Head of Practice, Data Policy & Trust
An American might marvel at the explosion in free services online over the last two decades: Gmail, Yahoo!, Facebook, Reddit, Shazam and Angry Birds. The life essential commerce apps available on a smartphone in the wake of COVID-19: Amazon, Instacart, GrubHub, eBay, and Etsy. The smart appliances in her home: the Nest Thermostat, a Samsung washing machine, her Apple Home speakers and Ring doorbells. Or the telework programs: Office365, Salesforce, Zoom, SAP Concur, and Workday. It might then be determined that these growth-driving, ubiquitous consumer technologies—worthy of H.G. Wells’ and Isaac Asimov’s loftiest aspirations—offered either freely, or at Walmart prices, present a pretty darn fair deal.
Europeans see it differently. After the NSA data collection controversy, America’s Transatlantic cousins find themselves more acutely attuned to fairness, a tech fairness founded on Rights. Of these, they perceive no shortage: a right to be informed, right of access, right to rectify, right to be forgotten, right to restrict processing, right to data portability, right to object, and rights on automated decision making and profiling.
It’s true most Americans really don’t have an opinion on any of this—or care. Those that do might welcome the obvious perks from a sovereign claim to claw back or amend the data one has voluntarily sprayed all over the Internet. An activist in America might even call these “Consumer Rights” for the flourish. Only the most committed Europhile would insist on terms like “fundamental rights,” “human rights,” or anything more.
Why the Transatlantic Disconnect?
With intellectual roots much earlier, the framing of official American political philosophy often begins with the Declaration of Independence, which explains:
“That all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed”.
Rights, therefore, must meet a higher bar for the American viewer at home, not as a thing declared, but as a thing endowed. (Incidentally, this is why a not insignificant number of Americans find Eleanor Roosevelt’s Universal Declaration of Human Rights, what with its demand for employer-paid vacations, but not freedom of the press, so spurious).
In the American way of thinking, governments’ role is left to merely secure rights—not invent them. Therefore, it’s hard for many Americans to take seriously the notion that their creator endowed anyone with a right to have their “data available in a structured, commonly used, machine-readable and interoperable format that allows the individual to transfer the data” as GDPR so declares. Or that, “in the beginning” God endowed a right for you to transfer personal data that you volunteered to Facebook over to Reddit, your business papers from Google Docs to Quip, your heating and cooling history from Nest to EcoBee, or your text history and pictures from an old iPhone to your new Android.
But none of these necessitate that digital trade, globalization, or US-EU Privacy Shield must come to a screeching halt. Indeed, Americans, since the dawn of the Republic, have held differing notions of rights with even the most liberal minded Europeans and yet found common ground with which to build trade and commercial relations.
Take data ownership and its corollary, data portability, as an example. Europeans begin the conversation with the idea that one’s data is the digital extension of oneself. (Think, ghost in the machine). Just as one has ownership of oneself and sovereign say-so over your body at any given moment, so it is with data. They declare a fundamental right to “port” their data wherever and however they choose.
American consumers, businesses, and policymakers need not see or cede a “right” where they ought to more correctly perceive a market. Data portability offers digital consumers an opportunity to vote with their feet, porting their data in the platform that best serves their needs. Legislation, rules, or regulations that mandate or ease data portability further opens the Internet as a robust market of platforms, each more eager than the next for your data and your business. In other words, data portability is a market maker and ultimately good for business. All without having to immaculately conceive the notion that our Sovereign Creator endowed James Madison and Thomas Jefferson with digital rights in 1787 or reading them into a rather oversubscribed Bill of Rights.
Similarly, Americans and Europeans should be able to agree to a mutually beneficial solution—like data portability—and push for its inclusion in Transatlantic trade talks without agreeing to the intellectual underpinnings that gets them there. Ultimately, the answer is going to be an interoperable solution that scales and recognizes that Europe is the de facto digital darling for other global regulators, all while American hyperpuissance in technological innovation remains the envy of all. Hence the paramountcy of interoperability for both, a workable solution must protect data up to GDPR levels, while not choking the goose with a fair few golden eggs nested in the greater San Jose metropolitan area that is driving global economic growth.
APEC has put incredibly thoughtful work into its cross-border privacy rights (CBPR) system, which allows governments to voluntarily undergo an enforceable certification that enables the responsible transfer of cross-border data flow between participating economies with differing legal approach to data rights. CBPRs are probably the right solution, just not in the right home. That home is probably in Geneva—but not at the International Telecommunications Union. Instead, it’s high time the World Trade Organisation (WTO) mended its broken heart after Doha, considered the enormous success of regional initiatives like CBPRs, the digital chapters of the US-Mexico-Canada Agreement (USMCA) and the latest Transpacific Partnership (CPTPP), and initiated a new round of multilateral digital trade talks.
None of this stands a chance without the US and EU having the will to first find common ground and the opportunity is drawing near: the European Court of Justice may soon strike down the 2016 US-EU Privacy Shield agreement as part of the Schrems II court case. After the recriminations have settled, the US and EU should use the vacuum as an opportunity to negotiate nothing less than a Transatlantic Digital Free Trade Agreement using the language of the CPTPP and USMCA as a starting point. With a complete lack of chlorinated chicken on the docket—the task should be light for the Old Alliance.
Together, Americans and Europeans can deliver a solution to data policy, trust and fair tech that scales.