Transborder Data Flows

Available in Spanish. Kindly translated by Daniel Urbina

Early in October, Europe’s highest court invalidated the 15-year-old “safe harbor” – an international agreement that the European Union had negotiated with the United States to loosen the EU’s Data Protection Directive of 1995[1] so that it would allow companies to transfer personal information in digital form from the European Union to the United States.[2]  Is the European Court’s judgment a fundamental change in networking policy – a full stop – or merely a comma?

This is actually a longstanding structural conflict that has reignited. Its beginnings go back nearly half a century – when transborder flows of computer data [TDF] threatened to become a point of sharp conflict between the US, Europe, and often newly independent countries of the then-Third World.

By the mid-1970s, TDF was simultaneously controversial and – for U.S. big business and military agencies – irreplaceable. In 1981, Herbert I. Schiller showed, a few thousand large corporations possessing foreign direct investments outside the United States and (two-thirds of them, anyway) headquartered within the U.S. – relied on “a continuously swelling volume of data flows circulating inside [their] corporate business structures across national boundaries.”[3] Based in all economic sectors, these companies used early computer communications networks to transmit data concerning such things as “raw material stocks, production schedules, quality control, personnel records, tax and legal information, currency transactions, profit repatriation, and investment decisions.” As Schiller underlined, TDF helped to enable the largest corporations both “to transact their global business and further integrate the internationalization of capital.”[4]

A second source of TDF was the U.S. military and its allies. “The ability of American companies to operate on a global scale and enjoy the benefits of worldwide resource and market exploitation,” Schiller explained, “would be unimaginable without the full backup of a concentrated military power, ready for instantaneous deployment and intervention.”[5] Military and intelligence agencies depended on networked TDF to operate bases around the world; to implement attacks; and to conduct increasingly widespread surveillance.

There existed no definitive inventory of TDF; even partial views were highly inexact, for  the data that streamed across jurisdictions remained shielded. How much data was being sent over the private telecommunications circuits that carried most of it?  What portion of TDF was made up of operational and administrative business data? What part of the total was comprised of personally identifiable information?  What were the companies doing with all of “their” data? States did not deign to find out. The absence of meaningful public documentation bespoke an underlying power imbalance. Big companies successfully insisted that policymakers should not peer too closely at TDF, out of concern that such investigation might lead to calls for greater accountability – which in turn might constrain the operations of their profit-projects.

TDF not only conferred power on corporate capital but also, paradoxically, established a new point of vulnerability for it.  Interruptions and oversight requirements both endangered the political economy that was being reconstructed around computer-communications. Physical threats emerged when an earthquake or even the drag of a ship’s anchor engendered a break in the submarine cables over which data coursed; however, far more menacing for big business were political threats, emerging in initiatives that aimed to restrict the content of TDF, or charge according to the volume of data sent, or oversee TDF in the interests of self-government.

Transborder data flows had not yet become an unremarkable positive aspect of what would be called “globalization.” Indeed, for some years beginning in the late 1970s, it seemed possible – even likely – that TDF would erupt into a high-stakes international controversy. The first factor was Europeans’ remembered experience of Nazism, which instilled a healthy fear of computerized data collection and storage, and heightened their belief that privacy needed new protections in the emerging high-tech context. This led to the introduction of data protection legislation in Germany, Sweden, France and Denmark in the early 1970s,[6] in which privacy was framed as a fundamental human right requiring protection from risks of abuse associated with centralized (mainframe computer) data storage.

A second converging factor was that European companies and governments were looking for ground on which to resist what a highly placed Frenchman had called “the American challenge” in high-technology.[7]  During the late 1970s and early 1980s, this concern intensified.  Highly placed Europeans worried that US networking capabilities might enable them to act as “the OPEC of Information.”[8] By limiting TDF from and to the US, European policymakers hoped to create space to counter the US’s ever-escalating information power – while they established their own independent networking and software capabilities.

Finally, a still-active Third World political project also began to target TDF, which was seen as an extension of Western technological and cultural domination.  As calls for data protection gained political momentum, a major challenge to U.S. global power threatened to emerge.[9]

The TDF issue therefore intensified.  Over scarcely three years, Schiller observed, “by mid-1980, 24 countries, most but not all in Europe, either have passed data protection legislation or are in some preparatory stage of doing so.”[10]  The political movement to strengthen data protection itself introduced an additional hazard for transnational capital, as a growing jumble of divergent national regulations added to the complexity and expense of doing business in multiple jurisdictions.

