The California Consumer Privacy Act, drawn up hastily to avert a threatened ballot initiative, purports to create six new categories of data-related consumer rights, “including the right to know; the right of data portability; the right to deletion; the right to opt-out of data sales; the right to not be discriminated against as a user; and a private right of action for data breaches.” Although sometimes compared to the European GDPR, the two laws are different and compliance with the one enactment (which has been immensely expensive already) does not accomplish compliance with the other. Expect uncertainty, fines, the California specialty of entrepreneurial class-action litigation, and more tilting of compliance cost structures to the benefit of tech companies and advertising intermediaries big enough to afford to spread the high expense over large revenue streams [Alec Stapp, Truth on the Market; more: Al Saikali, Washington Legal Foundation; Petrina McDaniel, Elliot Golding and Keshia Lipscomb, Squire Patton Boggs]
- Second Circuit decision restricting public officials from blocking foes on Twitter is likely to discourage local electeds from sharing on social media, among its other problems [Gabriel Malor thread, John Samples/Cato, earlier]
- State of Washington defines lawyers’ pro bono work as “campaign expenditure,” even when it goes toward ballot access effort for a measure that never reached the ballot to be campaigned over. Review and clarification by high court sorely needed [Ilya Shapiro, Trevor Burrus and Patrick Moran on Cato amicus brief in Evergreen Freedom Foundation v. State of Washington]
- Freedom of press not just for those who own one: “Minnesota Supreme Court Holds That Nonmedia Speakers Are Fully Protected by First Amendment” [Eugene Volokh, defamation law]
- “Publishing Court Records Containing Home Address Not Actionable Invasion of Privacy” [Volokh on a pattern that sometimes gives rise to claims of “doxxing”]
- FOSTA, the law hailed as creating a pioneering exception to Section 230 for speech promoting “sex trafficking,” isn’t just your ordinary incursion on Internet freedom. It comes with a body count [Mike Masnick, Techdirt; related, Violet Blue, Engadget]
- If they’re farming, don’t you be filming: John Stossel on ag-gag laws [Reason video and story, earlier]
I join Cato colleagues Ryan Bourne and Caleb Brown to discuss the rise and fall of tech monopolies over the years. Related here.
- Singapore law restricting so-called fake news “could force companies to tell the government what websites users have viewed” [Jennifer Daskal, New York Times] Ruling People’s Action Party “is notorious for its practice of bringing lawsuits against opposition members,” sometimes “for defamation upon criticizing the PAP,” while blog authors are “often pressured to register as members of political bodies if their posts touch upon national issues.” [Sally Andrews, The Diplomat]
- Australian federal police raid national broadcaster, seize files over story exposing alleged killings of unarmed civilians by special forces [Matthew Lesh, Spiked]
- U.K.: “Man investigated by police for retweeting transgender limerick” [Camilla Tominey and Joani Walsh, Daily Telegraph; Jack Beresford, Irish Post; Ophelia Benson followup on “Harry the Owl” case; earlier here, here, etc.]
- From President John Adams’s time to our own, rulers around the world have used alarms over fake news as excuse for measures against political opponents [J.D. Tuccille, Reason]
- “In a world first, Facebook to give data on hate speech suspects to French courts” [Mathieu Rosemain, Reuters, Jacob Mchangama on Twitter]
- Michael Jackson fan clubs sue sex-abuse complainants “under a French law against the public denunciation of a dead person,” good example of why laws like that are a bad idea [AP/GlobalNews]
- Turkish “Academics for Peace” initiative of 2016: “Of the petition’s more than 2,000 signatories, nearly 700 were put on trial and over 450 were removed from their posts by government decree or direct action from their own university.” [Brennan Cusack, New York Times]
The European Union’s General Data Protection Regulation (GDPR), which went into effect just over a year ago, has resulted in a broad array of consequences that are expensive, unintended, or both. Alec Stapp reports at Truth on the Market, with more discussion at Marginal Revolution:
GDPR can be thought of as a privacy “bill of rights.” Many of these new rights have come with unintended consequences. If your account gets hacked, the hacker can use the right of access to get all of your data. The right to be forgotten is in conflict with the public’s right to know a bad actor’s history (and many of them are using the right to memory hole their misdeeds). The right to data portability creates another attack vector for hackers to exploit.
Meanwhile, Stapp writes, compliance costs for larger U.S.-based firms alone are headed toward an estimated $150 billion, “Microsoft had 1,600 engineers working on GDPR compliance,” and an estimated 500,000 European organizations have seen fit to register data officers, while the largest advertising intermediaries, such as Google, appear to have improved their relative competitive position compared with smaller outfits. Venture capital investment in Euro start-ups has sagged, some large firms in sectors like gaming and retailing have pulled out of the European market, and as of March more than 1,000 U.S.-based news sites were inaccessible to European readers.
The plain language of the GDPR is so plainly at odds with the business model of surveillance advertising that contorting the real-time ad brokerages into something resembling compliance has required acrobatics that have left essentially everybody unhappy.
The leading ad networks in the European Union have chosen to respond to the GDPR by stitching together a sort of Frankenstein’s monster of consent,a mechanism whereby a user wishing to visit, say, a weather forecast is first prompted to agree to share data with a consortium of 119 entities, including the aptly named “A Million Ads” network. The user can scroll through this list of intermediaries one by one, or give or withhold consent en bloc, but either way she must wait a further two minutes for the consent collection process to terminate before she is allowed to find out whether or it is going to rain.
