Slide 1 The State of the State in Cyberspace The Hybrid Regulation of Global Data Protection Ralf Bendrath University of Bremen Collaborative Research Center “Transformations of the State” ralf.bendrath@sfb597.uni-bremen.de http://bendrath.blogspot.com ECPR Workshop “Privacy and Information: Modes of Regulation” Helsinki, 7th – 12th May 2007

Globalization and the Internet: A prototypical case? Slide 2 Globalization and the Internet: A prototypical case? Globalization: internationalization and privatization of governance both trends suggest a loss of legitimacy The Internet is the most globalized space most likely case to check assumptions on global governance new forms of legitimacy on the Internet? Case study: Privacy Governance Timeline: 1970s to today

Governance models and state transformation Slide 3 Governance models and state transformation organizational dimension spatial dimension state private   national state regulation private governance international multilateral regime transnational self-governance

Three approaches to Internet Governance Slide 4 Three approaches to Internet Governance Cyber-Separatists (Communitarians) Traditionalists (Realists) Internationalists (Liberals) (Mayer-Schönberger 2002)

Slide 5 Cyber-Separatists

Slide 6 „Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.“ (John Perry Barlow: A Declaration of the Independence of Cyberspace, 1996)

„We reject: kings, presidents, and voting. Slide 7 „We reject: kings, presidents, and voting. We believe in: rough consensus and running code“ (Dave Clark, Internet Architecture Board, 1992)

Cyber-Separatists Self-Governance of the Internet Slide 8 Cyber-Separatists Self-Governance of the Internet Comparable to Lex Mercatoria Sovereign: The Netizens Less formalized, open process, emphasis on collaboration Technical solutions

Slide 9 Traditionalists

Traditionalists Netizens are physical humans Slide 10 Traditionalists Netizens are physical humans Servers, routers and cables exist in the real world Democratic legitimacy of the state Conflicts of law are nothing new Implementation difficult, but feasable to a satisfying degree

Slide 11 Internationalists

Internationalists Cyberspace is a global space Slide 12 Internationalists Cyberspace is a global space Adequate medium of regulation therefore is international law Goal: global agreements But also regional ones Council of Europe Privacy Convention OECD Privacy Guidelines …

Internet Governance Models and the State Slide 13 Internet Governance Models and the State specific aspects governance model role of the state   regulation model basis of legitimacy national state regulation (traditionalist) regulator public intervention democratic representation national private governance (cyber-separatist) limited oversight through general law national self-regulation effectiveness, legality multilateral regime (internationalist) interdependent, constrained regulator multilateralism national compliance international consensus, congruence transnational self-governance none transborder private participation

Internet Privacy: Any role for the nation-state? Slide 14 Internet Privacy: Any role for the nation-state? Internationalized Law From national data protection laws to transnational data flow regulation EU Directive as the core of a global privacy regime Privatized Enforcement PC and Internet make hard enforcement impossible user self-help through technical means „trust“ through private self-certification schemes

Global governance of privacy reaching its limits Slide 16 Global governance of privacy reaching its limits Input legitimacy: low transparency and accountability of international norms development congruence missing lack of accountability of private regulation Output legitimacy: low compliance „elephants and mice“ lack of user trust

The Return of the State Adequacy rating of privacy standards Slide 17 The Return of the State Adequacy rating of privacy standards Data protection authorities as certification agencies Technical regulation through intermediaries

Multilevel Privacy Regulation (a small selection) Slide 18 Multilevel Privacy Regulation (a small selection) Binding Corporate Rules MSFT Software Guidelines GBDe recommendations TRUSTe Web Seal Safe Harbor Agreement EU Directive OECD Guidelines Council of Europe Convention National law National law National law National law

Hybrid Privacy Regulation (the „Safe Harbor“ example) Slide 19 Hybrid Privacy Regulation (the „Safe Harbor“ example) Technical Standards Technical Enforcement Company TRUSTe Web Seal US DOT FTC Safe Harbor List Safe Harbor Agreement EU Commission & DP Commissioners EU Directive National law National law National law National law

Governance models over time & space Slide 20 Governance models over time & space specific aspects governance model period & region of relevance role of the state in the internet regulation model basis of legitimacy national state regulation (traditionalist) 1970s (Europe)   regulator public intervention democratic representation national private (cyber-separatist) 1970s-1990s (US) limited oversight through general law self-regulation effectiveness, legality multilateral regime (internationalist) 1980s-1990s interdependent, constrained multilateralism, national compliance International consensus, congruence transnational self-governance 1990s (US, partly Europe) none transborder private participation hybrid and layered global (new model) 2000ff (OECD and beyond) control of intermediaries, certification indirect state regulation, corporate compliance consensus on principles, transparency