In June 2021 the G7 in Cornwall (UK) mentioned Data Protection1 on the summit of the largest world economies the very first time.2 GDPR and additional new regional and national Data Protection Laws are showing the significant influence of Privacy3 on International Trade. Eventually, the decision EuGH „Schrems II“ defines two key-criteria for the exchange of personal data in an international context.4
Based on these developments the following seven thesis are highlighting the connection of Data Protection and World Order:
Soley democracies have an ‘interest’ to grant Human Rights to their citizens. The Right to Data Protection is an integral part of this set of Human Rights.
Democratic countries shall grant the Right to Data Protection to citizen of other democratic countries while these citizens are living in a foreign country. The Right to Data Protection granted to foreign citizen shall not have the same extent but shall be essentially equivilent to the Right, which is granted to their own citizens. The principle of proportionality shall govern the access to personal data of foreign citizen.
Foreign citizens shall be granted access to independent courts to defend their Right to Data Protection in foreign democratic countries. These citizens shall be able to participate from the rule of law in a foreign democratic country.
Since democratic countries grant the Right to Data Protection to citizens of other democracies a free flow of personal data shall be admissable between these countries. The free flow of personal data is for the economic benefit of these countries.
Dictatorships or autocratic countries have no ‘interest’ to grant the Right to Data Protection to their citizen, since these countries do not grant Human Rights to their citizen either. Therefore, these countries will not be open to grant the Right to Data Protection to citizen of foreign countries. Dictatorships or authoritatrian countries have no ‘interest’ to grant the right of access to independent courts to foreign citizen, since these countries do not provide independent courts to their own citizen.
A free flow of personal data from democratic countries to dictatorships or authoritarian countries shall not be admissable since the interest of dictatorships and authoritarian countries aims to control their own citizen with the assistence of IT. These countries can not be expected to protect the Right to Data Protection to foreign citizen.
With dictatorships or authoritarian countries international treeties shall define “red lines“ of processing of personal data for specific purposes and for specific technologies, which shall be prohibited. These “red lines“ shall apply in respect to citizen of other countries (regardless whether to democratic or non-democratic countries) and similarly in respect to the interstate situation of the own citizen.
The idea that democracies grant a basic set of Human Rights to citizen of foreign democratic countries seems to be a logic external outcome of the inner order of democracies. However, the basic principle of the Law of Nations is that democracies do not grant Human Rights to citizen of foreign democracies.5 To modify this principle it is necessary to enter into international treaties.6
The EuGH “Schrems II“ defines two key requirements for an international exchange of personal data.7 First, the access of administrative bodies to personal data shall be limited according to the principle of proportionality. Second, the data subjects shall be granted access to independent courts to defend their rights. These two principles shall be incorporated into the treaties regarding international Data Exchange.
Data Protection and Political System
Democracies are granting a set of Human Rights and the Right to Vote to their citizens. The balance of power between legislatative, executive and judicial branch as well as the acknowledgement of the rule of law is covered under the Democratic Order. Part of the Human Rights granted to the citizens is the Fundamental Right of Data Protection. Therefore the two key-principles of international Data Protection established by EuGH “Schrems II“ are likely to be met by Democratic Governments.
In contrast, autocratic government or dictatorship are seeking to control their citizen. These forms of government will not grant Human Rigths to their citizens.8 The balance of power and the rule of law will not be recognized and therefore, independent courts will not exist.
As consequence, autocratic government and dictatorship can not be expected to meet the two basic principles of EuGH „Schrems II“. The access to personal data by administrative bodies will not be limited by the Right to Data Protection and the principle of proportionality. In addition, the citizens of foreign countries will not be granted access to independent courts, since independent courts do not exist either in autocratic government or in dictatorship.
Will democratic countries agree on common principles of Data Protection?
The discussion between the EU and the US about the Privacy Shield indicates that democracies do not automatically agree on the extent of the Right to Data Protection. However, an Inter-Democratic-Understanding of Privacy is inevitable for the free flow of personal data and simultanously a high level of Protection of Personal Data.9 Hence, this common understanding is vital to reach International Agreements on Data Protection between Democracies.
Is it justified to say? There will be no Democracy without Privacy – within countries10 and in World Order.
1I will use “Data Protection“ (used in EU) and “Privacy“ (used in US) and as synonym for the purpose of this article.
2CARBIS BAY G7 SUMMIT COMMUNIQUÉ; No. 34: “Championing data free flow with trust, to better leverage the potential of valuable datadriven technologies while continuing to address challenges related to data protection. To that end we endorse our Digital Ministers’ Roadmap for Cooperation on Data Free Flow with Trust.“, page 12
3I will use “Privacy“ (used in US) and “Data Protection“ (used in EU) as synonym for the purpose of this article..
4EuGH “Schrems II“, C-311/18, 16 July 2020 requires firstly, access of administrative bodies to personal data shall be limited according to the principle of proportionality and secondly, data subjects shall be granted access to independent courts to defend their rights.
5– Historically, soley States were regarded as subjects of the Law of Nations. Since World War II, the UN Charter is granting Human Rights to individuals with the effect that the Law of Nations is ackowledging Rights of individuals.
– The 47 Member States of the European Convention of Human Rights (ECHR) are granting Human Rights to their citizens and in addition, a legal remedy for individuals to the European Court of Human Rights.
– Mass interception of Foreign Intelligence Agencies (Edward Snowden) and the extraterritoriality of law (US cloud act, GDPR) are raising the aspect, whether Democracies shall grant Human Rights to citizen of other Democracies.
– The Right of Aliens is based on different facts: Aliens are not nationals of the country in which they live.
6 – In respect of Data Protection the treaties Safe-Harbor and Privacy Shield between the US and the EU were examples for international treaties granting a certain level of the Right to Data Protection to foreign citizens.
– The EU-Treaties are an example for a treaty which grants Human Rights to citizens of foreign coutries and vice versa, e.g. the Right of Free Movement. In addition, the Right to Data Protection (Art. 8) is part of the EU Charter.
7– EuGH “Schrems II“, C-311/18, 16 July 2020.
– GDPR (Art. 23) and EuGH “Schrems II“ are both referring to a legislation (within the EU and in the Third Country) “which do not go beyond what is necessary in a democratic society to safeguard, inter alia, national security, defence and public security.“ That means the GDPR and EuGH “Schrems II“ (Rdn. 141) are aiming to take a universial approach.
8 Reuters (15 December 2015 ): “Putin signs law allowing Russia to overturn rulings of international rights courts”.
9 – The Economic Partnership Agreement between the EU and Japan and the Adequacy Decision on Japan by the European Commission pursuant to Article 45(3) GDPR were formed and adopted simultanously.
– Toshihiro Wada; Data Protection in Japan, DPOblog.eu, November 16, 2019
10 For example in respect of microtargeting and free election: without respecting the Privacy of voters, Democracies will not be able to guarantee free, equal and fair elections to their citizens: https://privacyinternational.org/learn/data-and-elections