Seán Pender looks into the complicated and murky world of data protection and lets us know that its’ not only complicated but something we really should be keeping a closer eye on.
Yes, that cookie thing you kept receiving emails about last May – It is more important that you think. Here’s why:
The European Union has decided that they will only accept new trade deals with third countries if data protection clauses are included in them. This has brought about mixed reactions to say the least. Politico, among others, fears “Europe wants to conquer the world all over again.”, while others, such as the Financial Times (FT) say this could “threaten public welfare on both sides of the Atlantic. Now I know what you are thinking – Hmm, this was not mentioned in those cookie emails – however, there is a growing concern that the EU has a hidden agenda when it comes to GDPR. In 2018, Irish national state broadcaster, RTÉ reported that the EU has framed GDPR as giving the power back to the ordinary citizen when it comes to processing and storing data. But many, including the Centre for Strategic and International Studies, disagree with this EU rhetoric and claim it is “hidden protectionism”, Bloomberg, among others, says it is another technique to punish data-hoarding tech-giants. However, I, amongst others, am beginning to believe that GDPR is first and foremost a means for the EU to exert its influence on the rest of the world. In 2017, the European Parliament, benefitting from a lack of media coverage and citizen’s interest on all issues that are not related to Article 13, stated that they will not accept any EU bilateral trade deals that do not include a data protection clause, i.e. GDPR (European Parliament, 2017). Despite going somewhat under the radar, this could have huge consequences. Not only for Europeans, but for the citizens of all countries. Here is why you should care about this, and how it could change the data landscape of the world as we know it.
Since its post WW2 foundation, the EU has changed plenty of times, even with its name, as the BBC relates in its 2007 online feature: A Timeline of the EU. Nevertheless, one constant has always stood the test of time – trade. Without mentioning the B-word, much of the discourse surrounding the UK’s withdrawal from the EU has been based on and around trade. Trade is simply the EU’s raison d’être. On the surface, when we consider free trade agreements, we mostly consider the economic benefits of such pacts. Neither side pays tariffs meaning the government loses a little bit of revenue but ultimately the consumer wins with more choice from imports and lower prices – Economics 101. This was how the majority of trade agreements originally worked. That said, with the rise of the internet and all that it brings with it, amongst other factors, issues have shifted away from tariffs to much more sensitive topics. Data protection is one of these.
Historically speaking, the EU has in fact used trade for much more than economic gain. In his 2002 online publication: Normative Power Europe, Ian Manners describes how the EU uses trade in order to exert influence and norms on the rest of the world and gives other examples of norms that the EU has devised to transpose globally, such as anti-discrimination, human rights and sustainable development. I believe that the EU is using its normative power to spread GDPR across the globe, through the medium of trade. Here’s why:
Firstly, the EU is the first world leader to take a stance on data protection. In fact, the EU is the only place where both privacy and data protection are considered as two separate rights, as opposed to data protection falling under the privacy umbrella, as it does elsewhere. In European Data Protection Supervisor, the EU explains its belief that these two separate rights are fundamental aspects for a “sustainable democracy” (European Data Protection Supervisor, 2018). Regardless of your opinion of the EU or GDPR, one thing is clear – the EU seems to take data protection seriously and they are certainly a world leader in this regard. As anyone who has ever played a game of noughts and crosses will know, being first makes a huge difference. Being the trend setter, a leader, not a follower – You get to set the tone for the rest of the game and the other players. The EU has done this with GDPR. They brought it upon themselves to undertake what Politico in 2018 called the “biggest overhaul of the world’s privacy rules in more than twenty years.” The European Commission’s entrepreneurship in creating GDPR has left Europe in a more than favourable position. In essence, when it comes to data protection, what the EU says goes. With a tech-savvy market of 510 million people behind them, most dare not oppose the EU’s data wishes. In including GDPR in all trade deals, there is a strong possibility that the EU’s data norms, will become the world’s data norms.
