The Left Needs To Stop Idolizing The GDPR


Digital policy is not exactly home turf for the European left. Other issues like social justice and antifascism align much more naturally with its political tradition. When it comes to the digital transformation however the position of the left is less focused. Some call out the exploitation of workers who clean up the training data for large language models (branded as “artificial intelligence” by those who profit from it). Others focus on digital violence against marginalized groups or deal with the spreading of right-wing ideology via social media. All these issues are crucial. Their discussion, however, is rarely embedded into a coherent understanding of the role of data processing within the current social and economic order. These issues are at risk of being discussed as isolated symptoms without connection to their systemic causes.

In contrast, European liberals and conservatives effortlessly integrate the digital transformation into their shared neoliberal agenda. While both groups may hold different views on various social concepts (e.g. the traditional family or the church), they equally perceive and shape the digital transformation through a market-economic lens. From this perspective, the digital transformation is little else than another way to generate profit for European data businesses. Lastly, the green movement developed their own flavor of neoliberalism by (largely) framing digitalization and datafication as a means to facilitate a greener form of economic growth.

The left, however, struggles to articulate an overarching position. While the more ecologically oriented left adopted a greenish position on digitalization as a means to address the climate breakdown, other parts even dismiss digital policy all together and treat it as a minor issue compared to the general left struggles against workers’ exploitation and social injustice. One of the few shared perspectives within the left seems to be a common opposition towards huge US-based corporations like Meta (Facebook), Alphabet (Google, YouTube) or Microsoft. However, this opposition is hardly unique to the left. To the contrary. These digital giants are a constant threat to European competitors and therefore attract resistance from European liberal economic as well.

Born out of this lack of direction comes a similarly unfocussed view of the European General Data Protection Regulation, the GDPR. This major European legal text became applicable in 2018 and has since created a common legal framework for data processing within the European Union. The GDPR demands comprehensive transparency from data controllers and confers numerous data access and information rights to individuals. It also follows a strict regulatory approach as it requires legal justification for every data processing activity for commercial data processing, usually consent or contractual agreements. With its seemingly strict legal regime and its high financial sanctions, the left celebrates GDPR as an effective tool against big tech and for giving users control over “their” data. Both conclusions, however, are not only incorrect, they are also at odds with the (digital) left’s fundamental political views.

The (digital) left

The (digital) left is not a uniform movement. Yet, there are fundamental views that are shared by most groups within the left movement. Among them is the conviction that privatized economic power, its unequal distribution, and the dynamics behind its accumulation – in short: capitalism – are fundamental roadblock towards a free and equal society. Additionally, there is a shared opposition to the role of male and racist violence in seizing and maintaining this economic power; a power that is represented by private ownership of (digital) infrastructure and data processing services. The market-driven competition between owners forces those same owners to use their property to generate enough profit to stay competitive. This mechanism inevitably serves the wealth and power of a small group of owners while it is fundamentally incapable of enabling a digital transformation that serves the public interest.

With this understanding of basic left politics, it is evident that the issue with the tech giants is not merely some questionable commercial conduct. Instead, the issue lies with the lack of democratic control over how their impactful technical means are used and what purpose they serve. Big tech is not broken because it is big tech. Big tech is broken because it is forced to compete in a market-based economy where any advancement of the public interest is a byproduct at best. This distinction is important because it clearly shows that the vast social and economic power of Google, Amazon or Microsoft is not a problem of the specific companies but of the way how economic power is privatized within the hands of a mostly white, mostly male minority.

Therefore “fixing Google” by regulations or „stronger enforcement“ aren’t even the appropriate categories when it comes to possible solutions, and neither is a “European Google”. As long as the economic model of the European Union follows the same basic rules as the US-economy, any European alternative would have to put profit over public interest in the same way. If the political left ignores this underlying systemic issue, it would end up echoing European liberals who are not questioning the privatized power of the owners of big tech, but merely bemoan the fact that their profits are not generated under European ownership. For them, the economic power of the European data economy is synonymous with European sovereignty and the ability to uphold the European way of life within its borders; borders that call out the hypocrisy of “European values” every day. This hypocrisy is also evident in the GDPR.

The political economy of the GDPR

The GDPR was a long time in the making. Among insiders it is an open secret that it would never have seen the light of day if it had not been for the revelations of Edward Snowden in 2013. Riding on a wave of outrage about international state surveillance and big tech’s helping hand, the GDPR was set up to make things more difficult for big tech, which (then and now) is mostly US-based competition. Today many experts consider this a boomerang to some degree. While the GDPR undoubtedly annoyed big tech, it made life equally harder for everyone else as the GDPR ended up with a one-size-fits-all approach. As of now, the GDPR would even have to be considered a competitive advantage for big tech as it has the necessary workforce to deal with the paperwork and the market share to make users consent to the processing necessary for their business models. However, there is one aspect the GDPR never challenged in the first place: the status quo of a privately owned data economy and its digital exploitation. A closer look at the legal provisions of the GDPR makes this clear.

A key aspect of capitalist exploitation is private ownership of the means of production. In a society where nobody can meet their material needs of food and housing by themselves, we are forced to sell the one thing of value we control: our capacity to work. And the only place where this is of any value is within the corporations owned by others. This inevitably creates two groups of people: Those who must work to survive and those that gain wealth from that very work of others. The GDPR translates this dichotomy into the realm of data processing. While personal data is, in theory, part of every individual, it is useless without the data processing infrastructure owned by others, e.g. the owners of Facebook, X (Twitter) or Google. Just like in analogue capitalism, the GDPR divides the digital sphere into two groups: The controllers and the data subjects. The data subjects are conceptionally those who control “their” data, but they are not in fact the legal controllers. According to Art. 4 (7) GDPR, this role is reserved for those that determine the purposes and means of the processing. This decision-making power lies within the hands of the owners of the physical digital infrastructure. In this way, physical ownership of the means of (digital) production is aligned with controllership according to the GDPR.

