The coming EU privacy regulation will end up remaking the world's web

Originally published at: https://boingboing.net/2018/02/03/race-to-the-top.html

…

Perhaps Canada will do this one day, too.

Race to the top indeed.

As always with EU law: it will be in favor of large companies that can afford big law departments to comply to (or work around) the new law. The law’s only exception is for “strict family or personal use”, thus, by strict interpretation, if you have a blog on a platform that offers free service when displaying ads in your blog then this is commercial (say some german courts) and no longer just personal use and you must set up all the privacy declaration stuff and negotiate data handling deals with the platform company. My opinion: the law will either be another expensive nail in the free internet’s coffin, or it will be not enforced and become a toothless lion.

Our data, our privacy, is a resource far to easy to exploit and I’m always glad to see Europe to try to create and enforce laws in favour of its citizens and not corporations. And not just corporations, states too, “funny” anecdote : there is no records of my public library book lending because of privacy laws enforced by the CNIL.
As usual, not everything is perfect but I rather have a step in the good direction rather than a complicit silence or even the FCC’s corporate fuckfest.

At least they try to protect privacy and the consumer. In other countries the opposite is happening
-points at USA-

Or just comply with it in a crappy, corner-cutting way as Twitter did in this more local case:

These laws are good in theory but in the environment of late stage capitalism their drafters really do have to anticipate corporate bad faith or incompetence in complying.

Good news for European citizens, but this is just another example of the EU taking American companies to task because they are so dominant. Maybe better luck in the future with AI, but so far, that looks grim.

In other words, socialist Europe is ramming privacy down our throats! Outrage!

the upcoming data protection changes risks being viewed as yet another diktat handed down by former colonial powers in a form of “data imperialism.”

That’s right! Down with colonialism! Say no to privacy!

But the thing is, Germany’s expanded hate speech laws are not “good in theory”. They’re just bad laws, in my opinion.

If it takes a big company to not violate my rights, then I do want big companies. I don’t know why these particular regulations should be harder on small companies, though.
These are not like the online hate speech laws that are cropping up everywhere. The ones that basically require companies to adjudicate the existing hate speech laws, which is really easier for big companies than it is for small companies.

How so? Those are rules about what companies are allowed to do to their customers. Doesn’t really matter where the companies are from.

They are free to allow companies to ignore their own citizen’s privacy. No one is forcing them to change their law. Maybe it’s more of a “now that Europe is protecting its citizens from these business practices, we can now afford to protect our own citizens, as well.”

Although I usually err toward free speech, I recognise that there are some limits and that there are valid arguments to be made for German hate-speech laws to be included amongst them. Those arguments are stronger now that the German electorate has granted a far-right party significant entree into its parliament after 80+ years of correctly keeping right-wing populist bigots far away from power.

Bringing things back on-topic, I’ve also heard arguments that the privacy regulation is not needed since we supposedly live in a post-privacy world. I don’t find those arguments as compelling as the ones supporting hate-speech laws, but they do open up debate. Either way, laws that affect these digital media companies have to take into account that they’re dealing with sociopathic slow AIs that don’t care about such lofty disputes.

I’m pretty happy with the existing continental European practice myself. I was only referring to Germany’s recent innovation in online enforcement of those laws.
And with those, it was obvious from the beginning that it would lead to massive overblocking, and that’s not even Twitter’s fault.
But when the law tells Twitter/Facebook/whoever that they will have to pay a fine if they fail to delete a single post that is “obviously illegal”, but that they are allowed to delete legal posts whenever they feel like it, we really shouldn’t be surprised.
You don’t need to be a sociopathic slow AI to err on the side of caution and delete everything that isn’t “obviously legal” to you after looking at it for whatever time you can afford (5 seconds?)

I’ve read that crap on the internet, at least. It really doesn’t work as an argument, because it just boils down to “Resistance is futile. Prepare to be assimilated.”

Who decides what world we live in?
It’s exactly when something is under attack that democratic countries might decide to pass regulations to protect it.

I’m rather looking forward to seeing how these laws are implemented. If they’re implemented the way that I think the law writers intended (big if), I suspect that a large number of businesses that depended on users trading their privacy for services will fold or leave the European market.

The big question will then become: Will Europeans be okay with not being allowed to trade away their privacy? Or will they rebel at the fact that Americans get all these services for “free” while they have to pay (or not have them at all).

I can also see this fracturing on a class level. There are lots of services that I’d pay $5-$10/month for instead of selling my privacy. But that’s because I’m fortunate enough to be able to afford half a dozen such services. For the poor, once they can cross the bar of Internet access at all), many of these services are free. Is social media to be confined to top 75%?

Anyway, interesting times, and a social experiment that is long overdue. As a Canadian, I hope my country will wait a little while for the fallout before deciding whether to follow the European example or not.

Whatever I think of the German digital law (i.e. that it’s flawed), Twitter’s attempt to comply with it was as typically cack-handed and corner-cutting as their attempts at regular and unmandated moderation are. That is Twitter’s fault, because it’s a particularly hapless slow AI. That’s the sort of thing that any law regulating these social media companies has to have a handle on.

I’d prefer it not be mainly corporate “persons” and their human minions but rather legitimately elected governments accountable to the electorate.

You have it backwards. They protect the consumer and the little companies more than most anywhere else. The only added onus of these laws are the very protections for the consumers and smaller companies that they add.

The thing is that the “poor world” as you call it, isn’t poor by nature. It is because they don’t own the companies or sell directly to the “rich world”. Rather the rich world businesses are the ones going in and extracting resources and labor while skirting environmental, labor, and pay regulations that they’d have to comply with in their own countries.

Smaller locally owned businesses tend to do business more locally, it is mainly the extractors and exporters and extorters that have to comply with these regulations, regulations that they shouldn’t even have to be asked to comply with because they should be how any good business operates anyway…

These sorts of laws dramatically improve the quality of lives and pay in these countries, and the cost of compliance isn’t borne by them but rather by the narrowing of the profit margins in the exploitative companies to more realistic levels.

Well, it shouldn’t be too hard for them, then. The changes aren’t that drastic.

As a Bo$$ Influencer of the Most Widened Eyes, I will most certainly make them change their laws! Ad Power! Data Driven Divas Unite! Mobile Monetization Mercilessness!

but this is just another example of the EU taking American companies to task because they are so dominant.

Huh? No.

It affects US companies operating in the EU because … they operate there. The EU has decided privacy is important and has made rules which are good for citizens there. It targets companies from Asia and Africa, too. If US companies comply because they want to operate in the EU and if more US than Asian or African companies are impacted … tough. It’s not anti-US, it’s pro people.

As always with EU law: it will be in favor of large companies that can afford big law departments to comply to (or work around) the new law.

It will mean more work for everyone. It actually means more work for larger companies than for small ones. Price of doing business. A one-man-company selling stuff SHOULD be held to, for example, consumer protection laws mandating two years warranty on electronic equipment (which they pass on to their vendors) or to the EU two-week return policy. Or, if they store private data, the result SHOULD be that if they get hacked they should inform those involved. Even if they’re just one person. Just like you should inform your past sexual partners that you have been found HIV positive no matter if you’ve only slept with one other person or a hundred.

and you must set up all the privacy declaration stuff

Trivial.

Not exactly how it works.

So what laws would you enact? What is wrong with these EU laws (which, btw, you are misrepresenting in your examples)?

Not sure if I’d enact any laws. Are there any specific problems that I should try to solve with “my” new laws?
And by “EU laws”, do you mean the German law I’ve been referring to? I’ve already said what I think is wrong with it - what am I misrepresenting?