image missing
Date: 2024-10-19 Page is: DBtxt003.php txt00026533
NEWS
POLITICO Digital Bridge
Reporting April 10th 2024
Original article:
Peter Burgess COMMENTARY

Peter Burgess
POLITICO Digital Bridge ... POLITICO Digital Bridge

April 11th 2024 ... 7:36 AM

Written by MARK SCOTT

WELCOME BACK TO DIGITAL BRIDGE. I’m Mark Scott, POLITICO’s chief technology correspondent, and will be in Brussels on April 15-16, in part to interview European Commission digital and competition chief Margrethe Vestager. You can watch the livestream at 9:05 a.m. CET (or, sorry U.S. folks, 3:05 a.m. EDT) here.

If you want to grab a coffee while I’m in the Bubble, you know where to find me. ... Speaking of caffeine. Grab a brew and let’s get cracking:

Is the US Congress about to do the unthinkable?
  • — American lawmakers proposed comprehensive federal privacy legislation that, shockingly, may actually get approved.
  • — Efforts to boost transparency and accountability for social media are a clear example of how transatlantic digital policymaking should work.
  • — EU and U.S. competition officials sit down in Washington to talk shop on digital. Will this be their final meeting?
WHAT COMPREHENSIVE US PRIVACY RULES COULD LOOK LIKE

LATE LAST FRIDAY, RUMORS STARTED TO LEAK that a potential new bill from American lawmakers was about to be published, which would finally create a comprehensive national data protection regime in the United States. I — and everyone else in the privacy community — was taken aback. There had been repeated attempts to get some sort of U.S.-wide privacy regime in place for years. But now, only months away from the November election, Cathy McMorris Rodgers, a Republican congresswoman, and Maria Cantwell, a Democratic senator, dropped the so-called American Privacy Rights Act, or APRA. “This bipartisan, bicameral draft legislation is the best opportunity we’ve had in decades to establish a national data privacy and security standard,” the lawmakers — both heads of powerful committees whose approval is required to get such legislation passed — said in a statement.

There’s lots to unpack. But before we get into the wonkery of data minimization standards and what constitutes an algorithmic impact assessment, let’s start with the macro. I’ve covered U.S. privacy inertia for a decade. For me, this is the closest we’ve ever come to a legitimate law that meets both the political and policy standards. Sure, the proposals (see good summaries here, here and here) are still in draft — with a lot of political haggling ahead before a law can be passed by the end of the year. But the nexus of changing leadership in Congress; Washington’s focus on artificial intelligence policymaking; its similar interest in China and, particularly, TikTok’s data practices; and bipartisan urgency to protect kids online via tougher privacy standards, mean smoke signals are — finally — blowing in the right direction.

Let’s unpack some of that. Previous federal privacy legislative attempts like the American Data Privacy and Protection Act, or ADPPA, fell short because specific politicians, including Cantwell, believed they missed the mark. Others, mostly from California, worried a national law would unfairly preempt the Golden State’s own data protection laws. That political complexity has shifted, as lawmakers announced their retirement or lost power by falling into the minority. On top of that Beltway chatter, Washington’s keen policy interest in AI doesn’t work without robust privacy standards — something the White House is well aware of. The somewhat isolationist stance toward ByteDance, TikTok’s Chinese-linked parent company, seen via legislative efforts to force the sale of the popular social media platform, on data security grounds, equally made the case for nationwide rules. Finally, child online protection — something encapsulated by the Children and Teens’ Online Privacy Protection Act — fits neatly with this renewed push for comprehensive federal standards.

“Somehow, this feels quite different (to previous attempts at comprehensive privacy legislation,” Trevor Hughes, head of the International Association of Privacy Professionals, a trade group, told me. He rattled off many of the points above — noting, specifically, how much the political characters involved would not have proposed such landmark legislation in an election year if McMorris Rodgers and Cantwell hadn’t secured widespread political backing. “These two sponsors are so politically savvy and connected,” he added. “There is no way, in my mind, they would burn political capital or even waste the time to introduce a bill unless they thought something was possible.”

OK, so what’s in the draft bill? It hits many standards that wouldn’t be out of place in the European Union’s General Data Protection Regulation, which is the current de facto global standard. There’s an obligation on companies (including firms with at least $250 million in annual revenue) to collect people’s data only when necessary; be transparent about how that information is shared; and provide individuals with both the right to fix incorrect data and to remove it upon request. There are widespread opt-out provisions for those who don’t want to have their information collected, while — on the security front — the proposals create a nationwide repository of data brokers to boost oversight. Enforcement is split between a to-be-created unit within the U.S. Federal Trade Commission, U.S. state attorneys general and, to a limited degree, private lawsuits from individuals who can prove they were financially damaged by harmful data protection and collection practices.

The bill “protects individuals, not consumers,” Gabriela Zanfir Fortuna, vice president for global privacy at the Future of Privacy Forum, a Washington-based think tank, told me. “That’s a shift in philosophy in the U.S. because it looks at the impact of data processing on civil rights.” Previously, existing sectoral data protection standards — as well as aborted comprehensive federal privacy efforts — had viewed data protection via the prism of consumer protection. The new proposals, Zanfir Fortuna added, reframed that commercial relationship onto one based on fundamental rights.

