Ariel Bogle* says the European Union’s sweeping new data protection laws pit it against the data-sucking habits of Silicon Valley in a battle for the soul of the internet.
Who owns the soul of the internet?
For much of the world, that’s a battle being fought in American boardrooms and European Parliaments.
Sweeping new data protection laws took effect in the European Union (EU) late last month.
The General Data Protection Regulation (GDPR) attempts to wrestle back control over the information of internet users from the data-sucking habits of largely Silicon Valley technology companies.
Its principles are empowering for individuals: EU citizens will have a right to be forgotten online and to correct their data, while consent to collect it at all will need to be “specific, informed and unambiguous”.
The GDPR could provide a blueprint for new, less intrusive online practices, but there are also fears the internet could be further fragmented.
Far from early borderless, anarchic visions of life online, how much authority you have over your own data will be increasingly determined by where you are.
Will Europeans have more rights than Australians?
Is that fair?
Who owns the internet’s soul?
The GDPR represents a clash of values, according to Professor Laura DeNardis, an internet governance expert at American University.
Privacy is considered a fundamental human right in the EU, while in the US, there has historically been more concern about free speech.
“Control of the internet is now a proxy for political power, and how both economic and political power unfurls in the world is entirely mediated based on who controls the digital environments,” Dr DeNardis said.
The rise of cyber sovereignty, in her view, is an effort to impose borders on a borderless internet to achieve political purposes.
“In the case of the GDPR, the political purpose is privacy,” she added.
“The ‘great firewall of China’ — that’s about stopping the flow of certain data.”
“In other countries, it’s about enacting massive surveillance.”
Dr Angela Daly, a Queensland University of Technology senior research fellow, pointed out that it is largely American companies that have grown rich collecting vast amounts of data in exchange for free services.
“They are not European companies, [they] are not really paying much tax in Europe,” she said.
“I don’t think that [fact] can be entirely divorced from regulation as well.”
How good is the GDPR, anyway?
While the GDPR is a positive step for European consumers, critics argue that it remains a complex, compromised document.
It’s been reported as an innovation that could upend the internet as we know it.
But, according to Dr Daly, the internet ecosystem may remain largely unchanged.
“It still doesn’t fundamentally stop … data being gathered about people,” she explained.
“In that sense, so long as you tick the boxes of the GDPR, you can still gather large amounts of data.”
Whether the regulations will be rigorously prosecuted by European authorities, forcing real behavioural change among technology companies, also remains to be seen.
“There’s great excitement about rolling back the Faustian bargain that we’re in,” Professor DeNardis said, referring to the use of free online services in exchange for our data.
“But on the other hand, there is concern about what these changes will mean … and also, how they can have sweeping affects outside the borders of the EU.”
One internet for you, another for me?
Of course, the experience of the internet has never been equal or universal.
Some people simply don’t have access or have an unreliable connection.
Others have disabilities that digital companies have failed to accommodate.
And, increasingly, your rights to your own data are determined by location.
The US has pioneered a form of surveillance capitalism, while the EU has tried to claw (some of) that data back.
In doing so, it may claw it back for the rest of us as well.
The GDPR has already influenced data protection outside the EU, suggests Graham Greenleaf in remarks delivered at the launch of the laws in Brussels.
The GDPR’s influence is not only being felt legislatively, with other countries passing similar provisions, but also thanks to international businesses becoming “GDPR compliant”, said Professor Greenleaf, a data law expert at the University of New South Wales.
Australians second-class data citizens?
In this fight, Australia sits somewhere in the middle.
Our Privacy Act is more in line with the EU’s data protection laws compared with the US, Dr Daly said.
But we lack comprehensive enforceable human rights or constitutional rights (although the Government is considering giving Australians more power to control their data).
Neither is Australia on the European Commission’s list of countries that offer an adequate level of data protection (although New Zealand is).
We’re also at the mercy of the technology giants, unless Australia follows the GDPR and makes legislative changes.
Facebook, for example, has shifted its terms of service for Australians out of Ireland, effectively moving Australians out of the GDPR zone.
It’s a long way from the free and open vision of the internet proposed by digital rights pioneers.
“The internet libertarians always were wrong,” Professor Greenleaf wrote in an email.
“Surveillance capitalism is the name of the game — and that is anarchic and borderless in a very different way from what John Perry Barlow imagined.”
* Ariel Bogle is the online technology reporter in the ABC RN science unit. She tweets at @arielbogle.
This article first appeared at www.abc.net.au.