“The Changing of a Continent” is a column by journalist Kenneth R. Rosen that focuses on the US trans-Atlantic relationship and Europe’s future.
Anyone reading this does so at their own peril. Not for the substance of this article or the contents of the website on which it appears, but rather for how you got here: through which operating system and browser and websites, which social media platform, and the links you clicked to find your way here. Beyond this is the smartphone, no doubt within arm’s reach that sits aimlessly pinging other networked devices nearby like a smart home device, your neighbor’s phone, or their television connected to Wi-Fi. The router used to ping your home or apartment full of wireless connectivity is also a source of trouble, as it connects you to the Internet Service Provider whose ability to monitor your virtual movements is unrestricted.
Data brokers and shady third-party organizations profit from personal data and information gleaned about you and your online habits. Beyond the click-away pop-ups warning of cached cookies and website data, or the preference of some websites to share information with other websites as you navigate away from one page to another, those metadata and ad trackers persist as a unique digital fingerprint: Your keystrokes and mouse swipes and clicks creating a permanent and extremely vulnerable portrait of your life in the digital world and your life beyond. Yet, this surveillance or oversight is conducted with little effort and with few repercussions.
There are options to dismantle the tracking, but online privacy is never the default. Regardless of where you reside, your Internet connection could be routed through several locales and countries. Using a virtual private network, one could connect their computer to servers in intermediary countries, making the Internet’s greatest promises — of open access and the advancement of social and cultural understanding — into weapons of misinformation.
Surveillance capitalism is the greatest threat to democratic values and a more secure global society, especially when only a few companies are at the helm of trading personal data.
But countries rarely align on those values, creating a fractured landscape of technological cooperation instead. On one side, are the human rights of free speech and expression and peaceful gathering. On the other hand are authoritarian governance and surveillance. Europe has taken a global lead questioning Internet governance, far surpassing the United States, which has flirted with both privatized models (allowing Twitter or Facebook to self-censor or YouTube to self-assess COVID-19 misinformation) and a hands-off-approach (for fear of being seen as Big Brother overstepping the decentralized design of the Internet). Neither has flourished.
Since former President Donald Trump stepped the United States back from its more dominant role of spearheading Internet governance campaigns, all screens have shifted toward Europe as the greatest champion of privacy. Within the scrum to re-democratize and enhance privacy, if not anonymity on the Internet, the European Commission and its bloc have found savvy ways of presenting itself as a partner rather than an adversary to Big Tech and their greater network-of-networks across which countries, businesses, governments are intertwined. Its most recent show of goodwill and embrasure of free expression with a keenness toward privacy advocacy and “digital sovereignty” is its assignment of a diplomat to an “embassy” in Silicon Valley earlier this month.
The ways in which the EU continues to enact policies and laws to effectively curb and restrict the power held by what it calls digital “gatekeepers” are means through which nations can jointly wrestle control of their data, their people, and above all, global privacy.
CONNECTING PIXELS AND PEOPLE
Creating a world of boundless space within a world of territorial borders is an extraordinary undertaking. EU Commission President Ursula Von der Leyen said in January 2021 that the EU and United States “could create a digital economy rulebook that is valid worldwide.” But the United States has shown little interest in following through, an amnesiac approach that over the last five years led to frightening advances by Russia, China, and India to crack down on the democratic bedrocks of the Internet. In those same remarks, von der Leyen said the EU’s framework of rules “goes from data protection and privacy to the security of critical infrastructure. A body of rules based on our values: human rights and pluralism, inclusion, and protection of privacy.”
It’s not easy to embrace this “ethics by design” approach to the Internet and its gatekeepers. For one, the collection and analysis of user data (the data economy) are what funds the Internet. Surveillance capitalism is the greatest threat to democratic values and a more secure global society, especially when only a few companies are at the helm of trading personal data.
The United States could follow the framework of the EU and its approach to working with Big Tech to protect its citizens online by similarly enacting policies that protect people, not businesses.
Human and ethical principles are the bedrock of the European model for digital governance since at least 2014 when Europe’s top court ruled that Internet users had “the right to be forgotten” and that Google must yield in some cases to users who request data to be removed from their search results. Then in 2018, the bloc’s powerful General Data Protection Regulation (GDPR) became law, and the power balance returned, if slightly, to the consumer. The law clarified what personal data companies were harvesting and how that data would be used for the Internet user. The rule was part of a broader push by the European Commission (the bloc’s legislative arm) to limit the power of these companies built on the right-to-be-forgotten policy. It forced social networks to delete photos of users posted as minors on request and to communicate those removals to search engines that collate the images.
The United States remained lukewarm to both the right-to-be-forgotten ruling and the GDPR. Summing up the position across the Atlantic was this colorful comment from Stewart Baker, former assistant secretary for policy at the US Department of Homeland Security: “Americans will find their searches bowdlerized by prissy European sensibilities. We’ll be the big losers. The big winners will be French ministers who want the right to have their last mistress forgotten.”
AGAINST SURVEILLANCE CAPITALISM
The regulations enacted in Europe impact some half-a-billion people directly. GDPR, while a landmark, made precedent the importance of control one can have over their personal data and how it is used. So effective was the policy that privacy laws in Brazil and Japan followed suit.
More recently, the bloc passed the Digital Services Act and the Digital Markets Act, banning targeting advertising at children and prohibiting the use of non-public data and the pre-installation of apps (think: the apps that come with your phone but cannot be deleted). The laws target those “gatekeepers,” or large online platforms like Google, Meta, and Amazon, and sanction them for not complying with government requests to remove data. The bloc’s well-documented belief in digital sovereignty and the rules of self-determination have allowed for these sweeping changes.
One criticism is that those regulations put the onus of regulation into a gray area of governmental overreach on behalf of John and Jane Doe. The merits of these ongoing privacy rulings toward limiting or maintaining the liberties granted by the Internet are likewise ethically and morally dubious, which makes the opening of the EU’s Silicon Valley embassy on Sept. 1, 2022 one of the more practical means through which the EU is seeking to be transparent — if only to offer the gatekeepers an in-house outlet for fielding complaints and questions of the companies who struggle to keep up with various legislation around the world. Former German chancellor Angela Merkel articulated the need for European policy to be for the people and not against it, writing, “We believe that Europe needs to recharge and complement its current digitization efforts with a self-determined and open digital policy which includes digital sovereignty as leitmotif.”
Despite criticism stateside about governmental overreach, where Big Tech is likely to push back against the Digital Services Act and Digital Markets Act citing onerous and prohibitive restrictions, the EU is looking to digitize its citizenship further, and perhaps these measures are a way of protecting those advancements. By 2030 the bloc hopes, among other technological goals, to offer digital IDs for 80% of the population and offer gigabit-speed connections to every household. The embassy, therefore, is a way to open channels for constructive feedback and partnership because the aims and goals of the government, its people, and Big Tech are intertwined.
The United States could follow the framework of the EU and its approach to working with Big Tech to protect its citizens online by similarly enacting policies that protect people, not businesses. By mimicking European policy, the United States could fight for digital privacy by focusing legislative efforts on limiting the collection abilities of those companies based within its borders. This would also inherently protect government interests by limiting attack surfaces against civil and public servants.
Meanwhile, Americans are apoplectic about losing fundamental privacy rights in favor of “it just works” technology and convenience. In 2017, the same year the EU hit Google with a $2.7 billion antitrust fine, Congress allowed Internet services providers to collect and sell the browsing data of its users.
So, thanks for reading. And a special hello to the data brokers who will see when, where, and how you read this article.
Kenneth R. Rosen is a columnist at Inkstick and an independent journalist based in Italy.