23 May 2019 (Brussels, BE) – As Tom Clark, editor of Prospect Magazine, noted in his blog last weekend:
Mendacity and caprice have always been found in politics, yet until recently there was a certain price to be paid. But no longer perhaps, and not only because of Donald Trump. Around the world, from Jair Bolsonaro in Brazil to Viktor Orbán in Hungary, a shameless new form of governance is on the march.
We know it, we feel it. It trades in feelings not facts, nostalgia not progress, grievances not solutions, and chauvinism rather than co-operation. From behind a cover of ancient hatreds and hyped-up modern threats, it disdains established processes and norms, and manuvers itself into a position where ordinary rules do not apply.
But populism might have a profound affect on the world that many of my readers inhabit – technology. And, specifically, the ePrivacy Regulation (ePR). Because as important as the new General Data Protection Regulation (GDPR) may seem to be … at least to law firms and legal technology vendors who can sell all kinds of compliance services and stuff now that it is “live” and celebrating its first birthday … for most corporations, especially the tech industry, the biggest issue is going to be the interplay between the still-to-be-finalized ePR and the GDPR. And that’s due to a few big reasons:
1. The biggie (little discussed and the main topic of this post), are the Euroskeptic forces likely arriving in strength (expected to seize 250 seats out of the total 751 seats) at the European Parliament after the elections this week (May 23-26), and it has made the tech community nervous. The concern is not so much about what these populist lawmakers, Euroskeptic far-right parties have planned, it’s that their agenda is largely unknown. But in the election campaigns they have been the most vocal and their views disseminated most widely on tech-related matters, ranging from digital industry to platform censorship, privacy and artificial intelligence.
2. The negotiations over the ePR are getting bogged down over issues of the competences, tasks and powers of data protection authorities over processing issues of personal data, and what belongs as a “national” competence and not an “EU” competence. So you have the GDPR and the current draft of the ePR in conflict.
3. The ePR was originally intended to come into effect on the same date as the GDPR, to form a comprehensive package, but progress was stalled because of an issue more important to the tech companies than anything in the GDPR … how consent for cookies is obtained, the life blood of the advertising/digital media industry. And now, rather than the comprehensive package hoped for, the drafters struggle to bring ePR fines and process in line with those under GDPR.
The background
We all know this: the objective of the GDPR is to protect fundamental rights and freedoms of natural persons with regard to the processing of personal data and the free movement of personal data within the EU.
By contrast, the ePR seeks to safeguard the right to privacy and confidentiality in the electronic communications sector, as well as the free movement of personal data and of electronic communications equipment and services in the EU.
You see the problem: there are many types of processing activities that may fall within the scope of both legal instruments. This past Tuesday, the committee tasked with drafting the ePrivacy Directive put out an internal progress report (it was not made public but a source gave me a copy). It details the many elements of the ePR that conflict with the GDPR, the failure of the ePR to deal with new technologies, in particular in the context of Machine-to-Machine communication, the Internet of Things and Artificial Intelligence in general.
Next week I will discuss this “progress report” and points #2 and #3 above in greater detail, using Ireland’s just-announced probe of Google (perfect timing) because that probe will show you the complexity of applying the GDPR to “behaviorally” targeted advertising, the systems that select what advertising to show you, and the way adtech broadcasts personal data to hundreds or thousands of companies – what the GDPR (and ePR) are ostensibly meant to protect against.
And given my extensive work with the advertising/digital media industry vis-a-vis the GDPR, I will tap into my knowledge base and give you the nuts and bolts of how these “broadcasts” send out information such as:
● What you are reading or watching
● Your location
● A description of your device
● Your IP address
● Your “Data broker segment ID” which could denote things like your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.
Yes, Ireland’s willingness to crack down on the companies that dominate its economy has long been questionable. No news here. In Ireland it is the appearance of an investigation rather than the substance of one. Let’s see how this Google case plays out. Because it is a very complicated technology process for a regulator to understand.
The Euroskeptic plan for tech: “O tempora o mores”!
The Euroskeptic plan for tech Euroskeptic parties disagree on many things tech-related — except for the desire to say whatever they want online. With Euroskeptic forces likely arriving in force at the European Parliament after the election this week, the tech community is getting nervous. And as I noted, the concern is not so much about what populist lawmakers – this week’s polling showed that Euroskeptic far-right parties are expected to seize 250 seats – have planned. It’s that their agenda is largely unknown.
The Financial Times, Politico, and several EU political think tanks (plus my own team) fanned out to speak to campaigners and strategists for Euroskeptic groups around the bloc (one of my team member, Catarina Conti, actually read a stack of election programs, bless her heart) on tech-related matters ranging from digital industry to platform censorship, privacy and artificial intelligence, to the GDPR an the ePR.
First, reality check: technology is not the primary focus of most Euroskeptic parties. Whether or not Europe will restore its position as a technological force to be reckoned with on the world stage is far less important to them than, say, migration or the EU’s perceived intrusions into national affairs. As many told us “listen, we are going to be squashed by the Americans and the Chinese. That’s reality”. As Johan Bjerkem, a policy analyst at the European Policy Centre, said tech and digital policy “are not something that workers would advocate for, and that’s, really, these parties’ core electorate”.
