Globalization leads to technology diffusion, which is inevitably linked to the selling of sensitive surveillance technologies. States and the private sector are close collaborators in the market for digital surveillance tools, which are a part of a new generation of disruptive technologies. As new technologies filter information, they have the potential to limit the freedom of speech or violate the right to privacy. As such, new means to mitigate their misuse and proliferation, including instruments outside of the box of traditional export control regimes, should be considered. This chapter explains the role of surveillance technologies and their effects in suppressing the right to privacy and the freedom of speech in a digital age. Next, it identifies current legal regimes of export control and its limits under the Wassenaar Arrangement. In this context, it also considers the latest EU development when it comes to the Dual-Use Export Regulation, as well as business due diligence. Further, it turns to private self-regulation and the need to comply with the Organisation for Economic Co-operation and Development (OECD) Guidelines on Multinational Enterprises and the UN Guiding Principles on Business and Human Rights and calls for more standard setting built on their principles.
This contribution was supported by the Charles University, project UNCE—Human Rights Research Centre, UNCE/HUM/011. The opinions expressed in this article do not represent an official position of the Ministry of Foreign Affairs of the Czech Republic and are just and only the author’s. I would like to thank Jan Kunstýř and Milan Lipovský for valuable comments on initial drafts.
This is a preview of subscription content, access via your institution.
Council of Europe, Committee on Legal Affairs and Human Rights (2015), p. 1.
European Parliament, Directorate-General for External Policies, Policy Department (2012), pp. 9–10.
In general, surveillance can be defined as watching over someone/something, but within the context of privacy, it means interference within another person’s private sphere by observance of his/her activities.
Caponetti (2016), p. 70.
Human Rights Council (2019), para 66a.
See e.g. Ezell and Foote (2019).
Or, put it differently, “export control history regarding ICT is better read against the pairs between security and commerce, foreign policy and trade policy […]”. Ruohonen and Kimppa (2019), p. 171.
The Wall Street Journal reported in 2011 that “a retail market for surveillance tools has sprung up from nearly zero in 200 to about $5 billion a year”. Valentino-DeVries et al. (2011).
Kanetake (2019), p. 15.
Wagner (2012), p. 7.
Organization for Security and Co-operation in Europe (2017).
Human Rights Council (2015), paras 16–18.
Human Rights Council (2019), para 21.
Human Rights Committee (2004), para 8.
Human Rights Council (2011b), principle 3.
Kanetake (2019), p. 12.
Human Rights Committee (2017), paras 36–37.
Privacy International (2014).
Wagner (2012), p. 12.
Sherman and Morgus (2018). However, the situation is changing as particularly China has become a major worldwide supplier of artificial intelligence surveillance technology, such as facial recognition systems, smart city platforms, and smart policing technology—a global driver of “authoritarian tech”. Feldstein (2019), p. 13. Chinese companies have supplied critical technological infrastructure to countries around the world, exporting their authoritarian standards in the process. The “Freedom on the Net 2018” report identified eighteen countries out of 65 that had accessed AI surveillance technology developed by Chinese companies. Shabhaz (2018), pp. 7–8; for further details, see records and witness experts on China’s digital authoritarianism. US House of Representatives, Permanent Select Committee on Intelligence (2019). In addition, trade exchange in surveillance technologies and equipment is increasingly two-way. For instance, in February 2021, it was revealed that at least half of London’s 32 boroughs have bought and deployed China-made surveillance systems. Asher-Schapiro (2021).
U.S. Department of Commerce, Bureau of Industry and Security (2021).
Charatsis (2017), p. 53.
Pyetranker (2015), p. 162.
Reiser and Hindin (2014), p. 29.
Wassenaar Arrangement, List of Dual-Use Goods and Technologies and Munitions List, WA-LIST (12) 1, 12 December 2012, Category 5.A.1.f.
Wassenaar Arrangement, List of Dual-Use Goods and Technologies and Munitions List, WA-LIST (13) 1, 4 December 2013, Categories 4.A.5 and 5.A1.j.
Bohnenberger (2017), pp. 84–85.
Ruohonen and Kimppa (2019), p. 184.
Pyetranker (2015), p. 168.
Human Rights Council (2019), para 34.
Bohnenberger (2017), p. 84.
Charatsis (2017), p. 56.
Charatsis (2017), p. 67.
There were evidenced several examples when cyber-surveillance technology exported by EU companies was afterwards used by autocratic regimes to suppress dissent and resistance while massively violating human rights.
Ecorys and SIPRI (2015).
