Should Fundamental Rights to Privacy and Data Protection Be a Part of the EU’s International Trade ‘Deals’?

This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU’s ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.<br><br>Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.


I. Introduction
The recent Communication from the European Commission (Commission) rightly acknowledges that "[I]n the digital era, promoting high standards of data protection and facilitating international trade must … necessarily go hand in hand." 1 This document was the non-compliance with international trade law commitments may still lead to EU's liability under public international law and its well-established pacta sunt servanda (Latin for "agreements must be kept") principle. 10 Therefore, the mechanisms protecting the autonomy of the EU legal order do not give the EU a license to enter into international trade agreements with which it will not be able to comply.
The founding EU Treaties require that the negotiation and conclusion of international trade agreements be guided by the universality and indivisibility of human rights and fundamental freedoms, respect for human dignity and principles of the United Nations and international law. 11 To remain faithful to this requirement, the EU should maintain its autonomy to protect privacy and personal data as fundamental rights, not just as instruments to generate consumer's trust. Inspired by recent developments in labour standards, environmental protection and sustainable development in post-GATS FTAs, this article suggests a clear path forward. That said, the purpose of this article, however, is not argue that the EU should export its privacy and data protection framework to other nations.
The article builds on available literature on WTO law 12 and its interaction with international human rights law. 13 It also relies on a body of research covering the various facets of the EU right to privacy and data protection. 14 This article coincides with ongoing negotiations of TiSA and of the Free Trade Agreement with Japan. It thus aims to be a timely contribution to the academic and policy debate. In both cases the EU had not, as of this writing, formulated its position on crossborder data flows and high standards of the protection of personal data in this connection.

Tensions between dignitary and economic aspects of personal data
There are two ways to look at personal data, namely from an economic perspective and from an individual rights perspective. In economic terms, personal data is both a commodity and an 10 Articles 26, 27 VCLT. 11 Articles 3(5) and 21 of the Treaty on European Union, consolidated version, OJ C 326, 26.10.2012, 13-390. 12  ancillary factor of production of goods and services perhaps best described as a digital currency.
Personal data has undoubtedly become a traded commodity in itself: there are new markets for brokers to acquire, store, process, and sell personal data. 15 In its ancillary role, personal data acts as an input in several production processes. For example, data on the creditworthiness of individuals affect the provision of financial services, such as lending, 16 and assist a business in fine-tuning a good or service, such as computer games, to consumer needs in order to increase revenue per user.
Yet personal data is distinct from other types of information because of its inextricable link to the data source: individuals. Within the EU, those individuals' right to human dignity "must be respected and protected." 17 Human dignity is said to be the basis of all fundamental rights and is thus part of all fundamental rights guaranteed by the Charter. 18 Put differently, the right to privacy and the right to the protection of personal data may be viewed as integral parts of and key instantiations of the protection of human dignity guaranteed by the Charter. 19 In a broader societal context, personal data thus has intrinsic value beyond the economic value attributed by the market and so does the value of the right to protect personal data. It has a societal dimension that exceeds the value to particular individuals whose data may be compromised. Personal data protection is a "social structural imperative in a democracy." 20 Hence, in an era of "surveillance capitalism" 21 characterised by the unprecedented accumulation of personal data by IT companies what is at stake beyond individual rights are principles of "the sanctity of the individual and the ideals of social equality, the development of identity, autonomy, and moral reasoning; the integrity of contract, the freedom that accrues to the making and fulfilling of promises; norms and rules of collective agreement; the functions of market democracy; the political integrity of societies; and the future of democratic sovereignty." 22 15 F Costa-Cabral and O Lynskey 'The internal and external constraints of data protection on competition law in the EU' (2015) LSE Law, Society and Economy Working Papers 25/2015, 11 <http://eprints.lse.ac.uk/64887/1/Lynskey_Internal%20and%20External%20Constraints%20of%20Data%20Protecti on%20_Author_2015.pdf>. 16 Ibid. 17 Article 1 of the EU Charter. 18  2. Conflict of regulatory goals and fragmentation of data protection standards According to regulatory theory, regulation pursues either economic or social (non-economic) goals, and in some cases both. 23 Although there is not always a clear borderline between social and economic regulation, the primary aim of economic regulation is typically the correction of market failures, such as negative externalities or reduction in the quality or quantity of public goods. In contrast, non-economic regulation pursues interests not directly related to the production of commodities. It often aims to protect "community values." 24 On a par with safety, health and environmental issues, protection of fundamental rights is a high example of the protection of such values. This "goal" -and the normative foundations of the legal provisions meant to achieve itoften predetermine both regulatory design and methods. The regulation protecting privacy and personal data can be seen in both dimensions.
From an economic perspective, the protection of privacy and personal data is a key building block of consumers' trust in suppliers and more generally of their confidence in electronic commerce. Trust is an important component of contractual relationships in general, and this is perhaps even more so in electronic transactions, which imply a higher degree of impersonality.
Trust meets all the criteria of a public good. 25 It is non-exhaustible in the sense that, in consumer transactions, the exploitation of the trust of consumers by one service supplier does not leave less trust for others. It is also very costly to prevent service suppliers who did not invest in producing it from exploiting this trust. As a public good, trust becomes the kind of valuable and vulnerable resource the production of which cannot be fully left to, or supplied by, the market. 26 Accordingly, rules protecting privacy and personal data with this purpose in mind are economic in nature, as their primary aim is correcting a market failure and the supply of a public good. This stands in sharp contrast to the protection of privacy and personal data as fundamental rights, because such protection is not instrumental to some other goal. The next step is to recognize that the goal of privacy and personal data protection predetermines the desired optimal level of protection and the design of the regulatory framework.
If the goal is economic and instrumental, then it is justified only to the extent necessary to generate and preserve consumers' trust ("bottom-up regulation design"). If the protection is granted for its own sake as independent normative significance, the level of protection will tend to be higher ("top-down regulatory design") than the level that is necessary to advance social welfare from the 23  welfare economics perspective. 27 Shavell illustrates the point by the following example: "if promise-keeping is granted independent significance, more promises will be kept than would be best if the goal were to keep promises only to advance individuals' utilities, and whatever utilitybased measure of social welfare one endorses will likely be lower than it could be". 28 Furthermore, trust is a subjective notion. It is not the objective level of control over personal data, but rather the perceived level of control that affects users' personal data sharing practices. For example, empirical research on Google My Account privacy dashboard shows that "perceived transparency of the provider Google has significantly positive effect not only on the users' trust in the [Google My Account] but also in Google itself". 29 Users' trust does not seem to be linked to Google's actual data processing practices that are neither transparent nor verifiable.
The dependence of the regulatory design on its underlying objective can be demonstrated by juxtaposing the non-binding privacy and data protection standards adopted by the OECD and APEC on the one hand, and the Additional Protocol to Convention 108 and the EU on the other hand. Within those, the rules most affected by the normative goal are those on cross-border transfer of personal data to third countries.
The comparison of rules on cross-border transfer of personal data suggests that legal regimes protecting privacy and personal data as a fundamental or human right tend to be more protective.
Simply put, the higher the weight afforded to economic interests in the regulation of privacy and data protection, the lower the standard for permissibility of cross-border data flows to countries not adhering to the relevant standard. From the perspective of international trade law, economic regulation of privacy and data protection is thus less trade restrictive than regulation driven by fundamental rights concerns, precisely because one of the aims of economic regulation in this area is to protect only as much as is necessary to achieve the instrumental objective of generating a sufficient amount of trust for the system to operate. It is bottom up because it starts from a theoretical level at which there is no protection and increases just enough to achieve the stated objective. Conversely, the starting point of public policy regulation is top-down: a high level of protection which can be lowered only to the extent necessary to safeguard competing interests. Personal Data. 30 These are an updated version of the 1980 OECD Guidelines, the first international non-binding standards -the most influential and geographically widespread of the kind. 31 The Guidelines were driven by the fear that privacy regulation would be used for protectionist purposes, rather than the individual rights concerns. 32 Their 2013 revision subordinated the regulation of transborder flows of personal data to economic needs even more than the previous set by adopting a risk-based approach. 33 The primary purpose of this economic approach is to keep restrictions on such flows to a minimum. The framework of the 2013 Guidelines is based on the accountability principle, which requires that "a data controller remains accountable for personal data under its control without regard to the location of the data". 34  Additional Protocol to the Convention safeguard the right to the protection of personal data in the broader sense, irrespective of the private and family life context. As is evident from the Preamble, the Convention aims both to protect privacy and to ensure the free flow of information. Yet, the protection of fundamental rights prevails because the primary goal of the Convention is to "secure … respect for … rights and fundamental freedoms, and in particular … right to privacy, with regard to automatic processing of personal data". 41 Following the Council of Europe legal tradition, the EU guarantees both the right to privacy and a sui generis right to the protection of personal data independent of the right to privacy, in Articles 7 and 8 of the Charter, respectively. These fundamental rights constitute a part of EU primary law and are thus considered constitutional principles. Explanations to the Charter reveal a close relationship between the two rights including their common roots in the international human rights system. Article 7 of the Charter builds on Article 8 of the (ECHR), 42 which is itself rooted in UDHR. 43 Explanations of Article 8 refer, inter alia, to Article 8 of the ECHR and on the Convention 108 as sources of inspiration. This fundamental rights approach is implemented in the DPD and the GDPR that will supersede it in May 2018.
Unlike the approach adopted in the OECD and APEC principles, EU rules on the transfer of personal data to third countries are based on the so-called "prohibition with derogations" approach. is assessed on a country-by-country basis. In the words of CJEU adequate means "essentially equivalent" to the level of protection of fundamental rights and freedoms guaranteed by the Charter and the DPD. 45 A country is recognised as ensuring an adequate level of protection only after an assessment of its legal and administrative mechanisms of personal data protection by the European Commission. 46 If the assessment results in a positive finding, the Commission issues a legally binding "adequacy decision". 47 A completely different fate awaits transfers to third countries where the level of personal data protection has not been assessed by the Commission, or where the assessment resulted in a negative finding. 48 Transfers of personal data can lawfully occur to such countries only subject to "appropriate safeguards" of data controller or possessor (for example, adequate safeguards with respect to the protection of privacy and personal data given by the controller (such as standard contractual clauses), binding corporate rules (BCRs) that provide a legal basis for cross-border transfers of personal data within multinational companies), or limited derogations (such as unambiguous consent of the data subject or the performance or conclusion of a contract with or in the interest of the data subject). 49