In a second instance, if we investigate Europe’s position in technological advancements, most new technologies need data or big data in order to function. Whatever about “data is the new oil,” data is fundamentally the new petrol needed to drive new technologies. If we take, for instance, what I consider to be the most important technological innovation of our time – Artificial Intelligence – Europe finds itself lagging behind. In her 2017 discussion paper: Big data, artificial intelligence, machine learning and data protection, the EU Information Commissioner points out that AI can be considered as the key to unlocking the value of big data. The FT, among others, fear that the EU is “playing catch up”, whereas other popular journals, such as the Washington Post, go a step further in stating that the EU is “losing the AI race”. Furthermore, none of the data-using giant tech companies are European. When one talks about GAFA or BATX , we are ultimately speaking of non-European forces on the market. The disparity in innovation between the EU and the rest is epitomised by the fact that only 6.5% of global venture capital investments in so-called unicorns between 2014 and 2017 became unicorns in Europe. The Wall Street Journal pointed out that EU unicorns make up merely 10% of all unicorns globally. So, you are losing the game and cannot seem to compete with Asian and American heavyweights, what can you do? Rewrite the rules of the game. Whilst this may be over-simplified, in essence, this is what the EU has done with GDPR. Is it working? Well just last January, Verge reported that Google was fined €50 million for a GDPR violation, just one of the 91 fines that have been dished out between May 2018 and February 2019, according to CSO. Now, here’s the kicker: With GDPR included in trade deals, multinational companies will have to re-think their worldwide digital strategies, not just European. Instead of trying to go twelve rounds with tech giants, the EU has entered the ring as the referee and told the fighters to punch blindfolded from now on.
Through trade deals, the EU awards what are known as “adequacy decisions.” In a nutshell, the EU tells third countries that their data regulation is up to scratch, meaning they can trade data with the EU, sans the risk of hefty fines. Since May, the following countries have been awarded these decisions; Andorra, Argentina, Canada (commercial organisations only), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to the Privacy Shield framework only). The Japan free trade agreement, including a data protection clause, was a huge deal (pardon the pun). GDPR was also included in the Canada deal CETA. Through trade deals, GDPR has spread its wings and flown across the globe. And I am almost certain that you had no idea all of this was happening.
Many believe, myself included, that countries will be forced to make a choice: Comply with GDPR, or the U.S. data protection rules. The U.S. appears to be the only country throwing its toys out of the pram because of GDPR. However, if the rest of the world keeps recognising and implementing GDPR, they too will have little choice but to comply. If this U.S. data discontent continues, instead of a banana war, this time we may have a cookie war on our hands.
Now you might be thinking, well what is so wrong with the EU being the world leader in this regard? Is it not a good thing that the EU are writing the future multilateral rules of data protection? This is what the EU would like you to believe. Lisbeth Addestam says the EU has been known to endorse its policies as a global “force for good”. Others, including Politico, would call this “data imperialism”. Looking historically at trade deals, in 2008 Hartumut Mayer pointed out that the EU tends to apply norms less severely with third countries with whom MS have a strong economic relationship, which is coupled with the EU’s severity in enforcing human rights clauses in trade deals with African, Pacific and Caribbean (APC) countries, whilst simultaneously omitting them in trade deals with Asian countries. In Kicking 2003, Chang claimed that Trade deals with APC countries are claimed to have “kicked the ladder of development” from African countries. This consistent inconsistency is largely problematic. Going forward, one must wonder if the EU will stay consistent on other key issues, such as data protection
Our friends on the other side of the pond don’t speak so kindly about GDPR. Many, including the Center for Data Innovation, were against GDPR in the first place. In our ever-connected society, data will play a fundamental role in our future. With GDPR in trade deals, I believe the EU has become the éminence grise of world data protection. And the funny thing is, aside from a few angry American CEOs, no one seems to care. Well I am here to say that we should. If current trends continue, the EU will continue to sign bilateral trade agreements with other countries with data protection clauses. GDPR could and in my opinion will be a worldwide norm in no time. The EU will then be the most powerful referee in the history of World Data Boxing. We just have to hope that the EU’s rhetoric holds true, and they are in fact the world’s force of good.
Could we be watching the start of the EU’s journey to world data and regulatory dominance right before our eyes? I for one believe so. Step up regulatory power Europe.