Hostname: page-component-745bb68f8f-b95js Total loading time: 0 Render date: 2025-02-11T17:21:41.430Z Has data issue: false hasContentIssue false
  • English
  • Français

The Internet of Things: Both Goods and Services

Published online by Cambridge University Press:  26 March 2019

ANUPAM CHANDER
ANUPAM CHANDER*
Affiliation:
Georgetown University Law Center
*
*Email: ac1931@georgetown.edu.
Rights & Permissions [Opens in a new window]

Abstract

International trade law, organized around the goods-services dichotomy, is about to meet the Internet of Things (IoT). How will rules written for the world of 1994 fare in a world of talking teapots and connected cars? IoT will especially raise governmental concerns with respect to privacy, security, and standards. Indeed, governments have already begun taking adverse measures against foreign IoT suppliers based not on the hardware, but on the digital features of the products. This paper argues that IoT devices comprise both goods and services, therefore calling into application multiple WTO disciplines, with the specific agreements that are applicable dependent on the particular governmental measure subject to challenge.

Type
Review Article
Information
World Trade Review , Volume 18 , Special Issue S1: Digital Trade , April 2019 , pp. S9 - S22
Copyright
Copyright © Anupam Chander 2019 

1. Introduction

International trade law, organized around the goods–services dichotomy, is about to meet the Internet of Things (IoT). How will rules written for a world of 1994 fare in a world of talking teapots and connected cars? How do we fit smart objects within the classification schemes devised a quarter-century ago?Footnote 1

With the advent of the IoT, not only do things cross borders, so do streams of data over the lifetimes of those things. Accordingly, the IoT implicates both physical and virtual borders – both customs clearance and information regulation. Should international trade law treat the IoT strictly as goods, whatever their intelligence or capabilities? Should the data flows of IoT be seen as communications, and not services? The answer to these questions will have significant impact on the course of trade and the global distribution of manufacturing and services in the years to come.

The IoT has been defined as ‘a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies’.Footnote 2 It consists of devices that interconnect with the world electronically, transmitting and receiving data and modifying their actions accordingly. The IoT represents the emergence of a smart environment, where robots and inanimate objects can monitor, interpret, and affect our physical surroundings. It entails the embedding of intelligence into everything from ‘streetlights to seaports’.Footnote 3 Estimates suggest some 20 billion IoT devices (what I will call ‘smart objects’) will be deployed by 2020.Footnote 4 Soon smart objects will far outnumber humanity (though their uneven distribution will unfortunately create a new digital divide). Increasingly, the goods that have long been the subject of international trade are becoming embedded with tiny computers that sense their surroundings and communicate about what they see.

Governments across the world have embraced the IoT, with countries from Brazil to India committing to smart cities. Even as they recognize the possible benefits of IoT, many governments are also beginning to observe that the IoT presents significant privacy and security issues, as well as questions regarding standards and interoperability.Footnote 5 Governments, acting upon these important concerns, will thus find it necessary to regulate the IoT. Such regulatory activity will create opportunities to favor local businesses over foreign providers, and thus bring to bear scrutiny of regulations for compatibility with international trade law.

While no trade dispute thus far has involved IoT, international conflicts around IoT are brewing. Take three examples of nations that have taken steps against foreign IoT manufacturers. In August 2014, China banned its ministries and federal agencies from purchasing Apple iPads and MacBooks, a ban that seems to have been rescinded later.Footnote 6 China represents Apple's second-largest market, after the US.Footnote 7 The exclusion was apparently based not on concerns about the hardware, but followed upon a review of security and privacy issues. In January 2017, the United States Federal Trade Commission brought a lawsuit against the Taiwanese smart object maker D-Link for alleged inadequate security in its devices, alleging that D-Link advertised ‘Advanced Network Security’ but failed to adequately secure its wireless routers and internet cameras, leaving their consumers at risk of hacking.Footnote 8 In August 2017, the United States Army banned the use of drones made by leading Chinese drone-maker DJI due to security concerns.Footnote 9 In each case, governments have taken adverse measures against foreign IoT suppliers based not on the hardware, but on the digital features of the products.

