Posts Tagged ‘Europe’

One year later, the harms of Europe’s data-privacy law

The European Union’s General Data Protection Regulation (GDPR), which went into effect just over a year ago, has resulted in a broad array of consequences that are expensive, unintended, or both. Alec Stapp reports at Truth on the Market, with more discussion at Marginal Revolution:

GDPR can be thought of as a privacy “bill of rights.” Many of these new rights have come with unintended consequences. If your account gets hacked, the hacker can use the right of access to get all of your data. The right to be forgotten is in conflict with the public’s right to know a bad actor’s history (and many of them are using the right to memory hole their misdeeds). The right to data portability creates another attack vector for hackers to exploit.

Meanwhile, Stapp writes, compliance costs for larger U.S.-based firms alone are headed toward an estimated $150 billion, “Microsoft had 1,600 engineers working on GDPR compliance,” and an estimated 500,000 European organizations have seen fit to register data officers, while the largest advertising intermediaries, such as Google, appear to have improved their relative competitive position compared with smaller outfits. Venture capital investment in Euro start-ups has sagged, some large firms in sectors like gaming and retailing have pulled out of the European market, and as of March more than 1,000 U.S.-based news sites were inaccessible to European readers.

More in Senate testimony from Pinboard founder Maciej Ceglowski via Tyler Cowen:

The plain language of the GDPR is so plainly at odds with the business model of surveillance advertising that contorting the real-time ad brokerages into something resembling compliance has required acrobatics that have left essentially everybody unhappy.

The leading ad networks in the European Union have chosen to respond to the GDPR by stitching together a sort of Frankenstein’s monster of consent,a mechanism whereby a user wishing to visit, say, a weather forecast is first prompted to agree to share data with a consortium of 119 entities, including the aptly named “A Million Ads” network. The user can scroll through this list of intermediaries one by one, or give or withhold consent en bloc, but either way she must wait a further two minutes for the consent collection process to terminate before she is allowed to find out whether or it is going to rain.

This majestically baroque consent mechanism also hinders Europeans from using the privacy preserving features built into their web browsers, or from turning off invasive tracking technologies like third-party cookies,since the mechanism depends on their being present.

For the average EU citizen, therefore, the immediate effect of the GDPR has been to add friction to their internet browsing experience along the lines of the infamous 2011 EU Privacy Directive (“EU cookie law”) that added consent dialogs to nearly every site on the internet.

On proposals to base legislation in the United States on similar ideas, see Roslyn Layton and Pranjal Drall, Libertarianism.org. [cross-posted from Cato at Liberty]

Does European data privacy regulation help entrench U.S. tech firms?

Roslyn Layton, AEI, in November:

The EU’s General Data Protection Regulation (GDPR), along with similarly heavy-handed regimes such as California’s Consumer Privacy Act, entrenches established platforms that have the resources to meet their onerous compliance requirements. Since the GDPR’s implementation in May, the rank and market share of small- and medium-sized ad tech companies has declined by 18 to 32 percent in the EU, while these measures have increased for Google, Facebook, and Amazon.

Via Alex Stamos thread on Twitter (“Anybody wonder why the big tech companies didn’t really fight that hard against GDPR? It isn’t due to a newfound love of regulation”) by way of James Pethokoukis; more, Antonio García Martínez.

Environment roundup

Free speech roundup

  • Senators have big plans for government regulation of social media but U.S. Constitution keeps getting in way [John Samples, Cato; David McCabe, Axios, earlier] “Censorship breeds censorship envy, and that’s true of private suppression by massively influential platforms such as Facebook as well as of governmental censorship.” [John Samples, Eugene Volokh]
  • Is it lawful for a state lawmaker to block someone on Twitter who’s publicly discussed ways of murdering him? [Dorit Reiss, PrawfsBlawg, earlier]
  • European Parliament delays adopting online copyright directive that critics said would result in Internet content filtering and royalties for linking [Thomas McMullan/Alphr, BBC earlier]
  • Is the ACLU OK with French catcalling law? [Robby Soave] With using government to keep the wrong sorts of people from owning radio outlets? [Scott Shackford, related]
  • Federalist Society telecast on Ninth Circuit decision on Idaho “ag-gag” law with UCLA lawprof Eugene Volokh and Andrew Varcoe of Boyden Gray & Associates;
  • “Arrests for offensive Facebook and Twitter posts soar in London” [Sadie Levy Gale, Independent] Downhill in Denmark: “How the Right Abandoned Free Speech in Europe” [Cato podcast and Reason interview with Jacob Mchangama]

Europe’s new data-privacy law helps… guess who?