U.S. policymakers quickly established what was at stake.  Senator Barry Goldwater, Jr., at a hearing on international data flow before a subcommittee of the Senate Committee on Government Operations stated that “I think we are now seeing the emergence of national privacy legislation which is actually aimed at creating new trade barriers…. They have discovered the simple pact that to block data flow in the 1980s is to block trade.”[11] US companies, from manufacturing to banking to high-tech vociferously protested against regulating TDF. During this same hearing, Motorola testified that “more direct controls or regulations on our communications might force our subsidiaries to install in-house systems or contract local services. The risk is that these alternatives might be too costly or slow for us to remain competitive in the market concerned and ultimately, they would jeopardize our freedom to operate in the most efficient manners worldwide.”[12]  Nothing less than the undeterred internationalization of capital was at stake.

Shifting from defense to offense by the late 1970s, the United States Government  addressed these dangers by steering policymaking away from the United Nations system and into the friendly venue supplied by the Organization for Economic Cooperation and Development (OECD) – an elite club of wealthy nations. In 1980, the OECD began a twin process of narrowing and harmonizing data protection regulation.  The Privacy Guidelines that it issued in 1980 found an increasing purchase on European policy, which the EU formalized in its Data Protection Directive of 1995.

Throughout the final decades of the 20th century, structural changes worked to strengthen the US position on TDF. Using the cudgels of economic and military power against the Third World, during the 1980s the U.S. redirected less-developed countries’ concerns about TDF by holding out the carrot of “technology for development.”  More networks would supposedly solve the problem of structural domination.  Heading into the 1990s, wondrous changes in networking arrived during the same conjuncture that also saw the fall of Soviet socialism; China’s reinsertion into global capitalism; and the signing of the Maastricht Treaty, which established the European Union with a reunified Germany at its heart. U.S. leaders worked to position the emerging Internet in this fundamentally changed context, as an icon of individual freedom and a tool of “civil society” standing up against a bullying state. The EU harmonized its data protection policy, and in 2000 adopted the “safe harbor” procedure. This created what the RAND Corporation would term a “common European market for the free movement of personal data”[13] and – not coincidentally – also enabled big U.S. companies with operations in Europe to send digitized flows of personal information back to the United States for processing. The Safe Harbor was devised through the artfully shared fiction that no threat to Europeans’ privacy rights was posed.  The essential result was to remove a potentially significant obstacle to continued network-enabled expansion by the capitalist enterprises that dominated TDF.

The world’s computer-communications systems mushroomed reciprocally. Underway were overlapping processes of extension, expansion, and technological transformation.

When Herbert Schiller wrote, fewer than one-third of the world’s countries even participated in the system of TDF.[14]  Today, by contrast, after staggering infrastructure build-outs, organizations in virtually every country interact through networks – although gaping disparities exist in the volume of data flows among and between nations. The most heavily trafficked route, today as in 1980, is between the United States and Western Europe[15]; however, virtually all transoceanic routes are much more densely used than before. The quantity of bandwidth added in 2014, that is, new message transport capacity embodied in submarine cables worldwide, is comparable to nearly the entire amount of bandwidth in service globally in 2011.[16] The capacity of the circuits available for data traffic has increased, to keep up with the much-heralded “convergence” that allows video, text, image, voice and data to be conveyed together in a common bit-stream.

Concurrent changes in the political economy have interpenetrated these improvements in network technology. On one hand, the capitalist market has been genuinely globalized.  As China, member-states of the erstwhile Soviet Union, and onetime participants in the Third World political project all reintegrated into global capitalism, TDF bound together units of capital operating worldwide.  On the other, changes in the ownership and control of networks have transformed them into general-purpose platforms for accelerated commodification of information. With so-called liberalization and privatization, throughout the 1980s and 1990s networks that had been interconnected through centralized gateways run by national government ministries gave way to networks that interconnect corporate premises directly. The Internet is by far the fullest expression of this trend. The proportion of TDF that is made up of exports and imports of data-fied commodities has risen correspondingly. From 2007 to 2011 – years of economic slump – U.S. exports of digital services grew from $282.1 billion to $356.1 billion.[17] In  2012, U.S. exports delivered online to the EU reached $140 billion in value.[18]

During the decades that have passed since 1980, therefore, TDF has been generalized.  As an essential common feature of big business’s global operations, and a distribution system for digital commodities, TDF has been so deeply naturalized as to all but disappear as an object of critical analysis.  Instead, we see endless salutations to the doctrine of free flow of information, as if this doctrine had been purged of corporate self-interest. The ever-deepening and almost totally uninspected process of embedding TDF as the conduit of transnational capitalism must be counted as a spectacular political win for U.S. capital, in particular.

