Brexit begins to deliver on race-to-the-bottom deregulation: according to reports from UK-based NGO Open Rights Group, the recent free-trade deal with Japan will allow GDPR-level protections on Britons’ data to be circumvented. Specifically, US-based companies will be able to route UK users’ data through Japan, thereby defeating regulatory protections UK law inherited from the EU. It is interesting to see strategies and loopholes traditionally used for internationally produced goods now being applied to user data.
Technology policy is often characterized as an area in which governments play catch-up, both cognitively and resource-wise, with the private sector. In these two recent cases, otherwise quite far apart both spatially and thematically, law enforcement can be seen to flip this script by attempting to pin responsibility for social externalities on those it can reliably target: the victims and the small fry. Whether it is criminalizing those who pay to be rid of ransomware or rounding up the café owners who failed to participate in the State’s mass surveillance initiatives, the authorities signal the seriousness of their intentions with regards to combating social ills by targeting bystanders rather than the actual perpetrators. Politically, this is a myopic strategy, and I would not be surprised if it generated a significant amount of pushback.
I am catching up on some background reading by (and listening to a podcast interviewing) Elizabeth Renieris, a fellow at Harvard’s BKC and consultant on law and policy engineering. It is rather fiery stuff on privacy as an inalienable right and the scourge of personal data commodification. I think she comes across better in the audio interview, which is also long-form. But, in any case, food for thought on where the bounds for current legal discourse on these topics fall.