Council Regulation (EC) No 428/2009.
European Commission (2014a).
Council of the EU (2015b), para 24.
European Commission (2016).
Kanetake (2019), p. 7.
Council of the EU (2018).
DIGITAL EUROPE (2018).
All the EU needs to do is regulate the single market; it is the global corporations that transmit EU rules across the global marketplace, as the above examples illustrate. This dynamic allows the EU to exert a passive but deep influence on corporate behaviour, transforming global markets in the process.
See e.g. recently adopted the Digital Services Act and the Digital Markets Act. There is also a broader global contest for influence over the global norms governing the digital economy. While the U.S. and the EU have their disagreements, they seem manageable when compared to their shared concern over China’s or Russia’s authoritarian approaches. Contesting views on cyber norms are already taking place in the United Nations. See e.g. Polyakova and Meserole (2019), p. 11; Ding (2020); Grigsby (2018).
European Commission (2020), pp. 5–7.
Privacy International (2013).
UK National Contact Point (2013), para 25.
UK National Contact Point (2014), paras 68–69.
UK National Contact Point (2016), para 9.
FIDH - International Federation for Human Rights (2014), pp. 26–27.
Society for Threatened Peoples (2020).
See also Bromley et al. (2016), p. 48.
For instance, the still novel French Duty of Vigilance Law (2017) requires companies of a certain size to create and implement annual vigilance plans in order to assess and address the risks of human rights, health and safety, and environmental violations resulting from their activities, including those of their business relationships. The Finnish government announced in its official programme plans to make compulsory conduct human rights assessment for companies, while the German government proposed to establish due diligence processes within the National Action Plan on business and human rights and possibly binding legislation later.
European Parliament (2021).
European Parliament (2021), Art. 4.1.
Council of the EU (2020), para 45.
Council of the EU (2015a), Objective 18.
Newman and Bach (2014), p. 430.
OECD (2016); Regulation (EU) 2017/821 of the European Parliament and of the Council of 17 May 2017 laying down supply chain due diligence obligations for Union importers of tin, tantalum and tungsten, their ores, and gold originating from conflict-affected and high-risk areas. The other field concerns foreign investors’ behaviour. See e.g. Svoboda (2020), pp. 462–474.
More specifically, the US agencies issued the Xinjiang Supply Chain Business Advisory statement in July 2020 in which they call for “businesses and individuals should examine the end users of their products, technology, research, and services, to reduce the likelihood that their goods or services are being used to build, maintain, or support: […] (2) the broader surveillance apparatus of the PRC government; […].” US Department of State (2020a, b), p. 8.
Anstis et al. (2020).
Aryobsei and Scherb (2020).
Human Rights Council (2018), para 10.
Guiding Principles, principle 11.
European Commission (2014b).
Cohn and York (2011).
Human Rights Council (2019), para 32.
Human Rights Council (2011a), paras 15–25.
See also Global Conference on Cyberspace 2015, Chair’s Statement (2015).
Privacy International (2014).
Human Rights Council (2019), p. 18.
Lipovský (2016), p. 264.
UN Internet Governance Forum (2014). See also the OHCHR webpage on the B-Tech Project for the full list of materials.
Human Rights Council (2019), para 34.
Bauer and Bromley (2019).
