Regulatory Capitalism or Neoliberalism? the case of data protection

The humanities student who chooses to engage with the subject of the data protection is often faced with a curious contradiction: on the one hand, we are taught that we live in a neoliberal regime marked by the general reduction of state intervention in the economy, on the other, the past few decades show a regulatory explosion in the data protection sector.

How to reconcile these two conflicting images? In today’s post, I present the concept of regulatory capitalism as an analytical alternative to the conventional narrative that associates neoliberalism with the market deregulation. Afterwards, I will seek to demonstrate how this concept applies to data protection regulations.

Before starting to read, however, a disclaimer is necessary: ​​although its content addresses academic themes, this text is not a scientific publication. Its goal is to present a counterpoint to a theoretical approach that, although quite common, is far from being the only one about neoliberalism. For an examination of the concept in its various nuances, I recommend this paper.

Deregulation: the neoliberal fairytale

Neoliberalism is commonly described as an economic doctrine created in the mid-twentieth century and implemented in several countries since the 1970s. On the theoretical level, its development is associated with economists such as Ludwig Mises and Friedrich Hayek, while its practical application in the political field is usually linked to historical figures like Margaret Thatcher and Ronald Reagan. Some of its pillars would be the deregulation of markets, the privatization of public goods and the general defense of a reduced role for the State in economic life – the minimum State. In this narrative, where neoliberalism imposes itself, the State retracts.

Except that observable reality seems to contradict this description, as suggested by several studies carried out in the social sciences in the last decades. For example, one of the main studies on the subject examined the relationship between privatization and the creation of regulatory agencies in the electricity and telecommunications sectors in 171 countries. It identified not only a strong correlation between the two phenomena, but also a greater tendency towards the creation of regulatory agencies than towards privatization since the 1990s. Other comparative analyzes with databases referring to other sectors have obtained identical results: where neoliberalism imposes itself, regulatory bureaucracy increases.

Such results have aroused growing skepticism in part of the social sciences about the conventional association between privatization and deregulation, which has already been referred to as “the neoliberal fairy tale”. Instead of such tale, these skeptics argue, we are facing a global expansion of the apparatus that the State uses to rule, monitor and sanction conducts. Thus, it would be more appropriate to speak of the advent of the “regulatory state” or of “audit cultures” than of a neoliberalism that would actually reduce state intervention in the economy.

But what would this “regulatory state” consist of? For political scientist Giandomenico Majone, a pioneer of this literature, the concept would explain the changes that occurred in the economic governance of European countries at the end of the 20th century. In the state of social welfare, public interest was achieved through income redistribution policies, which were effected through the provision of public services by state-owned companies. Faced with the wave of privatizations that took over Europe in the period, market regulation – once seen as a less relevant economic intervention compared to nationalization – would receive more and more political attention, being framed as a remedy for continuing to achieve certain social goals in the absence of a productive sector controlled by the State.

In addition, this process would be strongly stimulated by European economic integration, which would increasingly limit the legal capacities of taxation and expenditure of Member States. This is because the costs of the redistributive policies of the welfare state tend to be absorbed by the state and, therefore, are conditioned on the public budget, while the costs of regulatory policies fall on the private sector. Therefore, actors with a reduced budget, such as the European Commission compared to the States, would be encouraged to progressively expand the universe they regulate, as this would be their main means of extending their sphere of influence. And this expansion would reverberate in the Member States, which are responsible for nationally implementing the norms managed within the European community.

All of these changes would also have a series of effects that would reconfigure the political conflict:

In the welfare state, the main disputes were budgetary, whereas in the regulating state the central conflicts were over the formulation, interpretation and application of rules. Consequently, if the previous main interest groups were employers, union or rural associations, now a myriad of new actors gains prominence: the technical-scientific character taken by the debates favors a greater role for experts at all stages of the regulatory process; the replacement of direct administration for contractual relations results in the Judiciary taking a leading role in mediating conflicts; the regulatory agenda becomes increasingly guided by interest groups associated with specific themes that aren’t necessarily connected to class discourse, such as environmental and consumer protection movements.

From the regulatory state to regulatory capitalism

Since Majone’s pioneer publications, the theory of the role of regulation in the global institutional order has been criticized, refined and complexed. In the next few lines, I recover some of these developments, often grouped under the term “regulatory capitalism”.

First, it is important to note that conflicts over the public budget and redistributive policies have not ceased to be absolutely central to the organization of political life – just look at the importance of discussions on pension reform in the 2018 elections or the current debates on global taxation of Big Tech. In addition, the role of regulatory policies presents substantial historical variation between sectors and countries: the financial sector, for example, was governed in this way in several countries decades before the neoliberal advent and it could be argued that the USA was already a “Regulatory State” long before Reagan.

Furthermore, it would be naive to assume that such changes are simply the result of rational government officials reacting to similar structural constraints – incentives to regulation as a control strategy and gaining influence in the face of a reduced public budget. Pressures from international entities whose agenda has historically been guided by countries in the global north, such as the Organization for Economic Cooperation and Development (OECD) and the International Financial Action Group (FATF), also contribute to the global diffusion of normative standards produced in those countries. Furthermore, transnational intellectual communities of experts operate as vectors for the theories and regulatory designs produced in these contexts, accelerating their flow to the global south.