A second major element of capitalist exploitation is the liberal illusion of freedom. Capitalism depicts the capitalist and the workers as equally free partners in a fair deal. Workers can choose the workplace that offers the best conditions and capitalists can choose the workers who offer the best work for the lowest wage. In fact, the deal is much less balanced. Without pay, individual survival is in danger, which creates or nourishes exactly that economic, social, patriarchal and racist power imbalance the left is fighting to overcome. The GDPR subscribes to a similar illusion of freedom. In its recitals and rules about consent (Art. 7 GDPR), it barely touches upon the economic power and dependencies that are prevalent in daily digital life. In contrast, the GDPR has no answer to the challenges of commercialization of data which is its biggest oversight. Once data became an economic category, individual consent stopped being an act of individual self-determination and became an act of economic necessity. The illusion of “freely given” consent only appears intact on an individual level because nobody “forces” users to consent to tracking. As soon as the other option is to pay for tracking-free access this illusion is shattered and individual privacy is reduced to a question of economic capacity. These dynamics are much more subtle than, but – again – mirror those of the analogue world. In a world where digital services have become essential for everyday existence, most people have little actual choice but to consent to their data being processed for profit by the controllers according to the GDPR. This mute compulsion of economic power is silent, invisible, and yet undeniably effective.

A third pillar of capitalism is colonialism: The violent accumulation of foreign workforce, resources, and land. This essential part of capitalist history was not only realized by physical force, but also by exporting the legal concepts of colonizing nations. Property, ownership, individual rights, and liberal contract law are necessary parts for preparing the wealth of others for exploitation as authors like Frantz Fanon and more recently Folúkẹ́ Adébísí have expertly shown. The GDPR has its own version of digital colonialism. Art. 44 et seq. GDPR require third countries to have an adequate level of protection for any data processing of or by Europeans to be allowed there. This requirement has two interesting aspects. On the one hand, it can be used as a deterrent against foreign competitors, and, on the other hand, it can be used as a tool to shape the digital economy of third countries towards commodification of data in line with European expectations. The recurring rulings of the European court of justice (ECJ) against EU-US-data transfers vividly demonstrate the first aspect. This is where the original function of GDPR as a tool to counter US-competition is most visible. The second aspect is less obvious. By calling for an adequate level of protection, the GDPR seems to hold up laudable concepts of European data protection law like purpose limitation, accountability, and transparency. While this is true, the adequacy requirement also has economic implications as well: Individual control over data, the power of controllers and the illusion of freely given consent are exported as well. The achievements of the GDPR are only available as a bundle with the baggage of data commercialization. Any third country that hopes to achieve the necessary level of adequacy will have to shape its local understanding of data governance in line with European (data) capitalism.

The alternative

The liberal economics of the European Union are alive and kicking in the GDPR. This does not mean that the GDPR did not constitute progress. This progress, however, can only be measured in units of change that are allowed within capitalism. Ultimately, the left must think beyond the GDPR if it wants to picture a digital transformation that no longer puts individual data at the disposal of profit-driven controllers. The answer to the question for an alternative has two parts: The first part is “How does the alternative actually look like?” and the second part is “How do we get there?”.

The first part of the answer is less difficult as it is less specific. A truly post-capitalistic data protection regulation would have to be embedded in economic environment where digital infrastructure, social media and services are not privately owned, but under local, decentral, or collective governance exclusively devoted to the interest of the public and the local communities. In such an environment, user interests and the path towards a fair and solidary digital society would not be hampered by the need for profit and the necessities of competition. In such an environment, the data subjects would truly be empowered to be the controllers, just like the workers would be in control of the means of production. This alternative to the GDPR is closely linked to the alternatives to the current capitalist society that humanity will and must develop: Democratic socialism and democratic governance of digital and analogue means of production.

The second part of the answer is much harder as it requires specific steps of political activism not only in the area of digital policy, but on a much broader social-economic scale. The first necessary step, however, is to realize that the GDPR is in need of radical overhaul in the first place. One way for achieving this might be to draw inspiration from the feminist „wages for housework“ movement. In order to call out how capitalism exploits female mental and care work Mariarosa Dalla Costa, Silvia Federici, and others demanded pay for housework in order to visibly challenge capitalist exploitation. The obvious parallels for digital left activism would be to accept the already ongoing commercialization of data as a way to demonstrate the negative effects of the data economy. This strategy, however, has always, not least by the „wages for housework“ movement itself, been seen as a double-edged sword. While commodification of a specific social area certainly makes capitalist exploitation more visible, it could also end just there: visible but unchallenged. For the digital left the question about whether to take this strategic road anyways has become somewhat obsolete recently. The European court of justice has already decided to make this double-edged-sword a reality: In a recent judgement (C‑252/21, Bundeskartellamt, recital 150), the court ruled that consent for Facebooks tracking is still considered “freely given” as long as the fee for a tracking-free alternative is “appropriate”. This is seen by many as the final acknowledgement that personal data and consent are now commercial categories. The left will have to use this fact in order to call out the glaring shortcomings of the GDPR and integrate digital policy into their struggle for a society not shaped by the hunt for profit.