Looking at the Climate of Data Protection as GDPR Looms

Privacy, Security

By: Jessica Garner

Data ProtectionIn the waning days of 2017, the Federal Communications Commission made a move to rescind regulations enforcing net neutrality. Voting along ideological lines, the commission stripped away Obama-era directions generally perceived as rules to treat the internet more like a public utility and less like a purely private venture. I mention this not to open a new discussion on net neutrality, but to frame what may arise from an almost opposite approach to managing the internet. Those opposite modes are taking shape in Europe.

In May, the European Union will begin enforcing rules governing personal data security and ownership on the internet. The General Data Protection Regulation (GDPR) has been a mainstream news item because it includes the “right to be forgotten” provision, an aspect of the new law many media outlets latched onto following a legal battle between the Spanish government and Google. The larger context of the law, according to Moderndiplomacy.eu, “will bring major changes in data protection introducing enhanced rights for individuals or data subjects.”

Those protections include the oft-cited “right to be forgotten.” More technically known as the Right to Erasure, this aspect of the regulation grew from the Google v. Spain court ruling and will allow European citizens to request the removal of many types of personal data from search engines under a variety of conditions. The Right to Erasure is hardly the only pertinent bit of protection offered to individuals through the GDPR. The law is ambitious. One is a feature of looking for background reports on the GDPR is constantly coming across adjectives like “sweeping” and “comprehensive” to describe the scope of the legislation.

Wholly, the new legislation represents a tectonic shift in how major corporations and online entities will deal with data collection in Europe. The GDPR also delves into data portability, profiling, and the right for Europeans to restrict access to some personal information under specific circumstances (among other things). Individually, each of the mandates inside the GDPR have a wide range of potential effects on data privacy. They also come with a substantial number of legal, logistical, and ethical questions, if not actual challenges to implementation.

The implications for many different aspects of intellectual freedom are clear. The data portability provision alone addresses a growing concern about the ownership of ideas stored online. There are also clear implications for journalists, academics, and students regarding how information collected about them may be used. It bears repeating that courts will challenge some provisions, so it would not be surprising to see their focus narrowed over time. In implementing the GDPR in May, however, the EU will be taking an ambitious stride toward internet regulation.

The Climate Parallel

Which brings us back to the United States, the FCC, and — if you can believe it — the Paris Climate Accord.

Just as the FCC moved to hand large swaths of authority over the internet to corporations by nullifying Obama-era regulations, the United States also made a largely symbolic gesture by withdrawing from the Paris Climate Agreement. The response by both public and private entities in the U.S. following the withdrawal from Paris may hold clues about the effect of the GDPR on internet privacy here in the United States.

In the aftermath of the U.S. withdrawal from the Paris Agreement, states and cities already deep in the process of making their jurisdictions Paris-compliant announced publicly they were going to maintain course. California, a state with an economy bigger than all but the most powerhouse economies on the planet, was just one of many states and cities forming the U.S. Climate Alliance.

The politics of the U.S. Climate Alliance and the Paris Climate Accord are as muddled as anyone following politics in the last several years would expect. The succinct root theory at play in some economic circles goes something like this: Global corporations may work under the constraints of the accord rather than making an exception for one nation, even one with an economy as robust as the United States. This aphorism is backed up by events in the news. Thirty companies issued an open letter to President Trump expressing support for the climate agreement ahead of the U.S. administration’s move to drop participation in the Paris Accord.

Many large companies, in fact, have already built sustainable production models and reduction in carbon emission into long-term outlooks. This doesn’t mean the companies will necessarily pull the full weight of the U.S. to the greater goals of the Paris Accord, but it does mean a significant number of U.S. consumers and taxpayers will contribute toward the goal.

Is it possible to see similar large-scale changes in data behavior from global information companies as the GDPR comes into play? Technology industry news site GeekWire is just one source voicing the possibility. “Large companies that do significant business in Europe might decide that it’s just easier to lump all their customers into the same bucket using the GDPR rules as a baseline, rather than maintaining separate data-handling policies based on the region in which that user accessed their services,” the site wrote.

The parallel is undeniable. Both the climate and internet have become polarizing political talking points. With each issue, there is considerable economic investment already in place and more to come. Because the two issues possess many of the same features regarding how private industries respond to public regulation, it isn’t crazy to look toward how California handles green energy to get some clue on how Google might handle cloud data.


Jessica GarnerJessica Garner is the Access Services Department head at Georgia Southern University and has worked in public and academic libraries for over 10 years. She has been involved with children’s services, collection development, cataloging and interlibrary loan first as a public librarian at Live Oak Public Libraries and then at Georgia Southern University. Her scholarship interests include interlibrary loan, intellectual freedom, and patron services. Find her on Twitter @jessCgarner.