Digital Signature Legitimateness for Business Associate Agreement in Mexico: Streamline Your Document Signing Process with airSlate SignNow

How to eSign a document: digital signature legitimateness for Business associate agreement in Mexico

for this module we will be discussing electronic commerce provisions in free trade agreements when we think of e-commerce in free trade agreements there are three main issues which are at stake and depending on the positions on these three different issues we can see different positions reflected in trade agreements first of all there are the commercial interests of firms so if you look at big firms like google like facebook they are trying to have their services reach as far as possible to every corner of the world so because of that they want to make sure that people in the world can always access their services at the same time they also try to reduce the cost imagine that google have to set up a local server in every country it operating the cost will be very high so instead of setting up a server in every country of a celebration google might choose to have only servers in key strategic locations like u.s europe asia and then to serve other countries from there so therefore they are also against various requirements by national government that require them to localize the data on local server so these two key demands free flow of information across the border and prohibition on data localization requirements reflect the interests of business firms and then on the other hand if you look at the consumers or the customers of these electronic commerce for many consumers even though they enjoy the benefit of all these ecommerce platforms but at the same time they are very concerned with their privacy or the possibility of a leakage of personal data or misuse of a personal data and because of that they are most concerned with the protection of a personal rights and last but not least you have the government which is the regulator of the sector now for the government there are two main concerns first of all the government want to make sure that the internet including the e-commerce platforms are not misused by certain groups like terrorists and so on that would pose a threat to national security and second the government also want to have the ability to use the data that uh that is available on the internet including ecommerce platforms for law enforcement purposes for example to treat uh suspicious criminal activities and people who conduct these criminal activities so as you can see among these three players the firms the consumers and the government they each have different interests and these interests are all different and the sometimes even conflict with each other and then lead to the struggle in different trade agreements and depending on which interest prevails you would have a different types of trade agreements formulation as i will discuss later on in term of the main platform for regulating electronic commerce the most ideal forum would be the world trade and the wto has indeed started regulating uh electronic commerce since 1998 when the w2 members adopted the declaration on global electronic commerce but this declaration contains little substance because it is only a declaration whereby the wto members agree to look to look into the issue of e-commerce regulation rather than agreeing to substantive rules so the only substantive content that was included in the declaration was that the wt members agree that they would impose a more return on customers duties and such moratorium has a time limit and it is often uh only for two years that is from one w2 minister conference to the next minister conference and so far it has always been extended by w2 members including the most recent extension in 2019 but the problem is that in recent years some w2 members started to realize the possibility of a loss of customers revenue because of this moratorium on customers duties therefore they started to challenge this moratorium and in the future these cannot be taken for granted so the wto uh declaration e-commerce also set out a work program which divided the work on e-commerce to various entities and bodies within the wq these include issues relating to services covered by the council for trading goods issues related to goods are covered by the console for treating goose and issues related to intellectual proper rights are covered by the trips council and issues relating to development are covered by the committee on trade development and so on but despite such detailed work program the wt members were not able to reach any substantive conclusion on any of the issues under examination largely due to the slow progress in the doha round of negotiations in general so uh e-commerce also became victim of this lack of progress in the doha run and it was not until 2016 when several key members started to call for new type of negotiations in the wto that we started to see renewed interest on e-commerce negotiations in the w-2 in general and this further led to the uh launch of the joint statement on e-commerce by the u.s and 70 other w-2 members at the wcu mainstream conference in december 2017 in buenos aires and then finally the e-commerce talks was launched as a pro-lateral initiative in davos in january 2019. being pro-lateral in wtu terms means that this is a negotiation that not all wt members participate only in some wto members participate and so far there are about 90 wtu members which participate in this initiative now in the meantime the forum for regulating e-commerce has been mainly in domestic law and in free trade agreements and also uh in uh the prolateral initiatives like the tisa so uh next we will be looking at the approach taken by the three main players in the wto the u.s eu and china and uh as reflected in their various proposals in the wto in the pro-electoral initiatives and most importantly in the free trade agreements so let's first look at the u.s for the u.s their key demand has been first of all ensuring the free flow of data across the border and prohibition of data acquisition requirements because there are so many leading individual firms in the u.s and as i mentioned earlier these are the main demands of these digital funds another main issue i mentioned at the beginning is the protection of a personal information or privacy but the u.s has not been keen on protecting privacy because if you look at the domestic law of the u.s even in the domestic legal regime there is no comprehensive privacy protection framework instead the u.s only has a patchwork of the sector-specific laws which regulate the various areas of privacy protection for example in the u.s there's a law on credit reports so this relates to the credit score that you will need to apply for credit card so if you