Classification is critical to the application of World Trade Organization (WTO) agreements. Classification determines what trade rules can be brought to bear on any controversy involving IoT trade.Footnote 10 If we determine that IoT consists in goods, then the General Agreement on Tariffs and Trade (GATT), as well as the Agreement on Technical Barriers to Trade (TBT), will discipline trade barriers to the flow of goods. If we determine that IoT consists in services, then the General Agreement on Trade in Services (GATS) will apply, though generally to different barriers than those covered by GATT. I will argue here that IoT consists in both goods and services, therefore calling into application multiple WTO disciplines, with the specific agreements that are applicable dependent on the particular measure subject to challenge. While my focus is on the WTO, much of the arguments will apply, mutatis mutandis, to bilateral and regional free trade agreements, which also adopt the goods/services dichotomy.

The analysis proceeds as follows. Section 1 motivates the inquiry by observing how IoT raises important concerns about privacy and international standards. Section 2 then turns to an examination of how international trade law will approach these new hybrid subjects of international trade. It begins by asking how international trade should classify IoT. It then assesses how to determine which WTO discipline to call to bear with respect to a particular dispute involving a smart object.

2. Regulatory challenges of the Internet of Things

The rapid deployment of the IoT worldwide will lead governments to scrutinize this international trade more closely. This section discusses some of the legal issues raised by the global deployment of the IoT. In its 2017 Information Economy Report, the United Nations agency UNCTAD noted that the digital economy requires us to consider ‘data security risks, data localization pressures, as well as data collection and privacy concerns’.Footnote 11 The IoT raises questions regarding the abuse of private information, the deployment of insecure devices, the lack of interoperability and the need for standards.

2.1 Privacy and security

IoT devices already outnumber the number of people in the world.Footnote 12 As UNCTAD observes, IoT devices ‘silently listen, watch and record location and activity in the household, the workplace, and/or in public places to assist individuals with their lives or help companies or governments improve their goods or services or tailor advertisements’.Footnote 13 This creates both privacy and security risks, as the information might be abused or compromised. The race to deliver IoT devices cheaply may result in devices that are insufficiently secure. Indeed, hackers can exploit security vulnerabilities to take control of IoT devices, using these ‘zombie’ devices to deliver a massive denial of service attack.Footnote 14 A report from the United States Federal Trade Commission notes that IoT presents a variety of security risks by: ‘(1) enabling unauthorized access and misuse of personal information; (2) facilitating attacks on other systems; and (3) creating risks to personal safety’.Footnote 15

Even when used as intended, the devices raise significant privacy concerns because of their immense data collection capacities and their ubiquitous deployment. Traditional methods used to notify individuals about data gathering, such as privacy policies, are not readily available because these devices often lack screens to transmit such information.Footnote 16 Furthermore, the fact that multiple people might encounter an IoT device during its lifetime means that whoever installs and configures that device effectively makes privacy determinations for others.

UNCTAD's Global Cyberlaw Tracker reveals that 107 countries have established data protection/privacy legislation.Footnote 17 These laws will presumably apply to IoT manufacturers and service providers, including foreign manufacturers and service providers providing such services from abroad. Privacy requirements can incentivize security measures that reduce privacy risks.

Governments must protect the privacy and security of their citizens' information whether the information is held by a domestic or a foreign IoT provider. The United Nations General Assembly has recently reaffirmed the right to privacy as set out in article 12 of the Universal Declaration of Human Rights and article 17 of the International Covenant on Civil and Political Rights.Footnote 18

2.2 Standards and interoperability

IoT today is characterized by the emergence of often proprietary, incompatible ecosystems rather than open, interoperable networks. This means that these ‘operational technology systems work largely in silos’.Footnote 19 The fragmentation manifests itself in multiple ways, including different manufacturers, different operating systems, different versions of software, different types of connectors, and different communications protocols.Footnote 20 Maximizing the value of networked devices will involve increasing the compatibility of communications and other protocols at different layers of the network stack. The European Commission, for example, declares interoperability between devices and services as key to its Europe 2020 Strategy: ‘The EU must enhance the interoperability of devices, applications, data repositories, services and networks.’Footnote 21 Interoperability can reduce the winner-take-all result of network industries; if other companies can participate in the network without needing the permission of a particular provider, it makes room for competition. At the same time, ‘imposing standards across devices could curb investment and innovation’.Footnote 22

Because smart objects must communicate their information to the outside world, they often depend on access to telecommunications networks. Local regulations might be written in ways to disadvantage foreign smart object suppliers’ access to local networks. The GATS Annex on Telecommunications seeks to prevent such actions. Article 5(a) of the Annex mandates that foreign service suppliers must have ‘access to and use of public telecommunications transport networks and services on reasonable and nondiscriminatory terms and conditions’ for the supply of a service that is listed in that country's schedule of liberalization commitments.