BUT … when you get into the weeds and chat with them (beers at a pub work wonders) technology does appear on the Euroskeptics’ agenda insofar as it touches on other priorities. One is nationalism, which is shared by nearly all anti-EU groups and is piqued by the power and dominance of U.S. technology firms. Another is an attachment to free speech — or the ability to be able to communicate cheaply, freely and on a massive scale thanks to social media platforms like Facebook or YouTube.
The result is sometimes an odd combination: calling for Silicon Valley to pay more tax and respect EU cultures and languages, while fiercely defending American platforms’ role as passive hosts for content. In any case, a big change: they want to set the policy on the national, not the EU, level. To many, “the GDPR is a crock. Nations are better able to better anticipate the development of new technologies when they are not constrained by the EU framework”.
But then the unity breaks down. Records of their votes on complex debates such as privacy and copyright underscor how deeply Euroskeptic parties may diverge when the policies under debate have an impact on national interests, offering a hint of where such divergences could surface in coming years. It is clearly having an effect on the drafting of the ePR. In other words, friction between nationalists on key tech issues is more than likely. Nationalist parties would prefer to develop their own key technologies in member states. To have a common European approach is not something that would interest them.
One really interesting point. Jack Massey of Politico did a five year analysis of voting behavior in the European Parliament and it shows that Euroskeptic parties, on the whole, are very wary of any effort to regulate content on social media, even when the content in question is terrorist propaganda. But that common front collapses over an issue such as online copyright reform, or efforts to strengthen data protection rules. We see it in the press every day: Euroskeptic parties try to pitch themselves as the defenders of civil liberties, opposing a European Union sold to U.S. and corporate interests.
And I actually pulled out the transcripts of the Mark Zuckerberg grilling when he appeared before several EU parliamentary bodies and read through them (I know, too much time on my hands) and:
– Politicians from mainstream groups grilled Mark Zuckerberg on privacy scandals and tax rates in Europe.
– Euroskeptic leaders had a different concern: online censorship.
Oh, my favorite line. Nigel Farage at the European Parliament committee meeting grilling Mark Zuckerberg: “I’m your best client in the room. But I feel conservative commentators are willfully discriminated against.”
If you read the American political pundits on all of this, they have a collective view (more or less) that in their general attitudes toward big tech companies, European populists are taking many of their cues from the U.S. They see alt-right activists, echoed by Republican lawmakers and even Trump himself, expressing dismay over a perceived liberal bias among tech companies, which they accuse of unfairly censoring right-wing content, and they pick up on this. European nationalist parties are on the same page, sharing the fear of censorship for right-wing ideas … often quoting the U.S. far-right verbatim. So it’s little surprise EU populist groups tend to rely more heavily on social media to amplify their message than mainstream or traditional groups, with recent data showing that far-right groups in France and Germany post far more on Facebook than their mainstream rivals, dominating debates about the European election.
Any political pushback on platform regulation could make it harder for Europe’s mainstream to pass laws forcing platforms to more closely monitor and police the content their users post – a key policy fight for the next few years. In April, a majority of MEPs from the Euroskeptic block voted against the European Commission’s legislative proposal to tackle terrorist content online, even if combating Islamic terrorism is high on their political agenda, arguing it could stifle free speech.
GDPR
And online privacy and the GDPR? Divisions reign. In October last year, the Euroskeptics were split in a European Parliament vote on a resolution slamming Facebook for the Cambridge Analytica scandal. According to the National Rally (Le Pen’s group) members, who voted in favor of the resolution, the GDPR is positive legislation. But said a spokeman:
The data of French citizens would be even more protected if it stayed on French soil. We need to change that. One of the challenges is to ensure French data are stored as much as possible in France, and European data in Europe. It’s a matter of sovereignty. And the problem is tech platforms are in a position to set their own rules. They’re sneaky bastards.
For other Euroskeptic parties, anti-EU sentiment trumps data protection. The Alternative for Germany, whose European Parliament election manifesto criticizes EU bureaucracy, calls for:
the immediate abolition of the GDPR and a return to national laws. The reform has not hit the big, but the small businesses.
Tech nationalism
And generally, as regards tech nationalism, Euroskeptic parties see Europe is losing the technology race to the United States and China. The lack of leading European tech companies is actually specifically mentioned in the political programs of Spain’s Vox, the Alternative for Germany and Austria’s Freedom Party, among others. They are suspicious of American tech giants because they are supranational entities that cannot be controlled.
Europe falling behind on tech is perceived as a loss of sovereignty to the benefit of foreign powers. The Alternative for Germany wants to strengthen the screening of Chinese foreign investment in strategic technologies — an idea also echoed by mainstream politicians, such as France’s Emmanuel Macron and the European Commission’s Jean-Claude Juncker.
BUT … Euroskeptics don’t perceive the European Union as the appropriate level of action to bring Europe back in the tech game. As one told me “for centuries internal competition has been the engine of innovation in Europe. Diversity in tech is key, though project-based cooperation between countries could help scale up. We do not want to do everything with 28 member states. But four or five European countries can get together to work on areas such as cybersecurity or 5G.”
Ok, enough. I’m off to vote. Time to ….