Fragmentation of international privacy and data protection standards
The conflict of regulatory goals has led to a fragmentation of privacy and data protection standards and rules across the globe. Before these conflicting goals can be reconciled or bridged, harmonization seems almost impossible. 50 In addition, there is no international intergovernmental organisation explicitly mandated to create unified international privacy and data protection standards.
The problem the lack of harmonization creates in the context of international trade law is the absence of a single reference pointa unified international privacy and data protection standardthat parties to free trade and investment agreements could refer to and promise each other to uphold commerce and the facilitation of cross-border data flows. Therefore, the risk is that, given the economic object and purpose of international trade law, an economic approach to privacy and personal data protection supported by influential international organisations such as OECD and APEC, will enter the public international law scene through the back-door of international trade law. This could undermine fundamental rights approaches to privacy and personal data protection.
The section below demonstrates that while in its most recent trade agreements the EU tried to inject more privacy and data protection provisions, they do not fully accommodate the normative foundations of privacy and data protection in the EU.

III. Relationship between rights protecting personal data and international trade agreements
The EU privacy and data protection framework is rooted in the human right to privacy. While it is true that international trade law cannot directly modify international human rights norms, scholars have suggested that it can do so indirectly by limiting the states' power to regulate in a manner supportive of human rights. 51 In other words, it constrains the possibility to protect human rights on the national level. 52 Human rights treaties are often formulated in a very general manner, leaving a wide margin of appreciation to member states, and leading to wide variations in means of implementation and application at the national or regional level. International trade law then creates limiting windows for the states to implement human rights obligations and pursue national policy objectives.