2.3 Data localization

The IoT would not be possible without global data flows. Communication is at the heart of IoT, with machines talking to people or to other machines.Footnote 23 IoT devices must communicate with their manufacturers or third parties selected by the manufacturer for data services and software updates. Smart objects depend on a remote infrastructure, receiving, storing, and processing information through that infrastructure. Most IoT manufacturers either build that data infrastructure locally near their home jurisdiction, or contract with cloud service providers like Alibaba, Amazon, Google, or Microsoft to provide scalable servers. As the smart objects are sold across borders by their manufacturers, the manufacturers and other related service providers rely on cross-border data flows to power these devices.

The European Commission has recognized the importance of facilitating ‘the flow and transfer of data’, observing that IoT involves the generation of data, the transfer of data, storage of data, processing of data, and the provision of data services– all of which must flow across borders.Footnote 24 At the same time, many countries are increasingly demanding that data must not be taken out of their country on privacy and security grounds.Footnote 25

Data localization mandates take a variety of forms. Nigeria, for example, requires information and communications technology companies to host all subscriber and consumer data locally within the country.Footnote 26 Australia requires that personally identifiable health information must not leave the country without the consent of the individual to whom it pertains. British Columbia and Nova Scotia prevent personal information held by government agencies from leaving Canada without the consent of the data subject.Footnote 27 Consent requirements pose special difficulties for IoT as devices often interact with multiple persons, not just the individual installing the device. Because IoT relies on remote storage and processing of information, restrictions on cross-border data flows significantly interfere with the ability to create global IoT products and services.

Data localization requirements mean that IoT manufacturers must either establish or lease local data facilities in every country with such requirements, substantially raising the costs of supplying IoT across the world. Such requirements not only raise costs, they also slow down global sales and add additional security risks because of the need to secure additional computer servers. Of course, some IoT manufacturers might ignore data localization obligations altogether because such laws are difficult to enforce. As the World Bank has pointed out, ‘some countries are using these [data localization] barriers to protect local firms’.Footnote 28 Rules that hinder data flows across borders are facially discriminatory against foreign providers of data services. Data localization requirements effectively disfavor foreign IoT manufacturers who are less likely to have local data infrastructures. Thus, data localization requirements may violate commitments to liberalize trade in goods and services.Footnote 29

3. Applying trade law to the Internet of Things

How should trade law understand a smart object or its ongoing operations? Should it see smart goods and their operations as a good or a service, both or neither? If we answer ‘both good and service’ as I will suggest here, then when do we apply GATT and when GATS and when both? The next two sections consider these questions in turn.

3.1 Both good and service

Smart objects have been with us since the dawn of computing. If we saw them as simply the evolutionary successor to computerized objects such as the Casio smartwatches of the early 1980s, we might conclude that we should treat them simply as goods, whatever their purported smarts. After all, the Casio Databank watch stored an address book and calendar, alongside calculator functions. It certainly held a computer chip.Footnote 30 But the smart objects of today are more Dick Tracy than Casio Databank. Today's smartwatches connect user information to the Internet, storing and accessing information held on Internet servers around the world. They can monitor our heartbeats, perhaps even predict high blood pressure through machine learning-based artificial intelligence applied to the data gathered by the device.Footnote 31 Extensive ongoing data services also generally characterize today's smart objects as well: the continuous, real-time, evolving information flows emanating from and to the IoT distinguish them from most earlier computerized objects. While computers have long been embedded in devices, from Casio smartwatches to Tickle-Me-Elmo dolls, the new devices also continuously communicate with the world, collecting and evaluating information.

The 1980s Casio smartwatch can be seen as providing a service – telling time, remembering your calendar, storing your contacts, or doing calculations. But this construction might transform all goods into service providers – a fan can be seen as a cooling service provider; a stool becomes a sitting service provider; a tractor, a plowing service provider; or a car, a transportation service provider. Transforming all goods into services eliminates the goods/services distinction without any useful effect.

How should we then identify whether a particular good entails a simultaneous service? To date, WTO discussions related to the Internet have largely focused on e-commerce used to enable trade in goods or services, but have not considered the growing challenges of the IoT.Footnote 32

International trade law has proved reticent in seeking to define a service with precision. GATS merely offers a recursive definition: ‘For the purposes of this Agreement, trade in services is defined as the supply of a service.’Footnote 33 For its part, the Dispute Resolution Body has sought not to define services abstractly, but rather simply identified a particular measure as one affecting services when faced with real world challenges that required a classification. Given technological changes that are creating new kinds of services or enabling for the first-time international trade in existing kinds of services, such reluctance to preordain a strict definition and thereby leave this question to future developments seems prudent.