But, in addition, the phenomenon in question is not limited to more rules and state authorities on private companies. The State itself suffers its effects: a study on the subject in the United Kingdom, for example, demonstrated an explosive growth in the number of public servants specifically focused on the regulation and internal supervision of government entities even when the total number of public servants in the country was in abrupt fall.

In fact, one of the crucial aspects of these transformations is the widespread diffusion of the means of controlling institutional behavior, whether directed to public or private entities. This proliferation is not restricted to the multiplication of traditional legal command and control mechanisms – creation and application of binding rules -, but is also expressed in the diversification of government strategies and technologies: there is, therefore, an increasing relevance of corporate social responsibility instruments, such as audit systems, organizational reports, codes of conduct, lists of principles, transparency rankings, labels and certifications.

In view of this complexification of the regulatory repertoire, the framing of the public debate itself shifts. Questions that were once taken as undoubtedly political (“More or less State in the economy?”) are now often presented as having an allegedly technical character (“Which regulatory technologies are more efficient to achieve this or that goal?“, where the goal is framed as given, consensual and apolitical). And given that political disputes over the effectiveness and legitimacy of regulatory means depend on allegedly technical actors, such as courts and scientific organizations, the result is an increasing political role for expertise in framing social and economic problems and legitimizing regulatory solutions.

For political scientist David Levi-Faur, coordinator of the study mentioned in the previous section, regulatory capitalism is not reduced to the rise of neoliberalism or the emptying of state power. Its features are:

1) new division of labor based on privatization;

2) delegation of public authority to independent regulatory agencies, when previously it tended to be exercised directly through government ministries and State-owned companies;

3) diversification of regulatory technologies;

4) increasing formalization of inter-institutional and intra-institutional relations;

5) increase in the influence of specialists and transnational communities of specialists.

The case of data protection

When one begins to study the history of informational privacy, it is difficult to remove the feeling of disparity between the events of the past decades and the narrative of neoliberal deregulation. If we take Europe, a reference in the global dissemination of the protection of personal data as an autonomous and specific regulatory field, for instance, the examination of the period only shows the regulatory activity growing:

In 1981, the European Council approved Convention 108, which defined fundamental concepts, such as personal data, and minimum standards to be observed by companies. In 1995, the European Union published its Directive 95/46 / E22, whose broad scope included the obligation for each member state of the bloc to create a regulatory agency responsible for the matter. In 2016, the bloc enacted the General Data Protection Regulation (GDPR), a rule that disciplined the matter extensively and became a global reference, including the model for the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados – LGPD).

In 2021, 128 countries have data protection laws and dozens of them have regulatory agencies responsible for standardizing and supervising the treatment of their citizens’ personal data. In addition to the visibility that the relationship between personal data and fundamental rights has acquired in recent years, it is not difficult to understand why so many legislators choose to regulate the sector along similar lines: the approval of a data protection law with specific standards and the creation of an authority responsible for its application are requirements both for entry into the OECD and for the free flow of data between countries and Europe.

In Brazil, the influence of the transnational community of privacy experts is also noteworthy: some of the main references in the debate on the topic are law scholars whose academic production is strongly influenced by European tradition, such as Danilo Doneda and Laura Schertel. The influence of these specialists goes beyond the academic sphere, where their works circulate widely, and directly affects the construction of public policies, contributing to forming the understandings of policy makers about what the objectives of a data protection law are and which are the best means to achieve them.

If we look at the design of our General Data Protection Law, two features associated with regulatory capitalism stand out. First, its applicability to the public sector is linked to the logic of greater supervision and control in all spheres of institutional life, not just of private initiative. Additionally, the law articulates the traditional command and control mechanisms, visible in the normative, supervisory and sanctioning powers of the National Data Protection Authority, with a heterodox regulation toolkit. The tools include codes of conduct, impact reports, labels and certifications. Thus, it can be said that the law adopts an approach populated by elements of responsive regulation and based on a strong dialogue between regulator and regulated.

In short, the five characteristics described by Levi-Faur can be verified without major difficulties in the analysis of the protection of personal data – which may suggest that the concept of regulatory capitalism is perhaps more apt to describe the globalization of regulation than the traditional narrative.

Beyond neoliberalism

Decades after the privatist-liberal reforms associated with typically neo-liberal governments, the world is more regulated, not less. Given this observation, it is up to the social sciences to investigate the causes and consequences of the regulatory explosion in institutional life. The investigation of this phenomenon can lead us to other relevant findings for the general understanding of the historical moment in which we are living, such as the growing politicization of expertise at a time when the framing of public issues is increasingly depoliticized. From this perspective, the concept of regulatory capitalism can teach us a lot.

Want to learn more about data protection? Check out our post on the importance of the LGPD for Brazil.

The views and opinions expressed in this blogpost are those of the author. 
Illustration by Freepik Stories.