EU – Technology Liberation Front https://techliberation.com Keeping politicians' hands off the Net & everything else related to technology Thu, 03 Apr 2025 23:20:10 +0000 en-US hourly 1 6772528 Podcast: Should We Regulate AI? https://techliberation.com/2023/05/08/podcast-should-we-regulate-ai/ https://techliberation.com/2023/05/08/podcast-should-we-regulate-ai/#comments Mon, 08 May 2023 12:15:12 +0000 https://techliberation.com/?p=77120

It was my pleasure to recently join Matthew Lesh, Director of Public Policy and Communications for the London-based Institute of Economic Affairs (IEA), for the IEA podcast discussion, “Should We Regulate AI?” In our wide-ranging 30-minute conversation, we discuss how artificial intelligence policy is playing out across nations and I explained why I feel the UK has positioned itself smartly relative to the US & EU on AI policy. I argued that the UK approach encourages a better ‘innovation culture’ than the new US model being formulated by the Biden Administration.

We also went through some of the many concerns driving calls to regulate AI today, including: fears about job dislocations, privacy and security issues, national security and existential risks, and much more.

Additional reading:

]]> https://techliberation.com/2023/05/08/podcast-should-we-regulate-ai/feed/ 6 77120 Studies Document Growing Cost of EU Privacy Regulations https://techliberation.com/2023/02/09/studies-document-growing-cost-of-eu-privacy-regulations/ https://techliberation.com/2023/02/09/studies-document-growing-cost-of-eu-privacy-regulations/#comments Thu, 09 Feb 2023 16:22:47 +0000 https://techliberation.com/?p=77086

[Originally published on Medium on 2/5/2022]

In an earlier essay, I explored “Why the Future of AI Will Not Be Invented in Europe” and argued that, “there is no doubt that European competitiveness is suffering today and that excessive regulation plays a fairly significant role in causing it.” This essay summarizes some of the major academic literature that leads to that conclusion.

Since the mid-1990s, the European Union has been layering on highly restrictive policies governing online data collection and use. The most significant of the E.U.’s recent mandates is the 2018 General Data Protection Regulation (GDPR). This regulation established even more stringent rules related to the protection of personal data, the movement thereof, and limits what organizations can do with data. Data minimization is the major priority of this system, but there are many different types of restrictions and reporting requirements involved in the regulatory scheme. This policy framework also has ramifications for the future of next-generation technologies, especially artificial intelligence and machine learning systems, which rely on high-quality data sets to improve their efficacy.

Whether or not the E.U.’s complicated regulatory regime has actually resulted in truly meaningful privacy protections for European citizens relative to people in other countries remains open to debate. It is very difficult to measure and compare highly subjective values like privacy across countries and cultures. This makes benefit-cost analysis for privacy regulation extremely challenging — especially on the benefits side of the equation.

What is no longer up for debate, however, is the cost side of the equation and the question of what sort of consequences the GDPR has had on business formation, competition, investment, and so on. On these matters, standardized metrics exist and the economic evidence is abundantly clear: the GDPR has been a disaster for Europe.

Summary of Major Studies on Impact of EU Data Regulation

Consider the impact of E.U. data controls on business startups and market structure. GDPR and other regulations greatly limit the flow of data to innovative upstarts who need it most to compete, leaving only the largest companies who can afford to comply to control most of the market. Benjamin Mueller of ITIF notes that it is already the case that just “two of the world’s 30 largest technology firms by market capitalization are from the EU,” and only “5 of the 100 most promising AI startups are based in Europe,” while private funding of AI startups in Europe for 2020 ($4 billion) was dwarfed by US ($36 billion) and China ($25 billion). These issues are even more pressing as the E.U. looks to advance a new AI Act, which would layer on still more regulatory restrictions.

In concrete terms, this has meant that the E.U. came away from the digital revolution with “the complete absence of superstar companies,” argue competition policy experts Nicolas Petit and David Teece. There are no European versions of Microsoft, Google, or Apple, even though Europeans clearly demand the sort of products and services those US-based companies provide. Entrepreneurialism scholar Zoltan Acs asks: “What has been the outcome of E.U. policy in limiting entrepreneurial activity over recent decades?” His conclusion:

It is immediately clear… that the United States and China dominate the platform landscape. Based on the market value of top companies, the United States alone represents 66% of the world’s platform economy with 41 of the top 100 companies. European platform-based companies play a marginal role, with only 3% of market value.

Several recent studies have documented the costs associated with the GDPR and the E.U.’s heavy-handed approach to data flows more generally. Here is a rundown of some of the academic evidence and a summary of the major findings from these studies.

“There is a growing body of economic literature and commentary showing that the costs of implementing the GDPR benefit large online platforms, and that consent-based data collection gives a competitive advantage to firms offering a range of consumer-facing products compared to smaller market actors. This in turn increases concentration in a number of digital markets where access to data is important, by creating barriers to entry or encouraging market exit.” (p. 2–3)

“this paper examines how privacy regulation shaped firm performance in a large sample of companies across 61 countries and 34 industries. Controlling for firm and country-industry-year unobserved characteristics, we compare the outcomes of firms at different levels of exposure to EU markets, before and after the enforcement of the GDPR in 2018. We find that enhanced data protection had the unintended consequence of reducing the financial performance of companies targeting European consumers. Across our full sample, firms exposed to the regulation experienced a 8% decline in profits, and a 2% reduction in sales. An exception is large technology companies, which were relatively unaffected by the regulation on both performance measures. Meanwhile, we find the negative impact on profits among small technology companies to be almost double the average effect across our full sample. Following several robustness tests and placebo regressions, we conclude that the GDPR has had significant negative impacts on firm performance in general, and on small companies in particular.” (p. 1)

“We show that websites’ vendor use falls after the European Union’s General Data Protection Regulation (GDPR), but that market concentration also increases among technology vendors that provide support services to websites. We collect panel data on the web technology vendors selected by more than 27,000 top websites internationally. The week after the GDPR’s enforcement, website use of web technology vendors falls by 15% for EU residents. Websites are more likely to drop smaller vendors, which increases the relative concentration of the vendor market by 17%. Increased concentration predominantly arises among vendors that use personal data such as cookies, and from the increased relative shares of Facebook and Google-owned vendors, but not from website consent requests. Though the aggregate changes in vendor use and vendor concentration dissipate by the end of 2018, we find that the GDPR impact persists in the advertising vendor category most scrutinized by regulators. Our findings shed light on potential explanations for the sudden drop and subsequent rebound in vendor usage.” (p. 1)

GDPR creates inherent tradeoffs between data protection and other dimensions of welfare, including competition and innovation. While some of these effects were acknowledged when constructing the legal data regime, many were disregarded. Furthermore, the magnitude and breadth of such effects may well constitute an unintended and unheeded welfare-reducing consequence. As this article shows, the GDPR limits competition and increases concentration in data and data-related markets, and potentially strengthens large data controllers. It also further reinforces the already existing barriers to data sharing in the EU, thereby potentially reducing data synergies that might result from combining different datasets controlled by separate entities.” (pp. 3–4)

“Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps; and in the quarters following implementation, entry of new apps fell by half. We estimate a structural model of demand and entry in the app market. Comparing long-run equilibria with and without GDPR, we find that GDPR reduces consumer surplus and aggregate app usage by about a third. Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation.”

“this paper empirically quantifies the effects of the enforcement of the EU’s General Data Protection Regulation (GDPR) on online user behavior over time, analyzing data from 6,286 websites spanning 24 industries during the 10 months before and 18 months after the GDPR’s enforcement in 2018. A panel differences estimator, with a synthetic control group approach, isolates the short- and long-term effects of the GDPR on user behavior. The results show that, on average, the GDPR’s effects on user quantity and usage intensity are negative; e.g., the numbers of total visits to a website decrease by 4.9% and 10% due to GDPR in respectively the short- and long-term. These effects could translate into average revenue losses of $7 million for e-commerce websites and almost $2.5 million for ad-based websites 18 months after GDPR. The GDPR’s effects vary across websites, with some industries even benefiting from it; moreover, more-popular websites suffer less, suggesting that the GDPR increased market concentration.”

“This paper investigates the impact of the General Data Protection Regulation (GDPR for short) on consumers’ online browsing and search behavior using consumer panels from four countries, United Kingdom, Spain, United States, and Brazil. We find that after GDPR, a panelist exposed to GDPR submits 21.6% more search terms to access information and browses 16.3% more pages to access consumer goods and services compared to a non-exposed panelist, indicating higher friction in online search. The implications of increased friction are heterogeneous across firms: Bigger e-commerce firms see an increase in consumer traffic and more online transactions. The increase in the number of transactions at large websites is about 6 times the increase experienced by smaller firms. Overall, the post-GDPR online environment may be less competitive for online retailers and may be more difficult for EU consumers to navigate through.”

“Privacy regulations should increase trust because they provide laws that increase transparency and allow for punishment in cases in which the trustee violates trust. […] We collected survey panel data in Germany around the implementation date and ran a survey experiment with a GDPR information treatment. Our observational and experimental evidence does not support the hypothesis that the GDPR has positively affected trust. This finding and our discussion of the underlying reasons are relevant for the wider research field of trust, privacy, and big data.”

“We follow more than 110,000 websites and their third-party HTTP requests for 12 months before and 6 months after the GDPR became effective and show that websites substantially reduced their interactions with web technology providers. Importantly, this also holds for websites not legally bound by the GDPR. These changes are especially pronounced among less popular websites and regarding the collection of personal data. We document an increase in market concentration in web technology services after the introduction of the GDPR: Although all firms suffer losses, the largest vendor — Google — loses relatively less and significantly increases market share in important markets such as advertising and analytics. Our findings contribute to the discussion on how regulating privacy, artificial intelligence and other areas of data governance relate to data minimization, regulatory competition, and market structure.”

William Rinehart of the Center for Growth and Opportunity has compiled and summarized many additional studies that document the costs associated with restrictions on data, including many state privacy laws imposed in the United States.

“The Biggest Loser”: Innovation Culture Gone Wrong

Taken together, this evidence makes it clear that, “Well-meaning privacy laws can have the unintended consequence of penalizing smaller companies within technology markets.” It can also have broader geopolitical ramifications for continental competitive advantage and engagement between countries. Some have argued that the United Kingdom’s so-called “Brexit” from the EU can be viewed as not only an effort to reclaim its sovereignty but more specifically “to escape its crippling regulatory structure.” The E.U.’s approach to emerging technology regulation likely had some bearing on this. Acs argues that Britain’s move was logical, “because E.U. regulations were holding back the U.K.’s strong DPE (digital platform economy).” “If the United Kingdom was to realize its economic potential,” he says, “it had to extricate itself from the European Union,” due to the growing “dysfunctional E.U. bureaucracy.”

Can Europe turn things around? Most market watchers do not believe that the E.U. will be willing to change its regulatory course in such a way that the continent would suddenly become more open to data-driven innovation. As part of a Spring 2022 journal symposium, The International Economy asked 11 experts from Europe and the U.S. to consider where the European Union currently stood in “the global tech race.” The responses were nearly unanimous and bluntly summarized in the symposium’s title: “The Biggest Loser.” Several respondents observed how “Europe is considered to be lagging behind in the global tech race,” and “is unlikely to become a global hub of innovation.” “The future will not be invented in Europe,” another respondent concluded. Europe’s risk-averse culture and preference for meticulously detailed and highly precautionary regulatory regimes were repeatedly cited as factors.

Europe has become the biggest loser on the digital technology front not because of their people but because of their policy. Europe is filled with some of the most important advanced education and engineering programs in the world, and countless brilliant minds there could be leading world-leading digital technology companies that could rival the U.S., China, and the rest of the world. But Europe’s current “innovation culture” simply will not allow it.

Innovation culture refers to “the various social and political attitudes and pronouncements towards innovation, technology, and entrepreneurial activities that, taken together, influence the innovative capacity of a culture or nation.” A positive innovation culture depends upon a dynamic, open economy that encourages new entry, entrepreneurialism, continuous investment, and the free movement of goods, ideas, and talent.

At this point in time, it is clear that — at least for data-driven sectors — the E.U. has created the equivalent of an anti-innovation culture, and the GDPR has clearly played a major rule in that outcome. This regulatory regime has also had devastating consequences for venture capital formation and investment more generally in Europe. “Public policy and attitudes explain the relative technological decline and lack of economic dynamism,” Petit and Teece argue, and it has resulted in, “weak venture capital markets, fragmented research capabilities, low worker mobility and frustrated entrepreneurs.”

Industrial Policy Won’t Save Europe

While the E.U. is aggressively regulating data-driven sectors, it is simultaneously trying to use industrial policy programs to advance new technological capabilities and innovations. European policymakers would obviously like to avoid a repeat of the past quarter century and the lack of digital technology competition and innovation they witnessed.

But past European industrial policy efforts on the digital technology front have largely failed, as Connor Haaland and I documented earlier. Zoltan Acs notes that, despite many state efforts to promote digital innovation across the continent in recent decades, the E.U.’s regulatory policies have resulted in the opposite. “The European Union protected traditional industries and hoped that existing firms would introduce new technologies. This was a policy designed to fail,” he argues. A major recent book, Questioning the Entrepreneurial State: Status-quo, Pitfalls, and the Need for Credible Innovation Policy (Springer, 2022), offers additional evidence of the failure of European industrial policy efforts. No amount of industrial policy planning and spending is going to be able to overcome a negative innovation culture that suffocates entrepreneurialism and investment out of the gates.

These findings have lessons for policymakers in the United States, too, especially with President Biden and even many Republicans now calling for heavy-handed top-down regulation of digital technology companies. Basically, “President Biden Wants America to Become Europe on Tech Regulation,” I argued in a recent R Street Institute blog post. In a letter to the Wall Street JournalI responded to recent opeds by both President Biden and former Trump Administration Attorney General William Barr in which they both advocated regulations that would take us down the disastrous path that the European Union has already charted.

“The only thing Europe exports now on the digital-technology front is regulation,” I noted in my response, and that makes it all the more mind-boggling that Biden and Barr want to go down that same path. “Overregulation by EU bureaucrats led Europe’s best entrepreneurs and investors to flee to the U.S. or elsewhere in search of the freedom to innovate.” This is the wrong innovation culture for the United States if we hope to be a leader in the Computational Revolution that is unfolding — and match expanding efforts by the Chinese to top us at it.

In closing, policymakers should never lose sight of the most fundamental lesson of innovation policy, which can be stated quite simply: You only get as much innovation as you allow to begin with. If the public policy defaults are all set to be maximally restrictive and limit entrepreneurialism and experimentation by design, then it should be no surprise when the country or continent fails to generate meaningful innovation, investment, new companies, and global competitive advantage. The European model is no model for America.

Additional reading:

]]> https://techliberation.com/2023/02/09/studies-document-growing-cost-of-eu-privacy-regulations/feed/ 2 77086 AI Policy Research: My Year in Review https://techliberation.com/2022/12/26/ai-policy-research-my-year-in-review/ https://techliberation.com/2022/12/26/ai-policy-research-my-year-in-review/#comments Mon, 26 Dec 2022 20:07:40 +0000 https://techliberation.com/?p=77073

I spent much of 2022 writing about the growing policy debate over artificial intelligence, machine learning, robotics, and the Computational Revolution more generally. Here are some of the major highlights of my work on this front.

All these essays + dozens more can be found on my: “Running List of My Research on AI, ML & Robotics Policy.” I have several lengthy studies and many shorter essays coming in the first half of 2023.

Finally, here is a Federalist Society podcast discussion about AI policy hosted by Jennifer Huddleston in which Hodan Omaar of ITIF and I offer a big picture overview of where things are headed next.

]]> https://techliberation.com/2022/12/26/ai-policy-research-my-year-in-review/feed/ 2 77073 Why the Future of AI Will Not Be Invented in Europe https://techliberation.com/2022/08/01/why-the-future-of-ai-will-not-be-invented-in-europe/ https://techliberation.com/2022/08/01/why-the-future-of-ai-will-not-be-invented-in-europe/#comments Mon, 01 Aug 2022 18:28:40 +0000 https://techliberation.com/?p=77016

For my latest column in The Hill, I explored the European Union’s (EU) endlessly expanding push to regulate all facets of the modern data economy. That now includes a new effort to regulate artificial intelligence (AI) using the same sort of top-down, heavy-handed, bureaucratic compliance regime that has stifled digital innovation on the continent over the past quarter century.

The European Commission (EC) is advancing a new Artificial Intelligence Act, which proposes banning some AI technologies while classifying many others under a heavily controlled “high-risk” category. A new bureaucracy, the European Artificial Intelligence Board, will be tasked with enforcing a wide variety of new rules, including “prior conformity assessments,” which are like permission slips for algorithmic innovators. Steep fines are also part of the plan. There’s a lengthy list of covered sectors and technologies, with many others that could be added in coming years. It’s no wonder, then, that the measure has been labelled the measure “the mother of all AI laws” and analysts have argued it will further burden innovation and investment in Europe.

As I noted in my new column, the consensus about Europe’s future on the emerging technology front is dismal to put it mildly. The International Economy journal recently asked 11 experts from Europe and the U.S. where the EU currently stood in global tech competition. Responses were nearly unanimous and bluntly summarized by the symposium’s title: “The Biggest Loser.” Respondents said Europe is “lagging behind in the global tech race,” and “unlikely to become a global hub of innovation.” “The future will not be invented in Europe,” another analyst bluntly concluded.

That’s a grim assessment, but there is no doubt that European competitiveness is suffering today and that excessive regulation plays a fairly significant role in causing it. As I noted in my column, “the EU’s risk-averse culture and preference for paperwork compliance over entrepreneurial freedom” had serious consequences for continent-wide innovation.  I note in my recent column how:

After the continent piled on layers of data restrictions beginning in the mid-1990s, innovation and investment suffered. Regulation grew more complex with the 2018 General Data Protection Regulation (GDPR), which further limits data collection and use. As a result of all the red tape, the EU came away from the digital revolution with “the complete absence of superstar companies.” There are no serious European versions of Microsoft, Google, Facebook, Apple or Amazon. Europe’s leading providers of digital technology services today are American-based companies.