The right to regulate
The autonomy reserved for parties to FTAs to maintain and enforce measures to pursue national policy objectives, including privacy and personal data protection, is often referred to as the "right to regulate". 53 This right to regulate can be compared with Dworkin's hole in a "doughnut"a metaphor he coined to explain the concept of discretion. The hole only exists "as As the WTO Appellate Body explained in one of the most recent rulings, the right to regulate in international trade law has two facets: the right to regulate in accordance with the trade liberalisation commitments on one hand, and the right to regulate notwithstanding such commitments, on the other. 55 It is only in the second context that the right to regulate counterbalances the primary goal of the GATS to achieve "progressively higher levels of liberalization of trade in services." 56 By contrast, some FTAs concluded by the EU after 2010 give more space to the right to regulate. For example, the FTAs with Korea and Singapore mention the right to regulate not only in the preamble, as is the case in the GATS; they contain an article on the right to regulate in the body of the agreement. However, this greater focus does not necessarily result in granting the parties greater autonomy to regulate in violation of their trade liberalisation commitments. The right to regulate is limited either by a requirement of "necessity" (of adopted measures to achieve certain public policy objectives), as in the FTA with Singapore, or by both a "necessity" requirement and a requirement that such "measures not constitute a means of unjustifiable discrimination or a disguised restriction on international trade", as in the FTA with Korea.
2. Interfaces between the right to regulate to protect privacy and personal data in international trade agreements A broad right to regulate appears in FTAs in three different ways. First, it may be indirectly injected in the interpretation of flexible provisions used in the formulation of non-discrimination commitments, such as most-favoured nation treatment (MFN) and national treatment. A number of scholars have suggested that EU rules on transfer of personal data to third countries that depend on the adequacy assessments by the Commission could violate one or both of these obligations. 57 Second, specific provisions concerning the protection of privacy and/or personal data may be qualified as instantiations of the right to regulate. Third, the right to regulate may be seen as incorporated in general exceptions. All such interfaces tilt the privacy and personal data protection towards economic regulation. 2.1 Flexible terms in non-discrimination commitments ("likeness," "no less favourable," "like circumstances") Non-discrimination commitments concerning trade in services are embodied in the GATS.
The MFN obligation (GATS Article II) requires that WTO members treat services and service suppliers of other WTO members in a manner "no less favourable" than "like" services and service suppliers of any other country. National treatment (GATS Article XVII) 58 requires that "like" foreign services and service suppliers receive a "treatment no less favourable" than domestic services and service suppliers of the WTO member. The two-prong test for establishing a violation of the MFN and national treatment obligations is essentially the same: 59 -Comparison of service and/or service supplier to determine whether they are "like," and -Comparison of the treatment of a service and/or service supplier of a complaining WTO member to see if it is "less favourable" than treatment of a "like" service and/or service supplier from another country (MFN) or domestic service and/or service supplier of the WTO member accused of violation (national treatment).
In most of the EU's bilateral post-GATS FTAs, the wording of non-discrimination commitments corresponds to the GATS. A few recent agreements depart from this formula and instead refer to "like situations" 60 or "like circumstances." 61 The terms "likeness," "like circumstances," "like situations" and "no less favourable" are not defined in the relevant FTAs and are interpreted on a case-by-case basis. 62 WTO adjudicating bodies play a key role in the application and interpretation of fundamental principles of international trade law such as MFN and national treatment. 63 Therefore, the discussion below focuses on the WTO approach which may apply to other FTAs using similar terminology. 58 A specific commitment that only applies in relation to service sectors indicated in a party's schedules of specific commitments (Article XX GATS). 59  four criteria is consumers' tastes and habits or consumers' perceptions and behaviour in respect of the products in question. 73 The application of this criterion to services requires an assessment of the extent to which consumers perceive and treat the compared services as alternative means of performing particular functions in order to satisfy a particular want or need.
It could be argued that the level of personal data protection is a characteristic that directly affects the consumers' perception of services and suppliers. Consumers presumably treat services and service suppliers affording different levels of personal data protection not as alternative means of performing the same function. Hence, the level of personal data protection could constitute one of the characteristics relevant for the assessment of "likeness." Accordingly, services and service suppliers originating from countries affording different levels of protection would not be considered as "like." There are some indications that in the business-to-business context the level of personal data protection is already a characteristic affecting competitive relationships between services and service suppliers. 74  unjustifiable discrimination or a disguised restriction on trade, parties are not excused from noncompliance with trade liberalisation obligations. Put differently, if a provision does not explicitly put the privacy and data protection safeguards above or at least on equal normative footing with trade obligations, the former are subordinated to the latter, given the object and purpose of FTAs. Therefore, the obligations to adopt privacy and data protection rules included in the FTAs still do not give a true license to violate the parties' trade liberalisation commitments and, should this violation occur, can only be justified under a general exception. Moreover, these provisions are often vague. Given the fragmentation of standards on privacy and data protection and the absence of a single reference point, the interpretation of terms such as "adequate" or "appropriate" have no precise obligational content. In most cases, these provisions are also detached from normative foundations, except for the agreements with Mexico and Korea that provide a direct link to human rights. Although this provision is formulated as an obligation, its added value is minimal because the reference to international standards of data protectiondue to their fragmentation -does not imply any particular level of data protection. Only the relevant provision in CETA clarifies that in protection of personal data the parties must comply with international standards adopted by organisations of which both parties are members. 88 This limits the set of standards to the OECD and UN Guidelines, as Canada is not a party to Convention 108, and member states of the EU are not members of APEC. Since both OECD and APEC standards pursue an economic rather than a broader normative goal of protecting personal data, this reference makes clear that the respective provision adopts the instrumental (economic) protection of personal data. More importantly, those provisions explicitly state the normative purpose of adhering to data protection standards as ensuring consumers' confidence. As Wunsch-Vincent rightly noted, such provisions indicate an increasing recognition of data protection as a necessary condition for spurring international trade, 89 not its societal value as a fundamental right. It is thus not surprising that none of the provisions in the electronic commerce chapter mention the protection of privacy guaranteed by international human rights.

