Chapter 1 - Data to the People? Surveillance Capitalism and the Need for a Legal Reconceptualisation of Personal Data beyond the Notion of Privacy

Summary

Introduction

In a keynote speech opening the 2019 F8 Developers Conference in San Jose, California, Facebook’s CEO, Mark Zuckerberg, announced his company is about to enter a new chapter in which greater focus will be put on the protection of users’ personal information. Having admitted that Facebook ‘[doesn’t] have the strongest reputation on privacy’, he then promised ‘historically important’ changes to the services it offers, including a new, entirely encrypted ‘privacy-focused platform’ parallel to the already existing traditional social network (Facebook for Developers). The ostensive effort to address user-privacy-related concerns comes at a moment when the platform is mired in multiple investigations, drawing criticism from state actors all around the ‘Western’ world. For instance, shortly before Zuckerberg’s announcement, the Office of the Privacy Commissioner of Canada issued a report in which it accused Facebook of committing ‘serious contraventions of Canadian privacy laws and fail[ure] to take responsibility for protecting the personal information of Canadians’ (OPC, 2019). More recently, the United States Federal Trade Commission (FTC) approved a record fine of $5 billion after deciding the company violated the FTC’s order from 2012 when a settlement was reached following charges of ‘deceiving consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public’ (FTC, 2019). Meanwhile in Europe, Facebook is subject to 11 pending investigations by the Irish Data Protection Commission (DPC) alone, all falling under possible violations of the EU General Data Protection Regulation (GDPR).

These select few examples are merely a fraction of many more instances when the interests of digital platforms appear to stand in direct opposition to the information privacy rights of their users. Moreover, an examination of the structural characteristics of the business model adopted by companies like Facebook, Amazon or Google suggests that further privacy breachesshould be anticipated, as they tend to be the rule rather than exception. Since the very logic of capital accumulation that digital platforms rely on is based on personal data collection and its analysis and assembly into information products that are sold to third parties (Fuchs, 2012), it begs a question about the adequacy of applying a privacy-oriented legal framework to effectively protect users’ personal information.