Let’s take a look at a few numbers that illustrate what’s happened in Europe’s tech sector over the past quarter century. Here’s an old KPGM breakdown of market caps for public Internet companies over an important 20 year period, from 1995 to 2015, when the digital technology marketplace was taking shape. Besides the remarkable amount of churn over that period (with only Apple appearing on both lists), the other notable thing is the complete absence of any European companies in 2015.

Next, here’s a chart I constructed using CB Insights data for global unicorns ($billion valued companies) from 2010 up through early 2022. It shows how the U.S. dominates fully half the list with China having a 16% share, but all of the European Union’s firms equal just a 9 percent slice of the world’s share.

If you want to see a per capita breakdown of VC investment by country, here’s a handy Crunchbase News chart. While the U.S. is geographically much larger than Europe, a breakdown of VC funding on a per capita basis reveals that only Estonia ($915B) and Sweden ($700B) have startup investment on par with America ($808B). No other European country has even half as much per capita VC investment as the U.S., and most don’t even have a quarter as much.

As we enter the “age of AI,” what will the EU’s same regulatory model for mean for AI, machine learning, and robotics in Europe? We do have some early data on that, too. Here’s a breakdown of AI-related VC activity and AI unicorn in 2021 from the recent State of AI Report 2021, with European countries already trailing far behind:

Also, here’s some data on recent AI investment by region from the latest Stanford “AI Index Report 2022” which again highlights a gap that is only growing larger:

It’s important to listen to what actual AI innovators across the Atlantic have to say about the new EU regulatory efforts. Just last month, the UK-based Coalition for a Digital Economy (Coadec), an advocacy group for Britain’s technology-led startups, published a report entitled, “What do AI Startups Want from Regulation?” Coadec surveyed its members to gauge their feelings about the EU’s proposed approach to AI regulation, as well as the UK’s. 76% of those startups said that their business model would be either negatively affected or become infeasible if the UK were to echo the EU by making AI developers liable, and an equal percentage said they had varying concerns about whether it’s technically even feasible to make their datasets “free of errors,” as the EU looks set to demand. Respondents also said they feared that the new AI Act would be particularly burdensome to small and mid-size entrepreneurs because they cannot afford to deal with the costly compliance hassles like the larger competitors they face. This would end of being a replay of the burdens they faced from GDPR, which decimated small businesses. “The experience of GDPR demonstrated how unclear, complex and expensive regulations drove many startups out of business, and disproportionately impact startups that survived–GDPR compliance cost startups significantly more than it did the Tech Giants,” the Coadec report concluded.

At least those UK-based innovators might be in a slightly better position post-Brexit with the British government now looking to chart a different–and much less burdensome–governance approach for digital technologies. In fact, the UK government recently released a major policy document on “Establishing a Pro-Innovation Approach to Regulating AI,” which makes a concerted effort to distinguish its approach from the EU’s. “We will ask that regulators focus on high risk concerns rather than hypothetical or low risks associated with AI,” the report noted. “We want to encourage innovation and avoid placing unnecessary barriers in its way.” This is consistent with what the UK government has been saying on technology governance more generally. For example, in recent report advocating for Innovation Friendly Regulation, the UK government’s Regulatory Horizons Council argued that, when it comes to the regulation of emerging technologies like AI, “it is also necessary to consider the risk that the intervention itself poses.” “This would include the potential impact on benefits from a particular innovation that might be foregone; it would also include the potential creation of a ‘chilling effect’ on innovation more generally,” the Council concluded. Clearly, this approach to technology policy stands in stark contrast to the EU’s heavy-handed model. So, there is a chance that at least some innovators based in the UK can escape the EU’s regulatory hell.

What about AI innovators stuck on the European continent? What are they saying about the regulations they will soon face? The European DIGITAL SME Alliance, which is the largest network of small and medium sized enterprises (SMEs) in the European ICT sector, represents roughly 45,000 digital SMEs. In comments to the EC about the impact of the law, the Alliance highlighted how costly the AI Act’s conformity assessments and other regulations will be for smaller innovators. “This may put a burden on AI innovation” the Alliance argued, because smaller developers have limited financial and human resources of SMEs.” “[A] regulation that requires SMEs to make these significant investments, will likely push SMEs out of the market,” the group noted. “This is exactly the opposite of the intention to support a thriving and innovative AI ecosystem in Europe.” Moreover, “SMEs will not be able to pass on these costs to their customers in the final customer end pricing,” the Alliance correctly noted because, “[t[he market is global and highly competitive. Therefore, customers will choose cheaper solutions and Europe risks to be left behind in technology development and global competition.”

In March, the Alliance also hosted a forum on “The European AI Act and Digital SMEs,” which featured comments from some operators in this space. Some speakers were quite timid and you could sense that they might have feared pushing back too aggressively against the European Commission so as not to get on the bad side of regulators before the rules go into effect. But Mislav Malenica, Founder & CEO Mindsmiths didn’t pull any punches in his remarks. His company Mindsmiths is trying to build autonomous support systems in many different fields, but their ability to innovate and compete globally will be severely curtailed by the EU AI Act, he argued.

I usually don’t spend time transcribing people’s comments from events, but I went back and watched Malenica’s multiple times because his remarks are so powerful and I wanted to make sure others hear what he was saying. [Malenica’s opening comments during the event run from 42:29 to 49:34 of the video and then he has more to say during Q&A beginning at the 1:27:28 of the video.] Here’s a quick summary of a few of Malenica’s key points (listed chronologically):

  • “I’m not sure we are doing everything we can do actually to create an environment that’s innovation friendly.”
  • “we see a lot of uncertainty. We see fear.”
  • “basically we won’t be able to get funding here.”
  • while reading through the AI Act, he notes, “I don’t see start-ups being mentioned anywhere, and startups are the main vehicles of innovation.” […] “I find it very arrogant”
  • if AI Act becomes law, “what we’ll do in Europe is we’ll create a new market and that’s the AI markets based on fear,” and in how to just build products that avoid the wrath of government or lawsuits.
  • “we are really stifling innovation” and that means Europeans will have to import autonomous products from foreign companies instead of making them there.

Later, during in the Q&A period, Malenica notes how his first virtual currency startup had to use half it’s investment capital just dealing with regulatory compliance issues, and most venture capitalists wouldn’t get behind launching in Europe because of such legal hassles. He reflects upon what this mean for other innovators going forward as the EU prepares to expand their regulatory regime for AI sectors:

  • “I don’t think we’re missing talent. That’s just a consequence” of all the regulation. “We are missing a sense that you have opportunities here. If you the opportunities here, then the talent will come, the funding will come, and so on because people see that they’ll be able to make money, they’ll be able to build companies, and so on.”
  • “If we now take a look at the 10 biggest companies market capitalizations in the world, we’ll see that none of them comes actually from Europe” with U.S. tech companies dominating the list. “So, we missed that wave completely.” Why? “Because we didn’t inspire anyone to take action,” and that is about to happen for AI.
  • “We need to decide if we are going to be a land of opportunities, or will we be just consumers of other people’s tech, the same we are right now” for digital software and services.
  • “We’re already finding excuses for the loss” of the AI market, he argues.

Malenica’s comments are extraordinarily demoralizing if you care about innovation. Now, I’m an American and one way to look at this dismal situation is that, by hobbling its own startups and existing AI innovators, Europe is doing the U.S. another favor by essentially taking itself out of the running in next great global tech race. Europe’s actions may also mean that America gains many of their best and brightest if they come to the U.S. when looking to create the next great algorithmic service or application because they can’t do so in the EU. This is exactly what happened over the past few decades for Internet startups, Malenica noted.

But that’s dismal news in another sense. Europe is filled with brilliant innovators, highly-skilled talent, world-class educational institutions, and even many venture capitalists looking to invest in this arena. Unfortunately, the continent’s suffocating regulatory approach makes it nearly impossible for digital technology innovators to have a fighting chance. Through their heavy-handed policies, European officials have essentially declared their innovators “guilty until proven innocent.” And that means that Europeans and the rest of the world are being deprived of many important life-enriching and life-saving AI applications that those innovators could create. Technological innovation is not a zero-sum game that only one country can “win.” Innovation drives growth and prosperity and lifts all boats as its benefits spread throughout the world. When European innovators prosper, people all over the world prosper along with them.

Is there any chance the European Commission softens its stance toward emerging technologies and looks to adopt a more flexible governance approach that instead treats AI innovators as innocent until proven guilty? I think it is extremely unlikely that will happen because, as Malenica noted, European technology policy is too rooted in fear of disruption and extreme risk-aversion. EU officials are forgetting that the most important lesson from the history of technological innovation is there can be no progress without some risk-taking and corresponding disruption. My favorite quote about the relationship between risk-taking and human progress comes from Wilbur Wright who, along with his brother, helped pioneer human flight. “If you are looking for perfect safety,” Wright said, “you would do well to sit on a fence and watch the birds.” European policymakers are essentially forcing their best and brightest innovators to sit on the fence and watch the rest of the world fly right past them on the digital technology and AI front. The ramifications for the continent will be disastrous. Regardless, as I noted in concluding my recent Hill column, Europe’s approach to AI “shouldn’t be the model the U.S. follows if it hopes to maintain its early lead in AI and robotics. America should instead welcome European companies, workers and investors looking for a more hospitable place to launch bold new AI innovations.”

Alas, European officials appear ready to ignore the deleterious impact of their policies on innovation and competition and instead make regulation their leading export to the world. In fact, the European Commission will soon open a San Francisco office to work more closely with Silicon Valley companies affected by EU tech regulation. European leaders have basically surrendered on the idea of home-grown innovation and are now plowing all their energies into regulating the rest of the world’s largest digital technology companies, most of which are headquartered in the United States. It’s no wonder, then, that The Economist magazine concludes that, “Europe is the free-rider continent” that “has piggybacked on innovation from elsewhere, keeping up with rivals, not forging ahead.” Instead, “the cuddly form of capitalism embraced in Europe has markedly failed to create world-beating companies,” the magazine argues.

European officials want us to believe that they are somehow doing the world a favor by being its global tech regulator, when instead the are simply solidifying the power of the largest digital tech companies, who are the only ones with enough resources–mainly in the form of massive legal compliance teams–to live under the EU’s innovation-crushing regulations. Sadly, many US policymakers hate our own home-grown tech companies so much now, that they are willing to let this happen. In a better world, those American lawmakers would stand up to European officials looking to bully tech innovators and we would reject the innovation-killing recipe that the EU is cooking up for AI markets and expects the rest of the world to eat.

Additional Reading on AI & Robotics:

]]> https://techliberation.com/2022/08/01/why-the-future-of-ai-will-not-be-invented-in-europe/feed/ 3 77016 Running List of My Research on AI, ML & Robotics Policy https://techliberation.com/2022/07/29/running-list-of-my-research-on-ai-ml-robotics-policy/ https://techliberation.com/2022/07/29/running-list-of-my-research-on-ai-ml-robotics-policy/#respond Fri, 29 Jul 2022 12:51:54 +0000 https://techliberation.com/?p=77020

[last updated 4/3/2025 – Check my Medium page for latest posts]

This a running list of all the essays and reports I’ve already rolled out on the governance of artificial intelligence (AI), machine learning (ML), and robotics. Why have I decided to spend so much time on this issue? Because this will become the most important technological revolution of our lifetimes. Every segment of the economy will be touched in some fashion by AI, ML, robotics, and the power of computational science. It should be equally clear that public policy will be radically transformed along the way.

Eventually, all policy will involve AI policy and computational considerations. As AI “eats the world,” it eats the world of public policy along with it. The stakes here are profound for individuals, economies, and nations. As a result, AI policy will be the most important technology policy fight of the next decade, and perhaps next quarter century. Those who are passionate about the freedom to innovate need to prepare to meet the challenge as proposals to regulate AI proliferate.

There are many socio-technical concerns surrounding algorithmic systems that deserve serious consideration and appropriate governance steps to ensure that these systems are beneficial to society. However, there is an equally compelling public interest in ensuring that AI innovations are developed and made widely available to help improve human well-being across many dimensions. And that’s the case that I’ll be dedicating my life to making in coming years.

Here’s the list of what I’ve done so far. I will continue to update this as new material is released:

2025

2024

2023

2022

2021 (and earlier)

]]> https://techliberation.com/2022/07/29/running-list-of-my-research-on-ai-ml-robotics-policy/feed/ 0 77020 America Shouldn’t Follow EU’s Lead on AI Regulation https://techliberation.com/2022/07/22/america-shouldnt-follow-eus-lead-on-ai-regulation/ https://techliberation.com/2022/07/22/america-shouldnt-follow-eus-lead-on-ai-regulation/#comments Fri, 22 Jul 2022 15:42:08 +0000 https://techliberation.com/?p=77012

For my latest regular column in The Hill, I took a look at the trade-offs associated with the EU’s AI Act. This is derived from a much longer chapter on European AI policy that is in my forthcoming book, and I also plan on turning it into a free-standing paper at some point soon. My oped begins as follows:

In the intensifying race for global competitiveness in artificial intelligence (AI), the United States, China and the European Union are vying to be the home of what could be the most important technological revolution of our lifetimes. AI governance proposals are also developing rapidly, with the EU proposing an aggressive regulatory approach to add to its already-onerous regulatory regime. It would be imprudent for the U.S. to adopt Europe’s more top-down regulatory model, however, which already decimated digital technology innovation in the past and now will do the same for AI. The key to competitive advantage in AI will be openness to entrepreneurialism, investment and talent, plus a flexible governance framework to address risks.

Jump over to The Hill to read the entire thing. And down below you will find all my recent writing on AI and robotics. This will be my primary research focus in coming years.

Additional Reading :

]]> https://techliberation.com/2022/07/22/america-shouldnt-follow-eus-lead-on-ai-regulation/feed/ 6 77012 Event Video on Algorithmic Auditing and AI Impact Assessments https://techliberation.com/2022/07/13/event-video-on-algorithmic-auditing-and-ai-impact-assessments/ https://techliberation.com/2022/07/13/event-video-on-algorithmic-auditing-and-ai-impact-assessments/#comments Wed, 13 Jul 2022 18:10:03 +0000 https://techliberation.com/?p=77008

Upsides:

  • Audits and impact assessments can help ensure organizations live up their promises as it pertains to “baking in” ethical best practices (on issues like safety, security, privacy, and non-discrimination).
  • Audits and impact assessments are already utilized in other fields to address safety practices, financial accountability, labor practices and human rights issues, supply chain practices, and various environmental concerns.
  • Internal auditing / Institute of Internal Auditors (IIA) efforts could expand to include AI risks
  • Eventually, more and more organizations will expand their internal auditing efforts to incorporate AI risks because it makes good business sense to stay on top of these issues and avoid liability, negative publicity, or other customer backlash.
  • the International Association of Privacy Professionals (IAPP) trains and certifies privacy professionals through formal credentialing programs, supplemented by regular meetings, annual awards, and a variety of outreach and educational initiatives.
  • We should use similar model for AI and start by supplementing Chief Privacy Officers with Chief Ethical Officers.
  • This is how we formalize the ethical frameworks and best practices that have been formulated by various professional associations such as IEEE, ISO, ACM and others.
  • OECD — Framework for the Classification of AI Systems with the twin goals of helping “to develop a common framework for reporting about AI incidents that facilitates global consistency and interoperability in incident reporting,” and advancing “related work on mitigation, compliance and enforcement along the AI system lifecycle, including as it pertains to corporate governance.”
  • NIST — AI Risk Management Framework “to better manage risks to individuals, organizations, and society associated with artificial intelligence.”
  • These frameworks being developed through a consensus-driven, open, transparent, and collaborative process. Not through top-down regulation.
  • Many AI developers and business groups have endorsed the use of such audits and assessments. BSA|The Software Alliance has said that, “By establishing a process for personnel to document key design choices and their underlying rationale, impact assessments enable organizations that develop or deploy high-risk AI to identify and mitigate risks that can emerge throughout a system’s lifecycle.”
  • Developers can still be held accountable for violations of certain ethical norms and bast practices both through private and potentially even through formal sanctions by consumer protection agencies (Federal Trade Commission / comparable state offices / by state AGs).
  • EqualAI / WEF — “Badge Program for Responsible AI Governance”
  • field of algorithmic consulting continues to expand (ex: O’Neil Risk Consulting)

Downsides:

  • constitutes a harm or impact in any given context will often be a contentious matter.
  • Auditing algorithms is nothing like auditing an accounting ledger, where the numbers either add up or they don’t.
  • With algorithms there are no binary metrics that can quantify the correct amount of privacy, safety, or security in any given system.
  • E.U. AI act will be a disaster for AI innovation and investment
  • Proposed U.S. Algorithmic Accountability Act of 2022 would require that developers perform impact assessments and file them with the Federal Trade Commission. A new Bureau of Technology would be created inside the agency to oversee the process.
  • If enforced through a rigid regulatory regime and another federal bureaucracy, compliance with algorithmic auditing mandates would likely become a convoluted, time-consuming bureaucratic process. That would likely slow the pace of AI development significantly.
  • Academic literature on AI auditing / impact assessment ignores potential costs; Mandatory auditing and assessments are treated as a sort of frictionless nirvana when we already know that such a process would entire significant costs.
  • Some AI scholars suggest that NEPA should be model for AI impact assessments / audits.
  • NEPA assessments were initially quite short (sometimes less than 10 pages), but today the average length of these statements is more than 600 pages and include appendices that average over 1,000 pages on top of that.
  • NEPA assessments take an average of 4.5 years to complete and that, between 2010 and 2017, there were four assessments that took at least 17 years to complete.
  • Many important public projects never get done or take far too long to complete at considerably higher expenditure than originally predicted.
  • would create a number of veto points that opponents of AI could use to stop much progress in the field. This is the “vetocracy” problem.
  • We cannot wait years or even months for bureaucracies to eventually getting around to formally signing off on audits or assessments, many of which would be obsolete before they were even done.
  • “global innovation arbitrage” problem would kick in: Innovators and investors increasingly relocate to the jurisdictions where they are treated most hospitably.
  • Both parties already accuse digital technology companies of manipulating their algorithms to censor their views.
  • Whichever party is in power at any given time could use the process to politicize terms like “safety,” “security,” and “non-discrimination” to nudge or even force private AI developers to alter their algorithms to satisfy the desires of partisan politicians or bureaucrats.
  • FCC abused its ambiguous authority to regulate “in the public interest” and indirectly censor broadcasters through intimidation via jawboning tactics and other “agency threats.” or “regulation by raised eyebrow”
  • There are potentially profound First Amendment issues in play with the regulation of algorithms that have not been explored here but which could become a major part of AI regulatory efforts going forward.