Which brings us to the ruling, on October 6, by the European Court of Justice.  The Court staked its finding – that Europeans’ personal data are not ensured against abuses when they are transferred to the U.S. – to Edward Snowden’s disclosures about mass surveillance conducted by the U.S. National Security Agency.[19]  This decision threw a monkey-wrench into the spinning gears of digital capitalism.

The reason is that a new cycle of techno-organizational change around networks is rapidly gathering speed. Within just the past six or seven years, smartphones and innumerable sensors, probes and other new data-generating devices have begun to implant connectivity into every pore of the political economy. The architecture of networking is morphing toward proprietary data-centers and private Internet exchanges to accommodate and propel these data-in-motion.  Data flows, prominently including personal data flows, are becoming both ceaseless and omnipresent.  This development of places further pressure on the existing – and already insufficient – policy for data protection, which the leading data-ifier, in which the U.S. does not even participate. When “personal data is continuously collected, enriched, amended, exchanged and reused,”[20] a RAND Corporation study conceded in 2009, the risks of abuse become “far greater.” Nevertheless, beginning in 2010, the U.S. Commerce Department Data initiated an inquiry aimed at identifying barriers to this technological restructuring of networks, while working (as Google put it in its comment) to “ensure that services can be provided without local investment and infrastructure.”[21] In short, once again we stand at a reintegrative moment, when the US as the representative of big capital is trying to harmonize more permissive international standards for TDF.  By moving against this current, the European Court of Justice prospectively threw open the larger issues of TDF accountability and control.

Howls of protest were heard and,soon after the verdict, the U.S. Congress convened hearings on the EU Safe Harbor decision and its impacts on transatlantic data flows.[22] At these hearings, US firms urgently demanded that the US Government act to restore unencumbered transatlantic data flows.  Jeffrey Immelt, CEO of General Electric – which is trying to spearhead an “Internet of Things” that would further heighten reliance on data flows – spoke out against invalidating Safe Harbor before any ruling was announced.[23] Although Google and Facebook are most visibly affected by the EU ruling, no less than 4400 corporations reportedly are impacted.[24]  If the ruling holds, not only the tech industry but also other traditional industries may have to reorganize their operations, such as HR, payroll, logistics, and supply chain management.

The U.S. indeed had begun pushing for greater freedom of investment, fewer privacy protections, and more extensive harmonization long before the ink had dried on the European Court’s decision.  This is evident from the text of the secretively negotiated Transpacific Trade Partnership (TTP) – a trade agreement between US and 11 other countries facing the Pacific Ocean.[25] Article 10.6 of the pact’s chapter on Cross-Border Trade In Services states that “No Party shall require a service supplier of another Party to establish or maintain a representative office or any form of enterprise, or to be resident, in its territory as a condition for the cross-border supply of a service.”[26] Article 14.11 of the chapter on Electronic Commerce states that parties “shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person”; although it goes on to permit signatories to adopt or maintain “measures inconsistent” with the abovementioned obligation if this is “to achieve a legitimate public policy objective” – and if it does not constitute an “arbitrary or unjustifiable discrimination or a disguised restriction on trade.”[27] Contravening key features of the EU’s Safe Harbor decision, these articles go far to preempt member countries from blocking TDF or demanding data localization – though the treaty does leave some room for other members countries to mount challenges to the US if they become motivated to do so. By treating TDF as a trade issue, however, the pact brings TDF into a realm that is saturated by the interests of capital rather than by a sincere concern for political democracy.

Pressure will certainly be intense to import the business-friendly TDF provisions of TTP into its counterpart: the still-secret Transatlantic Trade and Investment Partnership (TTIP) negotiation between the US and the EU. The European Commission has allotted three months in which to devise an alternative to Safe Harbor, and Washington and Brussels have been “locked in frantic negotiations – at increasingly high levels,” as the attempt to craft a new deal for TDF has brought U.S. Vice President Joe Biden and European Union Chief Executive Jean-Claude Juncker into direct talks.[28] The sticking point, according to news reports, is “how much access” to grant U.S. intelligence agencies to Europeans’ personal data.

TDF therefore remains as vulnerable to political disruptions as it was in 1980.  The fight centers around both economic rivalry and, especially, the “right” of the military to invade social and political life.  We may hope that the European Court decision turns out to be the first step toward a counter-movement that preempts military incursions into democratic self-rule.  But we probably should not hold our breath.

