Regulating the Mass Dataveillance Capabilities of Psychopathic Corporations

Abstract

The increasing prevalence of corporate mass dataveillance poses significant risks to privacy and societal well-being. This thesis examines the effectiveness of existing data protection regulations in addressing these risks in the current socio-technical landscape. It argues that these regulations are inadequate due to their outdated assumptions: the necessity and acceptability of corporate data processing and the benevolent nature of corporations. Drawing on Joel Bakan's theory of the psychopathic personality of corporations, this thesis highlights the misalignment between corporate profit-driven motivations and regulatory objectives, and proposes a new regulatory framework that aims to restrict corporate mass dataveillance by targeting the business models that have incentivized its development and the institutional structures that enable pathological corporate behaviour.

The thesis begins by mapping the current socio-technical landscape, highlighting the now possible capabilities of public and private organizations by technological advances in the generation, collection, and processing of data about individuals and their behaviours. It analyzes the evolution of the right to privacy within the international human rights framework, particularly its application to government surveillance, before shifting the focus of the analysis to corporations as central actors in the data economy and how this framework applies to them.

Using Uber Technologies Inc. and Meta Platforms Inc. as examples of corporations with data-driven business models, it illustrates how these corporations exhibit psychopathic tendencies consistent with Bakan's theory, including an obsession with profit, a lack of concern for others, and a propensity for breaking legal rules. The thesis then discusses corporate mass dataveillance systems as a manifestation of this psychopathic personality, highlighting the economic model of surveillance capitalism, in which these corporations operate, and the risks and harms posed by their extensive data collection and processing practices: such as undermining democratic institutions, interfering with the right to privacy, and facilitating behavioural manipulation. This socio-economic ecosystem, driven by a logic of data accumulation, has propelled the expansion of dataveillance technologies and influenced the design of products and services to maximize corporate profits at the expense of individual rights and societal well-being.

With this landscape in mind, the thesis analyzes the adequacy of data protection regulations, exemplified by the GDPR and PIPEDA, in addressing corporate mass dataveillance. It identifies two key shortcomings: their failure to question the necessity of corporate data processing, and their flawed assumption of corporate empathy. These limitations render these regulations inadequate to limit corporate mass dataveillance and inadequate to protect human rights and society from the risks and harms dataveillance creates.

To address these gaps, I propose a new regulatory framework aimed at restricting corporate mass dataveillance. The framework targets the business models that have incentivized the development of corporate mass dataveillance and the institutional structures that enable pathological corporate behaviour. Specifically, it introduces a new and broader corporate purpose to create value for the benefit of society, a new duty to limit revenues from behavioural data surpluses, and imposes existential consequences on corporations that fail to do so. Under this duty, corporations must ensure their business models do not derive revenues from the sale of technologies, products, or services that either facilitate, are based on, or are informed or improved by the collection or processing of behavioural data surpluses.

The thesis concludes by emphasizing the need for an interdisciplinary approach to effectively regulate corporate mass dataveillance and limit corporate power, thereby protecting democratic values and individual rights.