Summary:

  • Auditing and impact assessments can be a part of a more decentralized, polycentric governance framework.
  • Even in the absence of any sort of hard law mandates, algorithmic auditing and impact reviews represent an important way to encourage responsible AI development.
  • But we should be careful about mandating such things due to the many unanticipated cost and consequences of converting this into a top-down, bureaucratic regulatory regime.
  • The process should evolve gradually and organically, as it has in many other fields and sectors.
]]> https://techliberation.com/2022/07/13/event-video-on-algorithmic-auditing-and-ai-impact-assessments/feed/ 3 77008 VIDEO: My London Talk about the Future of AI Governance https://techliberation.com/2022/06/13/video-my-london-talk-about-the-future-of-ai-governance/ https://techliberation.com/2022/06/13/video-my-london-talk-about-the-future-of-ai-governance/#comments Mon, 13 Jun 2022 09:29:50 +0000 https://techliberation.com/?p=76999

On Thursday, June 9, it was my great pleasure to return to my first work office at the Adam Smith Institute in London and give a talk on the future of innovation policy and the governance of artificial intelligence. James Lawson, who is affiliated with the ASI and wrote a wonderful 2020 study on AI policy, introduced me and also offered some remarks. Among the issues discussed:

  • What sort of governance vision should govern the future of innovation generally and AI in particular: the “precautionary principle” or “permissionless innovation”?
  • Which AI sectors are witnessing the most exciting forms of innovation currently?
  • What are the fundamental policy fault lines in the AI policy debates today?
  • Will fears about disruption and automation lead to a new Luddite movement?
  • How can “soft law” and decentralized governance mechanism help us solve pressing policy concerns surrounding AI?
  • How did automation affect traditional jobs and sectors?
  • Will the European Union’s AI Act become a global model for regulation and will it have a “Brussels Effect” in terms of forcing innovators across the world to come into compliance with EU regulatory mandates?
  • How will global innovation arbitrage affect the efforts by governments in Europe and elsewhere to regulate AI innovation?
  • Can the common law help address AI risk? How is the UK common law system superior to the US legal system?
  • What do we mean by “existential risk” as it pertains to artificial intelligence?

I have a massive study in the works addressing all these issues. In the meantime, you can watch the video of my London talk here. And thanks again to my friends at the Adam Smith Institute for hosting!

Additional Reading:

 

 

]]> https://techliberation.com/2022/06/13/video-my-london-talk-about-the-future-of-ai-governance/feed/ 5 76999 Book Review: “Questioning the Entrepreneurial State” https://techliberation.com/2022/04/26/book-review-questioning-the-entrepreneurial-state/ https://techliberation.com/2022/04/26/book-review-questioning-the-entrepreneurial-state/#comments Tue, 26 Apr 2022 20:14:03 +0000 https://techliberation.com/?p=76975

An important new book launched this week in Europe on issues related to innovation policy and industrial policy. “Questioning the Entrepreneurial State: Status-quo, Pitfalls, and the Need for Credible Innovation Policy” (Springer, 2022) brings together more than 30 scholars who contribute unique chapters to this impressive volume. It was edited by Karl Wennberg of the Stockholm School of Economics and Christian Sandström of the Jönköping (Sweden) International Business School.

As the title of this book suggests, the authors are generally pushing back against the thesis found in Mariana Mazzucato’s book The Entrepreneurial State (2011). That book, like many other books and essays written recently, lays out a romantic view of industrial policy that sees government as the prime mover of markets and innovation. Mazzucato calls for “a bolder vision for the State’s dynamic role in fostering economic growth” and innovation. She wants the state fully entrenched in technological investments and decision-making throughout the economy because she believes that is the best way to expand the innovative potential of a nation.

The essays in Questioning the Entrepreneurial State offer a different perspective, rooted in the realities on the ground in Europe today. Taken together, the chapters tell a fairly consistent story: Despite the existence of many different industrial policy schemes at the continental and country level, Europe isn’t in very good shape on the tech and innovation front. The heavy-handed policies and volumes of regulations imposed by the European Union and its member states have played a role in that outcome. But these governments have simultaneously been pushing to promote innovation using a variety of technocratic policy levers and industrial policy schemes. Despite all those well-intentioned efforts, the EU has struggled to keep up with the US and China in most important modern tech sectors.

As Wennberg and Sandström note in their introductory chapter:

Grand schemes toward noble outcomes have a disappointing track record in human political and economic history. Conventional wisdom regarding authorities’ inability to selectively pinpoint certain technologies, sectors, or firms as winners, and the fact that large support structures for specific technologies are bound to distort incentives and result in opportunism, seem to have been forgotten.

In summarizing the chapters, they conclude that, “while the idea of aiming high and leveraging large portions of society’s resources to address some fundamental human challenges may sound appealing to many, such ideas have limited scientific credibility.”

Why do governments frequently fail in attempts to be entrepreneurial? Johan P. Larsson gets at the heart of the matter in his chapter when noting how, “[t]he state entrepreneur is not subject to real risk, often faces no market, and cannot be properly evaluated. It pays no price for being wrong and it struggles in assigning responsibility.” Which leads to two questions that are rarely asked, he notes: “[F]irst, how do we ensure that the state pays a price for being wrong? And second, when is that price high enough for us to know it is time to cut our losses?”

The authors of another chapter (Murtinu, Foss & Klein) concur and note how, “even well-intentioned and strongly motivated public actors lack the ability to manage the process of innovation.” “As stewards of resources owned by the public,” they note, “government bureaucrats do not exercise the ultimate responsibility that comes with ownership.” In other words, the state faces problems of misaligned incentives.

Several authors in the book highlight the various public choice problems often associated with large-scale industrial policy initiatives, including rent-seeking and capture. Wennberg and Sandström note how this results in less disruption as established players don’t seek to challenge existing market or technological status quos but instead simply seek to benefit from it. “[S]upport structures, platforms for private-public cooperation, and large volumes of technology-specific money usually end up in the hands of established interest groups,” they note. “Hence, they are not very likely to question these policies but will rather go along with the ride.”

John-Erik Bergkvist and Jerker Moodysson devote an entire chapter to this problem and offer a grim assessment of how past industrial policy schemes have exacerbated it:

Assuming that policies and programs are shaped by the interest groups that are affected by the policies, we highlight the risk that policymaking may end up as support for established interest groups rather than supporting the emergence of those who could act as institutional entrepreneurs or disruptors. Policies and programs may thus be captivated by dominant actors in the established regime, who have superior financial and relational resources. The result would then be that innovation policies sustain the established socio-technical structures of industries rather than contributing to the emergence of new structures.”

Other organizations are incentivized to support the status quo when big money is on the line. One of the most interesting chapters in the book was co-authored by Wennberg and Sandström along with Elias Collin. They examine the conflicts of interest inherent in many evaluations of industrial policy programs by various third parties, including academics and consultants who receive generous state contracts:

the overwhelming majority of evaluations are positive or neutral and that very few evaluations are negative. While this is the case across all categories of evaluators, we note that consulting firms stand out as particularly inclined to provide positive evaluations. The absence of negative or critical reports can be related to the fact that most of the studies do not rely upon methods that make it possible to discuss effects. This discrepancy between so many positive evaluations on the one hand and comparatively weak evaluation methods on the other hand leads us to suspect that evaluators are not sufficiently independent. Consultants and scholars that are funded by a government agency in order to evaluate the agency’s policies and programs are put in a position where it is difficult to maintain objectivity.

This is one reason why industrial policy continues to have such currency in European policy discussions despite a long track record of failure, as documented throughout this new book. The biggest problem for Europe lies in its layers of regulatory bureaucracy and heavy-handed treatment of entrepreneurs.

Later in the book, Zoltan J. Acs offers a grim account of just how bad things have been for Europe on the digital technology front in recent decades, despite the many state-led efforts to promote the sector. “The European Union protected traditional industries and hoped that existing firms would introduce new technologies. This was a policy designed to fail,” Acs argues. “What has been the outcome of E.U. policy in limiting entrepreneurial activity over recent decades?” he asks. Acs concludes that:

It is immediately clear… that the United States and China dominate the platform landscape. Based on the market value of top companies, the United States alone represents 66% of the world’s platform economy with 41 of the top 100 companies. European platform-based companies play a marginal role, with only 3% of market value.

He says that the United Kingdom’s “Brexit” from the European Union was a logical move, “because E.U. regulations were holding back the U.K.’s strong DPE (digital platform economy).” “If the United Kingdom was to realize its economic potential, it had to extricate itself from the European Union,” Acs says, due to the “dysfunctional E.U. bureaucracy.” No amount of industrial policy support is going to allow European firms to overcome those burdens. In fact, many of Europe’s industrial policy programs create the very disincentives that retard innovation and discourage entrepreneurialism in key sectors.

Several of the authors in the collection stress how the better role for the state is usually to set the table for innovation and growth without trying to determine everything that is served on the plate. As Wennberg and Sandström summarize:

the best policies to promote innovation are those that promote productive economic activity more generally: property rights protection, open and contestable markets, a stable monetary system, and legal rules that favor competition and entrepreneurship. Policy should promote an institutional environment in which innovation and entrepreneurship can flourish without trying to anticipate the specific outcomes of those processes—an impossible task in the face of uncertainty, technological change, and a dynamic, knowledge-based economy.

That’s good advice, as is everything found throughout the book. I encourage all those interested in these issues to take a hard look at it because it is particularly relevant even here in the Unites States, as Congress is currently considering a massive new 3,000-page, $350 billion industrial policy bill that I’ve labelled “The Most Corporatist & Wasteful Industrial Policy Ever.” There doesn’t seem to be anything stopping the momentum of this effort with both liberals and conservatives lining up to pass out the pork. I wish I could put a copy of Questioning the Entrepreneurial State in all their hands and ask them to read every word of it before they gamble hundreds of billions on such foolish efforts.

Additional Reading:

]]> https://techliberation.com/2022/04/26/book-review-questioning-the-entrepreneurial-state/feed/ 2 76975 Should the US Follow China’s Lead on Industrial Policy? https://techliberation.com/2021/03/15/should-the-us-follow-chinas-lead-on-industrial-policy/ https://techliberation.com/2021/03/15/should-the-us-follow-chinas-lead-on-industrial-policy/#comments Mon, 15 Mar 2021 14:02:34 +0000 https://techliberation.com/?p=76849

In our latest feature for Discourse magazine, Connor Haaland and I explore the question, “Should the U.S. Copy China’s Industrial Policy?” We begin by noting that:

Calls for revitalizing American industrial policy have multiplied in recent years, with many pundits and policymakers suggesting that the U.S. should consider taking on Europe and China by emulating their approaches to technological development. The goal would be to have Washington formulate a set of strategic innovation goals and mobilize government planning and spending around them.

We continue on to argue that what most of these advocates miss is that:

China’s targeting efforts are often antithetical to both innovation and liberty, and involve plenty of red tape and bureaucracy. China has become a remarkably innovative country for many reasons, including its greater tolerance for risk-taking, even as the Chinese Communist Party continues to pump resources into strategic sectors. But most Chinese innovation is permissible only insomuch as it furthers the party’s objectives, a strategy the U.S. obviously wouldn’t want to copy.

We discuss the problems associated with some of those Chinese efforts as well as proposed US responses, like the recently released 756 page report from the National Security Commission on Artificial Intelligence. The report takes an everything-and-the-kitchen-sink approach to state direction for new AI-related efforts and spending. While that report says the government now must “drive change through top-down leadership” in order to “win the AI competition that is intensifying strategic competition with China,” we argue that there could be some serious pitfalls with top-down, high price tag approaches.

Jump over to the  Discourse site to read the full essay, as well as our previous essay, which asked, “Can European-Style Industrial Policies Create Tech Supremacy?” These two essay build on the research Connor and I have been doing on global artificial intelligence policies in the US, China, and the EU. In a much longer forthcoming white paper, we explore both the regulatory and industrial policy approaches for AI being adopted in the US, China, and the EU. Stay tuned for more.

]]> https://techliberation.com/2021/03/15/should-the-us-follow-chinas-lead-on-industrial-policy/feed/ 3 76849 European Industrial Policy Follies https://techliberation.com/2021/02/15/european-industrial-policy-follies/ https://techliberation.com/2021/02/15/european-industrial-policy-follies/#comments Mon, 15 Feb 2021 16:17:36 +0000 https://techliberation.com/?p=76842

Over at Discourse magazine, Connor Haaland and I have an new essay (“Can European-Style Industrial Policies Create Tech Supremacy?”) examining Europe’s effort to develop national champion in a variety of tech sectors using highly targeted industrial policy efforts. The results have not been encouraging, we find.

Thus far, however, the Europeans don’t have much to show for their attempts to produce home-grown tech champions. Despite highly targeted and expensive efforts to foster a domestic tech base, the EU has instead generated a string of industrial policy failures that should serve as a cautionary tale for U.S. pundits and policymakers, who seem increasingly open to more government-steered innovation efforts.

We examine case studies in internet access, search, GPS, video services, and the sharing economy. We then explore newly-proposed industrial policy efforts aimed at developing their domestic AI market. We note how:

no amount of centralized state planning or spending will be able to overcome Europe’s aversion to technological risk-taking and disruption. The EU’s innovation culture generally values stability—of existing laws, institutions and businesses—over disruptive technological change. […] There are no European versions of Microsoft, Google or Apple, even though Europeans obviously demand and consume the sort of products and services those U.S.-based companies provide. It’s simply not possible given the EU’s current regulatory regime.

It seems unlikely that Europe will have much better luck developing home-grown champions in AI and robotics using this same playbook. “American academics and policymakers with an affinity for industrial policy might want to consider a model other than Europe’s misguided combination of fruitless state planning and heavy-handed regulatory edicts,” we conclude.

Head over to Discourse  to read the entire essay.

]]> https://techliberation.com/2021/02/15/european-industrial-policy-follies/feed/ 2 76842 The End of Permissionless Innovation? https://techliberation.com/2021/01/10/the-end-of-permissionless-innovation/ https://techliberation.com/2021/01/10/the-end-of-permissionless-innovation/#comments Sun, 10 Jan 2021 21:24:12 +0000 https://techliberation.com/?p=76823

Time magazine recently declared 2020 “The Worst Year Ever.” By historical standards that may be a bit of hyperbole. For America’s digital technology sector, however, that headline rings true. After a remarkable 25-year run that saw an explosion of innovation and the rapid ascent of a group of U.S. companies that became household names across the globe, politicians and pundits in 2020 declared the party over. “We now are on the cusp of a new era of tech policy, one in which the policy catches up with the technology,” says Darrell M. West of the Brookings Institution in a recent essay, “The End of Permissionless Innovation.” West cites the House Judiciary Antitrust Subcommittee’s October report on competition in digital markets—where it equates large tech firms with the “oil barons and railroad tycoons” of the Gilded Age—as the clearest sign that politicization of the internet and digital technology is accelerating. It is hardly the only indication that America is set to abandon permissionless innovation and revisit the era of heavy-handed regulation for information and communication technology (ICT) markets. Equally significant is the growing bipartisan crusade against Section 230, the provision of the 1996 Telecommunications Act that shields “interactive computer services” from liability for information posted or published on their systems by users. No single policy has been more important to the flourishing of online speech or commerce than Sec. 230 because, without it, online platforms would be overwhelmed by regulation and lawsuits. But now, long knives are coming out for the law, with plenty of politicians and academics calling for it to be gutted. Calls to reform or repeal Sec. 230 were once exclusively the province of left-leaning academics or policymakers, but this year it was conservatives in the White Houseon Capitol Hill and at the Federal Communications Commission (FCC) who became the leading cheerleaders for scaling back or eliminating the law. President Trump railed against Sec. 230 repeatedly on Twitter, and most recently vetoed the annual National Defense Authorization Act in part because Congress did not include a repeal of the law in the measure. Meanwhile, conservative lawmakers in Congress such as Sens. Josh Hawley and Ted Cruz have used subpoenasangry letters and heated hearings to hammer digital tech executives about their content moderation practices. Allegations of anti-conservative bias have motivated many of these efforts. Even Supreme Court Justice Clarence Thomas questioned the law in a recent opinion. Other proposed regulatory interventions include calls for new national privacy laws, an “Algorithmic Accountability Act” to regulate artificial intelligence technologies, and a growing variety of industrial policy measures that would open the door to widespread meddling with various tech sectors. Some officials in the Trump administration even pushed for a nationalized 5G communications network in the name of competing with China. This growing “techlash” signals a bipartisan “Back to the Future” moment, with the possibility of the U.S. reviving a regulatory playbook that many believed had been discarded in history’s dustbin. Although plenty of politicians and pundits are taking victory laps and giving each other high-fives over the impending end of the permissionless innovation era, it is worth considering what America will be losing if we once again apply old top-down, permission slip-oriented policies to the technology sector.

