Digital trade and data Contents

4Source code, consumer protection, and online harms

Source code provisions

73.CEPA includes a provision banning Parties from requiring the disclosure of source code and algorithms as a prerequisite for market access, subject to exceptions. It is notable that this builds upon the EU-Japan EPA by preventing the mandatory disclosure of algorithms in addition to that of source code.134 We heard from Dr Emily Jones that provisions such as this stem from “China’s requirement for companies to disclose their source code and other parts of their intellectual property as a condition for doing business.”135 Javier Ruiz Diaz downplayed the importance of these provisions, telling us that he had not seen evidence of mandatory disclosure of source code being a problem beyond specific, limited contexts. He explained that there are:

some comments around Vietnam maybe having requested some things on encryption, but there is very limited evidence that companies around the world are getting their source code or their IP stolen because Governments put any kind of demand on them to disclose their code for accountability purposes.”136

74.Businesses were overwhelmingly positive about the inclusion of the ban on the mandatory disclosure of source code provision in CEPA.137 The Law Society of England and Wales emphasised how greater protection for businesses’ intellectual property would benefit the Lawtech sector, with CEPA more generally providing “increased opportunity for innovation.”138 Companies providing financial services and fintech products and services were also highlighted as standing to benefit from greater source code protections, with IP being important in establishing and maintaining competitive advantage for businesses in the sector.139 Sabina Ciofu of techUK described the provision in CEPA as “sensible for protection”, expressing support for the provision.140

75.However, other stakeholders had concerns about the impact of such provisions on the ability of the UK to regulate the use of source code and algorithms. Which? explained how exceptions to provisions banning the mandatory disclosure of source code “may not be enough to protect consumers in commercial settings”, citing “unfair, deceptive or discriminatory decisions relating to pricing, marketing and a host of other uses of profiling data services” as potential risks in this context.141 Similarly, Jim Killock of the Open Rights Group described there being a risk of “the Government [ … ] proceeding without a full view of the consequences of restrictions to accessing algorithms.”142 He told us that, while there are exceptions to allow access to algorithms under CEPA, these may not allow protective regulations in “private-to-private arrangements”, such as in the business-to-consumer context.143 Hosuk Lee-Makiyama took the view that CEPA’s provision on source code contained exceptions covering “most cases of so-called disclosure that most liberal democracies would deem legitimate”.144

76.Another concern raised by stakeholders was the impact of banning the mandatory disclosure of source code in the UK’s FTAs on the development of open-sourced software. Evidence submitted by Dr Emily Jones, Beatriz Kira, and Danilo B. Garrido Alves described how prohibiting the disclosure of source code can have implications for competition in the technology sector and the development of open-source software.145 They also explained how “provisions aimed at maximising the protection of intellectual property could inhibit the use or promotion of free and open-sourced software [ … ] domestically”, citing concern that “trade agreement provisions could lead to challenging [of] types of public procurement seen as preferring open source.”146

77.The Government stated that it was “addressing barriers to innovation in areas such as the transfer of source code and cryptographic algorithms.”147 When asked whether it had assessed its success or progress on regulation of source code and algorithms in its FTAs, the Minister of State for Trade Policy told us:

In terms of the UK-Japan deal, it is a little bit early to tell [ … ] we do publish a scoping assessment and impact assessment of coming deals, so it would be illogical for us not to look at and review the deals that we have already done. That will be an important part of the work of the Department going forward, but it would be a little bit early to do one on the Japan deal at this stage.148

78.We recommend that, in its published impact assessments for each new FTA, the Government includes an assessment of the impact of each agreement on its ability to regulate source code and algorithms at the domestic level. This should explain how source code and algorithms are currently regulated at the domestic level, the relevant source code and algorithm provisions in the relevant agreement, and how, if at all, they affect the Government’s ability to regulate in this area.

