Posts Tagged ‘Google’

One year later, the harms of Europe’s data-privacy law

The European Union’s General Data Protection Regulation (GDPR), which went into effect just over a year ago, has resulted in a broad array of consequences that are expensive, unintended, or both. Alec Stapp reports at Truth on the Market, with more discussion at Marginal Revolution:

GDPR can be thought of as a privacy “bill of rights.” Many of these new rights have come with unintended consequences. If your account gets hacked, the hacker can use the right of access to get all of your data. The right to be forgotten is in conflict with the public’s right to know a bad actor’s history (and many of them are using the right to memory hole their misdeeds). The right to data portability creates another attack vector for hackers to exploit.

Meanwhile, Stapp writes, compliance costs for larger U.S.-based firms alone are headed toward an estimated $150 billion, “Microsoft had 1,600 engineers working on GDPR compliance,” and an estimated 500,000 European organizations have seen fit to register data officers, while the largest advertising intermediaries, such as Google, appear to have improved their relative competitive position compared with smaller outfits. Venture capital investment in Euro start-ups has sagged, some large firms in sectors like gaming and retailing have pulled out of the European market, and as of March more than 1,000 U.S.-based news sites were inaccessible to European readers.

More in Senate testimony from Pinboard founder Maciej Ceglowski via Tyler Cowen:

The plain language of the GDPR is so plainly at odds with the business model of surveillance advertising that contorting the real-time ad brokerages into something resembling compliance has required acrobatics that have left essentially everybody unhappy.

The leading ad networks in the European Union have chosen to respond to the GDPR by stitching together a sort of Frankenstein’s monster of consent,a mechanism whereby a user wishing to visit, say, a weather forecast is first prompted to agree to share data with a consortium of 119 entities, including the aptly named “A Million Ads” network. The user can scroll through this list of intermediaries one by one, or give or withhold consent en bloc, but either way she must wait a further two minutes for the consent collection process to terminate before she is allowed to find out whether or it is going to rain.

This majestically baroque consent mechanism also hinders Europeans from using the privacy preserving features built into their web browsers, or from turning off invasive tracking technologies like third-party cookies,since the mechanism depends on their being present.

For the average EU citizen, therefore, the immediate effect of the GDPR has been to add friction to their internet browsing experience along the lines of the infamous 2011 EU Privacy Directive (“EU cookie law”) that added consent dialogs to nearly every site on the internet.

On proposals to base legislation in the United States on similar ideas, see Roslyn Layton and Pranjal Drall, Libertarianism.org. [cross-posted from Cato at Liberty]

Social media law roundup

  • “The Moral Panic Behind Internet Regulation” [Matthew Lesh, Quillette] New Congressional Research Service report on free speech and the regulation of social media content [Valerie C. Brannon, Congressional Research Service]
  • “A social media campaign from the French government has been blocked by Twitter – because of the government’s own anti-fake-news law” [BBC via Elizabeth Nolan Brown]
  • European authorities misidentify many pages on Internet Archive as “terrorist,” demand takedown [Mike Masnick, Techdirt]
  • Armslist case is one in which Section 230 protected Second Amendment rights (that’s not a misprint for First) [John Samples, Cato; Eugene Volokh]
  • Sen. Josh Hawley (R-MO)’s bill to require the largest social media firms to obtain certification of their political balance from the FTC, on pain of making them liable for all content posted by users, met with hail of dead cats from knowledgeable observers [Elliot Harmon/EFF, John Samples/Cato and more, Cathy Gellis, Joshua Wright thread, Eric Goldman, Raffi Malkonian on retroactivity and more, Elizabeth Nolan Brown/Reason] Related: Daphne Keller (“Build Your Own Intermediary Liability Law: A Kit for Policy Wonks of All Ages”);
  • “We sympathize with Plaintiffs — they suffered through one of the worst terrorist attacks in American history. ‘But not everything is redressable in a court.'” [Sixth Circuit, Crosby v. Twitter, affirming dismissal of lawsuits seeking to hold Twitter, Facebook, and Google liable under Anti-Terrorism Act for abetting self-radicalization of perpetrator of Orlando Pulse attack]

Discrimination law roundup

  • Internal Google pay study “found, to the surprise of just about everyone, that men were paid less money than women for doing similar work.” [Daisuke Wakabayashi, New York Times] “What the Data Say About Equal Pay Day” [Chelsea Follett, Cato; Hans Bader]
  • Otherwise routine on-the-job injuries can have dire consequences for those suffering hemophilia, and a manufacturing company learns its “insurance costs could spike” as a result if it employs three hemophiliac brothers. Don’t think you can turn them away for a reason like that, says EEOC [commission press release on ADA settlement with Signature Industrial Services, LLC involving $135,000 payment and “other significant relief”]
  • Multnomah County (Portland), Oregon to pay $100,000 settlement to black worker who says she was retaliated against after complaining about “Blue Lives Matter” flag [Aimee Green, Oregonian; Blair Stenvick, Portland Mercury]
  • “The social justice madness of college campuses is now seeping into HR departments of large employers. The result is the rise of the woke corporation, and it might affect the way you work” [Toby Young, Spectator (U.K.)]
  • “The FDNY’s diversity monitor has cost the city $23 million in 7 years” [Susan Edelman, New York Post]
  • Before taking an exam required of federal employees in Canada, best to study up on intersectionality theory [Josh DeHaas on Twitter, GBA+, Tristin Hopper/National Post]

Does European data privacy regulation help entrench U.S. tech firms?