The European Union’s new privacy law, the General Data Protection Regulation, or GDPR, is sometimes defended as a response to the prospect that too much data will concentrate in the hands of the biggest corporate data users. Per the WSJ, however, one of its earliest effects “is drawing advertising money toward Google’s online-ad services and away from competitors that are straining to show they’re complying with the sweeping regulation.” In particular, Google is showing a higher rate of success in gathering individuals’ consents to be marketed to. [Tyler Cowen] With bonus mention of CPSIA: “The Inevitable Lifecycle of Government Regulation Benefiting the Very Companies Whose Actions Triggered It” [Coyote]

“The beer that had to unprotect itself”

Protected geographical designation laws, which prevent the sale in some countries of articles like Champagne or Gouda cheese unless produced in the indicated locality, are sometimes defended as advancing consumers’ interest in fraud prevention or accuracy in labeling; it is also suspected that they can serve to curtail competition and protect incumbents even when no genuinely distinctive local contributions are at issue of soil, technique, etc. In 2000, Newcastle Breweries and Newcastle-upon-Tyne, England, obtained a designation on Newcastle Brown Ale, a popular product dating back to 1927, to prevent it from being sold unless manufactured in the city. That didn’t work out so well when the brewery moved to nearby Gateshead four years later. Dan Lewis, Now I Know:

EU regulators took notice and weren’t as forgiving as the brewers would have hoped. The owners of the Newcastle Brown Ale brand had two obvious choices: move back across the Tyne or change the name of the product. Neither was a good option, so the brewery decided to do something new: they applied to have the registration canceled. And as seen in this pdf, they were successful. In August 2007, the EU revoked Newcastle Brown Ale’s PGI status, allowing it to be made across the river — or anywhere else.

Today, Newcastle Brown Ale is made in neither Newcastle nor Gateshead. Heineken, which bought the Newcastle’s brewers in 2008, has since relocated operations to Amsterdam.

Free speech roundup

  • “There are about 10 to 20 [criminal libel] prosecutions each year throughout the country” [Eugene Volokh on criminal defamation complaint by Montana judge against election opponent who had accused him of misconduct]
  • “Shutting down Fake News Could Move Us Closer to a Modern-Day ‘1984’” [Flemming Rose and Jacob Mchangama, Washington Post/Cato]
  • Glad to be in America with our First Amendment: EU acts to adopt Europe-wide rules requiring social media companies to take down so-called hate speech [Mashable, Engadget] More: DW. And a decree ordering media to take down news officially dubbed false is one that would *not* read better in the original German [Flemming Rose, Cato]
  • Idaho defends its ag-gag law against First Amendment challenge before Ninth Circuit [Baylen Linnekin]
  • “The playing field for independent speech has improved, but there are challenges still for small groups that want to influence elections.” [Cato podcast with campaign attorneys Michael G. Adams and Neil Reiff]
  • On the origins of “no-platforming” [Mark Peters, Boston Globe, quotes me]

“Buy your design classic now – it’s about to rocket in price”

At least if you’re in Britain or Europe: “Mid-century design classics, such as Charles Eames chairs, Eileen Gray tables and Arco lamps are set to rocket in price [in Britain and Europe], following EU regulations which came into force this week that extend the copyright on furniture from 25 years to 70 years after the death of a designer.” Low-cost knockoffs of Mies van der Rohe’s Barcelona chair, for example, will be banned until 2039, 70 years after his 1969 death. [The Guardian] Alex Tabarrok has some thoughts on why consumers might rightly be seen as getting the short end, and notes this (via Daily Mail): “Companies which publish design books may have to get numerous licences to reproduce photos because designs have come under copyright.”