2. Informatics
The beginning of the informatics sector in Brazil was marked by the creation
of the Coordinating Commission for Data Processing Activities (CAPRE) in 1972.
CAPRE was originally established to "rationalize the use of electronic data
processing by Government agencies."" 9 After the devastating effect of the oil
crisis on the balance of payments in 1974 and after four years of operations,
CAPRE was given the additional task of formulating an industrial policy for
informatics. In addition, to serve the purpose of protecting the informatics
industry, CAPRE was given some authority over the importation of data proc-
essing equipment, particularly parts and components."
CAPRE was succeeded by the Special Secretariat of Informatics (SEI), created
in 1979. SEI received greatly expanded authority, adding micro-electronics, te-
lematics, and real-time control systems to its purview."' The policy objectives
remained similar: to enhance the ability of national corporations to manufacture
increasingly complex technologies.' 98 The Presidential Guidelines established SEI's
responsibilities.' 99 In general, SEI's mandate was to stimulate and develop all
informatics technologies, promote and protect national companies that produce
systems and equipment, provide incentives for national service and software
industries, create a national network for data communications, and devise legal
and technical means to protect the privacy of data regarding individuals.2 oo This
192. Id. at 186.

193. Id.
194. Id.
195. Id. at 187.
196. Id.
197. Id.
198. Id.
199. Id. at 69.
200. The December 1979 Presidential Guidelines outlining SEI's responsibilities include:
1. Stimulation of, and participation in the development and absorption of technology,
policy encourages affiliates of foreign corporations to produce advanced computer

goods and services for both local and export purposes and improve local research
and development facilities. Once a product can be manufactured with national
capital, the new domestic industry is protected in the relevant market, "while
foreign affiliates are encouraged to shift towards more sophisticated products,
instead of upgrading products in the same segment." 20 ' Although these protective
barriers may be lowered once international competition is viable, the point of
viability has yet to be defined.
The 1982 Brazilian study suggests that the overall effect of this policy has been
positive. Foreign affiliates seem to operate successfully within the framework and
the local industry's share of the domestic market continues to grow. 202 SEI has
expanded its regulatory jurisdiction to microelectronics and software. Research
and development centers have been established for which the government has
provided fiscal incentives. These policies were deemed critical to strengthen Brazil's
domestic informatics industry and the industry's international competitiveness. 20 3
3. Transborder Data Flow

Policies governing TDF are based upon the principle that "information and
the means to treat it are economic resources subject to trade and crucial to socio-
economic development." 2 Thus, Brazil supports the right of any country to
regulate the nature of TDF.20 s Further, Brazil is guided by the principle that
components, equipment, programmes and services utilized in informatics.

2. Development of domestic capacities for the production of linear and digital elec-
tronic components, for the production of electromechanical equipment, and for the
production and processing of the basic materials of these components.
3. Promotion and protection of the technical and commercial viability of national
companies producing systems and equipment.
4. Provision of stimuli, incentives and guidance for the national software and service
industries.
6. Creation of a national network for data communications.

7. Creation of legal and technical instruments for the protection of the confidentiality
of data stored, processed and transmitted, with a view towards ensuring the privacy
and confidentiality of data regarding individuals and private and government institutions.
9. Appropriate implementation of the informatics policy through the coordinated

mobilization and use of financial resources.
10. Strengthening of international cooperation to develop technological capabilities and
protect national interests in the field.
Id.
201. Id. at 187.
202. Id. at 188.
203. Id.
204. Id. at 190. Because telematics policies are so closely linked to TDF policies, the discussion
of TDF also applies in large part to telematics.
205. Id.
establishing any international data communication link should not jeopardize

