Dollars, Sense, and National Borders

Privacy Plus+

Privacy, Technology and Perspective

Dollars, Sense, and National Borders. This week, let’s compare recent developments in privacy and digital market regulation across Europe, to our own recent efforts in this country.

Briefly, the EU has moved farther, faster, and more comprehensively by far than has the United States. The groundbreaking General Data Protection Regulation (GDPR) of 2018 imposed sweeping, detailed, regulatory controls over the collection, storage, use, transfer, and disposal of Europeans’ personal information across the world, requiring wholesale changes not just of business practices in Europe, but of basic attitudes toward personal information. Now, the EU has moved approved (with surprisingly strong support) two more major pieces of legislation, the Digital Services Act (DSA) and the Digital Markets Act (DMA).

The names are not catchy, to say the least, and so similar that they seem to beg to be confused. The best thing to be said of them is that they are obviously linked and meant to be read together. But they address two very different things.

The DSA addresses the rights of users online – to be able not only to express themselves, but also to report illegal content, to protect their own privacy, and to see why they are being shown certain online ads and content. It is targeted to the modern scourge of disinformation, and since disinformation varies across the many countries and languages of Europe and can exist in many different nuances, the DSA is meant to be enforced somewhat more locally in a relatively decentralized way. Significantly, it is meant to require the major platforms – Meta/Facebook, Instagram, Google, Twitter – to crack down on misinformation, abuse, dark patterns, and so on, with upper-range penalties that are even higher than the GDPR’s.

You can read more about the DSA (at a high level) in the following link:

https://www.echobox.com/resources/blog/the-eu-digital-services-act-what-it-is-and-what-it-could-mean-for-publishers/

The DMA is also targeted specifically at the large platforms, like Meta/Facebook, Google, Apple, and their peers. In ways that seem very similar to American antitrust requirements, these “gatekeepers” are now required to open their platforms to wider competition – for example, by allowing iPhone users to download apps from others than the App Store, while forbidding the platforms from using their customer data from disparate parts of their business to sell targeted ads (at least without express consent). The DMA also restricts big platforms from “self-preferencing” their own products and services in search results. Because the DMA focuses on the competitive practices of a relatively small number of giant companies, it is meant to be enforced in a rather more centralized fashion.

You can read more about the DMA (at a high level) in the following link:

https://digiday.com/marketing/wtf-is-the-digital-markets-act/

Meanwhile, by contrast, the United States is still struggling to reach a national consensus. The GDPR has inspired California and a few other states to enact their own privacy-protection regimes, and recent discussions in Congress may yield some small fruit, but efforts to find at least a minimal, national consensus on what privacy means and how to protect it have fallen short.

Similarly, while the conduct of the big platforms on everything from disinformation to anticompetitive strangling has been so atrocious that nearly everyone can find something about them to loathe, we do not yet see emerging consensus there, either.

Why is that? Our view is that with respect to privacy, the U.S. business community has long regarded personal information as a prize of great value; after all, the more you know about your customer, the more quickly you can meet your customer’s needs and the more you can sell.

Protected by the First Amendment, Americans do not generally fear persecution on the basis of creed, political philosophy, religion, trade union membership, or the like, so are not as culturally attuned to see “privacy of personal information” as fundamental to personhood.

We believe, also, that American views on privacy are largely based on dollars and sense, and even more so with respect to antitrust and fair or unfair competition. From the late 1970’s and 1980’s until very recently, the general view was that consumer prices were the lodestar. Absent predatory pricing, whatever market structure or practices conduced to the lowest prices to the consumer must, by definition, be acceptable. Over the last few years, that theorem has begun to be reexamined, and we expect that a new school of thought will soon emerge.

But it hasn’t yet, and like Phil poking his head out of his burrow to see his shadow, we predict to see several more years (at least) of furious argument, lobbying, and litigation before it does.

Meanwhile, we expect American businesses to adjust to life in an increasingly “silo’d” world in which data will be stored and used only locally, and not shared across state, national, or regional borders nearly as much as before – not because they must, but because they will find it more profitable than adjusting their business processes to the requirements of the most restrictive regulators.

---

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.

Previous
Previous

Sovereignty and the Need for Consensus Around “Data Privacy"

Next
Next

Facial Recognition: Heading in Two Directions at Once?