Permissionless Innovation: The Basics

As an engineering principle, permissionless innovation represents the general freedom to tinker and develop new ideas and products in a relatively unconstrained fashion. As I noted in a recent book on the topic, permissionless innovation can also describe a governance disposition or regulatory default toward entrepreneurial activities. In this sense, permissionless innovation refers to the idea that experimentation with new technologies and innovations should generally be permitted by default and that prior restraints on creative activities should be avoided except in those cases where clear and immediate harm is evident. There is an obvious relationship between the narrow and broad definitions of permissionless innovation. When governments lean toward permissionless innovation as a policy default, it is likely to encourage freewheeling experimentation more generally. But permissionless innovation can sometimes occur in the wild, even when public policy instead tends toward its antithesis—the precautionary principle. As I noted in my latest book, tinkerers and innovators sometimes behave evasively and act to make permissionless innovation a reality even when public policy discourages it through precautionary restraints. To be clear, permissionless innovation as a policy default has not meant anarchy. Quite the opposite, in fact. In the United States, over the past 25 years, no major federal agencies that regulate technology or laws that do so were eliminated. Indeed, most agencies grew bigger. But in spite of this, entrepreneurs during this period got more green lights than red ones, and innovation was treated as innocent until proven guilty. This is how and why social media and the sharing economy developed and prospered here and not in other countries, where layers of permission slips prevented such innovations from ever getting off the drawing board. The question now is, how will the shift to end permissionless innovation as a policy default in the U.S. affect innovative activity here more generally? Economic historians Deirdre McCloskey and Joel Mokyr teach us that societal and political attitudes toward growth, risk-taking and entrepreneurialism have a powerful connection with the competitive standing of nations and the possibility of long-term prosperity. If America’s innovation culture sours on the idea of permissionless-ness and moves toward a precautionary principle-based model, creative minds will find it harder to experiment with bold new ideas that could help enrich the nation and improve the well-being of the citizenry—which is exactly why America discarded its old top-down regulatory model in the first place.

Why America Junked the Old Model

Perhaps the easiest way to put some rough bookends on the beginning and end of America’s permissionless innovation era is to date it to the birth and impending death of Sec. 230 itself. The enactment in 1996 of the Telecommunications Act was important, not only because it included Sec. 230, but also because the law created a sort of policy firewall between the old and new worlds of ICT regulation. The old ICT regime was rooted in a complex maze of federal, state and local regulatory permission slips. If you wanted to do anything truly innovative in the old days, you typically needed to get some regulator’s blessing first—sometimes multiple blessings. The exception was the print sector, which enjoyed robust First Amendment protection from the time of the nation’s founding. Newspapers, magazines and book publishers were left largely free of prior restraints regarding what they published or how they innovated. The electronic media of the 20th century were not so lucky. Telephony, radio, television, cable, satellite and other technologies were quickly encumbered with a crazy quilt of federal and state regulations. Those restraints include price controls, entry restrictions, speech restrictions and endless agency threats. ICT policy started turning the corner in the late 1980s after the old regulatory model failed to achieve its mission of more choice, higher quality and lower prices for media and communications. Almost everyone accepted that change was needed, and it came fast. The 1990s became a whirlwind of policy and technological change. In the mid-1990s, the Clinton administration decided to allow open commercialization of the internet, which, until then, had mostly been a plaything for government agencies and university researchers. But it was the enactment of the 1996 telecommunications law that sealed the deal. Not only did the new law largely avoid regulating the internet like analog-era ICT, but, more importantly, it included Sec. 230, which helped ensure that future regulators or overzealous tort lawyers would not undermine this wonderful new resource. A year later, the Clinton administration put a cherry on top with the release of its Framework for Global Electronic Commerce. This bold policy statement announced a clean break from the past, arguing that “the private sector should lead [and] the internet should develop as a market-driven arena, not a regulated industry.” Permissionless innovation had become the foundation of American tech policy.

The Results

Ideas have consequences, as they say, and that includes ramifications for domestic business formation and global competitiveness. While the U.S. was allowing the private sector to largely determine the shape of the internet, Europe was embarking on a very different policy path, one that would hobble its tech sector. America’s more flexible policy ecosystem proved to be fertile ground for digital startups. Consider the rise of “unicorns,” shorthand for companies valued at $1+ billion. “In terms of the global distribution of startup success,” notes the State of the Venture Capital Industry in 2019, “the number of private unicorns has grown from an initial list of 82 in 2015 to 356 in Q2 2019,” and fully half of them are U.S.-based. The United States is also home to the most innovative tech firms. Over the past decade, Strategy& (PricewaterhouseCooper’s strategy consulting business) has compiled a list of the world’s most innovative companies, based on R&D efforts and revenue. Each year that list is dominated by American tech companies. In 2013, 9 of the top 10 most innovative companies were based in the U.S., and most of them were involved in computing, software and digital technology. Global competition is intensifying, but in the most recent 2018 list, 15 of the top 25 companies are still U.S.-based giants, with Amazon, Google, Intel, Microsoft, Apple, Facebook, Oracle and Cisco leading the way. Meanwhile, European digital tech companies cannot be found on any such list. While America’s tech companies are household names across the European continent, most people struggle to name a single digital innovator headquartered in the EU. Permissionless innovation crushed the precautionary principle in the trans-Atlantic policy wars. European policymakers have responded to the continent’s digital stagnation by doubling down on their aggressive regulatory efforts. The EU closed out 2020 with two comprehensive new measures (the Digital Services Act and the Digital Markets Act), while the U.K. simultaneously pursued a new “online harms” law. Taken together, these proposals represent “the biggest potential expansion of global tech regulation in years,” according to The Wall Street Journal. The measures will greatly expand extraterritorial control over American tech companies. Having decimated their domestic technology base and driven away innovators and investors, EU officials are now resorting to plugging budget shortfalls with future antitrust fines on U.S.-based tech companies. It has essentially been a lost quarter century for Europe on the information technology front, and now American companies are expected to pay for it.

Republicans Revive ‘Regulation-By-Raised-Eyebrow’

In light of the failure of Europe’s precautionary principle-based policy paradigm, and considering the threat now posed by the growing importance of various Chinese tech companies, one might think U.S. policymakers would be celebrating the competitive advantages created by a quarter century of American tech dominance and contemplating how to apply this winning vision to other sectors of the economy. Alas, despite its amazing run, business and political leaders are now turning against permissionless innovation as America’s policy lodestar. What is most surprising is how this reversal is now being championed by conservative Republicans, who traditionally support deregulation. President Trump also called for tightening the screws on Big Tech. For example, in a May 2020 Executive Order on “Preventing Online Censorship,” he accused online platforms of “selective censorship that is harming our national discourse” and suggested that “these platforms function in many ways as a 21st century equivalent of the public square.” Trump and his supporters put Google, Facebook, Twitter and Amazon in their crosshairs, accusing them of discriminating against conservative viewpoints or values. The irony here is that no politician owes more to modern social media platforms than Donald Trump, who effectively used them to communicate his ideas directly to the American people. Moreover, conservative pundits now enjoy unparalleled opportunity to get their views out to the wider world thanks to all the digital soapboxes they now can stand on. YouTube and Twitter are chock-full of conservative punditry, and the daily list of top 10 search terms on Facebook is dominated consistently by conservative voices, where “the right wing has a massive advantage,” according to Politico. Nonetheless, conservatives insist they still don’t get a fair shake from the cornucopia of new communications platforms that earlier generations of conservatives could have only dreamed about having at their disposal. They think the deck is stacked against them by Silicon Valley liberals. This growing backlash culminated in a remarkable Senate Commerce Committee hearing on Oct. 28 in which congressional Republicans hounded tech CEOs and called for more favorable treatment of conservatives, and threatened social media companies with regulation if conservative content was taken down. Liberal lawmakers, by contrast, uniformly demanded the companies do more to remove content they felt was harmful or deceptive in some fashion. In many cases, lawmakers on both sides of the aisle were talking about the exact same content, putting the companies in the impossible position of having to devise a Goldilocks formula to get the content balance just right, even though it would be impossible to make both sides happy. In the broadcast era, this sort of political harassment was known as the “regulation-by-raised-eyebrow” approach, which allowed officials to get around First Amendment limitations on government content control. Congressional lawmakers and regulators at the FCC would set up show trial hearings and use political intimidation to gain programming concessions from licensed radio and television operators. These shakedown tactics didn’t always work, but they often resulted in forms of soft censorship, with media outlets editing content to make politicians happy. The same dynamic is at work today. Thus, when a firebrand politician like Sen. Josh Hawley suggests “we’d be better off if Facebook disappeared,” or when Sohrab Ahmari, the conservative op-ed editor at the New York Postcalls for the nationalization of Twitter, they likely understand these extreme proposals won’t happen. But such jawboning represents an easy way to whip up your base while also indirectly putting intense pressure on companies to tweak their policies. Make us happy, or else! It is not always clear what that “or else” entails, but the accumulated threats probably have some effect on content decisions made by these firms. Whether all this means that Sec. 230 gets scrapped or not shouldn’t distract from the more pertinent fact: few on the political right are preaching the gospel of permissionless innovation anymore. Even tech companies and Silicon Valley-backed organizations now actively distance themselves from the term. Zachary Graves, head of policy at Lincoln Network, a tech advocacy organization, worries that permissionless innovation is little more than a “legitimizing facade for anarcho-capitalists, tech bros, and cynical corporate flacks.” He lines up with the growing cast of commentators on both the left and right who endorse a “Tech New Deal” without getting concrete about what that means in practice. What it likely means is a return to a well-worn regulatory playbook of the past that resulted in innovation stagnation and crony capitalism.

A More Political Future

Indeed, as was the case during past eras of permission slip-based policy, our new regulatory era will be a great boon to the largest tech companies. Many people advocate greater regulation in the name of promoting competition, choice, quality and lower prices. But merely because someone proclaims that they are looking to serve the public interest doesn’t mean the regulatory policies they implement will achieve those well-intentioned goals. The means to the end—new rules, regulations and bureaucracies—are messy, imprecise and often counterproductive. Fifty years ago, the Nobel prize-winning economist George Stigler taught us that, “as a rule, regulation is acquired by the industry and is designed and operated primarily for its benefits.” In other words, new regulations often help to entrench existing players rather than fostering greater competition. Countless experts since then have documented the problem of regulatory capture in various contexts. If the past is prologue, we can expect many large tech firms to openly embrace regulation as they come to see it as a useful way of preserving market share and fending off pesky new rivals, most of whom will not be able to shoulder the compliance burdens and liability threats associated with permission slip-based regulatory regimes. True to form, in recent congressional hearings, Facebook head Mark Zuckerberg called on lawmakers to begin regulating social media markets. The company then rolled out a slick new website and advertising campaign inviting new rules on various matters. It is always easy for the king of the hill to call for more regulation when that hill is a mound of red tape of their own making—and which few others can ascend. It is a lesson we should have learned in the AT&T era, when a decidedly unnatural monopoly was formed through a partnership between company officials and the government.

Image Credit: Infrogmation/Wikimedia Commons

Many independent telephone companies existed across America before AT&T’s leaders cut sweetheart deals with policymakers that tilted the playing field in its favor and undermined competition. With rivals hobbled by entry restrictions and other rules, Ma Bell went on to enjoy more than a half century of stable market share and guaranteed rates of return. Consumers, by contrast, were expected to be content with plain-vanilla telephone services that barely changed. Some of us are old enough to remember when the biggest “innovation” in telephony involved the move from rotary-dial phones to the push-button Princess phone, which, we were thrilled to discover, came in multiple colors and had a longer cord. In a similar way, the impending close of the permissionless innovation era signals the twilight of technological creative destruction and its replacement by a new regime of political favor-seeking and logrolling, which could lead to innovation stagnation. The CEOs of the remaining large tech companies will be expected to make regular visits to the halls of Congress and regulatory agencies (and to all those fundraising parties, too) to get their marching orders, just as large telecom and broadcaster players did in the past. We will revert to the old historical trajectory, which saw communications and media companies securing marketplace advantages more through political machinations than marketplace merit.

Will Politics Really Catch Up?

While permissionless innovation may be falling out of favor with elites, America’s entrepreneurial spirit will be hard to snuff out, even when layers of red tape make it riskier to be creative. If for no other reason, permissionless innovation still has a fighting chance so long as Congress struggles to enact comprehensive technology measures. General legislative dysfunction and profound technological ignorance are two reasons that Congress has largely become a non-actor on tech policy in recent years. But the primary limitation on legislative meddling is the so-called pacing problem, which refers to the way technological innovation often outpaces the ability of laws and regulations to keep up. “I have said more than once that innovation moves at the speed of imagination and that government has traditionally moved at, well, the speed of government,” observed former Federal Aviation Administration head Michael Huerta in a 2016 speech.

DNA sequencing machine. Image Credit: Assembly/Getty Images

The same factors that drove the rise of the internet revolution—digitization, miniaturization, ubiquitous mobile connectivity and constantly increasing processing power—are spreading to many other sectors and challenging precautionary policies in the process. For example, just as “Moore’s Law” relentlessly powers the pace of change in ICT sectors, the “Carlson curve” now fuels genetic innovation. The curve refers to the fact that, over the past two decades, the cost of sequencing a human genome has plummeted from over $100 million to under $1,000, a rate nearly three times faster than Moore’s Law. Speed isn’t the only factor driving the pacing problem. Policymakers also struggle with metaphysical considerations about how to define the things they seek to regulate. It used to be easy to agree what a phone, television or medical tracking device was for regulatory purposes. But what do those terms really mean in the age of the smartphone, which incorporates all of them and much more? “‘Tech’ is a very diverse, widely-spread industry that touches on all sorts of different issues,” notes tech analyst Benedict Evans. “These issues generally need detailed analysis to understand, and they tend to change in months, not decades.” This makes regulating the industry significantly more challenging than it was in the past. It doesn’t mean the end of regulation—especially for sectors already encumbered by many layers of preexisting rules. But these new realities lead to a more interesting game of regulatory whack-a-mole: pushing down technological innovation in one way often means it simply pops up somewhere else. The continued rapid growth of what some call “the new technologies of freedom”—artificial intelligence, blockchain, the Internet of Things, etc.—should give us some reasons for optimism. It’s hard to put these genies back in their bottles now that they’re out. This is even more true thanks to the growth of innovation arbitrage—both globally and domestically. Creators and capital now move fluidly across borders in pursuit of more hospitable innovation and investment climates. Recently, some high-profile tech CEOs like Elon Musk and Joe Lonsdale have relocated from California to Texas, citing tax and regulatory burdens as key factors in their decisions. Oracle, America’s second-largest software company, also just announced it is moving its corporate headquarters from Silicon Valley to Austin, just over a week after Hewlett Packard Enterprise said it too is moving its headquarters from California to Texas—in this case, Houston. “Voting with your feet” might actually still mean something, especially when it is major tech companies and venture capitalists abandoning high-tax, over-regulated jurisdictions.

Advocacy Remains Essential

But we shouldn’t imagine that technological change is inevitable or fall into the trap of thinking of it as a sort of liberation theology that will magically free us from repressive government controls. Policy advocacy still matters. Innovation defenders will need to continue to push back against the most burdensome precautionary policies, while also promoting reforms that protect entrepreneurial endeavors. The courts offer us great hope. Groups like the Institute for Justice, the Goldwater Institute, the Pacific Legal Foundation and others continue to litigate successfully in defense of the freedom to innovate. While the best we can hope for in the legislative arena may be perpetual stalemate, these and other public interest law firms are netting major victories in courtrooms across America. Sometimes court victories force positive legislative changes, too. For example, in 2015, the Supreme Court handed down North Carolina State Board of Dental Examiners v. Federal Trade Commission, which held that local government cannot claim broad immunity from federal antitrust laws when it delegates power to nongovernmental bodies, such as licensing boards. This decision made much-needed occupational licensing reform an agenda item across America. Many states introduced or adopted bipartisan legislation aimed at reforming or sunsetting occupational licensing rules that undermine entrepreneurship. Even more exciting are proposals that would protect citizens’ “right to earn a living.” This right would allow individuals to bring suit if they believe a regulatory scheme or decision has unnecessarily infringed upon their ability to earn a living within a legally permissible line of work. Meanwhile, there have been ongoing state efforts to advance “right to try” legislation that would expand medical treatment options for Americans tired of overly paternalistic health regulations. Perhaps, then, it is too early to close the book on the permissionless innovation era. While dark political clouds loom over America’s technological landscape, there are still reasons to believe the entrepreneurial spirit can prevail.
]]> https://techliberation.com/2021/01/10/the-end-of-permissionless-innovation/feed/ 2 76823 New Report: “Raising Rivals’ Costs Using the GDPR” (Just $1999!) https://techliberation.com/2019/10/10/new-report-raising-rivals-costs-using-the-gdrp-just-1999/ https://techliberation.com/2019/10/10/new-report-raising-rivals-costs-using-the-gdrp-just-1999/#comments Thu, 10 Oct 2019 19:19:12 +0000 https://techliberation.com/?p=76614

“Rent-Seeking Consultants, Inc.,” a subsidiary of the Strategies and Tactics to Annoy Neighbors (SATAN) Group, is pleased to announce its latest product for clients looking to exploit well-intentioned regulation to serve their own ends. Our new report, “Raising Rivals’ Costs Using the GDPR: A Strategic Guide to Thwarting Competition, Expanding Market Share & Enhancing Profits with Minimal Effort,” is available for immediate download for just $1,999 (discounted to just $999 for our loyal “Dante’s Ninth Circle” club members).

Over the last three decades, our experts at Rent-Seeking Consultants have dedicated themselves to the mission of advancing narrow interests at the expense of public welfare. We have done so by creatively exploiting laws and regulations that — while often implemented with the very best of intentions in mind — we recognized could be converted into a tool to advantage the few at the expense of the many.

Our motto: Where others see good intentions, we see good opportunities!

Our “Raising Rivals’ Costs Using the GDPR” report continues our latest line of new products, which aim to take Europe’s bold new privacy regulatory regime and convert it into a rent-seeker’s paradise. Our previous report outlined, “How to Pretend Compliance Costs Will Destroy Your Big Company, While Also Letting Your Shareholders Know It is Actually an Amazing Way to Crush the Competition.”