Consumer protection provisions

79.Consumer protection is of particular importance in the context of digital trade because of the prevalence of unique risks to consumers using digital marketplaces. Besides the need to regulate how consumers’ data is collected, stored, and used, consumers should be protected from fraudulent and deceptive practices which can exist on e-commerce platforms.149 Consumer confidence also has a role in facilitating digital trade and the use of business-to-consumer e-commerce platforms, as emphasised by the Professional and Business Services Council.150

80.CEPA contains a consumer protection provision which requires Parties to have consumer protection laws in place at the domestic level to protect against fraudulent and deceptive commercial activities, while recognising the need for cooperation between UK and Japanese authorities. Which? described the provision in CEPA as “a positive first step” in protecting consumers online, calling for future provisions to be “even more ambitious” in future FTAs.151 It cites “promoting better information for consumers” regarding vendors on e-commerce platforms and “[clear] and straightforward pathways to redress and dispute resolution” for e-commerce transactions as areas to improve on the provision in CEPA.152 When asked to respond to Which?’s assessment of the provisions as a “positive first step”, the Minister of State for Trade Policy told us:

We take consumer protection extremely seriously as a Government overall. That includes in our trade agreements. We are open to having specific consumer protection chapters in trade agreements. I do not agree with Which? on CEPA. There are a lot of good things in their report in terms of things like consumer e-signatures, banning customs duties from digital trade, making sure we can regulate on online harms—all of those aspects of their report I would agree with.153

81.The inclusion of consumer protection provisions in CEPA is a positive development. We heard calls to use these provisions as a starting point and to build upon them in future FTAs, particularly in relation to the information provided to consumers on e-commerce platforms, and mechanisms for dispute resolution for online transactions. We recommend the Government clarify how it intends to build upon the provisions in CEPA in future FTAs, and how measures in addition to FTA commitments will be complementary in protecting UK consumers engaging in digital trade.

Online harms

82.Online harms are defined by the Government as “online content or activity that harms individual users, particularly children, or threatens our way of life in the UK, either by undermining national security, or by reducing trust and undermining our shared rights, responsibilities and opportunities to foster integration.” In its Online Harms White Paper, it cites terrorist content and activity, and revenge pornography, amongst many others as examples of online harms.154 The White Paper sets out a regime of intermediary liability for platforms hosting harmful content online.

83.The US’s objectives for FTA negotiations with the UK include establishing:

rules that limit non-IPR civil liability of online platforms for third-party content, subject to the Parties’ rights to adopt non-discriminatory measures for legitimate public policy objectives or that are necessary to protect public morals.155

The Carnegie UK Trust expressed concerns that the US might “table a new regime [ … ] along the lines of the United States, Mexico, Canada (USMCA) trade agreement”, fearing this would hand an “advantage to American companies over UK ones and would disadvantage UK citizens and consumers who would be entitled to lesser protection.”156 Which? described the US’s approach as “in direct conflict with the UK Government’s current trend of stronger digital regulation and oversight when it comes to online harms and platform responsibility.”157 Sue Davies MBE of Which? called for the Government to “make sure that we are not restricting the UK’s ability to pursue its online harms agenda and regulate in the right way for UK consumers” in its FTAs.158

84.The Minister of State for Trade Policy told us that:

To the best of my knowledge, the US has not asked for this provision in our free trade agreement negotiation and it is not something that we would agree with. It is there within the US MCA—the US-Mexico-Canada agreement—but it is not something that the United Kingdom would agree to.159

The Minister of State for Media and Data added that “it is an absolute priority and we would not accept anything that weakens our ability to put in place a very strong protection regime.”160

85.Regulating online harms is of increasing relevance and importance. We heard concerns over the inclusion of commitments in FTAs which may limit the Government’s ability to regulate online harms at the domestic level, particularly in negotiations with the US. We commend the Government for its approach in refusing to accept constraints on its ability to regulate these harms, and hope that it will maintain this approach throughout negotiations.

137 techUK (DTD0015), Adobe (DTD0003), Advertising Association (DTD0004), CBI (DTD0022)

138 The Law Society of England and Wales (DTD0009)

139 Coalition of Services Industries (DTD0018), Office of the City Remembrancer, City of London Corporation (DTD0026)

141 Which? (DTD0001)

145 Dr Emily Jones, Beatriz Kira and Danilo B. Garrido Alves (DTD0021)

146 Dr Emily Jones, Beatriz Kira and Danilo B. Garrido Alves (DTD0021)

147 Department for International Trade (DTD0025)

149 Which? (DTD0001), Global Data Alliance (DTD0007)

150 Professional and Business Services Council (DTD0013)

151 Which? (DTD0001)

152 Which? (DTD0001)

154 Department for Digital, Culture, Media & Sport, Consultation outcome: Online Harms White Paper, 15 December 2020

155 Office of the United States Trade Representative, United States-United Kingdom Negotiations: Summary of Specific Negotiating Objectives¸ February 2019, p 6

156 Carnegie UK Trust (DTD0010)

157 Which? (DTD0001)




Published: 28 June 2021 Site information    Accessibility statement