The EU is poised to grab personal data in a way that could impact people around the globe. Information is power; it is power over your life and almost always includes a raid upon your wealth. The control of information is particularly important to cryptocurrencies because, unlike cash, they leave a transaction trail that makes privacy more difficult and imperative. Without privacy, it is not clear how liberating bitcoin can be for the individual.
A headline in New Europe (June 12) captures the purpose of the upcoming data grab in the EU: “The office of the European Public Prosecutor [EPPO] promises a new era has dawned in the EU for fighting financial crime.” Financial crime refers to the movement of wealth upon which a government frowns. It includes wealth rescued from confiscatory areas like Greece and the purchase of ‘unapproved’ services like sex. Financial crimes that do not involve theft or fraud are simply people who take control of their own financial choices.
The New Europe article further explains, “Every year, at least 50 billion euros of revenues from VAT are lost for national budgets all over Europe through cross-border fraud.” Taxes. The article could not be clearer about the EPPO being a tax grab. The word “terrorism” may be thrown into every second sentence but, in this content, it is a synonym of “tax collection.” The EU states do not want money to flow over borders and away from their reach. And, since nothing flows quite so smoothly as cryptocurrency, it will be targeted.
How The EU’s New Data Rape Will Differ From The Past
Banking Tech (June 9) reports that the EU “wants to make it easier for authorities to get hold of private data from companies such as Facebook and Google regardless of which country the data is stored in.” [Emphasis added.] The EU wants access to the public cloud. Information that people in Iowa or Quebec enter into their computers could be available to a bureaucrat in Germany who wants to profit by using it against them. The EU currently requires the consent of a host nation to access such data; the requirement is called due process. But, in an end run around tricky issues such as legal precedent and national sovereignty, the EU wants huge tech companies to give them cross-border access to the public cloud. This would eliminate the need for local law enforcement and political bodies or individuals to consent.
The EPPO will administer the new arrangment and investigations that result. The official website declares, “Currently, only national authorities can investigate and prosecute EU-fraud. Their competences stop at their national borders. Existing Union-bodies…do not have and cannot be given the mandate to conduct criminal investigations.” Now they will be.
It is not clear what the new mandate looks like, however. The website states, “The EPPO will mainly rely on national rules of investigation and procedure, which will apply if the regulation does not provide for more specific provisions. The regulation introduces European rules where it’s absolutely necessary to ensure the efficiency and effectiveness of the EPPO…” A more vaguely worded mandate would be difficult to construct.
One thing is not vague. The EU carries a big carrot and a big stick when it approaches tech companies like Google. The UK Independent explains, “EU antitrust regulators aim to slap a hefty fine on Alphabet unit Google over its shopping service before the summer break in August…setting the stage for two other cases involving the US company.” Google could face a $9bn EU fine for allegedly rigging its search results to favor itself. The expected ruling is on the heels of a $122 million fine imposed on Facebook for allegedly providing misleading information to EU regulators. The EU’s continuing litigation against tech giants also provides continuing leverage for its political agenda.
A Contemporaneous Move Toward Data Monopoly
People should not be reassured by the much-touted General Data Protection Regulation (GDPR) which comes into affect on May 25, 2018. For one thing, it ostensibly contradicts the EPPO which demand unprecedented access to the “public cloud.”
The GDPR website describes the regulation as the “biggest overhaul of data protection regulation ever undertaken.” The measure represents itself as a protector of personal privacy against businesses that sell customer data without customer consent or knowledge. Some policies may seem benign or beneficial. For example, businesses would require explicit consent from customers to share sensitive financial or medical information; they would be required to notify customers of hacks or other breaches of data. In a free market context, a company that offered and lived up to these privacy policies would probably attract a solid client base.
We do not live in a free market. Increasingly, we live in the opposite – a marketplace defined by governmental agendas. Perhaps this is why the regulation’s main thrust seems to be the imposition of “heavy fines” on non-compliant businesses that either have a presence in the EU or deal with customers who are residents there. In short, the regulation “has the potential to impact companies that do not have any operations in the EU” but sell into that market. The regulation also places the EU in control of personal data in the role of protecting personal data…from everyone but itself, that is. The EU’s enforcement mechanism is access or denial to rich markets, including the money and skills of ‘its’ people.
Moreover, it would protect information only by giving itself more control over it. [For a free market correction of the same problem, please see Reason Magazine article entitled “Computer Scientists Are Building a New Internet That Brings Privacy and Property Rights to Cyberspace.” It uses blockchain tech, of course.]
Returning to the dynamics of a statist correction… According to “The GDPR – Key Points for Canadian Business,” published by McMillan, the harsh penalties would occur through “two tiers of possible sanctions”:
(1) The upper tier, where serious infringements will attract a penalty of the greater of:
- 20,000,000 Euros, or
- 4% of annual worldwide turnover of the corporate group; and
(2) The second tier, where lesser infringements will attract a penalty of the greater of:
- 10,000,000 Euros, or
- 2% of annual worldwide turnover of the corporate group.
Again, the regulation is heralded as protecting the data of individuals. But, presumably, that same data would be shared with the EU states or agencies that administer and monitor the GDPR in order to judge whether there was compliance. The issue reduces to who you trust the most: a company with whom you contract or the government. With the business, at least, you can unsubscribe and limit damage. But why should you trust either?[Note: the official website and other sources for the GDPR do not provide satisfyingly detailed information on many aspects of the regulation. Instead, it is referred to as “a living document” that bureaucrats “are working to expand it in key areas.”]
It is dangerous folly to take the words of politicians or bureaucrats at face value. This is especially true when left hand contradicts the right hand’s motion.
The EPPO is evolving in tandem with the GDPR. They are either in contradiction or they have the same goal with different PR attached. The EPPO claims to be protecting EU taxpayers by making financial criminals pay their fair share. The GDPR claims to be protecting individual privacy by establishing massive control of the data that flows through businesses. “We, Big Government, are speaking out for the little person.” As a representative of the little person, I don’t believe it, I don’t want it, and the state should do me the favor of not doing me favors anymore.