Electronic commerce
Finally, another type of provision on the protection of personal data is often contained as a stand-alone but a purely aspirational norm. It requires that parties "shall endeavour, insofar as possible, and within their respective competences, to develop or maintain, as the case may be, regulations for the protection of personal data". 90

General exception
The general exception is the only clear manifestation of the right to regulate that allows a state to adopt measures inconsistent with its relevant trade liberalisation commitments. In order to be justified under GATS Article XIV, a measure has to meet one of the material requirements set forth in paragraphs (a) to (e) and the chapeau of this Article. The material requirements most relevant in relation to EU privacy and data protection framework are laid down by paragraph (c)(ii), which reads as follows "race to the bottom" in public policy regulation. In sum, economic regulation is typically less trade-restrictive than that regulation driven by its own normative concerns. This analysis suggests that the general exception does not allow a full conciliation of privacy and personal data protection as fundamental rights when it comes to rules on transfer of personal data to third countries. 97 The argument that country-by-country adequacy assessments are "necessary" is rather weak, because a less trade restrictive alternative may be "reasonably available" to the EU. As compared to other economic standards, the EU's approach seems more restrictive of cross border flow of personal data. The wide acceptance and implementation of other, less trade-restrictive mechanisms to secure compliance with domestic privacy and data protection framework, not only prove the fact of their existence, but also suggest that they are "reasonably available" to the EU.
The most prominent example of the regime perceived as a less trade-restrictive alternative is the APEC accountability principle to regulate transborder transfers of personal data. Kuner argues that this principle is "reasonably available" to the EU because it preserves the right of the EU to ensure the same level of protection of personal data transferred to a third country and to prevent circumvention. 98 This economic approach has been adopted by Canada whose privacy and data protection framework has been granted an adequacy decision by the Commission.

IV. Limited role of human rights in international trade law
The previous discussion shows that international trade law mechanisms meant to accommodate domestic public policy concerns subordinate such concerns to trade liberalisaton objectives. When it comes to the protection of privacy and personal data, can international human rights law counterbalance the economic flavour of international trade law? Should normative concerns leading to the protection of human rights not be placed on the same level or even above economic interests of member states in the course of interpretation of such terms as "likeness," "no less favourable," or "necessity"? International human rights law plays a negligibly limited role in international trade law. Yet, the relationship between the two "is one of the central issues confronting international lawyers at the beginning of the twenty-first century." 99 There currently are no mechanisms for balancing different areas of international law. Each area determines the extent to which it is willing to accept the application of rules from other areas.
The comparatively greater strength of international trade law enforcement mechanism (narrowly 97 See also Yakovleva and Irion (n 7) 206. 98  tailored to pursue trade liberalisation goals) contributes to the small degree of deference shown by trade law to human rights.