Amnesty International (2020) EU companies selling surveillance tools to China’s human rights abusers. https://www.amnesty.org/en/latest/news/2020/09/eu-surveillance-sales-china-human-rights-abusers/. Accessed 22 Apr 2021
Anstis S, Barnett S, Deibert R, Gill L, Penney J, Reid RJ, Senft A (2020) Submission to the Government of Canada on the renewal of the responsible business conduct strategy. Citizen Lab
Aryobsei M, Scherb M (2020) Germany takes a step closer to mandatory human rights supply chain due diligence, Lexology
Asher-Schapiro A (2021) Exclusive: Half London councils found using Chinese surveillance tech linked to Uighur abuses. Reuters. https://www.reuters.com/article/us-britain-tech-china-idUSKBN2AI0QJ. Accessed 16 Feb 2021
Bauer S, Bromley M (2019) Detecting, investigating and prosecuting export control. SIPRI. https://www.sipri.org/sites/default/files/201912/1912_sipri_report_prosecuting_export_control_violations_0.pdf. Accessed 10 Feb 2021
Bohnenberger F (2017) The proliferation of cyber-surveillance technologies: challenges and prospects. Strat Trade Rev 3(4):81–102
Bratus S, Capelis DJ, Locasto M, Shubina A (2014) Why Wassenaar arrangement’s definitions of intrusion software and controlled items put security research and defense at risk – and how to fix it. https://www.cs.dartmouth.edu/~sergey/wassenaar/wassenaar-public-comment.pdf. Accessed 25 Jan 2021
Bromley M, Steenhoek KS, Halink S, Wijkstra E (2016) ICT surveillance systems: trade policy and the application of human security concerns. Strat Trade Rev 2(2):37–52
Bundesverband der Deutschen Industrie (2016) EC dual-use: review of the EC dual-use regulation. https://bdi.eu/media/topics/global_issues/downloads/201601_FINAL_BDI-Assessment_Reform_EC_Dual-Use.pdf. Accessed 13 Jan 2021
Caponetti L (2016) Mass surveillance technology: trading Trojan Horse? Strat Trade Rev 2(2):53–71
Charatsis C (2017) Dual-use research and trade controls: opportunities and controversies. Strat Trade Rev 4(4):56–72
Cohn C, York JC (2011) “Know Your Customer” standards for sales of surveillance equipment. Electric Frontiers Foundations
Council of Europe, Committee on Legal Affairs and Human Rights (2015) Mass surveillance, Report. Doc. 13734
Council of the EU (2015a) Action plan on Human Rights and Democracy (2015–2019). JOIN(2015) 16 final
Council of the EU (2015b) Council conclusion on the action plan on Human Rights and Democracy 2015–2019. 10897/15
Council of the EU (2018) Paper for discussion – for adaption of an improved EU Export Control Regulation 428/2009 and for Cyber-Surveillance Controls Promoting Human Rights and International Humanitarian Law Globally. WK 5755/2018 INIT
Council of the EU (2020) Council Conclusions on Human Rights and Decent Work in Global Supply Chains. 13512/20
Council Regulation (EC) No 428/2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items
DIGITAL EUROPE (2018) Updated DIGITAL EUROPE comments on proposal for recast of export control regulation. https://www.digitaleurope.org/resources/updated-digitaleurope-comments-on-proposal-for-recast-of-export-control-regulation/. Accessed 5 Feb 2021
Ding J (2020) Balancing standards: U.S. and Chinese strategies for developing technical standards in AI. National Bureau of Asian Research
Dullien T, Iozzo, V, Tam M (2016) Surveillance, software, security, and export controls. Reflections and recommendations for the Wassenaar Arrangement Licensing and Enforcement Officers Meeting. https://tac.bis.doc.gov/index.php/documents/pdfs/299-surveillance-software-security-and-export-controls-mara-tam/file. Accessed 14 Jan 2021
Ecorys and SIPRI (2015) Final report: data and information collection for EU dual-use export control policy review. https://www.sipri.org/publications/2015/other-publications/final-report-eu-dualuse-review. Accessed 16 Jan 2021
European Commission (2014a) Delegated Regulation (EU) No 1382/2014 of 22 October 2014
European Commission (2014b) ICT Sector Guide on Implementing the UN Guiding Principles on Business and Human Rights
European Commission (2016) Proposal for a regulation of the European Parliament and of the Council Setting up a Union Regime for the Control of Exports, Transfer, Brokering, Technical Assistance and Transit of Dual-Use Items (recast). COM(2016) 616 final
European Commission (2020) Joint communication: a new EU-US agenda for global change, Brussels, Joint Communication of the European Commission and High Representative of the Union for Foreign Affairs and Security Policy. JOIN(2020) 22 final
European Parliament (2015) Human rights and technology: the impact of intrusion and surveillance systems on human rights in third countries (2014/2232(INI))
European Parliament (2016) Resolution on the European Defence Union (2016/2052(INI))
European Parliament (2021) Resolution of 10 March 2021 with recommendations to the Commission on corporate due diligence and corporate accountability (2020/2129(INL))