[1] The Data Protection Directive mandates that, in order to conform with Europe’s Charter of Fundamental Rights, the transfer of personal data to another country may occur only if that country ensures an adequate level of privacy protection for that data.  Domestic law or “international commitments” are the means of making this commitment.  The Safe Harbor agreement had been used as an international commitment to permit companies to send digitized flows of personal information from EU member states to the U.S.

[2] The Court of Justice declares that the Commission’s US Safe Harbour Decision isinvalid, Press Release, Court of Justice of the European Union.

[3] Herbert I. Schiller, Who Knows: Information in the Age of the Fortune 500 (Norwood: Ablex, 1981), 101.

[4] Schiller, Who Knows, 101.

[5] Schiller, Who Knows: 106.

[6] The Politics of Transborder Data Flows:Competing Values, Interests, and Institutions

[7] Jean-Jacques Servan-Schreiber, The American Challenge.  New York: Scribner, 1968.

[8] International Data Flow: Hearings before a Subcommittee of the Committee On Government Operations, House of Representatives, Ninety-Sixth Congress, Second Session, March 10, 13, 27, and April 21, 1980. Washington: U.S. G.P.O., 1980.

[9] Eileen Marie Mahoney, “Negotiating New Information Technology and National Development: The Role of the Inter-Governmental Bureau for Informatics,” Ph.D. Diss., Temple University, 1987.

[10] Schiller, Who Knows: 162.

[11] International Data Flow: Hearings before a Subcommittee of the Committee On Government Operations, House of Representatives, Ninety-Sixth Congress, Second Session, March 10, 13, 27, and April 21, 1980. Washington: U.S. G.P.O., 1980.

[12] Frank Kuitenbrouwer, The World Data War, New Scientist, September 3, 1981

[13] Neil Robinson, Hans Graux, Maartin Botterman, Lorenzo Valeri, “Review of the European Data Protection Directive.”  Santa Monica: RAND Corporation, 2009: 7.

[14] Schiller, Who Knows: 101, citing Datamation March 1978: 203.

[15] Accounting by one estimate for roughly 55% of total TDF. Joshua Meltzer, “Examining the EU safe harbor decision and impacts for transatlantic data flows,” Brookings, November 3, 2015.

[16] “Global Network Construction Resurgence,” TeleGeography, April 23, 2015.

[17] United States International Trade Commission, “Digital Trade in the US and Global Economics, Part 1,” July 2013.

[18] National Foreign Trade Council, “Promoting Cross-Border Data Flows: Priorities for the Business Community.”; Jessica Nicholson and Ryan Noonan, “Digital Economy and Cross Border Trade: The Value of Digitally- Deliverable Service,” U.S. Department of Commerce, 2014.

[19] Mark Scott, “European Court Advisor Calls Trans-Atlantic Data-Sharing Pact Insufficient,New York Times, September 24, 2015; Mark Scott, “U.S.-Europe Data Transfer Agreement Is Ruled Invalid,New York Times, October 7, 2015.

[20] Neil Robinson, Hans Graux, Maartin Botterman & Lorenzo Valeri, “Review of the European Data Protection Directive,” Santa Monica: RAND Corporation, 2009: 7.

[21] Google, Inc., Comments to the Department of Commerce, Notice of Inquiry on the Global Free Flow of Information on the Internet: 13-14 ; See Dan Schiller, Digital depression: information technology and economic crisis (Urbana, Chicago : University of Illinois Press), 170-84.

[22] Hearing: Examining the EU Safe Harbor Decision and Impacts for Transatlantic Data Flows, Subcommittee on Communications and Technology (Committee on Energy and Commerce), November 3, 2015.

[23] Richard Waters, “Jeff Immelt warns EU data curbs could limit productivity gains,” Financial Times, October 1, 2015: 23.

[24] Cameron Kerry, “Safe Harbour invalidation puts EU data in quarantine,” euObserver, October 26, 2015.

[25]Trans-Pacific Partnership (TPP): More Job Offshoring, Lower Wages, Unsafe Food Imports,” Public Citizen.

[26] Chapter 10: Cross Border Trade in Service.

[27] Chapter 14: Electronic Commerce.

[28] Duncan Robinson, “Transatlantic safe harbor deal still months away, EU warns, Financial Times, November 5, 2015.

Print Friendly, PDF & Email

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *