Litigating Data Sovereignty

By Andrew Keane Woods
Monday, December 10, 2018, 1:05 PM

If the first round of debates over internet governance focused on whether the internet can be governed, today’s debates are about which states will regulate the internet, how and where. China famously manages a walled garden; Europe has built an extremely robust privacy regime (read: mandated data localization) and seeks to apply its laws extraterritorially; the U.S. has a self-professed “open internet” policy but a series of outdated rules encumber different aspects of U.S. internet firm operations. The global governance of the internet is, inevitably, a patchwork of overlapping rules and regulations.

One under-examined thread in this story is the outsized role that courts play in managing the global governance of the internet. While much attention has been paid to the internal corporate controls of major internet platforms and much hope has been placed on international agreements, courts are still grinding away, hearing cases and controversies that implicate the cross-border regulation of the internet.

I have just published an article in the latest issue of the Yale Law Journal, “Litigating Data Sovereignty,” that tells this story across a range of different contexts—search and seizure cases, intellectual property cases, speech cases and more. In each case, a court must determine the appropriate territorial reach of a state’s efforts to regulate the internet; in each case, foreign affairs principles like comity indirectly shape the global governance of the internet.

And this is not a bad thing. Foreign affairs law reflects time-worn, sensible notions of sovereign power that are often missing from contemporary internet governance debates. The most basic of these ideas is that each sovereign has a legitimate interest in determining how a globally distributed service operates on its soil consistent with its laws. And importantly, ensuring that a state’s interests are sufficiently protected often means protecting the state’s interests abroad. This means that extraterritorial regulations of the internet are not per se problematic. (This is so basic, foreign affairs experts will yawn; yet, amazingly, it is controversial in American tech policy circles.)

These doctrinal principles—apart from settling the immediate issue before the court in a given case—offer sound guidance for the larger global internet governance policy debate. Most fundamentally, they suggest that any sensible notion of global internet governance must embrace the idea of a splintered internet.

As I say in the paper:

There are, generally speaking, two competing visions of internet governance today: (1) a cosmopolitan ideal that aspires to one set of rules everywhere, which is diametrically opposed to (2) a sovereign-difference ideal that sees the internet operating differently in different places according to local norms, customs, and rules. The cosmopolitan ideal is grounded in the idea that the internet should be “free”—an adjective that signals the wish that internet providers and users be at liberty to ignore local rules and operate instead by their own set of global internet rules. The chief proponent of the cosmopolitan view is the United States, which has pursued an “open internet” policy for the past decade. The animating conception is of the internet as a cosmopolis—a space that, if regulated by governments, should operate the same everywhere as “one internet.” This can be achieved through the universal imposition of a single set of rules.

But whose rules? Without saying as much, the answer is often implicitly “American rules.”

The sovereign-difference ideal, by contrast, is concerned principally with state control over the internet’s local effects. It places a premium on the standard components of sovereignty: state control over a territory. If the internet threatens the state’s ability to achieve its domestic aims, or if it invites foreign meddlers, the sovereigntists see a global internet framework that respects difference, and respects state efforts to protect that difference.

These two conceptions of internet governance do not exist independent of each other. They are reactions to one another and reflect larger geopolitical struggles. The strong sovereignty approach to internet policy is a reaction to the sense non-Western states have that the internet rules are being written by Western states. Sovereigntists see the cosmopolitan ideal as a farce: under their view, it is American imperialism masquerading as globalism. Cosmopolitans, for their part, accuse sovereigntists of trying to break apart the internet. They often frame the debate as over whether the internet should be “open” or “balkanized.” But this framing is wrong for two reasons. First, the internet can be both. It can be uniform in many respects but also different where it needs to be (language, legal compliance, and so on). One does not lose openness—or interoperability—by embracing sovereign differences. The second reason this dichotomy is unhelpful is that fragmentation is already here. It is happening because states want it, because users want it, and because firms want it. The question is not “should the internet fragment,” but rather what kind of fragmentation should we encourage? The answer has to be the kind of fragmentation that allows maximal sovereign difference with minimal harm to other sovereigns. The answer, in other words, is the kind of fragmentation that is possible by state-to- state negotiation and mutual accommodation.

This can be read as a modest defense of what some have called the splinternet: the idea that the internet will slowly be redefined along national or ethnic or linguistic boundaries. This idea is both inevitable and defensible: Countries will insist that digital goods and services behave in conformity to local law, just like physical products, so users will find that their use of the internet will change according to local law.

But there are better and worse forms of fragmentation; what kind of splinternet we see will depend on state policy choices. The better policy choices are those suggested by very basic concepts of sovereign deference—the concepts at the root of our foreign affairs laws.