Guest post contributed by Faces of Democracy.
Mr. Buttarelli, the Faces of Democracy initiative wants to support a better understanding of democracy around the world. How significant are democracy and democratic values to you personally?
Protecting democratic values has rarely been a more pressing agenda, of importance to me personally and more critically, to all of us collectively. Of late, it is becoming more and more apparent that democracy is threatened by the excessive market power of the dominant players and their abuse thereof.
Online opinion manipulation and political profiling pose great challenges to the maintenance of democracy as they make it harder for people to understand each other and their shared experiences. This breaking down of social cohesion and loosening of the glue of society not only undermines democracy but also other fundamental rights and freedoms.
Democratic values rely by definition on a plurality of voices and equilibrium between parties. A diverse ecosystem of information is an indispensable layer of democratic foundations.
The behaviour of large technology firms operating in a largely unregulated environment and the consequential lack of competition has resulted in structural imbalances affecting democracy and other social norms. The scale of this problem means that no single player can take up the mantle of protecting democracy alone.
Adequate protection of personal data is certainly part of the solution. However, it is not enough. Given the importance of democracy in the fabric of our modern lives, more needs to be done to intervene in the interests of its protection and preservation.
The recent revelations about how Cambridge Analytica obtained the data of 87 million Facebook users and then allegedly used it to manipulate various electorates, illustrate perfectly the dangers of a world when we are continuously being tracked without our knowledge or consent.
This case did away with any public lingering sentiment that behavioural advertising and customisation of content have no legal or significant general effects on us. It may no longer be claimed that news presented to us as part of a ‘personalised’ service are of no consequence.
Micro-targeting based on intrusive profiling techniques is a powerful weapon – a ubiquitous weapon, available to the highest bidder. It has the power to change people’s minds, and when misused for political ends, it can sway elections and in doing so threaten the very core of our democratic societies.
In summation on this point, democratic values are an integral part of all of our lives and their significance cannot be overstated.
The data of around 500 million Europeans have been provided with special protection since the introduction of the General Data Protection Regulation (GDPR). Why is the new EU regulation so important?
The GDPR is a massive achievement. It is a radical update of the rulebook for the digital age. To name just a few of the GDPR’s achievements: it provides clarification of the scope of the EU’s data protection rules, it updates rights and obligations for the big data era, it imposes a new obligations to pursue privacy by design and it creates a new model for inter-DPA collegiality along with a range of tools for enforcing the rules, to name but a few of its landmark achievements.
Most importantly of all, it introduces the principle of accountability – the notion that controllers are responsible for complying and being able to show that they comply, without having to notify every single minor data activity to the regulator.
Moreover, the message that the GDPR sends to the world, that personal data is about the dignity of the human being and the trust of the consumer, cannot be understated in importance. This message and the respect of these values are pivotal to sustainable digital growth.
The GDPR has also stimulated vibrant debate about how to make big data work for all of us, not merely for the privileged few.
Furthermore, the international aspect of the GDPR makes it unique in scope. Companies around the world which offer goods and services to people in the EU or which monitor EU citizens are also subject to GDPR. Following the latest estimate, 121 countries around the world have implemented laws largely modelled on those developed in Europe. Even China has recently adopted standards which, in some ways at least may be judged as drawing from the GDPR.
Above all, the GDPR acts as a statement of intent of the EU as a bloc, on the stance we intend to take in the technology sphere and it encapsulates the limits of acceptability in market behaviour.
The General Data Protection Regulation will further exacerbate the conflict between freedom of expression and data protection. Will the EU regulation place restrictions on freedom of expression on the internet?
As with most fundamental freedoms, freedom of expression will inevitably clash with other fundamental rights, as in this instance the right to privacy and data protection. This is unavoidable.
Freedoms have to enter into negotiations with fundamental rights, but this is no way implies that the two are mutually exclusive.
Whilst we do not afford the same position of reverence to freedom of expression here as they do in the U.S, it is nonetheless a vital ingredient in our democracies.
It is important to lessen the stigma of regulation in terms of stifling creativity. Laws rarely kill innovation. In fact, the GDPR recognises the need to facilitate research and innovation. Whilst a perfect reconciliation of with various freedoms is rarely attainable, the GDPR offers unique opportunities for the respect of humans in their entirety, including their freedom of expression.
The GDPR has inspired an exploration of how antitrust, consumer law and data protection law can work together to ensure digital monopolies respect freedom of choice and expression. This for me is essential as it implements a regulatory approach whilst empowering the consumer in the digital space.