Horizontal relationship between international human rights law and international trade law
Unlike national legal systems, international law lacks central legislative and adjudicative bodies. Its fundamental structural characteristic is "decentralization without hierarchy." 100 Although there are no strict boundaries, international law is conventionally divided into specific areas: human rights law, international trade law, international environmental law, and international humanitarian law, etc. These areas are, theoretically, in a horizontal relationship with each other.
Hence, there is no formal hierarchy between the norms of international human rights law and international trade law.
International human rights law and international trade law are both centered around international treaties that create binding legal provisions and institutional structures administering and enforcing such treaties. All international treaties should have the same binding force and, unless otherwise is provided for in the international treaty itself, international treaties in one area should not prevail over others. Only "jus cogens" norms trump treaty provisions. 101 Although the list of jus cogens is not clearly defined, 102 the right to privacy and data protection do not currently belong to this domain. 103 This categorization works well, provided each issue falls in only one area. However, the issue of cross-border transfers of personal data triggers overlapping trade and human rights concerns. In such a situation, the party seeking protection of a certain right often gets to decide to which forum it will use to enforce the right. This matters because a forum applies the rules that created it and gave it competence.
The horizontal nature of the relationship between trade and human rights law is reinforced by fundamental differences in their legal, institutional and policy cultures that "have developed largely in isolation from one another." 104 International human rights obligations, although defined in international treaties, are linked to natural law 105 and in particular the concept of human dignity. Unlike trade agreements, they do not imply a bilateral exchange of advantages, 106 but rather aim to recognise individuals' rights by mutual agreement and protect those rights to the benefit of individuals, and not of the parties to such agreement. 107 By contrast, international trade law is perceived as positive law created by the will of self-interested parties to exchange reciprocal economic advantages and pursue economic profit from the trade liberalisation. 108 This led to the emergence of a certain "WTO ethos" in the interpretation of the WTO Agreements. 109 Additionally, while the institutional and enforcement structures of international human rights instruments are highly dispersed and administered by various UN institutions, the WTO enforcement system is centralised. It consists of a specialised enforcement mechanism 110 -a stateto-state dispute settlement system regulated by the Understanding on Rules and Procedures for the Settlement of Disputes (DSU). 111

Lack of mechanism to balance international trade and human rights law
Balancing international trade and human rights law can be performed by a general public international law, including customary rules of interpretation, or by international trade law. In the latter case the balancing function is performed in accordance with rules concerning applicable law (trade dispute resolution) and the competence of the adjudicative bodies which influence how they apply and interpret legal norms, whether trade or outside of trade. None of these mechanisms is currently effective.

Limited mandate of international trade law adjudicators to apply non-trade rules
De jure, international treaties from one area do not constitute applicable law in another area, which is normally reflected in the rules governing adjudicating bodies. For example, trade adjudicators do not have explicit jurisdiction to apply rules other than those originating from the trade agreements. Trade dispute resolution bodies are bound by the limited competence granted to them, which does not include coordination on human rights issues.
The DSU does not explicitly delineate applicable law, nor does it explicitly exclude human rights law. Nevertheless, there is an almost unanimous consensus among public international law specifically in a WTO agreement, they do not constitute applicable law. 112 Under Article 3.2 DSU, the purpose of the WTO enforcement system is "to preserve the rights and obligations of Members under the covered agreements, and to clarify the existing provisions of those agreements in accordance with customary rules of interpretation of public international law." Importantly, the WTO adjudicating bodies "cannot add or diminish the rights and obligations provided in the covered agreements." 113 The WTO adjudicating bodies are thus not competent to determine rights and obligations outside covered WTO agreements, or, in other words, to adjudicate non-WTO disputes. 114 International human rights law could constitute applicable law in the WTO law as international customary law, although traditionally the right to privacy is not recognised as an international custom, Zalnieriute, taking a modernist perspective, argues that "an international outcry over the mass-spying programmes combined with the GA Resolution on Privacy in the Digital Age and other pronouncements by various UN bodies, as well as the two strongly proprivacy judgments by the CJEU may suggest that data privacy has attained the status of a binding [customary international law] norm." 115 Nevertheless, even if applicable, customary law is likely to be subordinated to the provisions of the WTO agreements, as the WTO dispute settlement mechanism is prone to uphold the norms of its own system as prevailing over other norms in case of a conflict that could not be resolved by interpretation. 116 The WTO adjudicating bodies tend to apply international customary law only to the extent that it does not conflict or is inconsistent with WTO agreements. 117 As a result, non-trade rules are relegated to a minor role in the determination of the outcome of a dispute, regardless of the dispute's non-trade impact. 118 Given that the WTO Agreements and other FTAs have much stronger enforcement mechanisms than the global human rights system, this creates a significant risk of a de facto supremacy of trade law. 119 Similarly, most post-GATS agreements provide that rulings of arbitration panels created under the treaties "cannot add or diminish the rights and obligations" provided for in the relevant agreement. 120 They are, thus, essentially bound to adopt a strict positivist approach just as the WTO adjudicating bodies.