want to apply for a credit card you need to supply a copy of your credit report and search credit report is a very sensitive information because it contains uh the uh buying behavior the payment behavior of the consumers so um therefore in this law uh there's a provision which says the privacy uh of the consumers for credit reports should be protected and another uh another uh law also relates to privacy protection is on video rental so on video rental uh here uh again uh people rent videos and when they read videos uh they would leave a record and this record would indicate what type of videos they have rented and these could include a sensitive information for example if somebody ran a lot of ographic video or x-ray to the video he does not want other people to know this because this could affect people's opinions on him so as you can see the u.s really took a piecemeal approach where the privacy protection only apply on a sector-specific basis if you are a consumer uh for example for credit cards or for vending rental then your privacy in this sector will be protected but if you have not uh applied for a credit card or if you have never rented a video in your life you do not enjoy the privacy protection for these sectors so such patchwork of a sector-specific laws are coupled with enforcement by the federal uh trade commission or the ftc plus uh some sort of self-regulating regulatory principles by the firms so as you can see the u.s do not have a strong privacy protection laws and the u.s has also been very active including language on its key demands of free flow data and prohibition on data localization requirements and trade agreements which include the free trade agreements like the tpp uh the prolateral initiative like the trading services agreement and even the wto so if you look at the u.s proposals to the tisa and gsi you can see that they have included for example free flow of information open networks local infrastructure electronic authentication and electronic signatures and also a long list of prohibition on data localization requirements uh when it comes to the free trade agreements like the tpp and the recently concluded united states mexico and canada free trade agreement or the usmca they also include a list of uh provisions uh on uh the um on the protection of data flow and also on uh um prohibition of data localization requirements so uh in an article which are published three years ago i have uh basically divided them into several categories the first are the passive obligations so this means that these are the sense that you should not do when it comes to the regulation of e-commerce this would include discrimination against foreign digital products restrictions on cross-border transfer of information false localization requirements and false transfer of source codes these also include enabling obligations so that's another category enabling obligations are mainly the obligations to introduce or maintain regulatory frameworks which facilitate the development of e-commerce so these legislations could relate to the facilitation and recognition of electronic trans transactions through uh the authentication and recognition of electronic signature and the electronic authentication methods the third types of probation are the provisions which i would call to check a corporate power so for example they include provisions against the misuse of personal information on online consumer protection personal information protection and also against the unsolicited commercial electronic messages they also include provisions that disciplines how firms can deny access to infrastructure basically the idea is that the e-commerce fund should have a freedom of use too and the use of internet for e-commerce so as you can see internet here is regarded more as the infrastructure services that should be made available for everyone but interestingly even though the u.s agreements are pretty comprehensive they also include some interest carve outs and here the carve out for example are the biggest cover out of the cover for financial services and government procurement and information held or processed by the government so basically the u.s want to retain certain freedom for the government to control information and for financial services the reason for the exception and the tpp agreement was because in the u.s financial regulation is within the purview of the federal reserve or the fed so the fed uh in the internal uh bureaucratic uh structure is uh has has more power than the united states trade representative which is in charge of trade negotiation that is why in the tpp they actually have a car out for financial services when it comes to data localization so in other words the u.s financial regulators could require that data be stored locally for financial regulation purposes but in the usmc this approach was changed because the u.s discovered that actually to make sure that you have a proper regulation you do not necessarily have to have have to have local storage instead so long as the financial service regulator can have immediate ongoing and uninterrupted access to the information on financial services then they do not have to require data localization so it was further relaxed under the usmca the u.s approach also included exceptions which would allow matters necessary to achieve a legitimate public policy objective so long as is not uh arbitrary or unjustified for discrimination or disguise restrictions on international trade and as soon as it passed the necessity test so let's look at all these issues included by the u.s in the free trade agreements in detail the first one is a definition issue so this has been a long-standing uh issue long-standing debate in the wto on whether or not a digital product should be regarded as a good product or services product now some wt members of the review that you should be regarded as a good product especially for those products where the original phone was goose for example various kind of machineries which are now transmitted through 3d printing but other wto members think that this should be regarded more as trading in services because services compared to goose one unique feature of services is that it is intangible and that is also the case for electronic commerce so this has been subject to a long-standing debate in the wto and different members held different reviews but the tpp actually took a really innovative approach by actually declining to decide on the issue of whether digital product is a services of trade so by having a separate chapter on e-commerce they basically took the classification of digital product outside of the narrow confines of goods versus the services economy instead as you can see in the footnote to the cptpp they said the definition of digital product should