International data transfers are an obvious target in this conflict. State surveillance generates strong emotions and rightly so. When our freedom to communicate and interact with others is at risk, it is right to question the controls on the power of the state to access our data. However, the scrutiny of the lawfulness of global dataflows is currently adopting an absolutist approach that appears unaware of the fact that democracy is always a work in progress exercise. Fuelled by a distrust of the open economy, the rules that govern the way in which data can lawfully flow beyond Europe's borders are being interpreted in such extreme ways, that any efforts to protect such data are swiftly disregarded irrespective of the actual risk for our privacy.

Some of the strongest opinions on the use of data and privacy are also being voiced in the context of online targeted advertising. The recent decision by the Belgian data protection authority stating that IAB Europe acts as a data controller with respect to the individual's consent signals, objections and preferences captured by the Transparency and Consent Framework ('TCF') was carefully argued. This is an ingenious ruling that has hit the whole online advertising ecosystem with a single shot, and the repercussions need to be collectively addressed by all involved in it. But the way in which it was cheered by so many seeking the demise of the advertising that makes so much of the content available on the internet possible was aggressive to the extreme.

Speaking of extreme views, few issues are as divisive as Brexit. So when the UK Government announced its plans to reform the current data protection framework, many reactions followed the views on Brexit. At one end of the spectrum, a radical diversion from a law of such a marked EU pedigree as the GDPR cannot happen quickly enough. At the other, diverging for the sake of diverging is seen as another self-inflicted catastrophe. These stances are obviously incapable of seeing any merits in each other's arguments, but even more worryingly, they appear unwilling to think rationally about the pros and cons of any such reforms. Not necessarily because they are incapable of undertaking a rational assessment, but because the stance is already predetermined by the tribe to which one belongs.

Given these examples, is there any room left for rational discourse and debate in an area like data protection? Or have all relevant parties already taken a side in this culture war? Surely, this is too important a topic to be left unresolved. Perhaps, if we look at it properly, there is enough room to find a tempered middle ground where the right answers (and peace!) can be found. As far as the purpose of data protection law is concerned, the intention was never to stop the world, close the Internet and restrict progress. European data protection law has always been about enabling personal data to flow while protecting our rights and freedoms, particularly our privacy. There is plenty of room for manoeuvre within that premise to function in a globally connected way. International data transfers are not the enemy of freedom. Internet advertising is compatible with responsible data uses. And the GDPR itself can and should be interpreted in ways that are not in conflict with the information economy. Privacy and data protection are too precious to succumb to culture wars. We just need to see them as a responsibility and not a battlefield.

Eduardo Ustaran Partner
[email protected]
Hogan Lovells, London