Even the expansion of the Information Technology Agreement at the Ministerial Conference in 2015 failed to clarify these issues. In 1996, many WTO nations had agreed to phase out duties on the imports of a variety of information technology products.Footnote 34 In 2015, the now-larger membership of the Information Technology Agreement agreed to expand the list of duty-free information technology products,Footnote 35 but did not clarify the application of the WTO agreements to the IoT.

The classic WTO case exploring the intersection between a good and a service is Canada–Periodicals.Footnote 36 There the United States challenged a special Canadian tax on periodicals that adversely affected United States periodicals such as Sports Illustrated. The United States argued that the Canadian tax violated Canada's national treatment obligation for US products under GATT. Canada countered that the tax was directed towards advertising in the magazines, and thus was a measure affecting a service, not a good. Since Canada had not promised national treatment for advertising services under GATT, the Canadian characterization of the measure as one affecting a service would have defeated the US challenge to the discriminatory tax. The Appellate Body rejected this argument, observing, ‘The entry into force of the GATS … does not diminish the scope of the application of the GATT 1994.’Footnote 37 The Appellate Body concurred with the panel's view that the ‘obligations under GATT 1994 and GATS can co-exist’.Footnote 38 The Appellate Body found that the periodical in question implicated services – but that the final product was a good which comprised services: ‘[A] periodical is a good comprised of two components: editorial content and advertising content. Both components can be viewed as having services attributes, but they combine to form a physical product –- the periodical itself.’Footnote 39

Applying Canada–Periodicals to smart objects, should we therefore conclude that a smart object is a good, which is comprised in part of services? Are smart objects best understood simply as goods, the successor to computerized objects such as the Casio smartwatches of the early 1980s?Footnote 40 After all, the Casio Databank watch stored an address book and calendar, alongside calculator functions. It certainly held a computer chip.

But today's smartwatches connect user information to the Internet, storing and accessing information held on Internet servers around the world. This is true generally of today's smart objects as well: the continuous, real-time, evolving information flows emanating from and to the IoT and the robots of today distinguish them from most earlier computerized objects. While computers have long been embedded in devices, the new devices also continuously communicate with the world.

Even if they communicate with the world, does that necessarily involve a service? Perhaps we should consider the data flows as communications, not as services at all? While it is easy to see the ‘good’ aspect of a smart object, it can be more difficult to recognize the services embedded within. Services now provided across borders include such abstract concepts as thinking, analyzing, recommending, and remembering. In many cases, the data flows entailed by these products cannot be found in traditional tariff classification schemes.Footnote 41

In China–Electronic Payment Systems, the WTO panel embraced a broad view of data operations as services. Consider the wide array of functions performed electronically that the panel recognized as services:

The Panel recalls that the services at issue, as defined in the panel request, consist of a ‘system’ that ‘typically includes’ five elements, namely (i) the processing infrastructure, network, and rules and procedures that facilitate, manage, and enable transaction information and payment flows and which provide system integrity, stability and financial risk reduction; (ii) the process and coordination of approving or declining a transaction, with approval generally permitting a purchase to be finalized or cash to be disbursed or exchanged; (iii) the delivery of transaction information among participating entities; (iv) the calculation, determination, and reporting of the net financial position of relevant institutions for all transactions that have been authorized; and (v) the facilitation, management and/or other participation in the transfer of net payments owed among participating institutions.Footnote 42

The data storage and processing required for a smart object seem of a kind with the operations recognized as services in China–Electronic Payment Systems. Rather than supporting financial transactions, the data services from a smart object might support health monitoring and analysis, or usage rates and times, etc.

Some of the data flows from smart objects are easy to recognize as services. Take, for example, the home monitoring service offered by makers of modern surveillance cameras. The Nest home surveillance system offers a $199 camera, a major feature – permitting the user to rewind and see who visited the premises the previous day – but which only works with a $5 per month video recording service.Footnote 43 That service consists in cloud recording and replaying of the video.

In many cases, the economic value of the service will over the long term overwhelm the value of the good. Again, this is evident in smart objects such as a Nest, for which the monthly video recording service cost will far exceed the cost of the camera over the lifetime of the device.

