Distinction in travel journalism
Is independent travel journalism important to you?
Click here to keep it independent

9 Jun, 2018

GDPR – Another chapter in the book of European extra-territorial neocolonialism

Bangkok – The General Data Protection Regulation (GDPR) is yet another example of European neocolonialism in an age of globalisation and borderless communications. While the Information Superhighway is opening up vast opportunities to create a better, more peaceful, stable and sustainable planet, it is simultaneously and very paradoxically also doing quite the opposite. Slap in the midst of this dichotomy comes the GDPR, a johnny-come-lately attempt to shut the barn door after the horse has bolted.

The most powerful infrastructure network ever built, the Information Superhighway originated in the military and defence establishment. The transition to civilian and commercial use and its rapid advancement forged ahead well before the underlying regulatory, legal and consumer protection mechanisms could be put in place. Belated attempts to rectify those deficiencies, such as the GDPR, make it a perfect reflection of the imbalanced management of public safety & security across transport and communication infrastructure.

In the aviation sector, for example, safety and security is the backbone of the entire system. No aircraft takes to the skies unless and until the entire chain of command, including airport management systems, air traffic control, navigation systems and all aspects of aircraft air-worthiness and passenger security are finalised, negotiated, implemented, tested and uniformly applied, without exception. Even a drunken pilot gets suspended immediately. That stringent commitment to the rule of law is what makes aviation the safest form of mass travel today, in spite of its technological complexity.

The threshold of adherence is much lower on road highways. Although highways have similar safety and security regulations designed to curb traffic accidents, the rule of law is nowhere as universally and stringently enforced as in the aviation “skyways”. That, combined with much higher volumes of traffic, leads to mass casualties. According to the World Health Organisation, there were 1.25 million road traffic deaths in 2013, or an average of 3,424 deaths a day.

The threshold drops further on the Information Superhighway which has been a free-for-all, starting from the early days of email, when messages promoting human anatomy enlargements became rampant, to today, when malware, spyware, phishing, fraud, hacking, viruses, defamation, slander, extremism, hate-speech, bigotry, sexual exploitation of children and blatant infringement of privacy are ubiquitous. Like in the aviation regulatory systems, this should never have been allowed to occur.

As this communications chaos and anarchy rages, the Europeans have come up with the GDPR to protect the privacy of European citizens and prevent abuse and misuse of their personal data. The law itself runs into hundreds of pages, and requires a phalanx of lawyers and consultants to decipher. According to one explanatory information portal, “The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

This one-size-fits-all, extra-territorial, illegal neocolonialism deserves to be called out.

While the European Union/Commission has every right to safeguard its own citizens, it’s right to swing its arms around ends where our nose begins. Non-Europeans neither vote nor pay taxes nor reside in Europe, nor did we have a say in the crafting of this law, nor were we told about how it works or how it affects us. So on what grounds precisely can it be applied to non-Europeans?

The European DNA may have something to do with it. Historically, the French, Dutch, Portuguese, Spaniards and Brits have been the world’s leading colonial powers. They still appear to have problems shaking off that stigma.

Hark back to the 1990s, when the travel industry had to comply with a consumer protection travel directive under which any holidaying European who had reason to believe that he/she had not received products and services as promised in the brochure could go back and claim a refund from the travel agency in Europe which had made the bookings. This led to a slew of false claims by people who were looking to deliberately defraud the system with minor problems, and get a free holiday. To avoid expensive and potentially image-damaging litigation, many companies would just settle, then force the hotels and ground operators supplying these services in the host countries to share the burden. The cost burden grew further because many companies were forced to take out insurance against such fraudulent claims.

Making matters worse were the European travel advisories. Any act of violence or health issue or natural disaster that could potentially pose a safety & security threat to a thin-skinned European led to a travel advisory against that hapless destination, which suffered an immediate business downturn. Getting these suffocating advisories amended, updated or removed was a monumental task. To avoid any “why-didn’t-you-warn-us” backlash from their citizens, European diplomatic missions and foreign offices just let the advisories stay. Today, thanks to social media, travel advisories have lost all value, and not a moment too soon. Many European capitals themselves are experiencing security problems. Interestingly, they never issue advisories against one of their own.

Another double-standard is the onerous visa regime. European pedophiles, neo-Nazis, Islamophobes and European passport-holding Israelis, amongst assorted other undesirables, can walk visa-free into most Asian countries, while the vast majority of us wretched Asians have to seek appointments, fill out eight-page forms, be finger-printed and provide a myriad of documentation about our bank accounts, employment, education, etc., to gain the privilege of merely visiting Europe. European governments know everything about us, far more than the social media companies. This information is collected by outsourced third-party companies whose staff also have access to it. I have applied for European visas many times. Never have I ever been given any assurance that any European government will respect and safeguard my privacy.