In our new report, we discuss how to weaponize the GDPR complaint process to your advantage. In this regard, some crowd-sourced efforts already exist, such as the “Ship Your Enemies GDPR” website. The site helps you take advantage of GDPR’s legal requirements by forcing rival firms to respond to as many frivolous claims as you can send their way. “We’ll help you send them a GDPR Data Access Request designed to waste as much of their time as possible,” the site notes.

More recently, angry gamers took to Reddit to devise a plan to use GDPR to harass gaming giant Blizzard. Fans were mad that Blizzard had kowtowed to the Chinese government by suspending a professional gamer who had voiced support for Hong Kong protestors. In essence, the Reddit protestors hope to use the GDPR to generate the equivalent of a DDOS attack on a company through massive, coordinated data requests. Brilliant!

We admire the spirit of these ingenious initiatives, but we aim to more fully capture the value associated with them for our clients using concerted manipulation of whatever political levers we can help you pull. How? Weaponizing complaint processes is a tactic that Rent-Seeking Consultants, Inc. has used effectively in the past. When a small handful of censorial-minded folks wanted to get the Federal Communications Commission to beef up fines and penalties for broadcast “indecency,” we helped them stuff the ballot box at the agency with form letters and fake complaints to make regulators believe the public was clamoring for greater censorship, when it reality it was just serving a very small group of people who wanted a heckler’s veto over broadcast programming. We tied those broadcasters up in courts for years with these tactics! Meanwhile, the new media operators we also represented were able to race ahead with whatever content they wanted to post on their platforms. Victory!

This led to the creation of our Scaring Consumers Really Effectively While Earning Money (SCREWEM™) initiative, which eventually won the prestigious Lobbying Award for Manipulating Effectively (LAME) Award in the “Creating Needless Panic” category. Our latest report highlights how we can use that same SCREWEM™ system to whip up serious privacy-related troubles for your rivals using the GDPR complaint process — all while pretending that this is all in the public interest.

We hope you will consider ordering our new report, and please let us know what we can do to help our trusted clients take advantage of well-intentioned regulation to undermine the public good on an ongoing basis. Finally, with California set to impose costly new privacy mandates extraterritorially on the entire nation, you can count on us being in touch again soon about exciting new opportunities for raising rivals’ costs using the machinery of the State.

Sincerely,

I.M. Prehensile Director of Strategic Political Exploits for S.A.T.A.N.

[This has been an act of satire, but the unintended consequences of GDPR are quite real. For some hard facts about what GDPR has meant in practice, see: Alec Stapp, “ GDPR after One Year: Costs and Unintended Consequences ,” and Eline Chivot and Daniel Castro, “ What the Evidence Shows About the Impact of the GDPR After One Year .” More generally, see: “Tech Policy, Unintended Consequences & the Failure of Good Intentions.”]

]]> https://techliberation.com/2019/10/10/new-report-raising-rivals-costs-using-the-gdrp-just-1999/feed/ 3 76614 GDPR Compliance: The Price of Privacy Protections https://techliberation.com/2018/07/09/gdpr-compliance-the-price-of-privacy-protections/ https://techliberation.com/2018/07/09/gdpr-compliance-the-price-of-privacy-protections/#respond Tue, 10 Jul 2018 00:43:36 +0000 https://techliberation.com/?p=76312

In preparation for a Federalist Society teleforum call that I participated in today about the compliance costs of the EU’s General Data Protection Regulation (GDPR), I gathered together some helpful recent articles on the topic and put together some talking points. I thought I would post them here and try to update this list in coming months as I find new material. (My thanks to Andrea O’Sullivan for a major assist on coming up with all this.)

Key Points :

  • GDPR is no free lunch; compliance is very costly
      • All regulation entails trade-offs, no matter how well-intentioned rules are
      • $7.8 billion estimated compliance cost for U.S. firms already
      • Punitive fees can range from €20 million to 4 percent of global firm revenue
      • Vagueness of language leads to considerable regulatory uncertainty — no one knows what “compliance” looks like
      • Even EU member states do not know what compliance looks like: 17 of 24 regulatory bodies polled by Reuters said they were unprepared for GDPR
  • GDPR will hurt competition & innovation; favors big players over small
      • Google, Facebook & others beefing up compliance departments. (“ EU official, Vera Jourova: “They have the money, an army of lawyers, an army of technicians and so on.”)
      • Smaller firms exiting or dumping data that could be used to provide better, more tailored services
      • PwC survey found that 88% of companies surveyed spent more than $1 million on GDPR preparations, and 40% more than $10 million.
      • Before GDPR, half of all EU ad spend went to Google. The first day after it took effect, an astounding 95 percent went to Google.
      • In essence, with the GDPR, the EU is surrendering on the idea of competition being possible going forward
      • The law will actually benefit the same big companies that the EU has been going after on antitrust grounds. Meanwhile, the smaller innovators and innovations will suffer.

  • GDPR likely to raise costs to consumers, or diminish choice/quality
      • Consumers care about privacy, but they also care about choice, convenience, and low-cost services
      • The modern data-driven economy has given consumers access to an unparalleled cornucopia of information and services and it is remarkable how much of that content and how many of those services are offered to the public at no charge to them. That’s a real benefit.  
      • But if you take all the data out of the Data Economy, you won’t have much of an economy left
      • “Many organizations will pass these costs on to consumers either by erecting paywalls or forcing users to view more ads.”
      • Websites blacked out post GDPR: Instapaper, Los Angeles Times , Chicago Tribune (all Tronc- and Lee Enterprises-owned media platforms), A&E Networks websites.
      • “EU-only” web experience: stripped down websites without illustration or images. NPR and USA Today .
      • Washington Post is charging for a more expensive GDPR compliant subscription.
  • GDPR hurts global flow of information; worsens problem of data localization
    • Rules only allow data to move to jurisdictions that offer an adequate level of protection
    • Cloud computing? Cloud architects are building costly new infrastructure that can isolate and inspect EU data to ensure it is not “sent” to the wrong jurisdiction.
    • Another step toward a more “bordered” Internet
    • Likely to just create more walled gardens
    • Max Schrems: “Unfortunately data localization is probably the best solution right now. It’s not really a solution that appeals to me a lot, but I think we need data localization for other reasons anyways, like load times and so on.”
    • Roundabout way to impose tariffs? Data-based firms are largely external to EU.
  • GDPR doesn’t solve bigger problem of government access to data
    • EU Data Retention Directive: third parties must keep data for law enforcement for two years (passed after terrorist attacks).
    • EU member states often have no FISA-like body overseeing government wiretap requests. France and the UK have no court apparatus governing surveillance — instead issued directly by administrative bodies. In Germany, their FBI equivalent can install a “Federal Trojan” virus directly into third party platforms without their knowledge.
  • GDPR doesn’t really move the needle much in terms of real privacy protection
    • heavy-handed, top-down regulatory regimes don’t always accomplish their goals when it comes to privacy
    • what consumers need is new competitive options and privacy innovations
    • Unfortunately, the world won’t get the new choices we need if regulations like the GDPR essentially punish them with regulatory compliance costs that only the largest current incumbents can possibly absorb

Related Research & Articles :

]]> https://techliberation.com/2018/07/09/gdpr-compliance-the-price-of-privacy-protections/feed/ 0 76312 Unintended Consequences of the EU Safe Harbor Ruling https://techliberation.com/2015/10/06/unintended-consequenses-of-the-eu-safe-harbor-ruling/ https://techliberation.com/2015/10/06/unintended-consequenses-of-the-eu-safe-harbor-ruling/#comments Tue, 06 Oct 2015 15:12:58 +0000 http://techliberation.com/?p=75831

The big news out of Europe today is that the European Court of Justice (ECJ) has invalidated the 15-year old EU-US safe harbor agreement, which facilitated data transfers between the EU and US. American tech companies have relied on the safe harbor to do business in the European Union, which has more onerous data handling regulations than the US. [PDF summary of decision here.] Below I offer some quick thoughts about the decision and some of its potential unintended consequences.

#1) Another blow to new entry / competition in the EU: While some pundits are claiming this is a huge blow to big US tech firms, in reality, the irony of the ruling is that it will bolster the market power of the biggest US tech firms, because they are the only ones that will be able to afford the formidable compliance costs associated with the resulting regulatory regime. In fact, with each EU privacy decision, Google, Facebook, and other big US tech firms just get more dominant. Small firms just can’t comply with the EU’s expanding regulatory thicket. “It will involve lots of contracts between lots of parties and it’s going to be a bit of a nightmare administratively,” said Nicola Fulford, head of data protection at the UK law firm Kemp Little when commenting on the ruling to the BBC. “It’s not that we’re going to be negotiating them individually, as the legal terms are mostly fixed, but it does mean a lot more paperwork and they have legal implications.” And by driving up regulatory compliance costs and causing constant delays in how online business is conducted, the ruling will (again, on top of all the others) greatly limits entry and innovation by new, smaller players in the digital world. In essence, EU data regulations have already wiped out much of the digital competition in Europe and now this ruling finishes off any global new entrants who might have hoped of breaking in and offering competitive alternatives. These are the sorts of stories never told in antitrust circles: costly government rulings often solidify and extend the market dominance of existing companies. Dynamic effects matter. That is certainly going to be the case here.

#2) Cross-border digital trade suffers: This conclusion follows from point #1, of course. Writing just before the decision was announced, lawyers as Norton Rose Fulbright’s Data Compliance Report blog noted that if the safe harbor was invalidated, “the impact on the world economy would be immense.” Well, here we are.  Dan Castro of ITIF hopes that EU and US officials can pull back from the brink of this impending disaster and “finish the process of creating a Safe Harbor 2.0 with terms that give comfort to all parties.” I suspect that many tech companies are hoping for the same miracle to occur. But don’t hold your breath. The Europeans have decided that this is the hill that they will die on. They haven’t shown too much interest in preserving an innovative tech market or enhancing global digital trade flows in the past due to heightened concerns about privacy, and there’s no reason to think they will back down now with a more measured approach. Importantly, as I noted in my earlier essay, “How Attitudes about Risk & Failure Affect Innovation on Either Side of the Atlantic,” this trans-Atlantic clash of vision transcends the debate over privacy law. It’s about broader cultural and political attitudes toward risk-taking and disruption. Most leaders in Europe value stability–both economic and cultural stability–more than US officials and citizens. This tension was always bound to reach a breaking point and the Digital Economy and data handling policies is where the you-know-what is finally hitting the fan.

#3) Web Balkanization accelerates: This is just another blow to the idea of a seamless global Internet. But as tech lawyer Tiffany C. Li pointed out on Twitter this morning in response to the decision, while Web pundits decry balkanization in other contexts, many of them seem to be cheering it on in this case because this decision deals with privacy and data regulation, which they favor more regulation of. But you can’t have your cake and eat it to. Indeed, the great irony of so many “Internet freedom” debates today is that pundits absolutely hate the idea of Internet control and Web balkanization… right up until the point where they absolutely love it! Think of this as the tech policy world’s selective morality problem. (I elaborated on these themes in my essays “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed,” and “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges.”)

//platform.twitter.com/widgets.js //platform.twitter.com/widgets.js //platform.twitter.com/widgets.js //platform.twitter.com/widgets.js

#4) But the big dogs won’t bolt out of Europe: But this should also be another reminder that there are no “John Galt moments” in the world of tech, as some tech libertarians hope. The biggest players won’t pack their bags and head home because there’s still too much money sitting on the table in Europe. Big firms will instead scramble to comply, just as they are trying to do with the so-called Right to Be Forgotten ruling. Of course, this just exacerbates problem #1 already discussed above: The big dogs stay and do their best to comply with the costly regulatory regime while smaller players get crushed by the rules and all the other potential new entrants just stay home.

#5) The decision ignores the real problem: widespread government surveillance: I don’t often find myself agreeing with Cory Doctorow on much, but he gets it exactly right when he notes that, “this doesn’t mean that Europeans won’t be subjected to mass surveillance, including mass surveillance by the NSA.” He elaborates:

If the European Court of Justice wants to end mass surveillance of Europeans, it can only do so by banning mass surveillance — by ruling that laws that treat foreigners’ data as fair game are unconstitutional. If US tech giants want to get loose from a farcical, expensive, and pointless exercise that continues to treat them as adjuncts to the world’s spy agencies, they need to lobby the US government to change the laws under which it treats foreigners as fair game.

Thus, it would certainly be nice if, as CDT suggested in response to the ruling, that the “EU Safe Harbour Ruling Should Reinvigorate Surveillance Reform Efforts.” Of course, that requires that tech companies muster the courage to stand up to public officials here in the States who always want them to (literally) hand over the keys to the kingdom. That’s why the current debate over crypto backdoors is so essential. It’s good to see a number of tech companies pushing back on that front and refusing to get rolled by law enforcement and national security agencies the way that far too many telecom and tech companies have been in the past. Following today’s ECJ ruling, tech companies are realizing just how serious this problem really is because now European officials are striking out against the safe harbor agreement as a surrogate for their general frustrations with US surveillance more generally. Indeed, in a press release following today’s ECJ ruling, the Internet Association, which represents major US tech firms, noted that, “The Internet industry has consistently supported surveillance reform” and the Association pushed for swift congressional action to clarify and limit existing surveillance powers. It remains to be seen whether the US tech sector and other related industries will be able to push back effectively against the growing surveillance state leviathan, but it’s more clear today than ever before why that’s a fight worth having.

]]> https://techliberation.com/2015/10/06/unintended-consequenses-of-the-eu-safe-harbor-ruling/feed/ 2 75831 How Attitudes about Risk & Failure Affect Innovation on Either Side of the Atlantic https://techliberation.com/2015/06/19/how-attitudes-about-risk-failure-affect-innovation-on-either-side-of-the-atlantic/ https://techliberation.com/2015/06/19/how-attitudes-about-risk-failure-affect-innovation-on-either-side-of-the-atlantic/#comments Fri, 19 Jun 2015 22:15:06 +0000 http://techliberation.com/?p=75596

“Why hasn’t Europe fostered the kind of innovation that has spawned hugely successful technology companies?” asks James B. Stewart in an important new column for the New York Times (“A Fearless Culture Fuels U.S. Tech Giants“).

That’s a great question, and one that I have tried to answer in a series of recent essays. (See, for example, “Europe’s Choice on Innovation” and “Embracing a Culture of Permissionless Innovation.”) What I have suggested in those essays is that the starkly different outcomes on either side of the Atlantic in terms of recent economic growth and innovation can primarily be explained by cultural attitudes toward risk-taking and failure. “For innovation and growth to blossom, entrepreneurs need a clear green light from policymakers that signals a general acceptance of risk-taking—especially risk-taking that challenges existing business models and traditional ways of doing things,” I have argued. And the most powerful proof of this is to examine the amazing natural experiment that has played out on either side of the Atlantic over the past two decades with the Internet and the digital economy.

For example, an annual Booz & Company report on the world’s most innovative companies revealed that 9 of the top 10 most innovative companies are based in the U.S. and that most of them are involved in computing and digital technology. None of them are based in Europe, however. Another recent survey revealed that the world’s 15 most valuable Internet companies (based on market capitalizations) have a combined market value of nearly $2.5 trillion, but none of them are European while 11 of them are U.S. firms. Again, it is America’s tech innovators that dominate that list.

Many European officials and business leaders are waking up to this grim reality and are wondering how to reverse this situation. In his  Times essay, Stewart quotes Danish economist Jacob Kirkegaard of the Peterson Institute for International Economics, who notes that Europeans “all want a Silicon Valley. . . . But none of them can match the scale and focus on the new and truly innovative technologies you have in the United States. Europe and the rest of the world are playing catch-up, to the great frustration of policy makers there.”

OK, but why is that? Again, it comes down to those different cultural attitudes about risk and the stark differences over the potential lessons to be gained from allowing firms, business models, and entire professions to fail and/or be significantly disrupted.

Stewart quotes German economist Petra Moser on this point. He noted that “Europeans are worried. . . . They’re trying to recreate Silicon Valley in places like Munich, so far with little success,” she said. “The institutional and cultural differences are still too great.” In Europe, stability is prized,” she says. Here’s the key passage from the Stewart piece elaborating on this point:

Often overlooked in the success of American start-ups is the even greater number of failures. “Fail fast, fail often” is a Silicon Valley mantra, and the freedom to innovate is inextricably linked to the freedom to fail. In Europe, failure carries a much greater stigma than it does in the United States. Bankruptcy codes are far more punitive, in contrast to the United States, where bankruptcy is simply a rite of passage for many successful entrepreneurs.

Moreover, he notes, “Europeans are also much less receptive to the kind of truly disruptive innovation represented by a Google or a Facebook.”

And that remains the heart of the problem for Europe. What many leaders there fail to appreciate, as I noted in my earlier essays, is that:

Innovation is more likely in systems that maximize breathing room for ongoing economic and social experimentation, evolution, and adaptation. Societies that appreciate those values—and allow them to influence both social norms and policy decisions—are likely to experience greater economic growth. By contrast, those that deride such values and adopt a more precautionary policy approach are more likely to discourage innovation and languish economically.

The remarkable aversion to failure and its affect on deterring entrepreneurialism and long-term growth in Europe and elsewhere cannot be overstated. As I will argue in a forthcoming book chapter on this topic, we can conclude, paradoxically, that individuals, institutions, and countries that over-zealously seek to avoid the possibility of certain short-term failures are actually far more prone to potentially far more dangerous and systemic failures in the long-term. Put more simply: the more you try to avoid all the little failures, the harder you fail more generally. This is Europe’s fundamental predicament circa 2015.