Application of international customary rules of interpretation in international trade law
The Vienna Convention on the Law of Treaties (VCLT) could theoretically be used to interpret trade law with due deference to international human rights law, thus diminishing trade law's de facto supremacy in international disputes heard by trade tribunals. However, this mechanism is currently not performing this function for two main reasons. First, the primary VCLT rule of interpretation prescribes a focus on the object, context and purpose of the treaty in question. Second, rules of interpretation are applied mostly by trade law specialists. This matters because it is a part of the "WTO ethos" to interpret WTO agreements using a functional (or functionalist) approach, as opposed to a so-called "civic" approach. The functional approach focuses on the specific goal of the treaty. In case of the WTO, it is market integration through elimination of protectionist barriers. A civic approach by contrast would root WTO objectives within wider concerns such as human rights. 121 The dispute settlement systems created by post-GATS agreements tend to require the same functional approach in the interpretation of the obligations contained in those FTAs. There are neither subsequent agreements between the same parties that could serve to clarify the context of the GATS, nor international human rights treaties between the same parties. Non-WTO international agreements to which not all WTO members are parties can be relevant as means of interpretation of the provisions of WTO agreements, unless the opposite is explicitly stated in the agreement. 127 For example, in US-Shrimp case (1998) the Appellate Body relied on an understanding found in a number of regional and multilateral environmental agreements -not signed by all WTO members -to interpret the term "exhaustible" natural resources for the purposes of the general exception in Article XX GATT 1994. 128 Although the reference to these international conventions may have allowed the Appellate Body to achieve a dynamic interpretation of the term, some scholars soberly acknowledged that these international instruments were used merely as evidence of a "wide agreement on certain facts" and not than as a binding legal norm. 129 Unlike the GATS, post-GATS instruments broaden the range of considerations that under the VCLT would fall within the scope of "context, object and purpose" of these agreements. For example, in its preamble CETA recognises the importance of democracy and human rights for the development of international trade and economic cooperation. 130