European Parliament, Directorate-General for External Policies, Policy Department (2012) After the Arab Spring: new paths for Human Rights and the Internet in European Foreign Policy
Ezell S, Foote C (2019) How stringent export controls on emerging technologies would harm the U.S. Economy, Information Technology & Foundation. https://itif.org/publications/2019/05/20/how-stringent-export-controls-emerging-technologies-would-harm-us-economy. Accessed 15 Feb 2021
Feldstein S (2019) The global expansion of AI surveillance. Carnegie Endowment. https://carnegieendowment.org/files/WP-Feldstein-AISurveillance_final1.pdf. Accessed 20 Aug 2021
FIDH - International Federation for Human Rights (2014) Surveillance technologies “Made in Europe”: regulation needed to prevent human rights abuses. https://www.fidh.org/en/issues/globalisation-human-rights/business-and-human-rights/16563-surveillance-technologies-made-in-europe-regulation-needed-to-prevent. Accessed 3 Feb 2021
Fox B (2020) New human rights laws in 2021, promises EU justice chief. EURACTIV
Gregorová M (2020) The European Parliament’s expectations for more effective controls on cybersurveillance technologies. 2020 Export Control Forum. https://trade.ec.europa.eu/doclib/docs/2020/december/tradoc_159190.pdf. Accessed 5 Jan 2021
Grigsby A (2018) The United Nations doubles its workload on cyber norms, and not everyone is pleased. Council on Foreign Relations. https://www.cfr.org/blog/united-nations-doubles-its-workload-cyber-norms-and-not-everyone-pleased. Accessed 11 Feb 2021
Human Rights Committee (2004) General Comment No. 31: Nature of the Legal Obligation Imposed on States Parties to the Covenant. UN DOC CCPR/C/21/Rev.1/Add. 13
Human Rights Committee (2011) General Comment No. 34 on the freedoms of opinion and expression. UN DOC CCPR/C/GC/34
Human Rights Committee (2017) Concluding observations on the Sixth Periodic Report of Italy. UN DOC CCPR/C/ITA/CO/6
Human Rights Council (2011a) Report of the Special Representative of the Secretary General on the issue of human rights and transnational corporations and other business enterprises. UN DOC A/HRC/17/31
Human Rights Council (2011b) Report of the Office of the United Nations High Commissioner for Human Rights on the seminar on experiences of archives as a means to guarantee the right to the truth. UN DOC A/HRC/17/21
Human Rights Council (2015) Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. UN DOC A/HRC/29/32
Human Rights Council (2018) Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. UN DOC A/HRC/38/35
Human Rights Council (2019) Surveillance and human rights: report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. A/HRC/41/35
Kanetake M (2019) The EU’s dual-use export control and human rights risks: the case of cyber surveillance technology. Europe World: Law Rev 3(1):1–16
Khalil L (2020) Digital authoritarianism, China and covid. Lowy Institute. https://www.lowyinstitute.org/publications/digital-authoritarianism-china-and-covid. Accessed 2 Apr 2021
Krahulcova L (2017) The European Parliament is fighting to strengthen the rules for surveillance trade. Access Now. https://www.accessnow.org/european-parliament-fighting-strengthen-rules-surveillance-trade/. Accessed 16 Jan 2021
Lipovský M (2016) Digital aspects of the right to privacy - surveillance issues. Czech Yearb Public Private Int Law 7:253–265
Maurer T (2016) Internet freedom and export controls. Carnegie Endowment. https://carnegieendowment.org/2016/03/03/internet-freedom-and-export-controls-pub-62961. Accessed 24 Jan 2021
Newman A, Bach D (2014) The European Union as Hardening Agent: soft law and the diffusion of global financial regulation. J Eur Public Policy 21(3):430–452
OECD (2016) Due diligence guidance for responsible supply chains of minerals. OECD, Paris
OECD (2020a) 2019 Annual Report on the OECD guidelines for multinational (note by the Secretary-General). C(2020)120
OECD (2020b) Digitalisation and responsible business conduct: stocktaking of policies and initiatives
Organization for Security and Co-operation in Europe (2017) Joint declaration on freedom of expression and “Fake News, Disinformation and Propaganda”. https://www.osce.org/fom/302796. Accessed 16 Jan 2021
Polyakova A, Meserole C (2019) Exporting digital authoritarianism: the Russian and Chinese models. Brookings Policy Brief. https://www.brookings.edu/research/exporting-digital-authoritarianism/. Accessed 10 Mar 2021
Privacy International (2013) OECD Complaint: Trovicor exporting surveillance technology to Bahrain
Privacy International (2014) Six things we know from the latest FinFisher documents. https://privacyinternational.org/blog/1522/six-things-we-know-latest-finfisher-documents. Accessed 15 Apr 2021