But what of a Samsung home monitoring camera, which offers an option to send the video home surveillance recording to the user's Google drive account?Footnote 44 (This might well involve the flow of data from a house in California to a data server in South Korea and then back to Google's data servers on the West Coast.) And all of this for free. Perhaps the sine qua non of a service should be whether it is provided for a cost? Under such a rule, Wikipedia would not be a service under international trade, even though it largely replaced the expensive encyclopedias of earlier generations. For smart objects like the Samsung camera, it seems better to treat the service as bundled with the good itself at the point of sale. Indeed, one of the key selling points distinguishing the Samsung home surveillance camera is the fact that one does not have to pay ongoing fees for the monitoring service, having free services instead. Thus, rather than seeing the data services provided for the lifetime of the object as free, we might see them instead as prepaid. After all, it costs Samsung money to provide the data processing for such cameras.

Thus, it makes sense to see a Smart Object as both a good and an ongoing service, and any regulation thereof thus subject to both GATT and GATS disciplines. In China–Audiovisual, the Appellate Body affirmed that ‘a measure can regulate both goods and services and that, as a result, the same measure can be subject to obligations affecting trade in goods and obligations affecting trade in services’.Footnote 45

In sum, it seems likely that the Dispute Resolution Body would conclude that smart objects are goods with embedded services, subject to both GATT and GATS disciplines.

3.2 GATT or GATS?

The fact that a smart object may be subject to GATT and GATS disciplines simultaneously does not answer the question as to which treaty to apply in any particular challenge to a specific measure.

Again, the case of Canada–Periodicals is instructive. There, the Appellate Body had to decide whether GATT or GATS should be applied, with Canada arguing for the application of GATS, and the US arguing for the application of GATT. The critical question, as the Appellate Body saw it, was to determine whether to apply GATT or GATS to the dispute turned not simply on an examination of the good itself, but on the measure at issue. The Appellate Body wrote, ‘The measure at issue in this appeal, Part V.1 of the Excise Tax Act, is a measure which clearly applies to goods.’ The Appellate Body continued,

An examination of Part V.1 of the Excise Tax Act demonstrates that it is an excise tax which is applied on a good, a split-run edition of a periodical, on a ‘per issue’ basis. By its very structure and design, it is a tax on a periodical. It is the publisher, or in the absence of a publisher resident in Canada, the distributor, the printer or the wholesaler, who is liable to pay the tax, not the advertiser.Footnote 46

If the measure at issue had been directed at the advertiser in the periodical, then it might have been appropriate to characterize the measure as directed towards the regulation of the service. This is consistent with the opening mandate of GATS, set forth in Article 1:1: ‘This Agreement applies to measures by Members affecting trade in services.’Footnote 47

Thus, the answer to the question of GATT or GATS does not depend on the nature of the economic transaction central to the dispute, but rather the measure at issue and to what it is applied. This approach recognizes that services and goods are often conjoined in a particular economic activity. Determining whether to apply GATT or GATS turns on what the measure is applied to – the good or the service in the economic activity. The Appellate Body's recognition in Canada–Periodicals that goods can have services embedded in them seems especially apt with respect to the IoT.

Confirmation of this approach can be found in another Appellate Body decision in the case of China–Audiovisual, a dispute which also involved the consideration of the intersection between goods and services. The Appellate Body repeated its observation in Canada–Periodicals that ‘particular measures “could be found to fall within the scope of both the GATT 1994 and the GATS”, and that such measures include those “that involve a service relating to a particular good or a service supplied in conjunction with a particular good”.’Footnote 48 It continued, ‘a measure can regulate both goods and services and that, as a result, the same measure can be subject to obligations affecting trade in goods and obligations affecting trade in services’.Footnote 49

China argued that its measures concerning films and audiovisual products did not regulate goods, but rather the content of films shown in China – and thus were not covered by its trading rights commitments, which were limited to goods. The Appellate Body, however, concluded the regulation limiting content necessarily limited who could import goods, and that therefore the measure implicated China's trading rights commitments.Footnote 50 In order to determine whether goods commitments were implicated, the Appellate Body asked whether the challenged measure affected a foreign supplier of goods. Finding that it did, the Appellate Body assessed whether the measure violated the country had violated that country's commitments with respect to those goods.