Supplementary means of interpretation
Under Article 32 VCLT, the context surrounding the conclusion of an international treaty may play a subsidiary (supplementary) role. When national or regional delegates participate in trade negotiations, they bring their countries' human rights obligations with them which they may want to uphold. 131 Good faith and pacta sunt servanda being well-established principles of public international law, it would be wrong to assume that any country has concluded or negotiated the WTO agreements knowing or intending to go against their international human rights obligations unless the country in question had specifically mentioned otherwise. 132 The crucial limitation of this approach is that these agreements play only an auxiliary interpretative rolethat is, if one of the conditions listed in paragraphs (a) and (b) of Article 32 is met. Another problem is that human rights are often formulated in broad language and are subject to broad derogations, so that prioritising international trade objectives to the detriment of human rights does not necessarily lead to its direct violation.
3. Lessons from balancing between international trade and human rights to labour, environmental protection, and sustainable development The absence of central legislative and adjudication bodies in public international law makes the creation of a centralised mechanism to balance different areas of public international law implausible. As shown above, customary rules of treaty interpretation do not provide much substantive help in such balancing largely due to the self-referential approach of trade law.
The issue of balancing non-economic interests and trade liberalization is not new. Therefore, the inspiration for devising a mechanism of balancing the rights to privacy and personal data with international trade law may be derived from progress in the protection of other notable noneconomic interests, such as the protection of environment, labour rights or sustainable development. Although extensive research into this area is beyond the scope of this article, it is useful to highlight certain developments and proposals related to balancing between human rights, environmental protection and international trade law. Recent research conducted by Reid in the light of EU law suggests that [i]t is necessary that rather than non-economic interests being integrated into the WTO legal order, the WTO legal order, and conceptualisations of welfare and non-economic interests, should be seen within the wider context of international commitment to sustainable development. Thus, it is necessary to reframe the WTO objectives from that perspective. 133 She further notes that [i]nterpreting the WTO rules from the [sustainable development] perspective would move the organisation and its rules away from the pursuit of trade liberalization for its own sake. It would allow concerns represented by the non-economic pillars to be seen as equally important and pursued as such.
It would require the application of WTO rules to be carried out in this light. As a result, it would add legitimacy to the engagement with non-economic objectives in the interpretation and application of WTO rules … . This would in turn reframe the terms of engagement from a question of the extent to which non-economic interests may be accommodated within the trade regime, and thus inherently subordinate the pursuit of trade liberalization, to a more genuinely balanced relationship. 134 Reid believes that an important precondition of such reconciliation is the existence of a consensus as to "the values to be pursued, the extent to which they may be pursued and the means by which they should interact with other interests." 135 133  Similar to the provisions on privacy and data protection discussed above, provisions on labour, environment and sustainable development contained in the majority of post-GATS FTAs confirm the parties' commitments to international agreements or standards in this area and recognise the parties' right to regulate in accordance with such agreements and standards. 136 Unlike similar references in provisions on privacy, however, these commitments contain a list of international conventions setting out relevant standards. More importantly, unlike provisions on privacy and data protection, safeguards for labour, environment and sustainable development often explicitly require a "high level of protection" and put these interests above that of liberalization of trade. This is important because it helps to prevent the so-called "race to the bottom" arguably supported by a requirement that measures be least trade restrictive or compliant with trade liberalisation commitments.
For example, under Article 23.2 of CETA, 137 the parties seek to ensure those laws and policies provide for and encourage high levels of labour protection and shall strive to continue to improve such laws and policies with the goal of providing high levels of labour protection.
In addition to these provision some FTAs, such as art 13.1(3) of the FTA with Singapore, 138 include recognition by the parties that it is inappropriate to encourage trade or investment by weakening or reducing the protections afforded in domestic labour and environment laws.
At the same time, this provision in the FTA with Singapore warns that environmental and labour standards should not be used for protectionist purposes.
The Association Agreement with Central America goes a step further in its Article 291(2) which requires parties not to waive or derogate from, or offer to waive or derogate from, its labour or environmental legislation in a manner affecting trade or as an encouragement for the establishment.
In addition, paragraph 3 demands that parties shall not fail to effectively enforce its labour and environmental legislation in a manner affecting trade or investment between the Parties. These provisions clearly put labour and environmental concerns above or at least on par with trade liberalisation. No such hierarchy is present when it comes to privacy and data protection that are currently normatively subordinate to the ultimate goal of trade liberalisation. The EU approach of considering those objectives as more than mere adjuncts of electronic commerce development -and instead as fundamental rights -should lead to a different regulatory approach requiring a sufficient degree of regulatory autonomy in trade agreements. The approach suggested by Reid and partially implemented in post-GATS FTAs in relation to the protection of environment, labour rights and sustainable development suggests a way forward.
There is probably less consensus regarding the value of privacy and personal data protection, than, say, labour or environmental standards. Yet, that absence of such consensus does not make the above-discussed solution impossible. International trade law can be reconceptualised to safeguard the right to determine the scope and meaning of privacy and personal data protection and to effectuate an appropriate regulatory design of their protection.

V. Conclusion
The regulatory space to protect the fundamental rights to privacy and data protection should International trade deals should safeguard the EU's "right to regulate" to reflect the normative foundations of privacy and data protection and effectuate a regulatory design most adequate to implement the normative goal. At the same time the EU should continue to resist any attempt to harmonize privacy and data protection through international trade law that risks subordinating such protection to trade liberalisation.
The goal of trade liberalisation in international trade agreements should be put in the perspective of other non-economic interests, in particular human rights, in three ways. First, by stating (as has been done in some post-GATS FTAs) the societal value of human rights and affirming that trade liberalisation should not undermine human rights. Second, by emphasizing the freedom of the parties to protect non-economic values as was done in relation to labour standards and environmental protection and sustainable development. Third, by providing trade adjudicating bodies a mechanism to defer to international human rights treaties.