In May 2013, NSA contractor Edward Snowden leaked classified documents relating to mass surveillance programs igniting a long overdue international conversation concerning the legal rights and protections of data and digital communications in the internet age. Initially the media focused on the compelling story of Snowden’s decision to sacrifice his comfortable lifestyle and personal privacy in his flight from the US to asylum in Russia. Eventually the attention returned to the main question: how do we ensure that internet users’ rights are protected as the internet becomes an ever-increasing part of our daily lives? One of the biggest challenges in answering this question will be balancing the competing interests of governments, international organizations, businesses and individuals.
The disclosures, which immediately sparked worldwide outrage, are now starting to bring about real change as governments begin to enact legislation that seeks to address many of the concerns exposed. The European Union recently approved new data protection rules aimed specifically at preventing the issues presented by mass governmental surveillance programs. The rules seek to establish online privacy rights for EU citizens, simplification of the complaint process, and tougher standards for businesses that use personal data. The initial approval of these regulations has met criticism from internet businesses that say the new rules will result in impractical burdens.
While the European Union has led the charge, countries around the world have escalated the priority of data privacy laws. Indonesia publicly announced their support for United Nations’ actions with regards to data privacy. Opportunistic countries like the Bahamas are trying to establish themselves as safe places for companies to process personal data. Other countries, like Brazil, are taking more drastic positions on protecting their citizen’s data, calling for data localization and a break from the US-Centric Internet. Part of the concern arises out of the perceived dominance of the United States in the realm of internet governance. However, there are legitimate concerns that regulations restricting the flow of data will fundamentally change the internet, resulting in data silos and reduced innovation.
Reactions to the NSA spying program have been mixed in the United States. Many officials at the federal level have either denied culpability or maintained the importance of the programs. United States citizens concerned about data privacy may have better luck taking up the issue with their local state governments. While the United States federal government has sidestepped the issue many states have recently enacted new data privacy laws and state attorneys general can enforce those statutes. Privacy advocates hope that these laws will help to encourage laws at the federal level which can be more expansive in the scope of their protection.
If global internet usage trends are any indication, the issues of data privacy and internet governance will remain at the forefront of international policy discussions. The issue of data privacy prevents challenges on many fronts, including the fact that the pace of technology innovation vastly exceeds the ability of governing bodies to create legislation. In addition, we are seeing how the fear of data surveillance can strain the international relationships between countries. However great the challenges may be, the fact that this issue has gained international attention and created an active dialogue on the issues is a necessary step in the right direction.
Matthew Aeschbacher is a 3LE law student at the University of Denver Sturm College of Law and a staff editor for the Denver Journal of International Law & Policy.