Of course, changing long-entrenched cultural attitudes toward risk and failure can be challenging and take many years, even decades. But the path forward–at least in terms of legal policy and regulatory reforms–has been charted by Larry Downes in his new Harvard Business Review essay, “How Europe Can Create Its Own Silicon Valley.” EU policymakers, he correctly observes, will “have to learn to appreciate in the first place the profound role regulation (or the lack of it) plays in the creation of economic value in the Internet economy.” Downes then continues on to itemize some of the policy changes that would help put Europe on the right track to unlock the amazing entrepreneurial spirit that lies dormant across the continent.

Whether or not the Europeans are willing to take those steps remains to be seen. Regardless, the lesson for U.S. policymakers should be clear: If you want to continue to produce world-beating tech innovators, you must avoid Europe’s overly precautionary and highly risk-averse approach to policy. “Permissionless innovation” remains the better default policy position toward new entrepreneurs and technologies, no matter how disruptive they may be in the short-term.

]]> https://techliberation.com/2015/06/19/how-attitudes-about-risk-failure-affect-innovation-on-either-side-of-the-atlantic/feed/ 2 75596 Study: No, US Broadband is not Falling Behind https://techliberation.com/2014/08/13/us-broadband-is-not-falling-behind/ https://techliberation.com/2014/08/13/us-broadband-is-not-falling-behind/#comments Wed, 13 Aug 2014 16:25:08 +0000 http://techliberation.com/?p=74689

There’s a small but influential number of tech reporters and scholars who seem to delight in making the US sound like a broadband and technology backwater. A new Mercatus working paper by Roslyn Layton, a PhD fellow at a research center at Aalborg University, and Michael Horney a researcher at the Free State Foundation, counter that narrative and highlight data from several studies that show the US is at or near the top in important broadband categories.

For example, per Pew and ITU data, the vast majority of Americans use the Internet and the US is second in the world in data consumption per capita, trailing only South Korea. Pew reveals that for those who are not online the leading reasons are lack of usability and the Internet’s perceived lack of benefits. High cost, notably, is not the primary reason for infrequent use.

I’ve noted before some of the methodological problems in studies claiming the US has unusually high broadband prices. In what I consider their biggest contribution to the literature, Layton and Horney highlight another broadband cost frequently omitted in international comparisons: the mandatory media license fees many nations impose on broadband and television subscribers.

These fees can add as much as $44 to the monthly cost of broadband. When these fees are included in comparisons, American prices are frequently an even better value. In two-thirds of European countries and half of Asian countries, households pay a media license fee on top of the subscription fees to use devices such as connected computers and TVs. …When calculating the real cost of international broadband prices, one needs to take into account media license fees, taxation, and subsidies. …[T]hese inputs can materially affect the cost of broadband, especially in countries where broadband is subject to value-added taxes as high as 27 percent, not to mention media license fees of hundreds of dollars per year.

US broadband providers, the authors point out, have priced broadband relatively efficiently for heterogenous uses–there are low-cost, low-bandwidth connections available as well as more expensive, higher-quality connections for intensive users.

Further, the US is well-positioned for future broadband use. Unlike many wealthy countries, Americans typically have access, at least, to broadband from telephone companies (like AT&T DSL or UVerse) as well as from a local cable provider. Competition between ISPs has meant steady investment in network upgrades, despite the 2008 global recession. The story is very different in much of Europe, where broadband investment, as a percentage of the global total, has fallen noticeably in recent years. US wireless broadband is also a bright spot: 97% of Americans can subscribe to 4G LTE while only 26% in the EU have access (which partially explains, by the way, why Europeans often pay less for mobile subscriptions–they’re using an inferior product).

There’s a lot to praise in the study and it’s necessary reading for anyone looking to understand how US broadband policy compares to other nations’. The fashionable arguments that the US is at risk of falling behind technologically were never convincing–the US is THE place to be if you’re a tech company or startup, for one–but Layton and Horney show the vulnerability of that narrative with data and rigor.

]]> https://techliberation.com/2014/08/13/us-broadband-is-not-falling-behind/feed/ 3 74689 A Better, Simpler Narrative for U.S. Privacy Policy https://techliberation.com/2013/03/19/a-better-simpler-narrative-for-u-s-privacy-policy/ https://techliberation.com/2013/03/19/a-better-simpler-narrative-for-u-s-privacy-policy/#comments Tue, 19 Mar 2013 19:29:38 +0000 http://techliberation.com/?p=44227

Last week on his personal blog, Peter Fleischer, Global Privacy Counsel for Google, posted an interesting essay entitled “We Need a Better, Simpler Narrative of US Privacy Laws.” Fleischer says that Europe has done a better job marketing its privacy regime to the world than the United States and argues that “The US has to figure out how to explain its privacy laws on the global stage” since “Europe is convincing many countries around the world to implement privacy laws that follow the European model.” He notes that “in the last year alone, a dozen countries in Latin America and Asia have adopted euro-style privacy laws [while] not a single country, anywhere, has followed the US model.” Fleischer argues that this has ramifications for long-term trade policy and global Internet regulation more generally.

I found this essay very interesting because I deal with some of these issues in my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing” (Harvard Journal of Law & Public Policy, vol. 36, no. 2, Spring 2013). In the article, I suggest that the U.S. does have a unique privacy regime and it is one that is very similar in character to the regime that governs online child safety issues. Whether we are talking about online safety or digital privacy, the defining characteristics of the U.S. regime are that it is bottom-up, evolutionary, education-based, empowerment-focused, and resiliency-centered. It focuses on responding to safety and privacy harms after exhausting other alternatives, including market responses and the evolution of societal norms.

The EU regime, by contrast, is more top-down in character and takes a more static, inflexible view of privacy rights. It tries to impose a one-size-fits-all model on a diverse citizenry and it attempts to do so through heavy-handed data directives and ongoing “agency threats.” It is a regime that makes more sweeping pronouncements about rights and harms and generally recommends a “precautionary principle” approach to technological change in which digital innovation is more “permissioned.”

Put simply, the U.S. regime is reactive in character while the E.U. regime is more preemptive.  The U.S. system focuses on responding to safety and privacy problems using a more diverse toolbox of solutions, some of which are governmental in character while others are based on evolving social and market norms and responses. To be clear, law does enter the picture here in the U.S., but it does so in a very different way than it does in the E.U.  Fleischer actually explains that point quite nicely in his essay:

[W]hat is the US model?  People in the privacy profession know that the US has a dense “patchwork” model of privacy laws: every individual US State has numerous privacy laws, the Federal government has numerous sectoral laws, and numerous other “non-privacy” laws, like consumer protection laws, are regularly invoked in privacy matters.  Regulators in many corners of government, ranging from State attorneys general, to the Federal Trade Commission, and armies of class action lawyers inspect every privacy issue for possible actions.

Indeed, in my new law review article, I summarize the litany of cases the FTC has brought recently on the data security and privacy front using its authority under Section 5 of the Federal Trade Commission Act to police “unfair and deceptive” practices. State AGs are active on this front as well, and there is plenty of class action activity every time there’s a privacy or data security screw-up.

Meanwhile, public officials continue to work collaboratively with privacy advocates, corporations, and educators to develop better education and awareness-building efforts, including “best practices” on safety, security, and privacy issues.

For more details on this U.S. model, please consult pages 436-454 of my article, in which I provide a comprehensive overview of what I refer to as America’s “3-E Approach” to dealing with online safety and digital privacy concerns. The “3-Es” refer to education, empowerment, and targeted enforcement of existing legal standards. As I note in the article:

[America’s “3-E Approach”] does not imagine it is possible to craft a single, universal solution to online safety or privacy concerns. It aims instead to create a flexible framework that can help individuals cope with a world of rapidly evolving technological change and constantly shifting social and market norms as they pertain to information sharing.

But what frustrates Fleischer is that the U.S model still doesn’t translate into a simple narrative for international audiences:

How on earth do you explain US privacy laws to an international audience?  How do you explain the role of class action litigation to people in countries where it doesn’t even exist?  The US privacy law narrative is convoluted. That’s a pity, since almost all of the global privacy professionals with whom I’ve discussed this issue agree with me that the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy.  (I didn’t say “perfect”, since laws never are, and I’m not grading them either.) By contrast, Europe’s privacy narrative is simple and appealing.  Its laws are very general, aspirational, horizontal and concise.  Critics could say they’re also inevitably vague, as any high-level law would have to be.  But, like the US Bill of Rights, they have a sort of simple and profound universality that has inspired people around the world.  And they are enforced (at least, on paper) by a single, identifiable, specialist regulator.

I understand the frustration Fleischer is expressing here regarding how to frame the U.S. model for broader audiences. But the crucial point here is that, as he correctly notes, “the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy,” even if it is the case that we will never achieve anything near perfection when it comes to online privacy (or online safety for that matter). But it is unfortunate that Fleischer ignores the many other moving pieces at work here that are important to the U.S. system, especially the diverse array of educational and awareness-building efforts as well as the astonishing array of empowerment tools that currently exist to help user protect their privacy to the degree they desire.

Of course, it should also be obvious that the U.S. regime is never going to appeal to a global audience as much as Europe’s privacy regime for the same reason that many other U.S. policy regimes don’t appeal to certain countries or their leaders: Our systems aren’t regulatory enough in character for them! But while those top-down, centralized, preemptive regulatory regimes will almost always be more “aspirational, horizontal and concise” — and, therefore, have greater appeal to activist-minded lawmakers and regulators — that also means those regimes will likely leave less breathing room for social evolution (i.e., evolving norms about safety and privacy) and economic innovation (new digital goods and services that potentially disrupt those regulatory expectations). That has real consequences for long-term growth and overall consumer welfare.

Regardless, to the extent we need “a better, simpler narrative for U.S. privacy policy” as Fleischer suggests, I believe we can boil it down to a few words: bottom-up, evolutionary, flexible, and reactive. What this means for public policy is clear: We need diverse tools and solutions for a diverse citizenry, while leaving plenty of breathing room for ongoing innovation and the evolution of social norms and market responses. Whether it’s online safety or digital privacy, public policy should take into account the extraordinary diversity of citizen needs and tastes and leave the ultimate decision about acceptable online content and interactions to them. We should look to educate and empower citizens so that they can make decisions about their online safety and privacy for themselves so that policymakers are not constantly trying to make decisions on their behalf.

This is a model worth defending, even if it is sometimes hard to delineate its contours.  Please read my HJLPP article for a fuller exploration of that model and a defense of it.

]]> https://techliberation.com/2013/03/19/a-better-simpler-narrative-for-u-s-privacy-policy/feed/ 6 44227 Perry Keller on the relationship between the state and the media https://techliberation.com/2012/10/23/perry-keller-on-the-relationship-between-the-state-and-the-media/ https://techliberation.com/2012/10/23/perry-keller-on-the-relationship-between-the-state-and-the-media/#respond Tue, 23 Oct 2012 10:00:33 +0000 http://techliberation.com/?p=42659

Perry Keller, Senior Lecturer at the Dickson Poon School of Law at King’s College London, and author of the recently released paper “Sovereignty and Liberty in the Internet Era,” discusses how the internet affects the relationship between the state and the media. According to Keller, media has played a formative role in the development of the modern state and, as it evolves, the way in which the state governs must change as well. However, that does not mean that there is a one-size-fits-all solution. In fact, as Keller demonstrates using real-world examples in the U.S., U.K., E.U., and China, the ways in which new media is governed can differ radically based upon the local legal and cultural environment.

Download

Related Links

]]> https://techliberation.com/2012/10/23/perry-keller-on-the-relationship-between-the-state-and-the-media/feed/ 0 42659 Video: How I Think about Privacy https://techliberation.com/2012/07/19/video-how-i-think-about-privacy/ https://techliberation.com/2012/07/19/video-how-i-think-about-privacy/#respond Thu, 19 Jul 2012 14:41:46 +0000 http://techliberation.com/?p=41747

Last month, it was my great privilege to be invited to deliver some remarks at the University of Maine’s Center for Law and Innovation (CLI) as part of their annual “Privacy in Practice” conference. Rita Heimes and Andrew Clearwater of the CLI put together a terrific program that also featured privacy gurus Harriet Pearson, Chris Wolf, Omer Tene, Kris Klein and Trevor Hughes. [Click on their names to watch their presentations.] In my remarks, I presented a wide-ranging (sometimes rambling) overview of how privacy policy is unfolding here in the U.S. as compared to the European Union, and also offered a full-throated defense of America’s approach to privacy as compared to the model from the other side of the Atlantic that many now want us to adopt here in the U.S.  I also identified the many interesting parallels between online child safety policy and privacy policy here in the U.S. and discussed how we can apply a similar toolbox of solutions to problems that arise in both contexts. If you’re interested, I’ve embedded my entire 20-minute speech below, but I encourage you to also check out the other speakers videos that the folks at the CLI have posted on their site here. And keep an eye on the Maine Center for Law and Innovation; it is an up and coming powerhouse in the field of cyberlaw and Internet policy.

]]> https://techliberation.com/2012/07/19/video-how-i-think-about-privacy/feed/ 0 41747 Big Data, Innovation, Competitive Advantage & Privacy Concerns https://techliberation.com/2012/04/27/big-data-innovation-competitive-advantage-privacy-concerns/ https://techliberation.com/2012/04/27/big-data-innovation-competitive-advantage-privacy-concerns/#comments Fri, 27 Apr 2012 19:03:05 +0000 http://techliberation.com/?p=41019

This morning I spoke at a U.S. Chamber of Commerce event on “Responsible Data Uses: Benefits to Consumers, Businesses and the Economy.” In preparing for the event, I dusted off some old working notes for speeches I had delivered at other events about privacy policy and “big data” and expanded them a bit to account for recent policy developments. For what it’s worth, I figured I would post those notes here.  (I apologize about the informality but I never write out my speeches, I just work from bullet points.)

—————–

Benefits of “Big Data”

  • “big data” has numerous micro- and macroeconomic benefits
  • Micro benefits:
    • data aggregation of all varieties has powerful social and economic benefits that are sometimes invisible to consumers and citizens but are nonetheless enjoyed by them
    • big data can positively impact the 3 key micro variables – quality, quantity & price – and benefit consumers / citizens in the process
  • Macro benefits:
    • Data is the lifeblood of the information economy and it has an increasing bearing on the global competitiveness of companies and countries
    • In the old days, when we talked about comparative and competitive advantage, the focus was on natural resources, labor, and capital.
    • Today, we increasingly talk about another variable: information
    • Data is increasing one of the most important resources that can benefit economic growth, innovation, and the competitive advantage of firms and nations.

Privacy Concerns

  • of course, “big data” also raises big privacy concerns for many groups and individuals
  • this has led to calls for regulatory action and virtually all levels of government – federal, state, local, and international – are considering expanded controls on data collection and aggregation

America’s Privacy Regime

  • I want to address what I regard as the most powerful myth that governs this debate
  • namely, I speak of the myth that America doesn’t have a privacy framework that can balance these goals and concerns about “big data” and data collection in general
  • we hear various advocates say that America needs a new privacy regime, and many of these advocates suggest that that regime should more like Europe’s

Europe’s Regime

  • first, what is that European regime?
    • a more preemptive top-down approach / data “directives” / stringent requirements on data use
    • basically, under the EU regime, privacy trumps almost all other considerations, regardless of cost or complexity.
    • It’s more of a “Mother, May I” regime in which innovation needs to be “permissioned”
  • what’s wrong with European approach?
    • We can relate this back to the question of competitive advantage
    • The European approach leaves less room for innovative uses of data and ongoing marketplace experimentation
    • There’s also some evidence that this regime might influence industry structure and competitiveness as well as the quality and quantity of choices for the consumer
    • Anecdotally-speaking, we can ask ourselves this simple question: Can any of us name a global leader in the modern digital economy that was born in Europe?
    • I suppose there are a few, but I struggle to name them
    • Now, why is that?
    • It could be high taxes and the lack of healthy market for venture capital.
    • But it also must have something to do with regulatory structure that Europe has adopted.

America’s Current Advantages

  • Regardless, here’s what we do know: America’s digital economy innovators and social media operators are household names across the globe. Our firms are the envy of the world
  • Moreover, while many sectors of the U.S. economy are struggling, I bet if you stopped the average Joe in the street and asked them to name one sector of America’s economy that is currently thriving and an example of innovation that others should emulate, most of them would probably mention information technology and the digital economy.
  • Again, many factors may contribute to our current success relative to Europe but certainly our “light-touch” legal and regulatory approach must have had some bearing on that outcome

America’s Privacy Regime

  • So, what exactly is America’s privacy regime?
  • Again, some say we don’t have one and that regulation is, therefore, needed
  • I beg to differ
  • America does have a privacy regime; it is one that is:
    • governed by a set of evolutionary norms,
    • ongoing online marketplace interactions and experiments, contractual negotiations,
    • public and press pressures,
    • self-regulatory systems,
    • educational efforts and user empowerment,
    • personal responsibility,
    • and targeted legal enforcement and the use of state torts when true harms can be demonstrated.
  •   compared with Europe, our legal regime:
    • More bottom-up enforcement
    • Issue-specific / Sectoral approach to addressing
    • Relies on common law / case law / torts
    • States have role; often more stringent than fed law
    • evolving industry Self-regulation
  • That’s been the uniquely American approach to privacy protection and we should not abandon it lightly.

