The Closing of the Net
The Closing of the Net
Private Lives, Public Policy
There is a very fine line between protecting privacy and the game of politics. At stake is whether privacy law protects our private life or whether it determines how industry may process our data. Is the law protecting the liability of industry or is it protecting us? Whilst we perceive a 'data-protection law' should protect our private life and information about us, in fact, policymakers are establishing political compromises that facilitate industrial uses of our data. Publicly, politicians may profess to protect our data, but in truth their actions often belie their statements. Their job is actually to get a piece of legislation adopted by parliaments. In order to get the necessary majority when the legislation is voted, they need to ensure that they obtain the agreement of different political parties. Although it must be balanced against the need to protect fundamental rights - and privacy is a fundamental right 1 - states tend to believe that the market should lead policy 2 and these kinds of political agreement may serve a variety of industry interests.
This chapter is about the political influence of corporations that gain structural power from the processing of personal data, and specifically it relates to those who trade in personal data within their terms of service. Power in the knowledge structure comes from consent, rather than coercion, 3 and when we look at the large content platforms such as Facebook, Google, Twitter, Instagram and so on, with a combined active user base in 2015 of 1.7 billion, 4 that concept gains a special meaning. This is an industry that has only existed for some fifteen years but is now a global business worth billions of dollars. They offer services that are apparently 'free', but the price is that the users give up their data, with the risk that they also lose their privacy. 'Free' services equate to continual surveillance, creating a modern form of the Faustian pact 5 that is very much a reality in the online world. The political issues concern what they are allowed to do with our data and how far they may intrude, and the notion of 'consent' has become a source of political tension.
In order to put this into context we'll turn back to 1990, when Europe was taking its first step towards data-protection law to protect privacy. There was a heavyweight lobbying campaign to temper the proposals in favour of what the industry wanted. The proposed new data-protection directive aimed to harmonize the regulatory regime for the processing of personal data across all EU member states, incorporating a principle that individuals should be able to control the use of their data. It's important to remember that, in 1990, the Internet was not yet available to the public and the data-processing industry was in relative infancy. Processing of data mostly concerned business-to-business transactions, and the exchange of information between companies that were starting to trade electronically. Examples cited by the International Chamber of Commerce (ICC) in 1992 6 were transfer of personnel files, travel information, credit records and so on. In that context, business organizations like the ICC began to advocate on the importance of exchange of information for international trade, and the need to protect trans-border data flows. Given that context, three elements of the European proposal annoyed the industry lobbyists. These were restrictions on the transfer of personal data to third countries; a requirement for express consent for use of personal data; and an obligation to notify the supervisory authorities.
The International Chamber of Commerce (ICC) said that any requirement for the users' express consent would be an 'administrative burden' because individuals would be confronted with repeated requests for consent and it would increase the cost of service p