Roslyn Layton, AEI, in November:

The EU’s General Data Protection Regulation (GDPR), along with similarly heavy-handed regimes such as California’s Consumer Privacy Act, entrenches established platforms that have the resources to meet their onerous compliance requirements. Since the GDPR’s implementation in May, the rank and market share of small- and medium-sized ad tech companies has declined by 18 to 32 percent in the EU, while these measures have increased for Google, Facebook, and Amazon.

Via Alex Stamos thread on Twitter (“Anybody wonder why the big tech companies didn’t really fight that hard against GDPR? It isn’t due to a newfound love of regulation”) by way of James Pethokoukis; more, Antonio García Martínez.

Police roundup

  • “Twenty-five years of developments in both the law and social science show that a police command to ‘stop’ is more than a mere request for information.” Courts should handle accordingly [Ilya Shapiro on Cato amicus brief in Cisse v. New York, New York Court of Appeals]
  • Procedures must be followed: “Murder suspect tries to turn himself in at New Orleans jail, but deputies demand proper ID” [Matt Sledge, The Advocate]
  • New project aims to educate public on how to navigate oft-complex police complaint process [Cato Daily Podcast with Steve Silverman and Caleb Brown]
  • “Are We About to See a Wave of Police Using ‘Victim’s Rights’ Laws to Keep Conduct Secret?” [Scott Shackford, earlier]
  • “Militarization Fails to Enhance Police Safety or Reduce Crime but May Harm Police Reputation” [Jonathan Mummolo, Cato Research Briefs in Economic Policy, earlier]
  • In letter to Google, NYPD threatens legal action if Waze app fails to remove feature allowing users to post locations of police checkpoints [Amanda Robert, ABA Journal]

Liability roundup

“Terrorism lawsuits threaten lawful speech”

A “string of civil lawsuits intended to pin liability on online platforms for allegedly providing material support to terrorists” has mostly fared poorly in court, with Section 230 providing a bulwark against liability in most cases, “but some of these cases are on appeal and plaintiffs have filed several new ones. If these suits are successful, they could be detrimental for the Internet: platforms would have little choice to become much more restrictive in what sorts of speech they allow.” In particular, “if online platforms no longer have Section 230 immunity for hosting content even remotely related to terrorism, those forums and services will take aggressive action to screen their users, review and censor content, and potentially prohibit anonymous speech.” [Aaron Mackey, Electronic Frontier Foundation; examples here (Facebook), here (Twitter), here, here (San Bernardino: Facebook, Google, Twitter), here (attacks in Paris and Brussels, Twitter), here (Orlando), here (Facebook), here (Twitter), etc. ]

Free speech roundup

  • Fourth Circuit rejects gag order on parties and potential witnesses in North Carolina hog farm litigation [Eugene Volokh]
  • Eighth Circuit, interpreting Missouri law’s obligation to register as “lobbyist,” leaves open possibility that requirement extends to unpaid lobbyists, also known as concerned citizens [Jason Hancock, Kansas City Star; Institute for Free Speech on Calzone v. Missouri Ethics Commission]
  • “9 Months in Prison for Forging Court Orders Aimed at Vanishing Online Material” [Volokh] Per one account at least 75 fake court documents have been sent to Google as part of takedown efforts, including an order purporting to come from the UK Supreme Court [same]
  • The accused pipe bomber had made online death threats against Ilya Somin, libertarian lawprof and friend of this site. Lessons to draw? [Cato Daily Podcast, more]
  • Entanglement of press and state leads nowhere good: Canadian government to allocate C$600 million in subsidies to newspapers and legacy media [Stuart Thomson, National Post; earlier on press subsidies here, here; some Canadian background from 1983]
  • Court: First Amendment doesn’t protect Comcast from bias charge over its decision not to carry block of black-owned TV channels [Jon Brodkin, ArsTechnica]

“Feds Order Google To Hand Over A Load Of Innocent Americans’ Locations”

Following robberies, the FBI is hitting Google with “reverse location” orders demanding that it turn over information on all users who were near crime locations at times crimes were committed. “Those users could be Android phone owners, anyone running Google Maps or any individual running Google services on their cell,” which will include many innocent persons. In a Henrico, Virginia, case, the FBI ordered Google to supply identifying information on all users within a several-block radius in a busy area. “Requests like this act as ‘general warrants’ and may violate the Fourth Amendment because they are not tied to a specific device,” said Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation. [Thomas Brewster, Forbes]

(Some) conservatives for social media regulation

“It was quite something to hear Republicans sounding like Elizabeth Warren on a trust-busting bender, but it is difficult to take seriously the proposition that what’s at work here is concern about monopoly power, Supreme Court precedents, or anything of the sort: This is about friends and enemies, and Republicans have decided that Silicon Valley is the enemy.” [Kevin Williamson, National Review] “Trump allies propose nationalizing Facebook, Google data” [Jason Tashea, ABA Journal] And see John Hinderaker, PowerLine, on a tape showing Google employees disappointed by the results of the last election (“Break them up under the Sherman Act? Turn them into regulated public utilities, with public employee-level salaries and no stock options? Those are all possibilities.”) Related: Thomas Hazlett, “Making the Fairness Doctrine Great Again,” Reason, March.