{"id":4209,"date":"2019-05-27T00:00:00","date_gmt":"2019-05-27T08:09:44","guid":{"rendered":"https:\/\/staging.voelkerrechtsblog.org\/articles\/designed-to-serve-mankind\/"},"modified":"2020-12-09T12:57:24","modified_gmt":"2020-12-09T11:57:24","slug":"designed-to-serve-mankind","status":"publish","type":"post","link":"https:\/\/voelkerrechtsblog.org\/de\/designed-to-serve-mankind\/","title":{"rendered":"Designed to serve mankind?"},"content":{"rendered":"

The collection and processing of our personal data is changing sense-making of the world and ourselves, as are projects of governance surrounding it. In the year since it has become effective, the General Data Protection Regulation (GDPR) has come to represent a global standard<\/a>\u00a0for privacy and data protection. Yet, the idea that the GDPR represents a global standard assumes a uniform cultural and political context globally and overlooks broader questions about the interaction between law, technology, and society. Indeed, an alternative view might illuminate how the GDPR\u2019s individual privacy framework derives from a particular political and cultural context, embedding, prioritizing, and stabilizing certain political claims and values over others.<\/p>\n

Here the concept of co-production <\/a>developed by Science and Technology Studies scholar Sheila Jasanoff is particularly useful to examine the relation between the GDPR, personal data processing, and the social. Co-production refers to the idea that technology \u201cboth embeds and is embedded in social practices, identities, norms, conventions, discourses, instruments and institutions . . . .<\/a>\u201d<\/p>\n

Through this analysis, it emerges that the GDPR reflects at least three social shifts, each of which is entangled with the others. First, the GDPR marked a practical shift in data collection practices, at the technological and institutional levels. Second, the GDPR represented a stabilization of the public discourse on personal data collection and processing around the issue of privacy, a discourse which became institutionalized through the GDPR, as well as the adoption of similar measures and language by other jurisdictions and institutions. This discursive stabilization in turn has effects on collective understandings and framings of the problems surrounding data processing, reflecting also an epistemological stabilization.\u00a0 Third, the GDPR elevated the privacy rights claims of certain subjects, namely individual \u201cdata subjects\u201d in the European Union (EU), reflecting a normative shift.<\/p>\n

The technological and institutional shift<\/strong><\/p>\n

Although the GDPR was adopted partly in response to changes in technologies <\/a>that permitted the collection and analysis of massive datasets, or so-called \u201cbig data,\u201d the regulation has also changed the technological and institutional practices in the aftermath of its implementation on May 25, 2018. In response, some technology companies moved user data off of EU servers<\/a>, changed their advertising practices <\/a>on their websites in the EU, and certain websites were blocked in the EU<\/a>, reflecting changes in the technological practices.\u00a0 More importantly, it has required technology companies to respond directly to requests from EU data subjects for access and information <\/a>on the types of personal data collected on them and for what purposes, to requests for deletion of their data (the \u201cright to be forgotten<\/a>\u201d), to exercises of the right to data portability<\/a>, and to their right to object <\/a>to the processing of their data, among other things. While the longer-term effects of the regulation remain to be seen, the regulation has already had an impact on the way the practices of data collection and processing are performed, both at the technological and the institutional levels.<\/p>\n

The discursive and epistemological shift<\/strong><\/p>\n

Perhaps the broader social changes attributed to the GDPR\u2019s implementation relate to other jurisdictions adopting regulations in its aftermath which resemble or adopt its principles. The GDPR has come to attain a status as a model legislation to be aspired to or adopted in other jurisdictions, reconfiguring how a variety of cultures and subjects think about, or ought to think about, the issues surrounding collection of personal data. Indeed, the GDPR has stabilized the public discourse around personal data collection practices as an issue of individual privacy. This can be seen in regulations modeled on the GDPR that are increasingly adopted elsewhere<\/a>, and institutional <\/a>and corporate <\/a>discourses <\/a>that highlight <\/a>privacy <\/a>concerns, centering discourse and knowledge of the problems associated with data collection on that issue. While the privacy discourse preceded the GDPR, and other developments such as the news of the Cambridge Analytica <\/a>data breach may have contributed to its prominence, the implementation of the regulation, its extraterritorial reach, and its status as a new \u201cglobal standard\u201d further solidified it on a transnational level. Thus, the GDPR also had an impact on knowledge and sense-making, marking a shift in how the problems associated with data collection and processing are collectively framed in its aftermath. This discursive and epistemological shift is accompanied by the exportation of European values elsewhere, as the GDPR reflects European values toward fundamental rights, including the rights to privacy and data protection. One might argue that given the GDPR\u2019s expressly extraterritorial reach, the EU is trying to promote its legal values as universal values <\/a>\u2013 a view consistent with the EU\u2019s institutional aims<\/a>.<\/p>\n

