The Great Data Rush

Data is the new gold. The availability of data and capacity to process it grows ever more in importance both for the economy and for politics. The rise of digital technologies has engaged states and private companies in a hunt for crucial data to gain a comparative advantage over their actual and putative opponents.

The challenges for the law are obvious. Broadly speaking, three different prongs of the new legal universe driven by digital technologies impose themselves: the regulation of private actors, public actors, and markets. Each of them has received ample coverage from the journal, and our special issue on EU Security Governance and Financial Crimes brings them all together.

The first prong, concerning governmental restrictions of private actors’ use of data, needs regular updates to keep pace with the technological development. Back in 2012, Hans Buitelaar made the case for a thorough overhaul of European data protection laws. Technical progress increased differences in implementation, leading Anne-Marie Zell to complain about different standards in data protection between Germany and other European countries.

The new General Data Protection Regulation has eliminated these differences. While Germany used to be a first mover in data protection decades ago, the ball is now firmly in the field of the European Union. Judgments like the ECJ’s landmark decision in Schrems, discussed for the journal by Christopher Kuner, or Google Spain, discussed by Krystyna Kowalik-Banéczyk and Oreste Pollicino, underline Europe’s claim to leadership. But leadership is a doubtful privilege if you are in a game between the hare and the hedgehog. As Kunbei Zhang has argued on the basis of a comparison between China and Europe, the attempt to fully regulate the use of personal data in European law risks to be ultimately thwarted by technical progress. Hence, the question remains whether switching from self-determination to dignity in data protection law, as suggested by Anne de Hingh, will suffice in the long run. Dynamic, discretionary rules might be more suitable to develop in step with digital technologies, although they might compromise the rule of law and democratic legitimacy.

The second prong concerns the taming of sovereign appetite for data, its uses and abuses. In the field of police and security, the aftermath of 9/11 tilted the balance between liberty and security heavily towards the latter – at least in the eyes of many observers. The German Law Journal covered these issues repeatedly almost from its inception. An early example is Sheetal Asrani’s comparison of legislative changes in India and the United States. A whole special issue on Security, Democracy, and the Future of Freedom (2004) gave ample consideration to the role of data in the “war” against terror. For example, Oliver Lepsius provided a critical overview of new competencies granted to German secret services to collect and process data. Too old stuff for you? Then you might find inspiration in the interviews with Giorgio Agamben and the late Judge Hassemer included in the special issue.

In a tech sense, of course, the measures adopted after 9/11 now appear as relicts from the Stone Age. Imagine that to surveil a person’s movements, secret services actually had to equip her vehicle with a GPS tracker. The technological development has gone through the roof, and we try to keep pace with it. Now, boarding a plane requires nothing less but “full nudity” in a data sense under the SWIFT agreement, even in its weakened form, as explained by Valentin Pfisterer. Another example is cyber espionage. Patrick Terry recently argued that Russian interference in US elections violates international law, cautioning that the “victim” of such measures should better come with clean hands. Also from this year is Oreste Pollicino’s and Oleg Soldatov’s text on the difficulty of striking a balance between fighting cybercrime and restricting free speech – and how addressing the former might provide cover to do the latter in Russia’s recent cybercrime legislation. And if the case of Hans-Georg Maaßen made you curious to know more about the limits of German intelligence services’ competencies, you may consult Christian Schaller’s recent contribution.

The third prong, then, concerns the regulation of markets in the digital economy. This concerns an extremely broad field, stretching from the regulation of bitcoins, as explained by Michèle Fink, to improving the taxation of highly mobile digital services advocated by Robin Hansen. Needless to say, these issues are so heavily under development that you can bet to hear back from us again on this.