It’s the Same Regime We’ve Used to Address Online Safety

  • Importantly, it’s largely the same approach we have taken in this country toward online speech and child safety matters.
  • There, too, we have focused on what I call the “3-E” approach:
    • Education
    • Empowerment, and
    • Enforcement against particularly bad apples
  • Thus, in both the online child safety space as well as the privacy policy space, we have made great strides in pushing both personal responsibility and corporate responsibility as the first line of defense, not the last.
  • Now, it has always been true, and will always be the case, that “more can be done.”
  • Consumers could do more: We need to constantly encourage consumers to take more care to protect the personal data they care most about and to take steps to safeguard that which they do not want collected in the first place
  • Companies could do more: And we also need to constantly encourage companies who collect data to take greater steps to:
    • first consider asking permission to collect and use that data
    • second, to be transparent about what data they are collection and what they are using it for
    • and third, to ensure adequate safeguards are in place to guard against unauthorized use of that data

The Difference between the Traditional American Model & the Emerging “Co-Regulatory” Model

  • in a sense, this vision tracks the Obama Administration’s proposed model for privacy and data collection
  • but here’s the difference: the Obama Administration wants to force this process in a more heavy-handed way by involving various federal agencies in the day-to-day management of how all these decisions get made
  • in essence, it’s a small but certain step toward the European model of “co-regulation”
    • government steers, industry rows
    • “multi-stakeholder process”
    • Everyone has a “seat at the table”
    • But we don’t need “a table” if the table is being set by government
    • there’s nothing wrong with truly voluntary “multi-stakeholder” processes, but when the government is the one setting the “seats at the table” and talking about enforcing the “codes” that the committee comes up with, it opens the door to a co-regulation model  that has some real dangers:
      • If every decision about how information is used or aggregated becomes the equivalent of a committee decision — with everyone “at the table” getting a vote or a veto – then it will almost certainly be the case that less innovation occurs
      • The process could lack traditional democratic accountability / due process if more of an “agency threats” model evolves out of this.  After all, if certain officials are in charge of who gets a “seat at the table” and also responsible for enforcing whatever is decided “at the table,” it raises the question of how much pressure they can bring to bear on the process. (File this under “regulation by raised eyebrow”).
      • Any way you cut it, regulation by committee (in this case, the “multistakeholder” process) could become the equivalent of a tax on innovation and have detrimental impacts on the quality and price of online services

Conclusion

  • For these reasons, we should instead continue to rely on the uniquely American model of privacy policy that balances diverse goals and values in a more spontaneous, evolutionary, and voluntary way without incessant government oversight and intervention.
  • Again, the traditional American model isn’t perfect and sometimes we will need targeted statutes, torts, and even FTC (Sec. 5) enforcement to handle the bad apples out there who cause the most serious problems in terms of privacy violations or data breeches.
  • But that more targeted approach to enforcement, along with the education and empowerment-based approaches I have outlined, can adapt to new challenges in this space and the child safety space while also ensuring our global competitive advantage is not sacrificed in the process.
  • To sum up: let’s not casually trade in the American model for Europe’s. America’s more flexible, evolutionary model of privacy protection has served us well so far and can adapt to balance competing needs without crushing our innovative information economy or America’s global competitiveness.

Additional Reading:

]]> https://techliberation.com/2012/04/27/big-data-innovation-competitive-advantage-privacy-concerns/feed/ 8 41019 Neelie Kroes & Privacy By Design vs. Privacy by Default https://techliberation.com/2011/06/21/neelie-kroes-privacy-by-design-vs-privacy-by-default/ https://techliberation.com/2011/06/21/neelie-kroes-privacy-by-design-vs-privacy-by-default/#comments Tue, 21 Jun 2011 21:18:54 +0000 http://techliberation.com/?p=37406

The European Commission has a new report out today on “Implementation of the Safer Social Networking Principles for the EU.” It’s a status report on the implementation of “Safer Social Networking Principles for the EU“, a “self-regulatory” agreement the EC brokered with 17 social networking sites and other online operators back in 2009. (Co-regulatory would be more accurate here, since the EC is steering, and industry is simply rowing.) The goal was to make the profiles of minors more private and provide other safeguards.

Generally speaking, the EC’s evaluation suggests that great progress has been made, although there’s always room for improvement. For example, the report found that “13 out of the 14 sites tested provide safety information, guidance and/or educational materials specifically targeted at minors;” “Safety information for minors is quite clear and age-appropriate on all sites that provide it, good progress since the first assessment last year; “Reporting mechanisms are more effective now than in 2010;” and most sites have improved Terms of Use that are easy for minors to understand and/or a child-friendly version of the Terms of Use or Code of Conduct; and many “provide safety information for children and parents which is both easy to find and to understand.” Again, there’s always room for improvement, but the general direction is encouraging, especially considering how new many of these sites are.

Unfortunately, Neelie Kroes, Vice President of the European Commission for the Digital Agenda, spun the report in the opposite direction. She issued a statement saying:

I am disappointed that most social networking sites are failing to ensure that minors’ profiles are accessible only to their approved contacts by default. I will be urging them to make a clear commitment to remedy this in a revised version of the self-regulatory framework we are currently discussing. This is not only to protect minors from unwanted contacts but also to protect their online reputation. Youngsters do not fully understand the consequences of disclosing too much of their personal lives online. Education and parental guidance are necessary, but we need to back these up with protection until youngsters can make decisions based on full awareness of the consequences.

This position is misguided, as explained below. But here’s the crucial point: What this Kroes statement once again proves is that, ultimately, every major public policy debate about online privacy and child safety comes down to a question of where to set the defaults and who should set them. Rarely, however, do policymakers or regulatory advocates acknowledge the downsides associated with mandating highly restrictive defaults from the top down.

Back in 2008, I penned a paper on “The Perils of Mandatory Parental Controls and Restrictive Defaults” in which I argued that, “Government regulation mandating restrictive parental control defaults for media devices would likely have unintended consequences and would not achieve the goal of better protecting children from objectionable content, whereas increased consumer education efforts would be more effective in helping parents control their child’s media consumption.” The general point was that if government defaulted all sites and/or devices to be in a “locked-down” state right out of the gates, it would mean products and services would, in essence, be shipped to market in a crippled state.  This would have a variety of unintended consequences, including consumer confusion and such restrictions would discourage the maximum amount of utility / experimentation associated with those products and services.

The same is true of highly restrictive privacy defaults. How are you even to network with others and make new friends if everything is private by default? Worst of all is the fact that the EC seems to want websites to make it practically impossible for minors to even search for each other. That’s increasingly how users of all ages connect with their real world acquaintances, for whom they may have no other contact information. Isn’t the point of social networking to be social and share more? If a child or a parent doesn’t like that openness, why isn’t it sufficient that they be empowered to change that setting on their own?  Why must the law mandate it by default and tell them what is supposedly best for them?

Nicklas Lundblad & Betsy Masiello made a similar point in their important recent essay on “Opt-In Dystopias.” They noted that more formal opt-in consent models may involve many trade-offs and downsides that need to be considered relative to opt-out models, which are currently more prevalent online. “The decisions a user makes under an opt-in model are less informed” they argue, because “the initial decision to opt-in to a service is made without any knowledge of what value that service provides,” and, therefore, “under an opt-in regime a decision can probably never be wholly informed.” They continue: “If instead of thinking about privacy decisions as requiring ex-ante consent, we thought about systems that structured an ongoing contractual negotiation between the user and service provider, we might mitigate some of these harmful effects.”

The crucial point here is that choice should lie with the consumer and not be set from above. Companies should empower the consumer — including kids — with more and better tools and then let them decide what their privacy settings should be. Government need not “nudge” consumers or companies in paternalistic ways based upon the values of unelected bureaucrats. Most importantly, policymakers should not not conflate “privacy by design” with privacy by default. Let experimentation continue and let consumers make these determinations for themselves.

]]> https://techliberation.com/2011/06/21/neelie-kroes-privacy-by-design-vs-privacy-by-default/feed/ 1 37406 Obama Admin’s “Let’s-Be-Europe” Approach to Privacy Will Undermine U.S. Competitiveness https://techliberation.com/2011/01/05/obama-admins-lets-be-europe-approach-to-privacy-will-undermine-u-s-competitiveness/ https://techliberation.com/2011/01/05/obama-admins-lets-be-europe-approach-to-privacy-will-undermine-u-s-competitiveness/#comments Wed, 05 Jan 2011 22:05:30 +0000 http://techliberation.com/?p=34049

Reading through the respective December 2010 privacy reports from the Federal Trade Commission (FTC) and Department of Commerce (DoC), one cannot help but be struck by the Obama Administration’s seeming desire to make America’s tech sector — and the regulatory regime that governs it — more closely resemble Europe’s.  The push for an ambitious new “privacy framework” and set of “fair information practices” is just a riff borrowed from the EU data directive.  And although the Obama team stops short of calling privacy a “dignity right” as many European policymakers are prone to do, it’s clear from both the FTC and DoC reports that that’s were they want to take us.

It’s interesting to me, though, that the Obama Administration relies on two fundamentally flawed rationales for the “European-ification” of American privacy law.  In this regard, I’ll reference some passages from the DoC’s report that appear in the section on “The Economic Imperative” for a new regime, which appears on pages 13-16 of the report.

Myth #1: Privacy Regs Are Needed to Get More People Online or Using Digital Technology

First, the DoC pulls out the old saw about the need for expanded privacy regs to ensure greater online trust and, as a result, promote increased online interactions.  The report claims that “maintaining consumer trust is vital to the success of the digital economy” and that “an erosion of trust will inhibit the adoption of new technologies” (p. 15)  The problem with the theory that online commerce or consumer interactions online are somehow being thwarted by a lack of more privacy regulation is that it is plainly contradicted by the facts. 

Interestingly, you need do nothing more that scan back just a couple of paragraphs in the DoC report to find some of those facts! For example, on pg. 14, the report notes: “The Internet is also increasingly important to the personal and working lives of individual Americans.  Ninety-six percent of working Americans use the Internet as part of their daily life, while sixty-two percent of working Americans use the Internet as an integral part of their jobs.”  Does the DoC not see the contradiction here, or is the Obama Administration claiming that we cannot rest until we move the needle from 96% to 100%?!

Then we have the DoC’s claim that “an erosion of trust will inhibit the adoption of new technologies.”  Really?  What, then, are we to make of the 500 million people who have flocked to Facebook despite repeated claims by some that it is a privacy pariah? And there are plenty of other examples of the explosion of online activity over the past decade.  The fact is, online participation and technology adoption is growing like wildfire. If you need more evidence, go through the data sets from the Pew Internet & American Life Project about Internet usage over time and try to find one metric that is decreasing.  [Just as an unrelated aside, I am still sometimes astonished by how many people use eBay despite continuing concerns about online fraud, which is a far more serious and legitimate “harm” than most supposed privacy violations.  Yet, eBay is now the world’s largest online marketplace with more than 90 million active users globally and $60 billion in transactions annually, or $2,000 every second.]

In sum, advocates of increased privacy regulation have fed the DoC a catchy line about the need for more privacy regulation in the name of encouraging greater online participation and the DoC has bought into that theory despite a lack of evidence that there is any real problem here.

Myth #2: Privacy Regs Are Needed to Promote the Competitiveness of U.S. High-Tech Firms

Second, we hear of the DoC speak of the need for “interoperability” or harmonization of privacy policies internationally to facilitate smoother online commercial interactions or data flows.  Despite the report’s admission that “a considerable amount of global commerce takes place on the Internet [and] global online transactions currently total an estimated $10 trillion annually” and is growing, the DoC continues on to argue that:

the lack of cross-border interoperability in privacy principles and regulations creates barriers to cross-border data flow and significant compliance costs for companies. Improving the global interoperability of data privacy approaches could enable increased exports of U.S. services and… support the overall objective of creating jobs by promoting exports. Thus, commercial data privacy considerations are vital not only to our domestic commerce, but also to international trade.

In other words, says the DoC, things are pretty good right now, but they will get a lot better once we harmonize privacy regulations in the direction of the E.U. and other regions.  But here’s the problem with that theory: The DoC is assuming that the benefits of regulatory harmonization — which, to be perfectly clear, would arrive in the form increased regulation on U.S. operators — would outweigh the cost of complying with those new rules.

The DoC says it wants to “prevent conflicting policy regimes from serving as a trade barrier” (p. 20), but should the U.S. impose burdensome new regulations on American companies to achieve that goal?  Would we really be better off if all U.S. firms and policy more closely resembled the E.U. in this regard?   To answer that question, you might conduct the simple experiment of stopping the average person in the street — here in the U.S. or even abroad — and asking them to name five major U.S. digital economy companies and then see if they can even name one major European competitor in the same arena. Needless to say, it’s hard to find many European counterparts that rival Google, Amazon, Apple, Facebook, eBay, Microsoft, etc.   Now, why is that?  Why is it that the information technology sector has thrived in America and that U.S. companies are leaders in many of their respective sectors across the globe?  Might it be precisely because we did not follow others down the path of “data directives” and heavy handed, top-down regulation of the Internet more generally?

Do you want some empirical evidence for why it’s a bad idea to achieve parity or harmonization in the fashion the DoC suggests?  Well then, consider this recent study by Avi Goldfarb and Catherine Tucker which found that “after the [European Union’s] Privacy Directive was passed [in 2002], advertising effectiveness decreased on average by around 65 percent in Europe relative to the rest of the world.”  They argue that because regulation decreases ad effectiveness, “this may change the number and types of businesses sustained by the advertising-supporting Internet.” Regulation of advertising and data collection for privacy purposes, it seems, can affect the global competitiveness of online firms.

The other problem with the DoC’s appeal for harmonization of privacy regulatory regimes through increased regulation is that it sets a horrible precedent.   At least thus far this has not been the approach the U.S. government has taken in most other Internet policy contexts, and with good reason.  Think about this in the context of speech controls.  When we see the Europeans or other regions and countries stifling free speech and expression online, has our response been to say, “Well, in the name of policy harmonization and improving cross-border interoperability, we Americans need to accept the wisdom of censoring the Net.”  Of course not!  That would be insane.  Instead, when confronted with conflicting regulatory regimes abroad, our response here in the States has usually been to proudly boast to the world that we have the more sensible approach to Net regulation, which is to say, it should be tightly limited so as not to stifle speech or commerce.  I really don’t care if you want to call that “American exceptionalism” or whatever else; I just think it’s plain old common sense.

And yet, in the case of privacy regulation, the Obama Administration’s Department of Commerce wants to throw that notion to the wind and harmonize in the direction of more regulation of U.S. companies.  Isn’t the Commerce Department supposed to be in the business of helping to promote U.S. trade, exports, commerce, and global competitiveness?  If so, the right approach to “leveling the playing field” in this context should be the same as it is in relation to speech policy or trade law: the rest of the world should deregulate down to our level; we should absolutely not regulate up to theirs.

]]> https://techliberation.com/2011/01/05/obama-admins-lets-be-europe-approach-to-privacy-will-undermine-u-s-competitiveness/feed/ 2 34049 European Commission Should Leave Internet Search Alone https://techliberation.com/2010/11/30/european-commission-should-leave-internet-search-alone/ https://techliberation.com/2010/11/30/european-commission-should-leave-internet-search-alone/#comments Tue, 30 Nov 2010 23:00:17 +0000 http://techliberation.com/?p=33299

By Ryan Radia and Wayne Crews

Today, the European Commission opened a formal antitrust investigation into Google to probe allegations that the firm rigged its search engine to discriminate against rivals. This intervention in the online search market, however, will distort the market’s evolution, discourage competitors from innovating, and ultimately hurt consumers.

Google isn’t a monopoly now, but the more it tries to become one, the better it will be for us all. When capitalist enterprises strive to earn a bigger market share, rival firms are forced to respond by trying to improve their offerings. Even if Google is delivering biased search results, it is only paving the way for competitors to break into the search market.

The European Commission is wrong to assume that Google possesses monopoly power. Google accounts for just 6 percent of all dollars spent on advertising in Europe. And even loyal Google users regularly find websites through competing search engines like Bing or through social websites like Facebook and Twitter.

Before resorting to tired old competition laws, European policy makers should remember that the Internet economy is hardly understood by anybody—including by regulators. We are in terra incognita; no one knows how information markets will evolve. But one thing is for sure: Online search technology cannot evolve properly if it is improperly regulated. Why make risky investments in hopes of revolutionizing Internet markets if marvelous success means regulation and confiscation?

The real threat to consumers is not from successful high-tech firms like Google, but from overreaching government interventions into competitive market processes. As economists have documented in scholarly journals, antitrust intervention is especially problematic in the information age, because it severely underestimates the critical role of innovation in dynamic high-tech markets.

In the information age, ingenuity—not market power—is the key to success. America’s high-tech sector is strewn with former market leaders who were no match for the relentless forces of creative destruction. Rapid, unpredictable change is the hallmark of the modern digital economy. Google may be on top in many high-tech markets today, but it won’t stay there for long unless it keeps innovating and delivering a superior search product.

]]> https://techliberation.com/2010/11/30/european-commission-should-leave-internet-search-alone/feed/ 1 33299 The Conflict Between a “Right to Be Forgotten” & Speech / Press Freedoms https://techliberation.com/2010/11/05/the-conflict-between-a-right-to-be-forgotten-speech-press-freedoms/ https://techliberation.com/2010/11/05/the-conflict-between-a-right-to-be-forgotten-speech-press-freedoms/#comments Fri, 05 Nov 2010 17:46:30 +0000 http://techliberation.com/?p=32862

A report in the U.K. Telegraph notes that the European Union is seeking to create a so-called “right to be forgotten” online, and has “drafted potential legislation that would include new, unprecedented privacy rights for citizens sharing personal data.” Details are sparse at this point, but according to this new 20-page European Commission document, “A Comprehensive Approach on Personal Data Protection in the European Union,” the EU will be:

clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired. (p.8)

Two brief comments on this.  First, it should be apparent that any “right to be forgotten” conflicts mightily with free speech rights and press freedom. As I discussed at greater length in this review of Solove’s Understanding Privacy as well as my essay on “Two Paradoxes of Privacy Regulation,” the problem with enshrining expansive privacy “rights” into law is that it means there will need to be stricter limits placed on speech and press freedoms.  As Eugene Volokh noted in his 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“:

The difficulty is that the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.

Of course, there’s no First Amendment in the E.U.  But while there’s not as strong of a tradition of freedom of speech / press in Europe as in the U.S., it would still be shocking to see the E.U. go down this path.  Consider what it means for the press, in particular.  When I was in journalism school back in the late 1980s, one of my favorite professors once told my class that a good journalist was really nothing more than a nosy person who knew how to write.  But being “nosy” — digging for stories, gathering facts, reporting on the world around us — is fundamentally at odds with “privacy,” strictly defined.  For example, could someone claim “a right to be forgotten” when a journalist pens an article about them beating their wife or committing corporate fraud?  Believe it or not, Germany already has a law like this for convicted criminals who have served their time.  They can have old facts about their crimes repressed after they’ve served their sentences.  [Note: If someone could forward me additional details about that German law, I would appreciate it. Specifically, I would like a better understanding of how enforcement works.]