not be understood to reflect a party's review on whether treating the products through electronic transmission should be categorized as trading services or treating goods so in other words they avoid the difficult issue of a classification so long as you agree to commitments on uh electronic commerce or digital products we do not care whether you regard them as services or goods and this is really conducive to advance the negotiations on ecommerce the second type of provision is on free flow of data now many of you might think that free flow of data in free trade agreements means that you have to guarantee free flow of data for all kinds of scenarios but that is not the case because if you look at the language in the cptpp for example in the cptpp it says it states that each party shall allow the cross-border transfer of information by electronic means including personal information when this activity is for the conduct of the business of a covered person so as you can see here uh there are several qualifications for the free for the data obligation first of all the uh free flow of information only applies to activities which is for the conduct of the business okay so in other words if you do not want to allow free flow data for a given sector for example let's see online news services then you can simply not include these services sector in your schedule and therefore you do not have to guarantee free flow information because uh this will not be for the conduct of business covered and second it must be a covered person by covered person as defined earlier this means an investor that is covered by the free trade agreements in other words these services must be provided by the investor from one of the partners to the free trade agreement and thirdly you could also invoke one of the exceptions clauses to [Music] to uh to uh read to restrict uh the free flow of data and this is a content in the provision itself as you can see from paragraph three nothing in this article shall prevent a party from adopting or maintaining marriage inconsistent with paragraph two to achieve a legitimate public policy objective providing is not applied in a manner uh that would be uh constituted unjustifiable or arbitrary discrimination or describe god's instruct restrictions on international trade and so on and also most chapters on digital trade also include a probation on general exception which you can also cite so again as you can see from my discussion here the obligation of free flow data is not as absolute as you might have imagined now next on data localization provisions so on data localization as we can see here the requirement is that no party shall require a cover person to use or locate computing facilities in that party's territory as a condition for conducting business in that territory so uh for data localization uh the idea is that you should not require the foreign suppliers to uh locate the computing facilities in your territory in order to provide business again this is connected with the conducting business so you could make similar argument as earlier that is if you do not provide a business then uh that would not be covered and second as you can see here uh similarly paragraphs three also include a similar provision like paragraph three uh on free flow data where they are seeing that you should not be prevented from achieving legitimate public policy objective when you maintain restrictions on the total causation so long as it is not applied in a manner which will constitute a means of arbitrary or unjustifiable discrimination or disguise restrictions on international trade and does not impose restrictions greater than required or so-called necessity requirement next provision is on transfer of source code now this is also a sensitive issue for the u.s uh for a long time the u.s has been saying that the source code is something like business secret or even the ip rights of its owner and it should not be transferred what you see is that in some countries they would require the foreign service suppliers to supply the source code the use in order to provide the services now the official justification is that we want the uh source code uh in order to discover if there are security risks and so on but the firms has been arguing that because source code is such a sensitive information it could be copied by their competitors if they turn into the local regulators so they are unwilling to turn this in and u.s firms most u.s firms do not like the idea of having to transfer the source code as a condition for providing the services so this is reflected here as you can see paragraph one no party shall require the transfer of or access to source code of a software owned by a person of another party as a condition for the import distribution ceo or use of such software or other products containing such software in its territory okay but again here as you can see here uh the um software uh the the source code uh um the prohibition on transfer of the source code could also be subject to the exceptions clauses especially for the ones which would be for governmental use as is common and many rtas the next provision relates to non-discriminatory treatment of digital products uh here again let's look at the language first no party shall less variable treatment to digital products created produce published contracted portfol commissioned or first made available on commercial terms in the territory of another party all to digital products of which they also performer producer developer or owner is a person of another party than aid s to other like products so the idea here is that we do not want the digital products to be discriminated against just because they are digital products we want them to get at least the same level of treatment as physical products again this is to promote the development of the digital trade and to make sure that the digital service providers will not be discriminated against as you can see the language used here is very expensive it includes digital products created produced published contracted for commissioned or first made available okay so a very uh very wide language which covers all kinds of different categories but in uh other types of in other types of agreements these might not be be the case i mean in some artists they use narrow language and do not include some of the categories for example they do not include publish in in this category of activities which is recovered and the next issue is customers duties on electronic transmissions here note here that the moral term on customers duties uh only applies to electronic transmission but the w21 does not uh include does not expand the moratorium to the content of transmission it only applies to the electronic transmission itself in other words you can still impose let's see