This majestically baroque consent mechanism also hinders Europeans from using the privacy preserving features built into their web browsers, or from turning off invasive tracking technologies like third-party cookies,since the mechanism depends on their being present.
For the average EU citizen, therefore, the immediate effect of the GDPR has been to add friction to their internet browsing experience along the lines of the infamous 2011 EU Privacy Directive (“EU cookie law”) that added consent dialogs to nearly every site on the internet.
- “The Moral Panic Behind Internet Regulation” [Matthew Lesh, Quillette] New Congressional Research Service report on free speech and the regulation of social media content [Valerie C. Brannon, Congressional Research Service]
- “A social media campaign from the French government has been blocked by Twitter – because of the government’s own anti-fake-news law” [BBC via Elizabeth Nolan Brown]
- European authorities misidentify many pages on Internet Archive as “terrorist,” demand takedown [Mike Masnick, Techdirt]
- Armslist case is one in which Section 230 protected Second Amendment rights (that’s not a misprint for First) [John Samples, Cato; Eugene Volokh]
- Sen. Josh Hawley (R-MO)’s bill to require the largest social media firms to obtain certification of their political balance from the FTC, on pain of making them liable for all content posted by users, met with hail of dead cats from knowledgeable observers [Elliot Harmon/EFF, John Samples/Cato and more, Cathy Gellis, Joshua Wright thread, Eric Goldman, Raffi Malkonian on retroactivity and more, Elizabeth Nolan Brown/Reason] Related: Daphne Keller (“Build Your Own Intermediary Liability Law: A Kit for Policy Wonks of All Ages”);
- “We sympathize with Plaintiffs — they suffered through one of the worst terrorist attacks in American history. ‘But not everything is redressable in a court.'” [Sixth Circuit, Crosby v. Twitter, affirming dismissal of lawsuits seeking to hold Twitter, Facebook, and Google liable under Anti-Terrorism Act for abetting self-radicalization of perpetrator of Orlando Pulse attack]
- Can a law ban calls to police by the public that are based on stereotyping or bias? Grand Rapids may find out [Scott Greenfield]
- Courts and EEOC have held that the federal ban on pregnancy discrimination encompasses a ban on discrimination related to abortion [Jon Hyman] Legislative proposal in Ohio, fortunately given little chance of passage, would make anti-vaxxers a protected group under state employment discrimination law [same]
- “Finally Some Robust Research Into Whether ‘Diversity Training’ Actually Works – Unfortunately It’s Not Very Promising” [Jesse Singal, British Psychological Society Research Digest, earlier]
- New EEOC employer reporting requirements represent “an order of magnitude increase in the amount of information the government wants” for one recreation management business [Coyote] How are federal agencies doing on civil rights issues in this administration? Federalist Society panel with Gail Heriot, Kenneth Marcus, Theodore Shaw, Timothy Taylor, moderated by Erik Jaffe;
- When an outcry arose over its partnership decisions, “Paul, Weiss did what every other mainstream institution does today when accused of racial bias: it fell on its sword.” [Heather Mac Donald, City Journal via Eugene Volokh]
- “Targeted Advertising and Age Discrimination: An Explainer” [Joe Ruckert, On Labor]
In a Cato Podcast with Caleb Brown, John Samples discusses his new Cato policy analysis, “Why the Government Should Not Regulate Content Moderation of Social Media.” One thing that changed just lately: Facebook founder and CEO Mark Zuckerberg, in the words of Nick Gillespie,
is explicitly calling for government regulation of specifically political speech on his platform and beyond. In his quest to limit expression on social media, Zuckerberg is joined not only by progressive Democrats such as Sen. Elizabeth Warren (D-Mass.) but conservative Republicans such as Sen. Ted Cruz (R-Texas) and Sen. Josh Hawley (R-Mo.), who are calling for the equivalent of a Fairness Doctrine for Twitter and similar services.
For those of us who believe in freedom of expression, this is a revolting development.
More: event video; “Will a Free Press Cheer on Government Censorship of the Internet?” [Scott Shackford, Hans Bader] Several commentators note that having made Facebook the big success in its market, Zuckerberg can now ask for regulations that would tend to lock in its dominance by heaping compliance burdens on rising competitors [Coyote, Andrea O’Sullivan, Mercatus]
The EU’s General Data Protection Regulation (GDPR), along with similarly heavy-handed regimes such as California’s Consumer Privacy Act, entrenches established platforms that have the resources to meet their onerous compliance requirements. Since the GDPR’s implementation in May, the rank and market share of small- and medium-sized ad tech companies has declined by 18 to 32 percent in the EU, while these measures have increased for Google, Facebook, and Amazon.
Via Alex Stamos thread on Twitter (“Anybody wonder why the big tech companies didn’t really fight that hard against GDPR? It isn’t due to a newfound love of regulation”) by way of James Pethokoukis; more, Antonio García Martínez.
Mike Masnick at TechDirt examines claims that YouTube, Facebook, and other social media companies irresponsibly refrained from deleting user-posted copies of the March 14 mass murder at Christchurch, New Zealand mosques.