Neo-Liberal Business-As-Usual or Post-Surveillance Capitalism With European Characteristics? The EU’s General Data Protection Regulation in a Multi-Polar Internet

Abstract

Since the Global Financial Crisis from 2008/2009 and the decade which followed it, the tenets of neoclassical economic theory and its application through neo-liberalism have been questioned in western economies including the European Union (EU). The Snowden revelations of US-driven global digital surveillance prompted law and policy changes in various jurisdictions including the EU to counter privacy infringements by both state and corporate actors. This all takes place against a backdrop of an increasingly multi-polar world, including in matters of Internet governance, where the US’s hegemony is weakened and the EU and BRICS emerge as powerful actors, including in the Internet sphere. One highly prominent event in the last ten years thrusting the EU into global prominence is its data protection legislation update, with the introduction of the General Data Protection Regulation (GDPR), widely believed to be the international ‘gold standard’ in privacy and data protection standards, holding actors in the digital economy to account for their (ab)use of personal data and empowering users thereby seemingly placing some limitations on unfettered digital capitalism and surveillance. Can the GDPR developments be understood as an attempt by the EU to forge a different political economy of digital technology to neo-liberal capitalism whereby large companies are constrained in their actions and EU citizens’ rights upheld? Or can these developments be seen through another lens, that of varieties of capitalism, whereby the European Union, in the context of growing geopolitical multi-polarity, is leveraging its large and attractive market and the ‘Brussels Effect’ to become a ‘regulatory superpower’ after having lost the tech superpower battle to the US and China? The GDPR exposes the nature of contemporary EU internet regulation as a contested and hybrid site, containing both capitalist impulses and overtures to protect aspects of individuals’ privacy and data protection. This latter aspect of protecting privacy and data protection is diminished to the extent that the GDPR facilitates much data gathering and use, and seems to have the effect in practice of consolidating US tech giant Google’s corporate power. Thus, the GDPR seems more an example of EU regulatory capitalism, ‘constraining and encouraging the spread of neo-liberal norms’, rather than an attempt to move to digital post-capitalism. Nevertheless, the external-reaching aspects of the GDPR make it an example of the ‘Brussels effect’ and contribute to shoring up the EU’s regulatory power in a multi-polar Internet by proactively setting de facto standards. In this way, the EU ‘remains relevant as a global economic power’ through its regulation, rather than through its technological innovation like the US and China. The GDPR’s aspects which promote human rights and social goals may also give rise to more privacy protective innovation, albeit innovation which may come from non-EU Big Tech companies.