Second, there are economic trade-offs that must always be considered here.  Enshrining “a right to be forgotten” into law would necessitate a fairly significant expansion in the rules and regulations governing information sectors and actors.  Enforcement would certainly be challenging. As always, there is no free lunch; something has to give.  If online sites and service providers are faced with onerous new regs that limit their ability to collect data or serve up online advertising, those sites and services will need to find new methods of financing ongoing operations.  The impact on innovation could be substantial.  Indeed, one could argue that one of the reasons America’s high-tech sector and digital companies are the global leaders in so many of their fields is precisely because they have not been strapped with top-down privacy regimes and data directives that would have constrained their ability to innovate using information collection.

Information — yes, including personal information — is the fuel of the Digital Economy.  Restricting the flow of that information, or its use for advertising and marketing purposes, will have an undeniably negative impact on online content and culture.  Ask yourself this: Would you be willing to pay $19.95/month to use a social networking site, or to be charged a fee for each query you enter into a search engine?  Those subscription-based or pay-per-use business models certainly shouldn’t be prohibited, but it would seem most Netizens are comfortable with the current arrangement: Free access/use in exchange for information collection and ads.

Of course, this “right to be forgotten” regulatory regime is currently only being considered in Europe.  Some here in the U.S., therefore, might be tempted to cheer on their expansive reading of privacy “rights” in light of the hobbling effect it has on their information and high-tech sectors!   But those rules will hurt U.S. players, too, since many of them offer services across Europe.  Moreover, this regulatory paradigm could become a model for privacy advocates in the U.S. and set the stage for a major push for new legislation / regulation here.  Let’s hope that’s not the case.

]]> https://techliberation.com/2010/11/05/the-conflict-between-a-right-to-be-forgotten-speech-press-freedoms/feed/ 10 32862 The EU Searches for a Monopolist, Finds Google https://techliberation.com/2010/03/01/the-eu-searches-for-a-monopolist-finds-google/ https://techliberation.com/2010/03/01/the-eu-searches-for-a-monopolist-finds-google/#comments Mon, 01 Mar 2010 16:27:53 +0000 http://techliberation.com/?p=26628

Today’s The Wall Street Journal Europe published an editorial that Alberto Mingardi of Istituto Bruno Leoni and I penned about the competition complaints brought against Google in Europe.

The EU Searches for a Monopolist, Finds Google

If policy makers set the terms in a primitive year like 2010, nobody will have to respond to Google.

By WAYNE CREWS AND ALBERTO MINGARDI

Google isn’t a monopoly now, but the more it tries to become one, the better it will be for us all. Competition works in this way: Capitalist enterprises strive to gain in profits and market share. In turn, competitors are forced to respond by trying to improve their offerings. Innovation is the healthy output of this competitive game. The European Commission, while pondering complaints against the Internet search giant, might consider this point.

Google has been challenged by a German, a British, and a French Web site, for its dominant position in the market for Web search and online advertisement. The U.S. search engine is said to be imposing difficult terms and conditions on competitors and partners, who are now calling regulators into action. Google’s search algorithm is accused of being “biased” by business partners and competing publishers alike.

Before resorting to the old commandments of antitrust, we should consider that the Internet world is still largely impervious and unknown to anybody—including regulators. We are in terra incognita, and nobody knows the likely evolution of the market. But one thing is for sure: Online search can’t evolve properly if it’s improperly regulated—no matter the stage of evolution.

While the exact form of “remedy” is anyone’s guess depending upon the petitioner and the whims of regulators, intervention would basically mean some kind of shortcut for Google’s competitors, such as regulatory guarantees of future search ranking or placement; limitations on future Google services that could undermine an emerging rival; oversight of certain pricing practices or advertising practices; coerced changes to the Google interface; or bureaucratic oversight of paid-vs.-unpaid search results. The net effect would be to rescue Google’s competitors from the requirement to compete, and to give them access to Google customers whom they didn’t conquer on their own merits.

Today’s search-engine capabilities help break down information bottlenecks, allowing ever-increasing access to countless HD-equipped Webcam broadcasters world-wide. Public policy is often schizophrenic, but using the language of monopoly to attack information services and communications is particularly perverse. Speech is the core freedom, and today’s competitive technologies, including search, vastly extend it for us all.

Google isn’t targeted by regulators in Brussels alone. It enjoys declining popularity in many capitals, from Beijing to Washington D.C. In the U.S., conservatives have been complaining about bias in Google’s search results, such as a purported deference toward Al Gore.

But so what? Let Google be the MSNBC of search engines. Somebody else can be Fox if we need it. It remains the case, as in the mid-1990s when Sergey Brin and Larry Page got started, that if you create a search engine, nobody can stop you. Nobody can stop Microsoft from creating one either. Oh, wait…

Everyone seems to think Google is theirs to regulate, that they have more of a right to prescribe Google’s algorithm or business policies than Google itself does.

In search, as in the media itself, competing biases are good; pretended or forced objectivity, not so good. The decisions about how to rank search or what to reveal in a search are properly a matter of Google’s own free speech, and it is not anyone else’s place or right to decide. Differences of opinion and preferences about rankings are properly to be dealt with by competition from Microsoft/Yahoo; the likes of Teoma, the “theory of everything” Steven Wolfram engine; or something we don’t know about yet being hatched in a dorm room. Other pressures include consumer demands, and Google’s own business partners. Monopoly leads to reduced demand, and if Google truly “monopolizes,” then its own business partners are hurt by its behavior and will defect.

The policy environment to foster is one that maximizes the possibility of rival search technologies emerging in response to inappropriate bias. Today’s approach is the opposite, to create a stunted search environment because everyone’s afraid or reluctant to create an aggressive new search algorithm—why invest, if marvelous success means regulation and confiscation? The search capabilities needed for tomorrow’s Internet won’t come to be if policy makers set the terms in a primitive year like 2010 and nobody has to respond to Google.

Various types of search already optimize for various types of biased results (or unbiased ones—bias or no-bias can itself be a competitive feature and will be unless regulators undermine the process). As centuries of experience with freedom of speech tell us, biases in information services are perfectly appropriate, perhaps even necessary in free societies. If regulators do not know this, they need to be removed from their jobs.

If a formal European Commission inquiry is set to start, it certainly needs to be a short one. Would that global recessions selectively dis-employed publicly funded regulators and academics who make a living by tearing down what others have created. Regulators rarely bring anything to the table but an appetite.

Mr. Crews is vice president for policy at the Competitive Enterprise Institute in Washington, D.C. Mr. Mingardi is director general of Istituto Bruno Leoni in Milan.

]]> https://techliberation.com/2010/03/01/the-eu-searches-for-a-monopolist-finds-google/feed/ 1 26628 Thank God the Euro-crats are Saving Us from a Browser “Monopoly” https://techliberation.com/2009/07/05/thank-god-the-euro-crats-are-saving-us-from-a-browser-monopoly/ https://techliberation.com/2009/07/05/thank-god-the-euro-crats-are-saving-us-from-a-browser-monopoly/#comments Mon, 06 Jul 2009 01:54:38 +0000 http://techliberation.com/?p=19171

Really, what would we do without European antitrust regulators protecting us from the evils of browser innovation? If Microsoft was allowed to actually bundle its Internet Explorer browser alongside its operating system we might actually do something really crazy… like perhaps try it! After all, the latest browser stats make it pretty clear most of us have a choice and that fewer and fewer of us rely on IE. As Erick Schonfeld noted on Tech Crunch today:

The new browser wars on on. More than a decade after Microsoft killed off Netscape with Internet Explorer, competition in the browser market has never been stronger. Just last week, Mozilla released Firefox 3.5, which has now been downloaded nearly 14 million times. Earlier in June, Apple released Safari 4. In March, Microsoft introduced Internet Explorer 8, and Google came out with a speedier beta of its Chrome browser. Some early data is coming in showing relative market share and how fast people are upgrading. If you look at the chart above from Statcounter, it indicates that since March Internet Explorer has lost 11.4 percent market share to other browsers. [..] Where did that go? It went to Firefox, Safari, and Chrome. Nearly 5 percent of that, or about half, went to Firefox 3.0, which currently has 27.6 percent market share. That doesn’t count last week’s upgrade.

08-09 browser stats

Alas, as I pointed out in my essay a few weeks ago (“European Regulators Think Consumers Too Stupid to Know How to Download a Different Browser“), some Euro-crats still seem to believe that changing browsers requires great detective skills to unearth alternatives.  It’s just pure poppycock and yet another sad example of how antitrust law is usually hopelessly behind the times and has absolutely nothing to do with protecting consumers or fostering innovation.

Now, please excuse me while I get back to surfing the Net via Firefox and Chrome (and Opera on my mobile phone). My God, how did I ever find these browser alternatives!

]]> https://techliberation.com/2009/07/05/thank-god-the-euro-crats-are-saving-us-from-a-browser-monopoly/feed/ 9 19171 European Regulators Think Consumers Too Stupid to Know How to Download a Different Browser https://techliberation.com/2009/06/11/european-regulators-think-consumers-too-stupid-to-know-how-to-download-a-different-browser/ https://techliberation.com/2009/06/11/european-regulators-think-consumers-too-stupid-to-know-how-to-download-a-different-browser/#comments Thu, 11 Jun 2009 20:18:55 +0000 http://techliberation.com/?p=18731

According to Ina Fried of CNet News, Microsoft plans to remove its Internet Explorer web browser from the new versions of Windows 7 when it ships it in Europe later this year. [Additional coverage at ZDNet.]  MS is apparently doing so to assuage the concerns of EU antitrust officials, who have been obsessed with the company for the past decade. [Update: Here is MS official announcement.]

Apparently, European officials think their citizens are too stupid to find an alternative browser.  I mean, seriously, how hard is it?  Does the competition lack name recognition such that consumers can’t find them?  Hmmm… Google and Apple seem to be pretty well known brands, and their browsers (Chrome & Safari) are pretty easy to find.  And then there’s Mozilla’s Firefox browser (my PC favorite) and Opera (my mobile phone favorite), which are outstanding browsers. [Incidentally, Firefox already has 31% share of the European market.]

OK, OK, the regulators might say, but these competitors are just too expensive!  Uh, no, wait… every one of them is free. So, strike that theory.

Well, the regulators need another theory then. How about illegal tying of products and services! You know, there’s only certain sites or services you can use with IE, right?   Nope, that theory doesn’t work either.  And does anyone believe that MS could really tie OS functionality to the use of IE? How long would the world tolerate Outlook e-mails or Word documents that only allowed linking to URLs via IE??  Come on.

OK, any other theories left? Not that I can think of. Which brings us back to the only theory the Euro-crats have left: people are sheep. They’ll take whatever MS bundles into the OS free, you see, and they will use it more than they use competing products.  Thus, we regulators have to save them from their own stupidity! The masses just don’t know what’s good for them!  These free, integrated services are harming them! And, therefore, the only remaining solution is to kill innovation by crippling functionality and removing the free offering. That’s pro-consumer! … or so say the European antitrust bureaucrats.

Meanwhile, back in the real world, a whole lotta innovation continues to take place. But shhhh.. don’t tell the Euro-crats. They need a company to pick on. Welcome to the Theater of the Techno-Absurd.

]]> https://techliberation.com/2009/06/11/european-regulators-think-consumers-too-stupid-to-know-how-to-download-a-different-browser/feed/ 30 18731 Googlephobia: Part 5 – Google at Ten & Its Competition https://techliberation.com/2008/09/11/googlephobia-part-5-google-at-ten-its-competition/ https://techliberation.com/2008/09/11/googlephobia-part-5-google-at-ten-its-competition/#respond Thu, 11 Sep 2008 22:30:51 +0000 http://techliberation.com/?p=12657

By Berin Szoka & Adam Thierer

As we noted in our intro to this ongoing series, Google’s tenth anniversary has passed with Googlephobia reaching new heights of hysteria.

But is Google really too big and dangerous, or are people just too lazy to find other alternatives to each of the wonderful services that Google offers?  If one is truly paranoid about the firm’s supposed dominance, it doesn’t take much effort to live a Google-free life. To prove it, we set out to find alternatives to each of the services that Google provides.  After awhile, we got a little tired of compiling alternatives in each category and just provided links for the additional choices at your disposal.  It’s tough to see what the fuss is about with the cornucopia of choices at our disposal.  If you don’t like Google, then just don’t use it or any of its services.  The choice is yours.

In each case, we’ve listed Google first, even though Google may not be the market leader ( e.g., Google’s relatively unknown social network Orkut).

Search Engines

eMail

Encyclopedia

Instant Messaging

Web Browsers

Social Networks

Mapping

Mobile Search / Portal Services

Video Hosting

Photohosting

Document / Spreadsheet Creation

Online File Storage

Blog hosting services

RSS blog feed aggregators

WebClipping Services

News Aggregators

Calendar Services

]]> https://techliberation.com/2008/09/11/googlephobia-part-5-google-at-ten-its-competition/feed/ 0 12657 Googlephobia: The Series https://techliberation.com/2008/09/11/googlephobia-the-series/ https://techliberation.com/2008/09/11/googlephobia-the-series/#comments Thu, 11 Sep 2008 20:51:49 +0000 http://techliberation.com/?p=12534

By Berin Szoka & Adam Thierer as part of an ongoing series

With Google celebrating its 10th anniversary this week, many panicky pundits are using the occasion to claim that Google has become the Great “Satan” of the Internet.  Nick Carr wonders what the future holds for “The OmniGoogle.” The normally level-headed Mike Malone worries that Google is “turning into Big Brother.”  And Washington Post’s Rob Dubbin says that he can’t escape Google’s “tentacles,” even for just 24 hours.  Meanwhile, speculation abounds that the Justice Department is preparing a major antitrust lawsuit against Google concerning its advertising partnership with Yahoo! or perhaps even a broader suit concerning Google’s “dominance” of online advertising generally.

Carr quotes Google co-founder Sergey Brin’s now-famous 2003 interview:

I think people tend to exaggerate Google’s significance in both directions.  Some say Google is God.  Others say Google is Satan.  But if they think Google is too powerful, remember that with search engines, unlike other companies, all it takes is a single click to go to another search engine. People come to Google because they choose to.  We don’t trick them.

In the last five years, Google has become far more than just a search engine.  As Google’s suite of suite of complementary products continues to grow, so too does the specter of Google as an all-knowing and therefore all-powerful economic colossus.  Yet Google isn’t even close to being the sort of nefarious monopolist out to destroy user privacy at every turn, as some seem to imply—if not exclaim.  Indeed, in our view, the Net is overall a far better place because of the existence of Google and the many free services it provides consumers.

Our point is not that Google should be immune from criticism.  Indeed, healthy criticism of corporate actions plays a vital role in the free market by disciplining corporate policies and behavior—often thus providing an effective alternative to government regulation.  This is particularly important in the area of consumer privacy protection, as demonstrated by Google’s quick response to public concern about its Chrome EULA.

We hold no brief for Google and our aim is not to be Google apologists.  In fact, we’ve had more than a few run-ins with Google on many important policy issues in the past ( e.g., on net neutrality, spectrum policy, and the need for “baseline Federal privacy legislation”) and will likely continue to do so in the future.  We are always willing to engage serious, rational discussions about other policy issues involving Google, such as concerns about its alleged market power, but it seems to us that the hysteria about Google’s supposed dominance of the Internet is clouding rational discussion of the policy issues raised by Google, its innovations and its success.  Indeed, the creeping paranoia about all things Google-related that is most evident throughout the blogosphere (but that reaches far beyond it) has produced an environment that resembles nothing so much as a lynch mob:  Angry, short-tempered, out for corporate blood, and unwilling to engage in reasoned discussion.

Gates_of_BorgThe specter of Google’s market power driving—and confusing—so many of today’s Internet policy debates is reminiscent of the previous generation of conspiracy theories about how Microsoft, like the Borg (perhaps sci-fi’s scariest villains), would assimilate all in its path—forever controlling the digital revolution.  We don’t want Google to become the victim of the same regulatory & antitrust ordeal that Microsoft has endured over the past decade, with the kind of hysterical claims of Chicken Little-ism that drove a ten-year crusade against Microsoft.  Short-sighted, heavy-handed government intervention can cripple a creative company while doing little to actually benefit consumers because regulators cannot keep pace with technological change—perhaps the only constant fact in the every-changing digital world.

Of course, like all temporal things, Microsoft’s seemingly permanent “monopoly” has faded, and the bulk of the criticism it once faced has shifted focus to Google.  Microsoft continues to be the subject of many unfair attacks because of its success (a/k/a “dominance”) in the OS, office product, and browser markets.  Other companies have experienced similar attacks on a smaller scale:  Facebook and the once-angelic Apple have both been subject to increasing criticism for their success in certain sectors of the digital economy, customer complaints about openness ( e.g., “locked” devices or portability of social networking data) and privacy policies.  The hysteria surrounding Google is not unique in kind, yet it is clear that the mantle of “Great (digital) Satan” has clearly passed from Microsoft to Google.

Thus, we have decided to start a new series of essays on “Googlephobia” (a term that seems to have taken off in the spring of 2005, when the French government seriously proposed creating its own alternative to the Google search engine).  We’ve already penned a few essays on the topic here (as have a number of our TLF colleagues) and, therefore, our next installment in the series will be #5—in which we will outline the many competitors to Google’s many products.

But here are a few of our past essays on the topic, which clearly belong on the list even though they weren’t part of a series at the time:

And here’s an oldie on the same topic:

]]> https://techliberation.com/2008/09/11/googlephobia-the-series/feed/ 9 12534