We need a Paris Agreement for Privacy
The digital environment shapes our relationships with our governments, businesses and each other. It is indeed an environment, and like the environment of the physical world, its change poses grave challenges. Albeit an imperfect analogy, the similarities with climate change are there:
- The challenges have been known for a long time by the industries that drive the change, and by a circle of experts
- Protection is one or more steps behind
- Global action is needed, in order to stem the tide.
In 1968, exactly half a century before Greta Thunberg called on young people to go on strike against climate change, a group of eminent scientists were worried about the environment and climate change. They founded the Club of Rome, which in 1972 issued a report called ‘The Limits to Growth’. The report caused quite a stirr. It raised awareness but also provoked ridicule, and 50 years on we are still facing an environmental threat. Large fossil fuel companies like Shell and Exxon knew the scientists were right, but preferred to keep a lid on the truth. Today we acknowledge the concerns were justified. As the saying goes: First they ignore you, then they laugh at you, then they fight you, then you win. The time window for victory is however closing rapidly.
There are strong parallels between our attitude to climate change and our attitude towards the risks of the rapidly growing use of personal data and new privacy-invasive technologies.
The awareness of time running out for our planet grew only very slowly.
It is often difficult for our human brain to fathom big, abstract threats and to take adequate action.
If it has no immediate and unmistakeable impact on our daily lives, we tend to just pretend it does not concern us. We freeze like a deer in the headlights. But thanks to the leadership of the EU, in 2015 the first-ever universal, legally binding global climate agreement was adopted in Paris.
- Secretary-General Ban Ki-moon (second left), UNFCCC’s Christiana Figueres (left), French Foreign Minister Laurent Fabius and President of the UN Climate Change Conference in Paris (COP21), and President François Hollande of France (right), celebrate adoption of the Paris Agreement (©️United Nations, 2016)
Yes, the European Union has set the gold standard for privacy and data protection with the GDPR. And indeed, other parts of the world are following Europe’s lead and upgrading privacy and data protection standards as well. But something similar to the Paris Climate Agreement is needed for the digital environment now. Like climate, personal data are everywhere, they can be accessed anywhere, they can be processed anywhere, by anyone. Technology is advancing at the speed of light. Some multinational data brokers are more powerful than democratic governments. Like the fossil fuel giants, they know exactly what they are doing.
Instead of curbing the power of tech giants, a lot of governments choose to emulate or make use of them.
In the past twenty years law enforcement agencies around the world have gotten new, sweeping powers to use new technologies to respond to terrorism or a pandemic. The most powerful ones coopt the companies that we have entrusted our data to. Parallel to this massive invasion of our private data, the protection of civil rights and freedoms has not kept pace.
We cannot continue business as usual with privacy and data protection until it might be too late. Imagining what being too late means, yields equally dystopic visions of the future as with climate change. Whether our world is set to look like the book 1984 or the movie Interstellar, we should try to prevent either one. Let’s acknowledge now that privacy and data protection need a global boost.
The recent Schrems II ruling by the European Court of Justice laye bare the growing tension between the territorial scope of EU laws and civil rights, and the global nature of data flows.
National governments of EU member states and the European Commission seem tempted to let diplomatic relations prevail over EU laws.
It is clear that enforcement of European privacy and data protection standards by the judiciary will very soon meet its limits. A different, political solution is needed that will allow both data to flow freely, and secure citizens’ rights and freedoms against abuse by businesses as well as governments.
Therefore, Europe needs to take the lead in a global initiative for the protection of privacy and personal data. The European Commission should call for a global conference in the context of the United Nations to lay the foundations of a Paris Privacy Agreement, a worldwide, legally binding agreement for the protection of privacy and personal data. In this way, analogous to the Paris Agreement as global answer to climate change, the EU can set the scene for true global privacy and data protection. Europe has a unique opportunity and duty, as a global economic superpower and as the cradle of democracy, the rule of law and fundamental rights.
