Posts Tagged ‘privacy’

Europe’s new data-privacy law helps… guess who?

The European Union’s new privacy law, the General Data Protection Regulation, or GDPR, is sometimes defended as a response to the prospect that too much data will concentrate in the hands of the biggest corporate data users. Per the WSJ, however, one of its earliest effects “is drawing advertising money toward Google’s online-ad services and away from competitors that are straining to show they’re complying with the sweeping regulation.” In particular, Google is showing a higher rate of success in gathering individuals’ consents to be marketed to. [Tyler Cowen] With bonus mention of CPSIA: “The Inevitable Lifecycle of Government Regulation Benefiting the Very Companies Whose Actions Triggered It” [Coyote]

California’s privacy-law bomb

Eric Goldman, “A Privacy Bomb Is About to Be Dropped on the California Economy and the Global Internet”:

By tomorrow, the California legislature likely will pass a sweeping, lengthy, overly-complicated, and poorly-constructed privacy law that will have ripple effects throughout the world. While not quite as comprehensive as the GDPR, it copies some aspects of the GDPR and will squarely impact every Internet service in California (some of whom may be not currently be complying GDPR due to their US-only operations). The GDPR took 4 years to develop; in contrast, the California legislature will spend a grand total of 7 days working on this major bill. It’s such a short turnaround that most stakeholders won’t have a chance to participate in the legislative proceedings. So the Internet is likely to change radically tomorrow, and most people have no clue what’s coming or any voice in the process.

As bad as this sounds, the legislature’s passage of the bill is likely the GOOD outcome in this scenario. What could be worse?

Read on in the post for a discussion of the peculiar dangers of the contemporary California initiative process. And as predicted, the bill did pass, unanimously [Issie Lapowsky, Wired]

Chasing data portability on social media

Data portability mandates on tech companies like Facebook are sometimes conceived as a way to bring about more competitive market structures pleasing to antitrust enforcers by engineering a less “sticky” consumer experience. But is it really much of a solution to anything? [Alex Tabarrok citing Will Rinehart, American Action Forum; more, Tyler Cowen]

“Impenetrable legalese” and the push to regulate

The lead anecdote in a Bloomberg story on the evils of tech fine print is on PayPal deleting the accounts of persons who joined before age 18. Yet on its own internal evidence, this seemingly irrational action is pretty clearly a response to the risk of liability/regulatory exposures rather than some act of random malice. How many more instances of pointless runaround or “impenetrable legalese” are going to be occasioned by the ongoing push to regulate and assign new liability to data-intensive businesses? [Nate Lanxon, Bloomberg]

Political pressure on Facebook intensifies

Will revelations over data use by Cambridge Analytica lead to more intense government regulation of Facebook? Julian Sanchez and I talk to Caleb Brown at the Cato Daily Podcast. Separately, Sanchez writes that we shouldn’t expect regulatory micromanagement to do a good job of safeguarding user privacy. “How Cambridge Analytica’s Facebook targeting model really worked – according to the person who built it” [Matthew Hindman, The Conversation] Note that regulation tends to entrench incumbents [Tyler Cowen linking Stratechery (one consequence of outcry is that social media providers may make it harder for users to export their data to other platforms)]

Related: “In Europe, platforms are incentivized to take down first, ask questions second.” [William Echikson, Politico Europe] Pro-censorship UNC professor and New York Times contributing op-ed writer (and what a phrase that is to type) recalls days when media had but one throat to squeeze [David Henderson on Zeynep Tufekci in Wired] How Facebook recently navigated pressures on hosting a group whose leaders were prosecuted under British hate-speech laws [John Samples, Cato] From LBJ and Nixon to Trump and Elizabeth Warren, “regulation is an inherently political act.” So maybe think twice before putting Facebook and Google under the thumb of your worst political foe? [Donald E. Graham]

“What made you think I wanted 53 firms churning on this case?”

“A federal judge in California last week criticized two lawyers for bringing an additional 49 law firms into a data-breach case, raising to 53 the total number of firms representing the plaintiffs….’What made you think I wanted 53 firms churning on this case?’,” asked U.S. District Judge Lucy Koh, telling lawyers from Altschuler Berzon and Cohen Milstein Sellers & Toll that she was “deeply disappointed.” Koh went on to grant a request for a special master filed by Ted Frank, class action reformer with CEI and formerly a blogger in this space. [Debra Cassens Weiss, ABA Journal]

ABA sticks up for lawyers’ and clients’ privacy

In the name of curtailing money laundering and the risk of terrorist finance, Sens. Chuck Grassley (R-Iowa), Dianne Feinstein (D-Calif.) and Sheldon Whitehouse (D-R.I.) have introduced a bill that would require extensive reporting on the ownership of small corporations and limited liability companies. Provisions of the law “would regulate many lawyers and law firms as financial institutions under the Bank Secrecy Act,” notes the ABA Journal, and require them “to gather extensive beneficial ownership information on businesses when they incorporate. The information would be held and disclosed on request to many governmental agencies and financial institutions.” The businesses themselves would also face direct reporting and regulatory burdens.

The ABA is opposing provisions in this bill on the ground that they would infringe on traditional attorney-client privilege. “Concerns about erosion of attorney-general privilege have played a role in resisting numerous bad regulatory and prosecutorial initiatives in recent years,” I write in a new Cato piece. “Now if only the rest of us who are not lawyers could get someone to stand up so effectively against the government on behalf of our privacy interests.”

CCAF contests $8.5 million Google privacy settlement

It’s a cy pres special: members of the injured class will get no part of an $8.5 million settlement Google negotiated with plaintiff’s lawyers over a data privacy lapse. “Instead, the money is to be split among the plaintiffs’ attorneys, who billed their time at $1,000 an hour, and others. The others are cy pres recipients, or organizations that are not parties in the suit: Carnegie Mellon University; World Privacy Forum; the Center for Information, Society and Policy at the Chicago-Kent College of Law; Stanford Center for Internet and Society; Harvard University’s Berkman Center; and AARP Inc.” Ted Frank’s Center for Class Action Fairness is asking the Supreme Court for a writ of certiorari after its objections were turned down by lower courts. [Dee Thompson, Legal NewsLine, earlier here and here (Beck: “cy pres abuse poster child”)]

Plus: Bank of America settlement will now yield cy pres windfall for five University of California law schools of $150,000 rather than $20 million. Easy come, easy go? [ABA Journal]

Liability roundup