INTRODUCTION
European powers in the 19th century divided up the world and exploited the raw materials of the colonised areas to drive industrial capitalism. A new model of extraction has arisen in the twenty-first century, without the use of guns or galleons, but rather servers and algorithms. The term data colonialism has been used to describe the appropriation of human life through data, the process by which Big Tech companies can now collect an ever- growing amount of informational wealth from individuals, communities, and sovereign states.[1]
Today, companies like Alphabet (Google), Meta, Amazon, Apple, and Microsoft have influence comparable to – if not greater than – that of any nation state. They determine conditions for billions of humans when they communicate, transact, and live digitally. They have information about citizens that governments have, they regulate speech across national lines, and they influence the outcome of elections by algorithmic amplification.[2] The central question this blog asks is whether, by systematically gathering and utilising data, Big Tech is taking on sovereign power and how that impacts democracy, human rights, and international law.
DEFINING DATA COLONIALISM
In their groundbreaking 2019 book, Nick Couldry and Ulises Mejias describe data colonialism as the latest form of domination, which is both violent, such as in historical colonialism, and abstract, like capitalism, turning human life into data to create profits.[3] Data colonialism is not territorial; that is, it does not need physical colonization. It is consent-based, through the “terms of service” agreements that users are asked to accept in order to access digital infrastructure, and which are notoriously difficult to read.
The reference to colonialism is intentional and provoking. Colonial powers take land, take labour, take natural resources; data colonisers take behavioural surplus — data produced as a by-product of human activity — and transform it into predictive products and sell them to advertisers and governments.[4] The economic model is Shoshana Zuboff’s concept of surveillance capitalism, which is about the process of platforms collecting data for more than just optimization, but for the purpose of predicting and molding human behavior in mass.[5]
THE ATTRIBUTES OF SOVEREIGNTY IN THE DIGITAL AGE
In classical international law, based on the Westphalian tradition, sovereignty is the sole right of a state over its territory and population.[6] In Max Weber’s famous statement, the state is the one that succeeds in claiming a monopoly on the legitimate use of physical force within its territory. These two definitions neither comfortably cover the realities of digital power nor do they have functional analogues in Big Tech, but each sovereign attribute has functional analogues in Big Tech.
First, consider territory. Platforms regulate digital spaces by community standards, algorithmic curation, and content moderation policies that are universal and not nation-based.[7] The Oversight Board is a quasi-judicial panel that has been called a “constitutional court for the internet” that can review content decisions and has a degree of sovereignty that is separate from the state.[8]
Secondly, think of coercive power. Big Tech doesn’t have armies under its command, but its ability to de-platform, limit access to payment services, and block cloud services can be a death sentence for companies and people. Last year, Amazon Web Services shut down Parler after millions of users were banned, making an example out of one company that can effectively censor an entire platform.[9]
Third, consider norm-setting. History has seen states reserving the right to establish the rules by which they govern life within their own borders. The terms of service of the major platforms today are a kind of lex digitalis, a body of law that is created by private companies and governs the daily lives of billions of people without democratic will and without any judicial review.[10]
DATA EXTRACTION AND THE GLOBAL SOUTH
Coloniality is most prominent in the data extraction in the Global South. African, Asian, and Latin American people provide vast amounts of training data, be it on camera, through their speech, or online. Africans, Asians, and Latin Americans provide so much data to feed into AI systems like those of large corporations in the United States and China, which are overwhelmingly owned and operated.[11] Value is created outwards, with the risks to the algorithmic discrimination, misinformation, and privacy issues staying local. There is a lesson to be learned from India. India is one of the largest data markets in the world, with more than 750 million Internet users in India. But the terms of processing of Indian citizens’ data are fixed in California.[12] The Indian Personal Data Protection Act 2023, which took years of discussion to be enacted, is aimed at putting India on the map regarding data sovereignty, but the enforcement of the Act against the multinational platforms is still extremely challenging. African states’ control of data governance is also an attempt to assert informational sovereignty, but for now, there is no real parity in terms of technical ability and legal resources between African countries and so-called Silicon Valley firms.[13]
REGULATORY RESPONSES AND THEIR LIMITS