Pyetranker I (2015) An umbrella in a Hurricane: cyber technology and the December 2013 amendment to the Wassenaar Arrangement. Nw J Technol Intellect Prop 13(2):153–180
Reiser D, Hindin D (2014) Caught by surprise: Israel’s export control regime and cyber technologies. World ECR. https://www.worldecr.com/archive/caught-by-surprise-israels-export-control-regime-and-cyber-technologies/. Accessed 5 Apr 2021
Ruggie JG, Nelson T (2015) Human rights and the OECD guidelines for multinational enterprises: normative innovations and implementation challenges. Brown J World Aff 22(1):99–128
Ruohonen J, Kimppa K (2019) Updating the Wassenaar debate once again: surveillance, intrusion software, and ambiguity. J Inf Technol Polit 16(2):1–26
Shabhaz A (2018) Freedom on the Net 2018: the rise of digital authoritarianism. Freedom House. https://freedomhouse.org/sites/default/files/2020-02/10192018_FOTN_2018_Final_Booklet.pdf. Accessed 22 Aug 2021
Sherman J, Morgus R (2018) Authoritarians are exporting surveillance tech, and with it their vision for the Internet. Council on Foreign Relations, BlogPost. https://www.cfr.org/blog/authoritarians-are-exporting-surveillance-tech-and-it-their-vision-internet. Accessed 2 Apr 2021
Society for Threatened Peoples (2020) Complaint submitted to National Contact Point of Switzerland
Svoboda O (2018) The OECD guidelines for multinational enterprises and the increasing relevance of the system of National Contact Points. In: Šturma P, Mozetic VA (eds) Business and human rights. rw&w Science & New Media, Waldkirchen, p 52–63
Svoboda O (2020) Investors’ responsibilities beyond investment treaties: a workaround to balance the investment protection regime. Czech Yearb Public Private Int Law 11:462–474
Svoboda O (2021) Coming of age: the system of OECD National Contact Points for responsible business conduct in its twenty years. In: Bungenberg M, Krajewski M, Tams CJ, Terhechte JP, Ziegler AR (eds) European yearbook of international economic law 2020. Springer, Heidelberg, pp 1–24
TechUK (2014) Assessing cyber security export risks. https://www.computerweekly.com/news/2240235381/TechUK-publishes-guidelines-for-UK-cyber-security-exports. Accessed 17 Mar 2021
Thomsen R, Thomsen P (2015) Export controls on intrusion and surveillance items: noble sentiments meet the law of unintended consequences. J Internet Law, September 2015, pp 22–35
Thomson I (2016) Wassenaar weapons pact talks collapse leaving software exploit exports in limbo. The Register. https://www.theregister.com/2016/12/21/wassenar_negotiations_fail/. Accessed 14 Jan 2021
UK National Contact Point (2013) Initial assessment: Privacy International complaint to UK NCP about Gamma International UK Ltd
UK National Contact Point (2014) Privacy International & Gamma International UK Ltd.: final statement after examination of complaint
UK National Contact Point (2016) Follow-up statement: Privacy International complaint to UK NCP about Gamma International UK Ltd
UN Internet Governance Forum (2014) The Global Multistakeholder Forum for Dialogue on Internet Governance Issues
US Department of Commerce (2021) The Export Administration Regulations (EAR). https://www.bis.doc.gov/index.php/all-articles/25-compliance-a-training/export-administration-regulations-training/1602-export-control-basics. Accessed 16 Apr 2021
US Department of State (2020a) Guidance on implementing the “UN Guiding Principles” for transactions linked to foreign government end-users for products or services with surveillance capabilities
US Department of State (2020b) Xinjiang supply chain business advisory: risks and considerations for businesses with supply chain exposure to entities engaged in forced labor and other human rights abuses in Xinjiang
US House of Representatives, Permanent Select Committee on Intelligence (2019) Committee hearing on “China’s Digital Authoritarianism: Surveillance, Influence, and Political Control”. https://www.congress.gov/event/116th-congress/house-event/109462. Accessed 28 Aug 2021
Valentino-DeVries J, Angwin J, Stecklow S (2011) Document Trove exposes surveillance methods. The Wall Street Journal. https://www.wsj.com/articles/SB10001424052970203611404577044192607407780. Accessed 11 Mar 2021
Wagner B (2012) Exporting censorship and surveillance technology. Humanist Institute for Co-operation with Developing Countries
Editors and Affiliations
Rights and permissions
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Svoboda, O. (2022). Building Surveillance State in a Digital Age and What Export Control Can(Not) Do About It?. In: Hindelang, S., Moberg, A. (eds) YSEC Yearbook of Socio-Economic Constitutions 2021. YSEC Yearbook of Socio-Economic Constitutions, vol 2021. Springer, Cham. https://doi.org/10.1007/16495_2021_35
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08513-0
Online ISBN: 978-3-031-08514-7
eBook Packages: Law and CriminologyLaw and Criminology (R0)