local operations by permitting these operations to be disrupted by an interruption
of the link. In addition, the link should lead to the importation of information
resources rather than their export and should not have a negative effect on the
country's balance of payments.2 06 Under Brazil's TDF policy, in order to establish
an international data-communication link, an application must be approved by
SEI. 2 " The links may be approved for specific purposes only and for fixed periods
of time. 208
Intracorporate TDF is treated differently from intercorporate or commercial
TDF, and, within each type, the use for the data will dictate policy.20 For
intracorporate flows, Brazil's goal is to strengthen the capabilities of the unit
located in Brazil. Various regulatory mechanisms are in place to foster the growth
of the data-service industry and create a competitive environment for that industry.
Thus, person-to-person data communication is not restricted in intracorporate
TDF, but if that communication has commercial purposes, it must be supplied
in Brazil by the telecommunication administration. 210 Similarly, a corporation
must keep a copy of its data base in Brazil whenever reasonable, and Brazil
disfavors intracorporate data processing abroad where a reasonable local alter-
native is available. On the intercorporate level, data base access is permitted only
if supplied in cooperation with Brazilian companies and structured in Brazil.
Intercorporate data processing is prohibited abroad except in exceptional circum-
stances. 21
Of the thirty-two applications to CAPRE/SEI for transnational computer com-
munication systems between 1978 and 1982, twenty-three were approved, seven
were refused, and two were still pending in March of 1982. Some disapproved
links were modified during negotiations between SEI and the applicants to meet
Brazil's TDF requirements and were then approved. Most applicants were MNCs;
twenty-seven of the twenty-nine approved links are corporate MNC computer
communications links. 2.2 Neither the volume of nor the propensity to use corporate
flows has been affected by the regulation of the TDF links, although some
adjustment was required for companies that had not found domestic locations.2 1
206. Id.
207. This policy began in 1978 under CAPRE. Id.
208. Id.
209. Id. For an explanation of this schema, see infra note 214 and accompanying text.
210. Id. at 190-91.
211. Id. at 136.
212. Id. at 191.
213. Id. The Brazilian case study includes examples of applications suited to SEI's requirements,
those approved after negotiations, and those deferred. One company approved after negotiations was
a foreign affiliate manufacturing electronic office equipment. The company initially sought approval
to perform several functions abroad, including support of local production, financial planning and
analysis, management of human resources and marketing, and maintenance of equipment the company
sold in Brazil. Although some of the functions were already performed abroad, the SEI believed that
establishing a transnational computer link would increase Brazil's dependence on foreigners. After
negotiations, the company and SEI arrived at an acceptable solution requiring that the company
The policy has spawned two national data-service companies, both for com-
modity quotations. 2 4 Applications by a "news agency and for a currency quotation
service" were also nearing final approval. 2 51 Overall, Brazil's TDF policy "can
be said to have generally neutralized a number of those impacts of links that
would otherwise have been negative." 2 16
In relation to Brazil's general objectives regarding information re-
sources, the country's [TDF] policies have led to the increased location
of computers, software, data bases and skilled human resources in the
country and more extensive national control over them. As a result
of Brazil's policy, [TDF] links are not being used to export information
resources and do not increase the country's international economic or
political vulnerability. In the few cases in which Brazil's objectives
were at stake, negotiations between the applicants and SEI led to
mutually satisfactory results. The country's [TDF] policy has also
contributed positively to the emergence of a national data industry,
especially its data-base segment. Since the same policy has strengthened
information resources in other sectors of the economy, it has, in fact,
contributed to the country's overall socio-economic development.2 "
Brazil appears to have chosen the path of controlling its information industries
and information flow. Much of the effort contravenes the MNCs' desire for
unregulated information flow. Data processing is restricted outside of Brazil.
Anyone accessing data bases is likewise encouraged to use Brazilian suppliers.
Even person-to-person data communication is regulated through a protected in-
dustry. Brazil has used traditional trade barriers to place an economic value on
information, not by simple taxation, but rather by utilizing information as a
resource. As such, it has become the raw material for industrial growth and job
creation. In the process, Brazil has taken a great risk in hoping that it can compete
successfully with MNCs on an international level.
B. THE NEW INFORMATICS LEGISLATION
As yet another step in implementing Brazilian policies, the National Congress

of Brazil approved new Informatics legislation in October 1984. The new law
continues the policy objectives outlined for SEI while tightening some restrictions
on foreign affiliates of MNCs. The new law's basic features are summarized
below. The first National Informatics Plan, initially approved in September 1985
is also examined.
import a large computer into Brazil to accomplish most of the functions. Strategic planning, which
was part of a world wide effort, would still take place overseas, but the company link would not
be used to place the Brazilian affiliate in a peripheral role. Id. at 158-59.
214. Id. at 161.
215. Id.
216. Id. at 193.
217. Id.
1. Overview of the 1984 Law