This approach explains why even a case involving bananas might bring to bear the GATS. In EC–Bananas III, Ecuador and a number of other countries brought a variety of claims against a European licensing regime for banana imports, distribution, and sale.Footnote 51 In addition to the principal GATT claims, Ecuador argued that the European measures violated that region's GATS commitments to permit Ecuadorian ‘wholesale trade service’ providers. The European Communities insisted that their measures did not implicate GATS because the measures were focused on the licensing of goods, and thus should be examined under GATT exclusively. The Appellate Body sided with Ecuador, concluding that European measures that prevented the Ecuadorian companies from buying or selling certain bananas interfered with Europe's GATS commitments.Footnote 52 The Appellate Body concluded, ‘It is difficult to conceive how a wholesaler could engage in the “principal service” of “reselling” a product if it could not also purchase or, in some cases, import the product.’Footnote 53

This approach offers a sensible means to determine whether to apply GATT or GATS (or both) in any particular dispute. If the measure is directed towards the regulation of the service, then GATS disciplines should apply; if directed towards the regulation of the good qua good, then GATT disciplines should apply. If directed towards both, both should apply. Rather than beginning with the particular item of international trade to determine whether it consists in a good, service, or both, we examine the challenged measure to see whether it is targeting a good, a service, or both.

What if a measure regulates both a service and a good simultaneously? In EC–Bananas III, the Appellate Body offered a way to determine how to apply GATT and GATS when a measure implicated both. In that case, the Appellate Body had in mind ‘measures that involve a service relating to a particular good or a service supplied in conjunction with a particular good’.Footnote 54 Such a measure, it noted, ‘could be scrutinized under both the GATT 1994 and the GATS’.Footnote 55 However, while the same measure could be scrutinized under both agreements, the specific aspects of that measure examined under each agreement could be different: ‘Under the GATT 1994, the focus is on how the measure affects the goods involved. Under the GATS, the focus is on how the measure affects the supply of the service or the service.’Footnote 56

Some have argued that the WTO framework needs to be revised in light of contemporary technologies. Farrokhnia and Richards argue that e-commerce products could conceivably constitute both a good and a service. They seem to have in mind products that are intangible, such as movies or music in digital form. They maintain that intangibility alone does not necessitate any conclusion as to whether a particular product is either a good or a service because neither GATT nor GATS ‘says anything about tangibility or intangibility’.Footnote 57 They note the possible ‘need to create a new category for e-commerce products in the WTO framework’.Footnote 58

Cernat and Kutlina-Dimitrova propose such a new category – but for a different type of economic activity. Arguing that the existing GATS framework is inadequate to the increasing role of services in manufacturing, they propose a new mode 5 for services that are incorporated into products.Footnote 59 They have in mind goods involving design or similar services, or goods embedded with software. The introduction of mode 5 would mean that countries would need to identify whether they intend to make commitments to national treatment and/or market access for each good/service category combination – a rather demanding requirement given the long-running impasse in multilateral liberalization.

4. Conclusion

Even while offering substantial improvements in our lives, the IoT will require significant regulatory oversight. In particular, ubiquitous smart objects will raise questions of privacy, security, standards, and interoperability. The coming of this smart world will also put pressure on trade law, as dispute settlement mechanisms are invoked to assess whether a particular government measure is legitimate regulation or simply disguised protectionism.

The coming of the IoT complicates the elegant distinctions at the heart of international trade law. At the same time, it reveals that trade law always recognized the complexity of a world where goods embedded services. And it further reveals that the international trade regime may yet prove more adaptable than might have been expected.

Footnotes

Thanks to Merit Janow and Petros Mavroidis for inviting me to participate in their Columbia University digital trade seminar where I received insightful comments. I am grateful for a Google Research Award that supported this work. The work builds on earlier research conducted for UNCTAD. The views expressed herein, and any errors, are my own.

References

1 In fact, the country schedules principally rely on a classification system that dates to 1991, when the United Nations published the provisional Central Product Classification scheme. Weber, R. H. and Burri, M., Classification of Services in the Digital Economy, Berlin: Springer-Verlag (2013), 19CrossRefGoogle Scholar.

2 Recommendation ITU-T Y 2060.

3 D. Burrus, ‘The Internet of Things Is Far Bigger Than Anyone Realizes’ (2014), www.wired.com/insights/2014/11/the-internet-of-things-bigger/. For examples of IoT deployment in a variety of settings, see US Government Accountability Office, ‘Internet of Things: Status and Implications of an Increasingly Interconnected World (2017), www.gao.gov/assets/690/684590.pdf, 62–64.

4 www.gartner.com/newsroom/id/3598917. Additional estimates available at http://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated; International Telecommunications Union (ITU) and Cisco, ‘Harnessing the Internet of Things for Global Development’ (2016), 11.

