Do we Need a Political Economy of Surveillance? The Case of the GDPR: A Critical Account of the Norms Governing Cyberspace

Abstract

This study examines the General Data Protection Regulation of the European Union from a critical perspective. By doing so, it aims to generate a comprehensive account of online surveillance practices for commercial purposes, and how public policy in this field is normatively conceived. In order to untangle the normative elements of this highly contested and complex regulation, which took more than five years to be signed under intense lobbying, this paper concentrates on the topics of Consent, Data Ownership and Profiling. These three interrelated elements constitute the primary sources of power asymmetries in the Web between users and providers of online services. By employing the proposed theoretical perspective of a political economy of surveillance, this paper draws from concepts of Foucauldian panoptic surveillance and of Marxist political economics, in order to draw a picture of current surveillance practices by major, quasi- monopolistic IT corporations such as Google and Facebook. The analysis then tests this framework with regard to the normative stance taken by the GDPR, the first major initiative aimed at regulating cyberspace. Deconstructing regulation in this way helps to understand the normative and ideological lines of action of the EU in the newly emerged policy area of the Common Digital Market.