Surveillance Capitalism and the Right to Be Forgotten: Does the General Data Protection Regulation or the California Consumer Privacy Act Better Protect Individual’s Data Privacy in a Surveillance Economy?

Abstract

The Western economy flourishes because of its capitalistic system, a system that is solely dependent on the success of commerce. The development of the internet, the evolution of technology and the integration of both resulted in a transformation of the capitalistic business model. Companies can now predict and influence consumer purchases by collecting and analyzing consumer data, thus ensuring profitability and guaranteeing the success of businesses with the goal of better service. However, does this model best serve consumers? Scholar Shoshana Zuboff exposes many concerns over data collecting business practices, or what she describes as surveillance capitalism. Consumers’ habits are continuously monitored, often without their knowledge or proper consent, leaving little room for privacy. Online businesses, not governments, have been left to self-regulate consumer practices, but as concerns grow, governing bodies are beginning to enact data privacy regulations. In 2018 the European Union passed the General Data Privacy Protection (GDPR), and in 2020 the state of California (in the United States) passed California Consumer Privacy Act (CCPA) to protect the data privacy rights of individuals when using online services. This thesis aims to determine if the GDPR or the CCPA is better equipped at addressing data privacy violations discussed by Zuboff. The Zuboff Rubric - two scales developed for this thesis based on her observations of asymmetries of knowledge and power and the absence of legitimate detection and sanctions - is used to determine each law's ability. The results of the Zuboff Rubric reveal that the GDPR and the CCPA have many similarities in providing certain aspects of data privacy protections, such as an individual’s right to request data deletion from a business’ database and to be provided information by businesses on the functions of the data processed. However, there are many aspects of data protection not covered by the CCPA but are covered by the GDPR, proving that the GDPR is better equipped to protect consumer data privacy and provide consumers more control over their data.