The new law will become the "legal instrument for monitoring the comput-
erization of Brazilian society from now on."m" It applies to the entire information
industry, although it is virtually silent on TDF. The law's only reference to TDF
is to call for special laws governing that area because of its wide impact and
privacy concerns . 2 Fonseca highlights the main features of the law:
1. The creation of the National Council of Informatics and Au-
tomation, CONIN, directly responsible to the President of Brazil and
under which is the National Secretariat for Informatics. CONIN has
the responsibility to elaborate the National Plan for Informatics, to
be submitted every third year to the National Congress. [CONIN
controls SEI.]
2. Adoption of restrictions on production, operation, marketing
and importing of technical goods and services in informatics. These
restrictions are of a temporary character and will remain in force until
the national companies are consolidated and able to compete on the
international market. This item assures the market reserve for the
national firms in terms of mini and microcomputers.
3. For the purposes of this law there are considered as national
companies all juridicial [sic] personalities constituted and with head-
quarters in Brazil, whose control is permanently, exclusive by [sic] and
[uInconditionally in the hands of Brazilian persons or entities of public
rights. Control in this context is in terms of decision, technology, and
capital.
4. For the accomplishment of R & D projects and also for the
production of goods and services of informatics to national companies,
[one] can receive exemptions [of] up to 100% in taxes on imports and
industrial products.
5. Foreign companies that are interested may produce their equip-
ment in the informatics export districts, located in the north and
northeast regions of Brazil, provided that their production is destined
exclusively for the foreign market.
6. Creation of a line of fiscal incentives for purchase of shares of
national companies linked to informatics.
7. Creation of the National Informatics Center Foundation with
the objective of promoting scientific and technological research in
informatics activities. Among the financing sources of the Foundation
218. Fonseca, supra note 138, at 13.

219. AMERICAN CHAMBER OF COMMERCE, TRANSLATION OF BRAZILIAN INFORMATICS LAW art. 40
(1984) [hereinafter cited as INFORMATICS LAW].
is the Special Informatics Fund, also created by the same law. 22 0

President Figuierdo signed the bill on October 29, 1984, but vetoed several
provisions. 22 1 The most significant provisions vetoed include the special fund for
research (Article 29), workers involvement in plant automation decisions (Article
40), and the citizen's right of access to information concerning him contained in
data banks (Article 41).222 While the Brazilian Congress had an opportunity to
override the vetoes when it reconvened in March 1985, the only veto originally
believed to have a serious chance of being overridden was Article 29.223 Even
that veto, however, apparently remained since the First National Informatics Plan
(PLANIN) approved by CONIN on September 30, 1985, sought to reinstate the
originally planned research and development (R & D) fund. 224
A significant feature of the new law is the continuation of the market reserve
for "national" companies for approximately seven years. Imports and production
of mainframe computers by foreign affiliates are allowed, while the mini and
microcomputer sectors are the exclusive domain of firms with domestic technology
and capital.2 5 Zazi Correa Da Costia, coordinator of International Affairs for
SEI, stated in support of the market reserve policy that "[tihe largest part of
the market [other than mini and microcomputers] is still open. If we achieve the
capacity to produce certain items . . . that are now beyond the capacity of our
domestic sector, then we will go ahead [and expand the market reserve], but even
in those cases it is not true that only Brazilian technology will be accepted." 226
Not surprisingly, the Brazilian computer industry strongly supports the market
reserve policy. Edson Fregni, president of Scopus Technologia, a manufacturer
of microcomputers, commented that this policy promotes development of a Bra-
zilian industry that includes hardware and software. He continued:
In the computer field today in Brazil the process of technological
development is not up to date. It is behind foreign firms. For capitalists
in Brazil, as well as foreigners, to invest in a certain sector, they need
assurances of return. We need a law that will give us a more stable
environment, maintained for a longer period, to justify the investment
of Brazilian capitalists. 2 27
United States firms have been critical of the market reserve policy. For example,
the director of systems marketing for Control Data do Brasil, stated that "a
market cannot be isolated within the world of informatics." 228
Fonseca, supra note 138, at 13.