The European Union (EU) has come the farthest in a bid to bring public rule to the digital economy. The General Data Protection Regulation (GDPR)[14] sets in place enforceable rights for individuals on their personal data with fines of up to 4% of global annual turnover if breached. The Digital Markets Act[15] identifies some platforms as ‘gatekeepers’ that have to fulfil certain obligations, aiming to dismantle the vicious circle of the dominance of data incumbents. However, the structural imbalance cannot be solved by merely regulating. Some have criticized the GDPR for creating a compliance industry that works in favour of bigger platforms that can afford the resources to hire data protection officers and lawyers, and harming smaller players.[16] What’s more, enforcement has not been consistent – the Irish Data Protection Commission, which is responsible for supervising companies based in Dublin for tax purposes, has been slammed for failing to increase its enforcement efforts against Meta and Google.[17] The Data Protection and Digital Information Act 2024 has taken some of the GDPR inspired protections away from post-Brexit data governance in the UK in an attempt to be more welcoming to tech investment. This is a race to the bottom that undermines citizens’ rights, critics say, and that reinforces corporate power.[18]
HUMAN RIGHTS DIMENSIONS
The implications of data colonialism in relation to human rights are enormous. In this, privacy is defined in Article 17 of the International Covenant on Civil and Political Rights,[19] and is being progressively violated by surveillance capitalism. It’s not just state censorship that threatens freedom of expression; there are also untransparent algorithmic systems that favour information “engageability” over accuracy, which often means the spread of misinformation.[20] The UN Special Rapporteur on extreme poverty and human rights has pointed to the fact that data-driven social protection systems often contain discrimination, for instance, when the most vulnerable are not included in the system due to a number of algorithmic mistakes or bias.[21] While it is true that the UN Guiding Principles on Business and Human Rights are non-binding, they do call corporations to take responsibility for human rights, and have not yet yielded any accountability for Big Tech.[22]
CONCLUSION
The term ‘data colonialism’ is no rhetorical ploy. It reflects a structural reality, one that is being done to the human body, a systematic abstraction of value from the lives of humans, disproportionately in the Global South and among marginalised communities, with a small number of corporations – disproportionately headquartered in rich countries – operating under a legal framework they have used to their own advantage. It remains to be seen if Big Tech is the new sovereign – and what that means for sovereignty. They do not have the characteristics of statehood according to international law. But the power they have over billions of people is functional, in that they have regulatory, adjudicatory, and norm-setting power that no one state could have unilaterally. The problem for the international legal order is to create structures (hard law, international cooperation, and true democratic engagement) that limit this power and shift its advantages to lessen the inequalities. The GDPR and the Digital Markets Act alone will not be enough to decolonise the digital order. It calls for a paradigm shift in that humans create data, which is supposed to be a freely available resource. Human data is not a resource; it is the by-product of human experience, and its management should be based on human dignity.
References:
[1] Nick Couldry and Ulises A Mejias, The Costs of Connection: How Data Is Colonizing Human Life and Appropriating It for Capitalism (Stanford University Press 2019).
[2] Evgeny Morozov, To Save Everything, Click Here: Technology, Solutionism, and the Urge to Fix Problems That Don’t Exist (PublicAffairs 2013).
[3] Couldry and Mejias (n 1) 3.
[4] Shoshana Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (PublicAffairs 2019) 63–97.
[5] ibid 8.
[6] James Crawford, Brownlie’s Principles of Public International Law (9th edn, Oxford University Press 2019) 143–148.
[7] Kate Klonick, ‘The New Governors: The People, Rules, and Processes Governing Online Speech’ (2018) 131 Harvard Law Review 1598.
[8] Evelyn Douek, ‘Facebook’s “Oversight Board”: Move Fast with Stable Governance and Make Things’ (2020) 35 Berkeley Technology Law Journal 1.
[9] Daphne Keller, ‘Who Do You Sue? State and Platform Hybrid Power over Online Speech’ (2019) Hoover Institution Aegis Series Paper No 1902.
[10]Julie E Cohen, “The Surveillance-Innovation Complex: The Irony of the Participatory Turn” in Darin Barney and others (eds), The Participatory Condition in the Digital Age (University of Minnesota Press 2016).
[11] Thabo Chukwu, “Whose Data Is It Anyway? Data Colonialism and the Politics of Artificial Intelligence in Africa” (2022) 14 African Journal of Information and Communication 45.
[12] Arindrajit Basu, “The Retreat of the GDPR Model: India’s Data Protection Bill and Its Discontents” (2023) 9 Internet Policy Review 1.
[13] African Union Commission, Data Policy Framework (African Union Commission 2022).
[14] GDPR (n 15) art 83(4).
[15] Digital Markets Act (n 16).
[16] Johnny Ryan, ‘GDPR Enforcement Is Broken’ (Irish Council for Civil Liberties 2021).
[17] Max Schrems and others, ‘Two Years of the GDPR: Taking Stock’ (noyb.eu 2020).
[18] Open Rights Group, ‘Data Protection and Digital Information Bill: A Rights Deficit’ (ORG Briefing, March 2024).
[19] International Covenant on Civil and Political Rights (adopted 16 December 1966, entered into force 23 March 1976) 999 UNTS 171, art 17.
[20] UN Human Rights Council, Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression (UN Doc A/HRC/38/35, 6 April 2018).
[21] UN Human Rights Council, Report of the Special Rapporteur on Extreme Poverty and Human Rights (UN Doc A/74/493, 11 October 2019).
[22] Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework (OHCHR 2011) UN Doc HR/PUB/11/04