tariff on the content being transmitted let's see if this is music download or if this is a movie download you can still impose a tariff but the tpp the cptpp actually expanded to cover content transmitted electronically and that is a step forward compared to the wto and the next type of provision deal with the domestic legal framework so uh for domestic legal framework this includes several types of provisions as i mentioned earlier first of all you need to maintain a legal framework govern electronic transactions along with the principles of the unsuitable model on electronic commerce and united nations convention on the use of electronic communication in international contracts the idea here is that we want to facilitate the adoption of electronic contracting method so that we do not require the physical copies of contracts and to achieve these purposes there are also requirements under the cptpp for the members to uh adopt uh for example uh um uh domestic regulations which would recognize uh electronic signatures that would facilitate the [Music] recognition of electronic authentication method because one big problem for electronic contracts and how do you make sure that these contracts are really signed by the contracting parties and for this unless you have a proper method to recognize the electronic signature and to authenticate the identity of the signatory parties you will not be able to do that so to have these laws in place would have greatly facilitated the adoption of the electronic transaction framework similarly the cptpp also included provisions to facilitate the pay is trading so the idea is that the trade or customers administration documents could be done in electronic form like in singapore they have a system called trade net which basically moved all these paper versions of customers forms to an electronic database that is available online so you as an exporter before you reach the port of singapore you can already complete this form and submit them online and you do not need to wait at the port to be processed in order to be imported to singapore and the paypal is treating provisions actually is already contained in the wto agreement on trade facilitation but many chapters on electronic commerce on digital trade also include provisions on paperless trading because as you can see this is closely connected with e-commerce the next type of provision deal with consumer protection okay so here as you can see it states that the parties recognize the importance of adopting or maintaining transparent and effective means measures to protect consumers from fraudulent and deceptive commercial activities when they engage in e-commerce so one big issue for consumers when they transact online is how to deal with uh online fraud you know the cases whereby you do not get what you order online or sometimes you are scammed your money and so on so this is a very important in building the confidence of the consumer in e-commerce and that is why they include provisions on this and last but not least there is also provision on personal information protection which is basically targeted at protecting the personal information especially the privacy information of consumers when they transact online issues information such as the name address the credit card number and other sensitive information of the consumers online unless you can sufficiently protect these personal information consumers might not want to transact online and actually among w-2 members if you look around you can see that the member with the best personal information and privacy protection regime is the eu because the eu now has a law called the gdpr the general data protection regulation which elevates data protection to the highest level in the world if you recall our previous discussion on privacy protection in the u.s in the u.s privacy protection is regulated as a consumer rights in other words you only have your privacy protected if you are a consumer in a given sector but if you are not a consumer in a given sector you do not have your privacy protected but the gdpr took a different approach the gdpr in is clauses actually explicitly recognized privacy as a fundamental human right so you do not have to be a consumer to have your privacy protected so long as you are a human you would have your privacy protected as a fundamental human right as you can see that is quite different from the u.s approach and that greatly elevated the protection of privacy to unprecedented levels and similarly since the uh adoption of gdpr the eu has taken approach that if you uh sign fta with the eu and you want to transfer the data from the eu to your country then you need to have a privacy regime that either is based on the gdpr or recognize that as equivalent to the gdpr or adequate provide adequate level of protection and so far about a dozen countries have had their privacy protection regimes recognized as adequate so that is cinquan when you try to conclude free trade agreement with the eu now um you could imagine that you would be taking a strong position on privacy protection in rt but so far the eu seems to be taking a much softer approach because if you look at several of the recent fts the eu has adopted they have either allows the fta party to adopt their own laws for personal data protection all they are very loose on the need to guarantee free from the data so you are only required to comply with the obligation until after transition period i think this is probably because you recognize that the gdpr is really intrusive regulation and they want to give the other parties a kind of a transition period for them to familiarize with the gdpr before the applied aggressive basis now last but not least let's look at another major player china for china the key concern here is cyber sovereignty or cyber security because china has a census region on the import of books uh publications or the visual product including online information so there's no free flow of information as we know many websites like google facebook cannot be accessed within china and uh when it comes to privacy uh china also does not have a strong tradition of protecting of a privacy it did not have a laws on practice protecting privacy until 2009 and even after the laws were enacted in 2009 it remains rather weak because there are extensive exemptions for the government containing the law for the government to get access to personal information and more recently in the cyber security law of 2017 china also imposed data localization requirements especially on the operators of a critical information infrastructure a term that is widely defined to capture many different types of e-commerce operators so as you can see the chinese approach is much more restrictive than the u.s or the eu approach so that explains why