The ePrivacy regulation will provisionally come into effect in 2019. Why do we need the ePrivacy regulation in addition to GDPR, what does it regulate and what is the current status of the legislative process?
ePrivacy is a pivotal cog for the turning of the data protection wheel as well as the smooth running of the GDPR.
ePrivacy is necessary to fill in the gaps left by the GDPR, which does not fully cover the specific sectors of the economy that provide communication services. Communications are supposed to be by default confidential. That is what people expect and what the EU fundamental right to privacy requires. Until now, the rules have only covered traditional telecommunications.
Furthermore, ePrivacy will go a long way to stopping constant snooping on people’s communications via services and apps. It will stop companies forcing people to accept being monitored (‘tracking walls’) in exchange for accessing content online. In doing so, it has the potential to change market incentives and thereby to encourage innovation so that access to information on the internet does not depend on invasive surveillance practices.
Market incentives will therefore be revolutionised by the ePrivacy regulation, steering them away from the constant and covert tracking model that is ubiquitous in the industry.
Therefore, I am pleased that it is now gaining the urgency it deserves. I predict that an enforcement of the complete law, meaning the combined law consisting of the GDPR and the ePrivacy regulation, will do more to stop online manipulation than any other possible approach.
The objective of ensuring harmony and full consistency and the outcomes, this can achieve, should not be underestimated.
The trialog between the European Commission, the European Parliament and the Council have not yet commenced due to the ePrivacy regulation’s hold up in the Council. Thus, I am very encouraged that the Presidency of the Council by Austria has made it a priority in their agenda.
Democratic processes are kept alive by discussing different opinions. In social networks, on the other hand, we almost only communicate with kindred spirits and content is personalized using filter algorithms. Is this democracy 2.0?
Choice is an essence of democracy. Personalized content resulting in algorithms, otherwise known as profiling, is a threat to democracy as it dramatically restricts personal choice. If people are persistently fed a particular view or only shown certain products which algorithms believe best suit them, to what extent does this dilute original choice? It certainly eradicates spontaneity of choice.
If this is democracy 2.0, this is not a democracy in which I would like to live. This dystopian view of algorithms knowing you better than you know yourself almost entirely erodes all individuality or sense of self. This is surely incompatible with the very notion of democracy. Not simply democracy as we know it but rather the concept in general.
However, the use of such algorithms is prolific, suggesting to us what to buy and to wear, how to vote, who to add as a Facebook friend, which events we would enjoy attending, the list goes on. After a certain point when every minute aspect of our lives is constituted by elements which are not freely chosen by us, even if they perhaps give the illusion of choice – the death knell of democracy will sound.
To refer to such a situation as democracy 2.0 is to do grave injustice to the core foundational principles of democracy itself; as such a situation is, in reality, the antithesis of democracy.
Transparency is a big factor when it comes to algorithms. From confusing at best to the extreme of discriminatory and morally wrong, algorithmic decision-making appears far beyond comprehension for the vast majority of people.
Under the principle of transparency, organisations need to tell individuals what they are doing with their data and for what purpose. The information should include everything that the individual need to know to ensure fair processing. This in itself is not rocket science and is a highly attainable objective.
The Faces of Democracy initiative aims to set a good example in terms of the General Data Protection Regulation. How can we improve our internet presence in terms of data protection?
The smart path, I would say, is for companies to take a proactive approach to accountable data processing; to know what they need the data for, to perform due diligence and to take calculated risks on the basis of sincere risk assessments.
The utopian ideal in terms of data protection is that of two parties entering into a relationship freely and on more or less equal terms. The problem is that parties to a transaction are rarely equal. Given the evolution of the digital environment, this inequality is highly pronounced and only likely to become more acute in the future if it continues on its current trajectory.
Holding the principle of accountability in mind and steering clear of long and vague privacy policies written in complex legal jargon are key ways for companies to improve their internet presence.
Furthermore, it is equally important to not overly rely on bare compliance with the letter of the law. Recent experiences remind us that the law is never enough. Enforcers and the market need to persuade companies that it is in their interests to adopt a duty of care for people whose data is being used.
I am looking forward to the time when companies are far from indifferent to their consumers as many of the large tech companies are now, but rather are cautious to keep the goodwill of the public on their side. A time when GDPR will be applied not simply in order to ensure compliance with the law but also with the hope of fostering public goodwill instead of finding loopholes in an unduly complex text.
Mr. Buttarelli, our seventh question is always a personal one: how do you prefer to spend your free time and what goals have you set yourself for the end of 2018?
The remainder of my time is spent with family, watching AC Roma and sipping vintage rum, if I’m lucky!
Mr. Buttarelli, thank you very much for the interview!