The day has come. After years of whispers and inklings the European Commission has at last opened hunting season for privacy rights. The so-called “Digital Omnibus“, a legislative package announced on November 19th aims at changing most of the European data regulations. Among the bounty is the European General Data Protection Regulation (GDPR), Europe’s gold standard of rules for the digital age and one of Brussel’s (once-) proudest achievements. From Africa to China, it is said to have compelled many lawmakers to align with Europe’s approach. Now “Brussels is done being the world’s digital policeman” titles Politico (in part owned by Springer, the largest German right-wing media group). In an open letter, signed by 130 organisations, among them Amnesty International, EDRi and Access Now, it is called “the biggest rollback of digital fundamental rights in EU history” and legal scholars summarise it as “How to Kill Data Protection Fast“. This blog post is not about whether these assessments are valid. While it is hard to see the package as anything but an attempt to align the regulatory landscape more with the interests of economic actors, this is not really the topic here. The Digital Omnibus is an illustration. It is an illustration of the limited transformative potential of regulation within a society that is structured around and driven by private profit and marketisation of data and labour. But the Omnibus is also an opportunity. An opportunity to turn disenchantment into a desire for fundamental change.
The Digital Omnibus
Let’s start with some more details to set the context. The Omnibus and its broader implications are best understood as part of the digital economy of Europe and the data processing rules enacted in the European Union. Back in the 1990s, Europe already had a fairly elaborated ruleset for data processing thanks to the 1995 Data Protection Directive. All the key regulatory principles that were later adopted in the GDPR were there: Data processing required a legal basis and was in principle limited to the purposes of the original collection, subjects had access rights and public authorities were in charge of supervision and enforcement. An important difference between the 1995 directive and the 2016 regulation was their legal nature. Directives are European laws that are not directly applicable in member states but have to be transposed into national law, usually including some wiggle room. Regulations (like the GDPR) are immediately applicable in all member states. The 1995 data protection directive merely set a framework and needed to be implemented by member states into national law. The result was an inconsistent regulatory landscape and enforcement practice. In contrast, the GDPR was enacted as a regulation. When the GDPR came into force in 2016, it created a uniform regulatory landscape and new enforcement coherence mechanisms. The intention (as stated in Article 1 paragraph 3 itself): Creating a unified European data market.
The GDPR was nevertheless highly contested. US tech giants and European corporations tried to shape the regulation to their liking. And some member states, Germany being the most vocal one, feared losing legislative control. That the GDPR still made it into the official records had many different reasons. Two played a bigger role: First, Europe started to get hungry for a piece of the digital economy pie which was dominated by foreign competition. Second, the revelations of Edward Snowden about the cooperation between US tech corporations and the NSA unveiled indiscriminate mass surveillance of Europeans. The GDPR was undeniably shaped by both circumstances. It included strict rules for access of foreign corporations to European data while still fostering commercial data processing. As I have explained in detail here, the GDPR never questioned the capitalist foundation of the European data economy. It was an attempt at shaping the – then relatively young – global data economy in the interest of “Europe”, including all the colonial dynamics such an endeavour necessarily entails. The result is a legal act that has unusually strict aspects but still tries to strengthen the European data economy. It neither questioned the data market and profit-driven data processing nor did it surrender everything to commercial interests. No one was really happy. This way, the GDPR reflected the distribution of power within a specific historical economic and geopolitical context.
The Omnibus is the recent manifestation of current power shifts within and between competing capitalist economies. The main driver of the current shift is so-called “AI”, a technology which itself is deeply shaped by capitalism with little promise beyond further devaluing labour, automating discrimination and homogenising culture. While the technology behind the marketing has little practical value and threatens to leave a trail of destruction after it crashes, it is – as of now – a very powerful narrative for justifying sweeping regulatory changes. The Omnibus contains several changes that directly relate to lowering the legal requirements for “training” and using “AI” models. European lawmakers no longer believe that the standards of the GDPR are a net-win for the European economy. To compete with the foreign “AI” industry, the European Union is willing to change course. Pressure from foreign nations where “AI” corporations and right-wing-regimes have gone into worrying alliances seem to have motivated these legal changes. Numerous reports speak of enormous pressure from the Trump regime to weaken Europe’s digital ruleset in the interest of US tech corporations.
Regulation and social transformation
Economic interests always shape the laws of capitalist societies. Marie Thøgersen has explained this process in great detail with a focus on international cyber law. Examples in other areas are numerous. The tax law, labour law and the laws governing our health care systems are shaped by colliding interests of those that profit from lowering wealth taxes, from weaker labour rights or from privatisation and of those that do not. Workers had to fight tooth and nail to make the 40-hour, five-day work week, full compensation for sick days and health insurance a reality. These social reforms were always contested. And they are today. The expected changes in Europe’s digital regulations are merely the most recent example of this dynamic. The success of the GDPR was always fragile, just as every other social or legal reform. Once the social climate shifts they will get under attack. Clara Fraser, a founder of Radical Women and the Freedom Socialist Party, found excellent words for this in an 1989 interview:
“I don’t expect any reform to last longer than the willingness of people to fight to retain it and longer than a progressive period in history will last. Periods change and once you go into a regressive period – as you always do after a progressive period under capitalism – all your reforms are swept under the rug. They’re decimated and it’s very difficult to retain them. You have to run like hell to stay in the same place, like in Alice In Wonderland. And half the time you run like hell and you still go backward only you don’t go backward quite so fast. So I am not surprised or disenchanted to find out that reforms are threatened because I was never enchanted in the first place.”
Many people are currently disappointed by the apparent onslaught on digital rights. But this is an opportunity to let false hope die. As long as our society still allows privately owned, profit-driven actors to dominate our social order, this is never going to change. We might temporarily shift the scales to our favour, but as long as we do not jump out of the hamster wheel, we are stuck. I am not saying that reforms are wrong. To the contrary. Defending the status quo often is the necessary starting point for true change. Reforms can improve the lives of countless people. They are worth fighting for. But they cannot be our horizon. Even a 30-hour work-week or another day of sick-leave leaves the fundamental hierarchies in our society untouched. As long as the fundamental power inequality between private-property owners and the rest of society is not resolved we can only achieve so much. But why only ask for higher pay when we can free ourselves from bosses? Why only call for rent regulation when we can socialise housing? Why only call for more data transparency when we can socialise digital infrastructures? Why only fight for a fair competitive market when we can abolish privately-controlled commercial actors competing for the highest profit? We still have to fight for such reforms, yes. But we always have to be aware of the limitations of regulation within capitalism.
The recent developments are a chance for transformative ideas and actors to enter into digital policy. Right now, civil society is gathering around defending the status quo. While this is a necessity, defending the status quo comes with the danger of reinforcing the idea that there is no alternative. This is the lie at the heart of hopelessness. Science-fiction author Ursula K. Le Guin reminded us in 2014:
“We live in capitalism, its power seems inescapable — but then, so did the divine right of kings.”
Great change like the Digital Omnibus can leave us disillusioned. But it can also tear a hole in the grey curtain of apathy that limits our imagination. It can spark our imagination and our will to resist. When, if not now, are pictures of a digital society built on solidarity and equality needed more? The Digital Omnibus is an opportunity to remember that we have a world to win. Not just better regulation.
Foto von Trym Nilsen auf Unsplash.