5 Federal Trade Commission, ‘Internet of Things: Privacy and Security in a Connected World’ (2015); US Department of Commerce, ‘Fostering the Advancement of the Internet of Things’ (2017), www.ntia.doc.gov/files/ntia/publications/iot_green_paper_01122017.pdf. http://meity.gov.in/sites/upload_files/dit/files/Draft-IoT-Policy%20%281%29.pdf.

6 ‘China Said to Exclude Apple from Procurement List’, Bloomberg News, 6 August 2014, www.bloomberg.com/news/2014-08-06/china-said-to-exclude-apple-from-procurement-list.html; Charles Clover, ‘China Bans Federal Officials from Buying Apple Products’, Financial Times, 6 August 2014.

7 China accounted for 20% of Apple's global revenues in the last calendar quarter of 2017 (which Apple labels its first fiscal quarter of 2018), www.apple.com/newsroom/pdfs/Q1_FY18_Data_Summary.pdf.

8 www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-due-inadequate. The FTC alleged ‘hard-coded’ login credentials integrated into D-Link camera software, software flaws that enable remote attackers to control customer's devices, and the failure to encrypt login credentials on D-Link's mobile app.

9 L. Hay Newman, ‘The Army Grounds Its DJI Drones Over Security Concerns’, Wired, 8 August 2017, www.wired.com/story/army-dji-drone-ban/.

10 Farrokhnia, F. and Richards, C., ‘E-Commerce Products under the World Trade Organization Agreements: Goods, Services, Both or Neither?’, 50 Journal World Trade (2016), 793, 800Google Scholar (‘the issue of classification is one of practical significance since it would determine the nature of the trade regime for relevant products’).

11 UNCTAD, 2017 Information Economy Report at 4.

12 www.zdnet.com/article/iot-devices-will-outnumber-the-worlds-population-this-year-for-the-first-time/.

13 UNCTAD, Information Economy Report 2017, at 5.

14 L. Hay Newman, ‘The Botnet that Broke the Internet Isn't Going Away, Wired, www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/; Shackelford et al., 2017; ‘A new era of internet attacks powered by everyday devices’, New York Times, 23 October 2016.

15 Federal Trade Commission, supra note 5, at ii.

16 Peppet, Scott, ‘Regulating the Internet of Things: First Steps toward Managing Discrimination, Privacy, Security, and Consent’, 93 Texas Law Review (2014), 85Google Scholar.

17 http://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx.

18 UN General Assembly, ‘The Right to Privacy in the Digital Age’, G.A. Res. 68/167, U.N. Doc. A/RES/68/167 (18 December 2014), www.un.org/en/ga/search/view_doc.asp?symbol=A/RES/68/167; for a discussion, see Chander, A. and Land, M., ‘Introductory Note to United Nations General Assembly Resolution on the Right to Privacy in the Digital Age’, 53, International Legal Materials. (2014), 727731Google Scholar.

19 World Economic Forum, supra note 4.

20 Altimeter, ‘Interoperability: The Challenge Facing the Internet of Things’ (2014), www.prophet.com/thinking/2014/02/interoperability-the-challenge-facing-the-internet-of-things/.

21 ‘Digital Single Market’, Europe 2020 Strategy, https://ec.europa.eu/digital-single-market/en/europe-2020-strategy.

22 B. Nonnecke, M. Bruch, and C. Crittenden, ‘IoT & Sustainability: Practice, Policy and Promise’, Citris (3 June 2016).

23 One study places information at the heart of IoT (noting that ‘information lies at the heart of IoT, feeding into a continuous cycle of sensing, decision making, and actions’), but it also observes that ‘It is imperative for things to have the capability of communication – exchanging data over a network between them and/or with the cloud backend services’, ENISA, ‘Baseline Security Recommendations for IoT in the Context of Critical Information Infrastructures’ (November 2017), 18–19.

24 European Commission, ‘Advancing the Internet of Things in Europe’ (2016), 13.

25 For a roundup of data localization obligations, see Chander, A. and , U. P., ‘Data Nationalism’, 64 Emory Law Journal (2015), 677Google Scholar.

26 Nigerian Law Intellectual Property Watch, ‘Guidelines for Nigerian Content Development in Information and Communications Technology (ICT)’ (section 12.1), https://nlipw.com/guidelines-nigerian-content-development-information-communications-technology-ict/.

27 U. Ahmed and A. Chander, ‘Information Goes Global: Protecting Privacy, Security, and the New Economy in a World of Cross-Border Data Flows’, E15 Initiative (2015).