In developing countries operating in the \u201cdigital economy,\u201d such as India, the political and social context reflects a different set of values and concerns than those of the EU. In 2018, India developed a draft Bill <\/a>containing principles modeled on the GDPR.\u00a0 On the one hand, India has an incentive to comply with GDPR and provide \u201cadequate protection\u201d for data transfers from the EU in order to continue its software and data-related trade with the EU \u2013 a large contributor to its economic activity \u2013 as the alternatives to meeting the standard would be costly for firms to implement.\u00a0 On the other hand, its status as a developing country means that adopting privacy standards akin to those of the EU might limit the country economically, requiring a balancing between protecting privacy rights and its economic implications<\/a>.<\/p>\n

The Normative Shift<\/strong><\/p>\n

That the GDPR privileges European values of privacy over competing claims reflects political choices. Arguments for global harmonization elide these important political and distributive concerns. For example, we might ask what is at stake when individual privacy becomes the dominant form of discussing and regulating the problems associated with data collection and processing? In the process, what other claims and whose values have been backgrounded? What are the effects of framing these concerns as individual privacy issues on the social and political order in different contexts?<\/p>\n

While the practices of collection of personal data and classification and standardization of subjects are not new, they might have been framed as problems of governance or subjectivity rather than as problems of privacy in other contexts. Even today, the issue of collection of personal data could be framed as a distributional issue, a competition<\/a> issue, a democratic one, or even an environmental <\/a>one. This illustrates how each of these framings prioritize certain values over others and vis-\u00e0-vis what competing forces or claims they ought to be considered.<\/p>\n

The framing of social problems around technology also shows how projects of technological governance, in this case the GDPR, are inextricably tied up with, or co-produce, the technological, the normative, the epistemological, and the institutional. The GDPR\u2019s hopeful claim that \u201cthe processing of personal data should be designed to serve mankind<\/a>\u201d is indicative of this, embedding a particular imaginary <\/a>of both personal data processing and its governance. At the same time, it universalizes the GDPR\u2019s vision of the social good and affirms the EU\u2019s position as a powerful player in the global production of normative values.<\/p>\n

Conclusion<\/strong><\/p>\n

Framing the GDPR as a global standard elides its political and cultural specificities. Globalization of the GDPR ensures that a certain vision of the social good wins out over others through the expert language of law. Indeed, the EU\u2019s political and economic power and recognized expertise in regulating privacy issues have a great deal to do with why the GDPR\u2019s vision and its extraterritorial reach have actually had such a strong impact elsewhere \u2013 a function of its willingness to assert its regulatory power outside its own borders and its ability to wield its power to generate those effects elsewhere<\/a>.<\/p>\n

Both data processing and its governance raise a number of political and normative questions which require sustained and deep democratic engagement, as well as avenues for diverse publics to imagine and decide their own visions of the social good. While the GDPR has provided ordinary citizens useful mechanisms to directly challenge the practices of data collectors and processors, the exportation of the EU\u2019s regulatory framework and principles to other jurisdictions does little to engage with deeper political questions or to reflect on its broader social effects; rather, it reflects an attempt at universalization of a particular technical fix to political problems.<\/p>\n

\u00a0<\/em><\/p>\n

Roxana Vatanparast is a Visiting Researcher at the Institute for Global Law & Policy at Harvard Law School and a PhD candidate at the University of Turin.\u00a0She holds an LLM from the International University College of Turin \/ University of Turin and a JD from the University of California, Hastings College of the Law.<\/em><\/p>\n

 <\/p>\n

Cite as:\u00a0Roxana Vatanparast,\u00a0<\/span>“Designed to serve mankind? \u00a0The politics of the General Data Protection Regulation”,\u00a0V\u00f6lkerrechtsblog<\/em>, 27 May 2019, doi: 10.17176\/20190529-121845-0<\/a>.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

The collection and processing of our personal data is changing sense-making of the world and ourselves, as are projects of governance surrounding it. In the year since it has become effective, the General Data Protection Regulation (GDPR) has come to represent a global standard\u00a0for privacy and data protection. Yet, the idea that the GDPR represents […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[6639],"tags":[],"authors":[5179],"article-categories":[3572],"doi":[5180],"class_list":["post-4209","post","type-post","status-publish","format-standard","hentry","category-uncategorized","authors-roxana-vatanparast","article-categories-symposium","doi-10-17176-20190529-121845-0"],"acf":{"subline":"The politics of the General Data Protection Regulation"},"meta_box":{"doi":"10.17176\/20190529-121845-0"},"_links":{"self":[{"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/posts\/4209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/comments?post=4209"}],"version-history":[{"count":0,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/posts\/4209\/revisions"}],"wp:attachment":[{"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/media?parent=4209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/categories?post=4209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/tags?post=4209"},{"taxonomy":"authors","embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/authors?post=4209"},{"taxonomy":"article-categories","embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/article-categories?post=4209"},{"taxonomy":"doi","embeddable":true,"href":"https:\/\/voelkerrechtsblog.org\/de\/wp-json\/wp\/v2\/doi?post=4209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}