220.
221.
Telegram from American Embassy in Brazil to Sec'y of State (Oct. 1984).
Id.
222.
Id.
223.
224.
Telegram from American Embassy in Brazil to Sec'y of State (Oct. 1985).
Brazil's Proposed National Computer Law Would Regulate Imports of Goods, Services, I
225.
INT'L TRADE REP. (BNA) 158, 159 (1984).
226. Id.
227. Id.
228. Id.
IBM has sought to join with Brazilian manufacturers to get around restrictions
on foreign companies. It is offering to share its technology and marketing system
with Brazilian companies, enabling IBM to enter restricted markets. IBM had
been talking to twelve Brazilian companies about joint ventures and licensing
arrangements.229 Under the new law, however, no joint ventures between Brazilian
and foreign firms would be allowed unless "there is no availability of corre-
sponding technology within the country." 2 0 Thus, IBM may be unable to enter
into joint ventures with Brazilian companies in the mini and microcomputer arena.
The cost to the consumer of excluding IBM is illustrated by the fact that in mid-
1984 a Brazilian computer similar to the IBM-PC sold for $10,500.231 Thus,
opponents of market reserve note that MNCs could produce higher quality prod-
ucts within the country and sell them to consumers at a lower price than domestic
producers.2 2
The new law also requires manufacturers to disclose technical information
needed for interconnection with other units.23 3 The extent of the required disclosure
is not clear from the law, although it appears that, for example, IBM would be
required to disclose enough information so that a minicomputer produced in
Brazil could be connected to one of its computers. Undoubtedly, IBM would
object to such disclosure requirements.
Although the law says little about TDF, it appears that regulation of information
flow will continue, especially in light of the new law's tightened controls over
information. Whether Brazil envisions taxing information flow or requiring all
flow to use public lines is not clear. However, Brazil apparently will exercise
even greater control over information flow in the future. Proposals to make
Brazilian privacy and data protection laws consistent with the OECD Guidelines
seem to have been rejected in favor of control over information. Moreover, Brazil
opposes expansion of GATT to include trade in services.
Brazil's new informatics legislation will enable the country to continue its policy
of fostering the creation of a more independent informatics sector through leg-
islation and incentives designed to stimulate research and development and nurture
domestic industry. The government has committed itself to this policy. It has
placed the new CONIN at the cabinet level reporting directly to the president. 234
Further, CONIN is under civilian rather than military control, suggesting that
this policy is truly aimed at economic development.
2. CONIN's 1985 Plan
On September 30, 1985, CONIN submitted the first National Informatics
Plan (PLANIN) to the Brazilian Congress as required by the Informatics
229. Wall St. J., Jan. 13, 1984, at 27, col. 1.