28 World Bank, ‘Reaping Digital Dividends Leveraging the Internet for Development in Europe and Central Asia’, at 145.

29 For an important overview of trade law's discipline of data regulation, see Burri, M., ‘The Governance of Data and Data Flows in Trade Agreements: The Pitfalls of Legal Adaptation, 51 UC Davis School of Law – Law Review (2017), 65Google Scholar. For an examination of data localization measures from a trade law perspective, See Daniel Crosby, ‘Analysis of Data Localization Measures under WTO Services Trade Rules and Commitments’ (E15 Initiative, March 2016), http://e15initiative.org/wp-content/uploads/2015/09/E15-Policy-Brief-Crosby-Final.pdf.

30 http://en.wikipedia.org/wiki/Calculator_watch.

31 https://www.wired.com/story/ai-can-help-apple-watch-predict-high-blood-pressure-sleep-apnea/.

32 WTO, ‘Work Programme on Electronic Commerce’, adopted on 25 September 1998 (WT/L/274). In 2013, the General Council expanded its discussions as follows: ‘the Work Programme should continue to examine the trade related aspects of, inter alia, enhancing internet connectivity and access to information and telecommunications technologies and public internet sites, the growth of mobile telephony, electronically delivered software, cloud computing, the protection of confidential data, privacy and consumer protection’, WTO, Ministerial Decision of 7 December 2013, WT/MIN(13)/32, WT/L/907, 11 December 2013.

33 GATS, Art. I:1.

34 Ministerial Declaration on Trade in Information Technology Products, WT/MIN(96)/16 (1996); General Council, Declaration on the Expansion of Trade in Information Technology Products, WT/L/956 (28 July 2015).

35 www.wto.org/english/thewto_e/minist_e/mc10_e/briefing_notes_e/brief_ita_e.htm.

36 Appellate Body, Canada  Certain Measures Concerning Periodicals, WT/DS31/AB/R (30 June 1997).

37 Ibid. at 19.

38 Ibid.

39 Ibid. at 17.

40 http://en.wikipedia.org/wiki/Calculator_watch.

41 Cf. Smith, F. and Woods, Lorna, ‘A Distinction without a Difference: Exploring the Boundary between Goods and Services in the World Trade Organization and the European Union’, 12 Columbia Journal of European Law (2005/06), 463, 510Google Scholar (‘[N]ew products may not fit easily into the existing coding systems with disagreement arising over the correct classification of the product. There is a risk of discrepancies arising in two contexts: either products can be classified differently within the HS or W/120/CPC code, or, more radically, products can be classified as goods in one scheme and services in another. This problem is acute for products traded online although more established products, such as those of the communications industry, have also given rise to problems.’)

42 Appellate Body, China  Certain Measures Affecting Electronic Payment Services, WT/DS413/AB/R, para. 7.41.

43 https://store.nest.com/product/camera/NC1102ES (advertising $199 camera and a $5/month or $50/year service for ‘continuous recording, intelligent alerts’).

44 https://www.samsungsmartcam.com/manual/android_en.pdf (‘A 30-second video clip is uploaded automatically to the user's Google Drive account’). Samsung earlier offered to upload video to the user's private YouTube channel, but discontinued that feature in 2014, www.samsungsmartcam.com/web/cmm/board/view.do?idx=151&currPage=1&lastPage=1.

45 Appellate Body, China – Measures Affecting Trading Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products, WT/DS363/AB/R (21 December 2009), para. 194.

46 Ibid. at 18.

47 GATS, Art. 1:1.

48 Appellate Body, China Audiovisual, para. 193.

49 Ibid. at paras. 196–198.

50 Ibid. at para. 188 (‘where the content of a film is carried by physical delivery materials, Article 30 of the Film Regulation will inevitably regulate who may import goods for the plain reason that the content of a film is expressed through, and embedded in, a physical good’).

51 Appellate Body Report, European Communities – Regime for Importation, Sale and Distribution (EC–Bananas III), WT/DS27/AB/R (25 September, 1997).

52 Ibid. at para. 244.

53 Ibid. at para. 226.

54 Ibid. at para. 221.

55 Ibid.

56 Ibid. at para. 221.

57 Farrokhnia and Richards, supra note 10, at 810.

58 Ibid at 815.

59 Cernat, L. and Kutlina-Dimitrova, Z., ‘Thinking in a Box: A “Mode 5”Approach to Service Trade’, 48 Journal of World Trade (2014), 1109Google Scholar (‘The [existing] GATS four modes of services supply … do not account for the fact that a substantial and increasing share of services is being embodied in products and traded around the globe.’)