Do we Need a Political Economy of Surveillance? The Case of the GDPR: A Critical Account of the Norms Governing Cyberspace


  • Francesco Lanzone Maastricht University



GDPR, general data protection regulation, EU, European Union, surveillance, Web 2.0, Google, Facebook, panopticon, prosumer, consumerism, ideology, advertising, neoliberalism, ordoliberalism, marxist political economics, cookies, profiling, consent, data


This study examines the General Data Protection Regulation of the European Union from a critical perspective. By doing so, it aims to generate a comprehensive account of online surveillance practices for commercial purposes, and how public policy in this field is normatively conceived. In order to untangle the normative elements of this highly contested and complex regulation, which took more than five years to be signed under intense lobbying, this paper concentrates on the topics of Consent, Data Ownership and Profiling. These three interrelated elements constitute the primary sources of power asymmetries in the Web between users and providers of online services. By employing the proposed theoretical perspective of a political economy of surveillance, this paper draws from concepts of Foucauldian panoptic surveillance and of Marxist political economics, in order to draw a picture of current surveillance practices by major, quasi- monopolistic IT corporations such as Google and Facebook. The analysis then tests this framework with regard to the normative stance taken by the GDPR, the first major initiative aimed at regulating cyberspace. Deconstructing regulation in this way helps to understand the normative and ideological lines of action of the EU in the newly emerged policy area of the Common Digital Market.

Author Biography

Francesco Lanzone, Maastricht University

Born in Genova, Italy, in 1995. Obtained Bachelor Degree in European Studies at Maastricht University.Interests and specializations: Political science and new technologies


Acquisti, A. (2009). Nudging privacy: The behavioral economics of personal information. IEEE security & privacy, 7(6).

Article 29 Data Protection Working Party. (2012). Opinion 08/2012 providing further input on the data protection reform discussions. 01574/12/EN WP199.

Baker, J. (2013). EU Data Protection proposals taken word for word from US lobbyists. 12 Feb 2013. IDG News Service. Retrieved May 22, 2018, from

Berenskoetter, F. (2017). Approaches to concept analysis. Millennium, 45(2), 151-173.

Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy law, 6(2). 77–78.

Campbell, J. E., & Carlson, M. (2002). Panopticon. com: Online surveillance and the commodification of privacy. Journal of Broadcasting & Electronic Media, 46(4), 586-606.

Carolan, E. (2016). The continuing problems with online consent under the EU's emerging data protection principles. Computer Law & Security Review, 32(3), 462-473.

Clarke, R. (1993). Profiling: A hidden challenge to the regulation of data surveillance. JL & Inf. Sci., 4, 403.

Cohen, N. S. (2008). The valorization of surveillance: Towards a political economy of Facebook. Democratic Communiqué, 22(1), 5.

Cohen, J. E. (2015). Studying law studying surveillance. Surveillance & Society, 13(1), 91.

Danaher, G., Schirato, T., & Webb, J. (2000). Understanding foucault. London: Sage. pp. 46-62

De Hert, P., & Papakonstantinou, V. (2012). The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security Review, 28(2), 130-142.

De Hert, P., & Papakonstantinou, V. (2016). The new General Data Protection Regulation: Still a sound system for the protection of individuals?. Computer Law & Security Review, 32(2), 179-194.

Engels, B. (2016). Data portability among online platforms. Internet Policy Review.

European Commission. (2017). European Commission - Fact Sheet. Questions and Answers - Data protection reform package. Brussels. MEMO/17/1441

European Union. (2016). of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 4.5.2016. 2016/679/EU. OJ L 119

Financial Times. (2018). Data protection: Brussels’ heavy hand on Europe’s digital economy. Retrieved March 18, 2018 from:

Fuchs, C. (2010). Labor in Informational Capitalism and on the Internet. The Information Society, 26(3), 179-196.

Fuchs, C. (2012). The political economy of privacy on Facebook. Television & New Media, 13(2), 139-159.

Fuchs, C., Boersma, K., Albrechtslund, A., & Sandoval, M. (Eds.). (2013). Internet and surveillance: The challenges of Web 2.0 and social media (Vol. 16). Routledge.