230. Wash. Int'l Bus. Rep., Sept. 26, 1984, at 2.
231. By mid-1985, the price had decreased to $6650 and was expected to drop to $5600 by 1986.
C. Frischtak, THE INFORMATICS SECTOR IN BRAZIL: POLICIES, INSTITUTIONS, AND THE PERFORMANCE
OF THE COMPUTER INDUSTRY 31 (August 1985) (unpublished work on file with the Journal of Law
and Technology).
233. INFORMATICS LAW, supra note 219, at art. 22.
234. Id. at art. 4-5.
law."' The Plan stressed the positive effects of the informatics policy, emphasizing
the increased participation of Brazilian firms in total sales and in the installed
computer base, the systematic reduction in the price differential between national
and foreign products, and the employment of 20,000 people, one-third of whom
hold college degrees. 236
The Plan announced three objectives: 1) to increase economic and political/
military autonomy; 2) to increase the economy's productivity; and 3) to spread
the benefits of the informatics revolution to the Brazilian public. 31 To meet these
objectives, the Plan presents an external and an internal strategy.
The external strategy calls for the "safeguarding of the principles of national
informatics policy on both bilateral and multilateral levels." 238 The Plan recom-
mends organizing international cooperation programs to develop new technologies,
"especially with developing countries."'2 9 Specific countries mentioned as potential
partners are China, Argentina, Mexico, and India. 240 A desire for cooperation
with Germany, Switzerland, and France is also expressed. 24 ' The external strategy
also calls for preparing domestic informatics firms to export their products. 242
Such products will be exempt from export taxes. 243
The internal strategy focuses upon four areas:
1) diffusion of the benefits of the informatics process by better social
services, creating mechanisms to enable workers to participate in the
benefits of increased productivity; 2) consolidation of the production
of goods and services with special attention to microelectronics and
software; 3) strengthening R & D activities by executing integrated R
& D programs involving research centers, universities, and businesses
. . . ; [and] 4) increased formation of human resources by prioritizing
and upgrading programs offered in the informatics area and by granting
overseas scholarships for doctoral studies where no domestic program
is available. 244
The Plan also requires foreign firms to invest five percent of their annual sales
in areas of R & D that CONIN designates as having a high priority.2 45
Finally, financial incentives for various activities identified in the Plan will
total approximately $126 million per year over three years. 246 Of this amount, R
235. Telegram from American Embassy in Brazil to Sec'y of State (Oct. 1985).
236. Id.
237. Id.
238. Id. at 2.
239. Id.
240. Id. at 2-3.
241. Id.at 3.
242. Id. at 1.
243. Id. at 6.
244. Id. at 1.
245. Id.
246. This figure is a relatively modest one. IBM do Brasil alone invested $120 million in 1985.
Id. at 6.
& D projects account for approximately two-thirds. Reflecting the Plan's emphasis
on microelectronics, research in this area will receive the greatest support.24 1
CONIN retains discretion in deciding which projects will qualify for these fiscal
incentives. 2 4 8
The Plan appears to be a generalized set of principles granting great flexibility
to CONIN. 2 4 9 It says little about controversial issues such as market reserve, joint
ventures, and free trade zones, all part of the original Informatics law. 25 0 Software
protection is also given low priority, with regulation of the commercialization of
software a more important short term goal."'
The Plan continues the country's long-standing regulatory approach with no
startling exceptions. Despite controversy and both internal and external opposition,
Brazil remains committed to developing an informatics industry that will compete
effectively in the world market and benefit the nation's populace.
Brazil has become a model to other developing nations for exerting control
over an important national resource: information. In so doing, it is trying to
reverse the traditional international role of a developing nation as a resource for
a developed one. Brazil is attempting to control MNCs and prevent an increase
in the disparity between itself and developed nations. Brazil has had some success
in this effort. The informatics policy has "been instrumental in fostering the
establishment and growth of a sizable number of national firms engaged in the
design and assembly of computer systems and peripherals." 25 2 These national
firms have increased in size, number, and market shares quite rapidly.2 11 Perhaps
Brazil studied Japan's recent history and concluded that many things are possible
with proper planning, government support, and investment in scientific research
and development.
Fonseca has summarized the Brazilian situation:
[I]t can be said that there is today in Brazil a favorable attitude of
confidence and expectation with regard to the coming of computeri-
zation. In spite of many . . . problems, the structural conditions of
the country, as a whole, are favorable and practically all the anticipatory
and preventive actions that should have been taken have been taken.
In this way, Brazil seems to be prepared to fight this battle and with
fairly good chances of winning it. 254
247. Id. at 1-2. Financial incentives for informatics sectors include amortizing purchase costs of
software over three years, exemptions from import costs, accelerated depreciation, and income tax
deductions. Id. at 6.
248. Id. at 1.
249. See supra notes 238 to 245 (discussing the wide-range of goals available to CONIN).
250. Id. See supra notes 195 to 203 and accompanying text.
251. Id. at 2. References to software protection appeared in an annex not presented to CONIN.
Id. See Brazil Prepares to Institute New Computer Software Protection Despite U.S. Protest, I INT'L
TRADE REP. (BNA) (1984) (describing the proposed software protection bill).
252. C. FRISCHTAK, supra note 231, at 1.
253. Id. at 2.
V. CONCLUSION
United States policy regarding transborder data flow has been relatively con-
sistent over the last six years. 2 " The government agencies most involved with
TDF issues are the Departments of State and Commerce and the Office of the
United States Trade Representative. These agencies have endeavored to work
closely with United States corporations to reduce barriers to the free flow of
information while maintaining the integrity of corporate information flow. In so
doing, the United States has actively sought to expand OECD and GATT to
include trade in services. 25 6 Implicit in these goals is the belief that service trade
and TDF are closely entwined and that barriers to either severely handicap the
other. This policy has been opposed by countries like Brazil that view liberalized
trade in services as the death-knell to their effort to compete with highly indus-
trialized nations.257
Even within the United States, companies facing competition in services from
abroad, as well as relaxed antitrust laws, have begun to cooperate in research
and development efforts. 2 For example, IBM has joined AT & T and General
Electric among others in semiconductor research while several companies including
General Dynamics, Boeing, Grumman, Bendix, and Northrop have been studying
ways to develop computer software for military projects. In the electronics area,
twenty-one companies plan to spend up to $700 million over ten years to develop
advanced computer technology.2 9
Thus, it appears that ideas like ESPRIT and Brazil's Informatics efforts will
not go unanswered. United States initiatives to maintain dominance in the service
arena may result in increased barriers to the flow of information. As countries
attempt to exert more sovereignty, however, their ability to compete diminishes
as market forces are restricted. Protectionism in trade in goods has not benefitted
the world economy. Protectionism in the flow of information threatens to be
even more harmful.
This article has focused upon the privacy and data protection issues raised by
TDF and on the struggle between free information flow and national sovereignty
in corporate and trade areas. The unique case of Brazil was discussed as an
example of the use of national information policy to foster economic growth. In
exploring some of the more significant issues in TDF, this article has demonstrated
how economic issues may override other concerns in setting TDF policy. The
ideal of the free flow of information may be doomed as national self-interest
motivates policy. In any case, the struggle will persist for a long while.
255. See e.g., International Data Flow: Hearings Before a Subcomm. of the House Comm. on
Gov't. Operations, 96th Cong., 2d Sess. (1980) (discussing several aspects of United States policy on
TDF since 1980); NTIA Report, supra note 95 (same); TRADE IN SERVICES, supra note 149 (same).
256. International Telecommunications and Information Policy: Hearings Before a Subcomm. of
the House Comm. on Gov't Operations, 97th Cong., Ist Sess. (1982) (statement of Richard B. Self,
Acting Ass't U.S. Trade Representative).
257. See supra notes 205 to 208 and accompanying text.
258. N.Y. Times, Jan. 14, 1986, at DI, col. 3.
259. Id.