in the trade agreements china has so far been rather reluctant to include provisions on free from data and data localization requirements instead most of the provisions concentrate on the trade facilitation type of issues so in the wto china has been busy with a proposal called the ewto which was later renamed as the ewtp electronic world trade platform which was initiated by alibaba and its chairman jack ma to basically help to facilitate the uh regulation of e-commerce and make it easier for the economic platforms to operate around the world and in the artists as i mentioned earlier if you look at the more recent artists for example in 2015 china signed two arties one with korea one is australia the two actually include similar provisions when it comes to e-commerce for example they both include provisions on moratorium on constant duties on electronic transmission provisions on electronic authentication and electronic signature provisions on paperless trading and protection of personal information and for australia they included additionally the provisional transparency on the need to have a domestic vigor framework govern governing electronic transactions and also providing equivalent levels of protection to digital trade or e-commerce but they do not include the common provisions as advocated by the usa eu that is for example free flow data and on prohibition of data localization requirements and on transfer of a source code so why do we have all these different approaches i argued in another paper that was published three years ago in the journal of international economic law that the differences can be explained because of two reasons first of all they reflect the different interests of these different countries if you uh look at the top 10 digital firms in the world among the top 10 six american firms four are chinese funds so what are the american firms these are the typically the digital service firms like google and facebook and for these funds as you can see they do not really trade in the traditional trading goods instead they only treat in data or in other words they do not treating atoms they trading bees so uh because they do not treat in physical goods therefore their main concern is to make sure that data can flow freely across the world so that they do not have to establish a server in every country that they operate and people all around the world can access their services so that is why prohibition of digital acquisition requirements and guarantee of a free flow of data are among the main demands of the u.s for chinese firms on the list so the top chinese firms on the list include alibaba and gd.com and both of these firms are actually still uh engaging traditional trading goods the only difference is that they know move the uh platform of transaction to online platform like alibaba or taobao or jingdong.com so because they still specialize in physical goods that is also reflected in china's proposal whereby china emphasized on the trade facilitation type of provisions uh for example on reducing uh the customers or expo dieting the customers procedure uh reducing the tariff on the uh smaller volume of transactions and so on because they want to sell more physical goods to the rest of the world so six american firms four are uh chinese firms and there are no u.s from no eu funds on the list so that explains the approach of the eu where they have such highly restrictive gdpr and some people are saying that the gdpr is like digital protectionism it's like protections instrument for digital trade because they do not have major players so they enact the gdpr so as to fend off the uh invasion in their home market from american and chinese service providers in order to make sure that their own domestic providers would get the room for growth and would be able to uh grow without the competition from the american and chinese firms so that is one reason because of the different commercial interests of their firms and the second reason is because of the different regulatory philosophy of all these different countries for the u.s if you look at the development of a silicon valley of the internet sector they have basically developed with a background of a strong history of laser fair or non-interference type of regulatory philosophy from the government and this is reflected in the u.s laws for example if you look at the u.s telecom act there's a clause which explicit states that we should make sure that the internet sector remains remain affected by federal and local regulation so this means that the u.s believe that the best way to develop the sector is by the force of the free market rather than government regulation so that is why they leave the sector largely to self-regulation but for china for a long time there has been a long history of a heavy government intervention so as are arguing another paper i wrote two years ago if you look at the development of the internet sector in china from 1994 when the internet first was introduced into china the chinese government has been uh imposing heavy regulations in the sector first regulating the hardware you know what kind of gateway you can use to access the internet and then regulating the software and then regulating uh the content of the online platform and also finally on the regulation of the data so all along their history of a heavy government regulation and this is reflected in the current state of regulation for the eu their focus on privacy protection as a human right can be traced back to their experience with the second world war where the eu was the main battlefield and the atrocities of the second world war actually told them the importance of protection of human rights and that is why the eu after the war uh institute all these human rights institutions like the european convention on human rights you have been caught on human rights and emphasize on protection of human rights so in the digital age it is no surprise to see that they continue to emphasize the protection of human rights now you might wonder whether these three different approaches are just an oscillated approach among these three w-2 members the answer is no ing to a recent study which i include in the readings as you can see these three different types of regulatory approaches are also reflected over the world as you can see the u.s approach are mainly adopted by countries in the u.s and some countries in the middle east the european approach are adopted by countries like uh in europe and also latin america and oceania and the chinese approach adopted by russia and also a few other countries so these are becoming prevailing models in the world so this concluded my discussion on the different approaches on e-commerce regulation and the free trade agreements so i will still here thank you very much you