Now comes the GDPR. Same old-fashioned neocolonialism in new guise. Which also raises a few questions.

Firstly, what legal right does the European Union/Commission have to apply this law extra-territorially?

All bilateral or multilateral laws, such as international conventions, free-trade agreements, extradition treaties or double taxation avoidance pacts are negotiated individually or collectively. Not so the GDPR, which is a purely unilateral move. As many non-European countries are coming up with their own data and privacy protection laws, with different provisions than the GDPR, which law should be observed, by whom, and where?

Secondly, what is the procedure for filing complaints? Does it provide for a right to respond? Protect against false claims and harassment? Who is covered by it? Many Europeans live outside Europe. How can a German living in Bangkok claim to be covered by a European law even if he/she is not domiciled in Europe?

What can be proved is that the GDPR has affected many companies and individuals sending and receiving routine communications.

Me, for example. I receive press releases and news releases from dozens of NTOs, hotels, airlines, PR companies, and more. I was deluged with GDPR notifications. The amount of time I spent renewing my subscriptions is not funny. No two notifications were alike. Some wanted me to fill out all my details all over again. Others just kept it simple. Others required me to prove I was not a robot. Everyone had different a privacy policy. As one notification after another poured in, I just got tired. As a result, I may have missed a few notifications, and been removed from some important lists. I will not know which ones until much later.

On the outbound front, too, I face issues. For several years, I have been sending out a well-regarded newsletter to a loyal readership, free of charge. It clearly includes an unsubscribe link. I store no personal details. I don’t ask for anyone’s birthdays or gender or location. I don’t violate anyone’s privacy. Now, my IT consultant has told me that I have to sign up to the GDPR. Why? Just in case someone who does not like my editorial perspectives on controversial issues such as the Israeli occupation of Palestine uses the GDPR as an excuse to harass and gag me. Just like consumer protection travel directive, the GDPR is open to abuse and misuse. Several such gag attempts have been made in the past, by falsely reporting my newsletter as spam and getting my email hosting service to blacklist my IP address. So far, they have failed. Some freedom and democracy-loving European gagsters may well try again – thanks to the GDPR.

I welcome the challenge. Let’s do it in the public domain in a fair, open and transparent manner. Will I be provided full details of the complainant? Will the complaint be thoroughly investigated to ascertain its veracity? Does the European Commission itself have the resources to investigate each and every claim? If I have a counter-complaint against this violation of my sovereignty, whom do I go to? Can I counter-sue the complainant and the European Commission? In fact, what right do Europeans have to file a complaint against non-Europeans over regulations over which the non-Europeans have had absolutely no say? Why do non-Europeans have to pay the nuisance factor price of a European law?

In all likelihood, the GDPR will do little to achieve the purpose it has been set out for. The large social media companies will find some other way of getting the data. Just take a look at Facebook’s latest privacy update. Can anyone spot what is really new about it? Facebook, Apple, Google, Amazon, Uber and other such communications behemoths are sitting on an amazingly cheap form of market research and intelligence both rolled into one. Remember, the very origins of the Information Superhighway can be traced back to the military. They are not about to let any law get in the way, especially as they know it will be rendered obsolete and overtaken by technological advances fairly soon. Even if a legal challenge is mounted, it will take years for a settlement to be reached.

Meanwhile, thousands of non-Europeans, especially SME entrepreneurs, have fallen victim to the bureaucrats in Brussels. Regrettably, no one is mustering the courage to challenge this onslaught of extra-territorial neocolonialism. We Asians also have DNA problems. Our inferiority complex makes it easy for us to be divided and ruled, and weakens our ability to defend our interests in global platforms.

One day, the people of Asia may overcome their DNAs and shift the focus to far bigger battles than the GDPR.

If climate change and global warming are the top-ranked global threats, who is responsible for them? Laos? The Maldives? The Philippines? Bhutan? Nepal? The prime culprits are the industrialised economies, Europe, the United States and Japan. For decades in the aftermath of World War II, these economies became rich by spewing out the toxic emissions that have today landed up in the atmosphere and threaten the future of the planet. Today, these industrialised economies do not want to be seen as part of the problem, only as part of the solution. Having invested heavily in the technologies to shift away from fossil fuels, they now want to sell these patented products to the developing countries, whereas in fact they should be making them available free.

Ditto with geopolitical controversies. Asian and African countries are fed-up with European double standards and hypocrisy on multiple geopolitical issues such as human rights violations, sanctions, immigration, visa restrictions, trade tariffs and much more. The protracted Middle East problem is a clear case in point.

The GDPR just maintains the tradition. When we will ever learn?