1 JLTech 31

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1 JLTech 31

Uploaded by

Copyright:

Available Formats

Content downloaded/printed from HeinOnline

Tue Dec 17 08:24:02 2019

Bluebook 20th ed.

ALWD 6th ed.

APA 6th ed.

Chicago 7th ed.

McGill Guide 9th ed.

MLA 8th ed.

OSCOLA 4th ed.

World demand for information has increased dramatically. Multinational cor-

1. THE INTERNATIONAL IMPACT OF TRANSBORDER DATA FLOW

processed in another. However, the proliferation of new communications tech-

in Cleveland, Ohio.' The Cleveland computer contained information about the

II. THE POLICY CONFLICT BETWEEN SOVEREIGNTY AND FREE FLOW OF

The tension between protecting, controlling, and denying information, on the

8. Basche, Information Protectionism, ACROSS THE BOARD, Sept. 1983, at 38.

Competition between the exclusive interests of information control

15. Id. (emphasis added).

exporter of services in the world, generating close to $60 billion in revenue in

In many countries, telecommunication services are provided by a publicly owned

4) There may be adverse effects on the development or continued

31. Id. at 77-78.

A. TDF AS A DATA PROTECTION AND PRIVACY ISSUE

35. Id. at 69.

c. adequate, relevant and not excessive in relation to the purposes

43. Id. at art. 5.

Transborder flows of personal data and domestic law.

3. Nevertheless, each Party shall be entitled to derogate from the provisions of

a. insofar as its legislation includes specific regulations for certain categories

2. Organization for Economic Cooperation and Development

47. Walker, supra note 37, at 37.

49. Id. at 622.

specification, use limitation, security safeguards, openness, individual participa-

56. Id. at 10-11. Part Two of the OECD Guidelines states:

[Collection Limitation Principle.) There should be limits to the collection of personal

a) with the consent of the data subject; or

[Security Safeguards Principle.] Personal data should be protected by reasonable

[Openness Principle.] There should be a general policy of openness about develop-

[Individual Participation Principle.] An individual should have the right:

a) to obtain from a data controller, or otherwise, confirmation of whether or

i) within a reasonable time;

[Accountability Principle.] A data controller should be accountable for complying

57. Id. at 26.

65. Id. at 34.

87. Data Protection Act, § 24.

B. TDF AS A BUSINESS ISSUE

[5] restrictions on the impact of equipment, spare parts, or software;

Foreign firms (primarily IBM) must not be allowed to be instruments

121. Fishman, supra note 105, at 23.

130. Id. at 18.

developed" developing"" countries, with more domestic industry at stake, have

communications, such as banking, tourism, transportation, and manufacturing."'

has led to an increased dependence on the international exchange of information.,5 7

impact on TDF will be significant. The GATT principles of reciprocity, mutual

2. OECD Declaration on Transborder Data Flows

thrust of the Declaration, however, is a set of "intentions." Member countries

IV. INFORMATION POLICY IN BRAZIL

Brazil has viewed the increased availability of information as a tool to lessen

i) Flows of data accompanying international trade;

iii) Intra-corporate data flows.

The GOVERNMENTS OF OECD MEMBER COUNTRIES AGREED to co-operate

began the second stage of Brazil's telecommunication development: the preperation

192. Id. at 186.