Opinion: How data restrictions erode internet freedom

The future of internet governance is currently being shaped by governments across the world. Digital policies are undergoing fundamental changes, affecting both the levels of freedom we can enjoy in the digital era and the internet's potential for expression and communication.

Tim Berners-Lee, the inventor of the world wide web, once described a major challenge of the future of the internet: managing it “in an open way – not too much bureaucracy, not subject to political or commercial pressures”. While many believed the internet was too massive, decentralized and fast-growing for any one government or company to tame, this warning has proved prescient.

The dominance of tech companies and social media behemoths over the digital economy has become a hot-button issue. But the vision of an open and free internet has (for the most part) been championed by the vast majority of governments. After all, the conventional wisdom of the day was that an open and free internet would in turn make societies more open and free. As such, the authoritarian and repressive policies of countries like China, North Korea and Iran were condemned.

Today, this post-Cold War digital consensus is crumbling, and these once-aberrant policies are becoming the norm. Global optimism about the internet's irrepressibility and liberalizing effect is suddenly diminishing.

Countries across the world – small, large, powerful and weak – are accelerating efforts to control and restrict private data. According to the Information Technology and Innovation Foundation, the number of laws, regulations and policies that restrict or require data to be stored in a specific country more than doubled between 2017 and 2021, rising from 67 to 144.

Some of these laws may be driven by benevolent intentions. After all, citizens will support stopping the spread of online disinformation, hate, and extremism or systemic cyber-snooping. Cyber-libertarian John Perry Barlow’s call for the government to “leave us alone” in cyberspace rings hollow in this context.

But some digital policies may prove to be repressive for companies and citizens alike. They extend the justifiable concern over the dominance of large tech companies to other areas of the digital realm.

These “digital iron curtains” can take many forms. What they have in common is that they seek to silo the internet (or parts of it) and private data into national boxes. This risks dividing the internet, reducing its connective potential, and infringing basic digital freedoms.

On the corporate side, governments have exerted unprecedented pressure on companies to comply with internet shutdowns (like in Myanmar and Iran). Last year alone, there were at least 182 shutdowns in 34 countries. Similarly, businesses have been coerced to follow data storage and localization laws. These require companies to collect and turn over citizens’ data (India recently attempted and failed to enact such a law).

For these businesses, this is often presented as a binary choice between complying or breaching national laws. The latter could expose corporate officers and the business as a whole to potential legal liabilities. Yet it also puts them in conflict with fundamental human rights, which they are responsible to uphold as corporate citizens.

In 2019, Russia passed a controversial cybersecurity law to allow the government to control and isolate the country’s internet. Russia’s media and telecommunications regulator, Roskomnadzor, demanded NordVPN to connect to the Federal State Information System. This would have given the agency centralized content control and the ability to monitor users accessing banned websites. NordVPN refused to comply and removed its servers from Russia.

Now it is not just such overtly repressive examples driving this trend. The future of the internet and personal data has itself become an axis of geopolitical competition. Our sensitive information has always been precious to businesses and bad actors, but it’s now also become an integral part of national and global politics. Governments are enforcing new policies and restrictions in pursuit of digital sovereignty.

In this vein, countries and blocs like the European Union, US, Kenya, UK and South Africa are setting standards about how data can or can’t be moved within and across borders. Of course, they are not as repressive as some laws in China, Iran or Russia. But these digital iron curtain policies chip away at the connective potential of the internet at a practical and philosophical level, even if many of them (like the GDPR) arguably empower citizens to control and own their data.

Data regulation should help improve the state of cybersecurity and privacy, not introduce new risks. Regulation certainly should not come at the expense of people’s security and safety in the online world. Individual institutions cannot be expected to strike this balance alone.

Governments must also put digital freedoms at the heart of policy-making. The legal framework must centre human rights, and share knowledge with NGOs and industry players. It should also protect the interconnected and open nature of the internet.

That being said, an open internet necessitates some level of oversight. But what is the correct formula to strike the perfect balance, to avoid both aggressive digital iron curtains and self-governing internet monopolies? One that protects the most vulnerable users, as well as protecting privacy and freedom of expression? One that allows for innovation but, at the same time, allows freedom of choice? One thing is for certain: We need a close dialogue between governments, industry and NGOs about digital openness.

The existence of the open and free internet is under threat. If we allow our online rights to be jeopardized, we will see the consequences reverberate in the offline world. Perhaps the answer is that there is no perfect balance, but we must start a dialogue now – so that our ability to communicate freely across societal, cultural and national borders is not compromised by the rise of digital iron curtains.