Research Paper 234, 29 May 2026
The Digital Trade Data Heist: Trade Agreement Limits on Data Transfer and Storage Regulation Could Undercut Data Governance
By Daniel Rangel, Jai Vipra, and Lori Wallach
Governments worldwide are increasingly regulating how data is collected, transferred and stored to advance public interest objectives, including privacy, national security, taxation of the digital economy, and competition in the emerging artificial intelligence (AI) field. However, recent “digital trade” rules in international agreements — particularly those modeled on the United States–Mexico–Canada Agreement (USMCA) — restrict governments’ ability to regulate cross-border data flows or to require local data storage. This paper analyzes the expanding divergence between domestic data-governance measures and binding trade commitments. It evaluates three major models of digital trade rules (USMCA, Mercosur (Mercado Común del Sur), and European Union–New Zealand) and demonstrates that the USMCA framework imposes the most sweeping constraints and the weakest exceptions. The analysis also shows that such trade rules may hinder broader regulatory efforts related to taxation and AI accountability.