Fuchs, C. (2013). Critique of the political economy of web 2.0 surveillance. In Fuchs, C., Boersma, K., Albrechtslund, A., & Sandoval, M. (Eds.). Internet and Surveillance. pp. 51-90. Routledge.

Gare, E. (2016). Profiling and Online Behavioural Advertisement Under the GDPR Has the new Regulation succeed in assuring the protection of fundamental rights without hindering innovation and economic interests in the digital economy? University of Oslo. Master's thesis.

Gandy Jr, O. H. (1993). The Panoptic Sort: A Political Economy of Personal Information. Critical Studies in Communication and in the Cultural Industries. Westview Press, Inc., 5500 Central Avenue, Boulder, CO 80301-2877

Hesse-Biber, S., & Leavy, P. (2011). The practice of qualitative research (2nd ed. ed.). Los Angeles: SAGE.

Hoegg, R., Martignoni, R., Meckel, M., & Stanoevska-Slabeva, K. (2006). Overview of business models for Web 2.0 communities (pp. 33-50). TUDpress.

Horowitz, S. (2017). Foucault’s Panopticon. In R. Miller (Ed.), Privacy and Power: A Transatlantic Dialogue in the Shadow of the NSA-Affair (pp. 39-62). Cambridge: Cambridge University Press.

Hull, G. (2015). Successful failure: what Foucault can teach us about privacy self-management in a world of Facebook and big data. Ethics and Information Technology, 17(2), 89-101.

Koops, B. J. (2014). The trouble with European data protection law. International Data Privacy Law, 4(4), 250-261.

Lyon, D. (2008). Surveillance as social sorting: Privacy, risk, and digital discrimination. London: Routledge.

Mantelero, A. (2013). The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten’. Computer Law & Security Review, 29(3), 229-235.

Menken, S. and M. Keestra (eds.) (2016) An Introduction to Interdisciplinary Research. Theory and Practice, Amsterdam: Amsterdam University Press .- Part 2 – The Manual – ‘The How’, pp. 89-95.”

Ratti, C. & Helbing, D. (2016). The hidden danger of big data. 19 Aug 2016. Al Jazeera. Retrieved May 30, 2018, from:

Regan, P. M. (2012). Regulating surveillance technologies. In Lyon, D., Ball, K., & Haggerty, K. D. (Eds.). (2012) Routledge Handbook of Surveillance Studies, p397. Routledge.

Ritzer, G., & Jurgenson, N. (2010). Production, consumption, prosumption: The nature of capitalism in the age of the digital ‘prosumer’. Journal of consumer culture, 10(1), 13-36.

Sevenhuijsen, S. (2004). Trace: A method for normative policy analysis from the ethic of care. The Heart of the Matter. The Contribution of the Ethic of Care to Social Policy in Some New EU Member States, 13-46.

Schulze, M. (2015). Patterns of surveillance legitimization: The German discourse on the NSA scandal. Surveillance & Society, 13(2), 197.

Spiegel Online. (2012). US Lobbyists Face Off with EU on Data Privacy Proposal. 17 Oct 2012. Der Spiegel. Retrieved May 20, 2018, from:

Terranova, T. (2000). Free Labor: Producing Culture for the Digital Economy. Social Text,18(2 63), 33-58.

Toshkov, D. (2016). Research design in political science. Palgrave Macmillan.

Turow, J., & Draper, N. (2012). Advertising’s new surveillance ecosystem. In Lyon, D., Ball, K., & Haggerty, K. D. (Eds.). (2012) Routledge Handbook of Surveillance Studies, p397. Routledge.

Van Horn, R. (2009). Reinventing monopoly and the role of corporations. In Mirowski, P., & Plehwe, D. The road from Mont Pèlerin: The making of the neoliberal thought collective. Cambridge, MA: Harvard University Press.

Walker, B. (2015). Every day big data statistics – 2.5 quintillion bytes of data created daily. VCloud News. Retrieved May 30, 2018, from:

Whitaker, R. (1999). The End of privacy: How total surveillance is becoming a reality. New York (N.Y.): The New Press.

Yoo, C. S. (2011). When Antitrust Met Facebook. Geo. Mason L. Rev., 19, 1147.

Zarsky, T. Z. (2016). Incompatible: The GDPR in the Age of Big Data. Seton Hall L. Rev., 47, 995.