Great, but will this actually become law? There are too many previous failed efforts to break out the Champagne — yet. Neither Republicans nor Democrats are 100 percent behind the proposals (I would argue that shows it’s a good compromise). Big Tech lobbying will inevitably portray it as bad for innovation, while privacy advocates will undoubtedly claim it doesn’t go far enough. In an election year where everything — and I mean everything — is political, who knows if staid privacy legislation won’t become another piñata in the U.S. culture wars. But surveying American privacy experts this week, I got a sense of hope — possibly fueled by desperation — that the APRA was on stronger ground than any bill that had preceded it. Does that mean it will become law? No. But we’re closer to U.S. comprehensive privacy legislation than at any time in the last 20 years.

HOW TO BEST USE EU-US TIES FOR DIGITAL RULEMAKING

BEHIND A CENTURIES’ OLD WALL IN A NONDESCRIPT OFFICE — well away from the glitzy photo ops of last week’s EU-U.S. Trade and Technology Council — a meeting got underway last Friday on the outskirts of Brussels that demonstrated why stronger ties between Washington and Brussels can have an impact. There, over a discussion that lasted a few hours and included a stop-by from Thierry Breton — the European internal market commissioner in charge of the EU’s new social media rules — academics, researchers and White House and European Commission officials swapped notes on how best to open up the black box that is social media to outside scrutiny. “The opinion of a lot of the researchers in the room was that there are a lot of new (transparency) programs coming online, largely because of the DSA,” said Brandon Silverman, co-founder of CrowdTangle. That’s a social media analytics tool owned by Meta used worldwide by transparency groups and, ahem, journalists to track what happens — at scale — on social media.

Silverman was at the meeting last week, and was referring to the Digital Services Act, Europe’s somewhat cumbersome — and unfinished — regulatory attempt to corral social media harms. Those rules include mandatory data access for outsiders to track what happens within these platforms. It was a bittersweet moment for Silverman, who has increasingly waded into thorny digital policy topics since leaving Meta. The tech giant just announced it would shut down CrowdTangle in August, and move such independent transparency work to a separate social media data access project overseen by the University of Michigan. Silverman heard about the pending closure while getting his three kids ready for the day at his house in California. “I was disappointed,” he told me. “Not disappointed they were shutting it down, that had been obvious for a while. But disappointed they were doing it in the middle of an election year and seemingly without realizing the full extent of the gaps between their replacement and CrowdTangle.”

Before you glaze over a topic that, for me, has become a geeky obsession, stay with me. I even co-authored an academic paper on it. What almost everyone agrees is that social media platforms remain closed off to most outside scrutiny, mostly because we don’t have quantifiable — and scaleable — evidence of what happens inside these walled gardens. Over the last two years, almost all of these companies have scaled back how outsiders access such information, either for academic research, civil society transparency or, for journalists like me, public accountability. More countries now want to pass some form of social media regulation. But the inability to understand what happens on these platforms will, inevitably, lead to bad policy. Only by getting under the hood of these networks — in ways that protect individuals’ privacy and free speech — can we, collectively, make good laws.

And that takes me back to the behind-the-scenes meeting between EU and U.S. academics and officials last week. Those in the room included Alex Engler, from the White House’s Office for Science and Technology Policy, and Rita Wezenbeek, director of platforms at the European Commission’s DG CONNECT unit. They published a report on how outsiders could currently access social media data and discussed the next steps in using the EU’s social media laws to hold companies to account for their obligatory requirements to open up to independent scrutiny. It’s fair to say these data access standards are a work in progress. But they could — and, for now, it’s only a “could” — give academics, civil society groups and the media a lifeline to better understand how these social media giants affect society.

For me, that’s where greater transatlantic cooperation comes in. So far, most — but not all — of this social media data access work has been run out of well-funded academic projects in the U.S., many of which have longstanding ties with the companies whose data they seek to collect. In contrast, EU groups have neither the money nor access upon which many of their U.S. counterparts can draw. But what these individuals do have — something that those in the U.S. are incredibly envious of — is mandatory data access provisions, baked into law. It potentially offers a collective opportunity that brings together the breadth of technical expertise and financing back of U.S. experts with the cultural and linguistic understanding and regulatory muscle of those based in the EU.

Let me give you an example. Currently, X, formerly known as Twitter, has made it almost impossible for outsiders to access its once universally praised data “firehose” for outside scrutiny. Yet under an ongoing investigation into these practices by Brussels, Elon Musk’s social media giant may be forced to reopen those transparency tools. That could benefit researchers on both sides of the Atlantic — given that Europe’s social media data access rules allow those outside of the EU to use them, as long as they can show a tie to the 27-country bloc.

The meeting in Leuven demonstrates how EU-U.S. cooperation on digital policymaking can work — well beyond the flashy lights of press conferences and lavish banquets. It’s the grubby “meat and potatoes” policy efforts that, for me, are why the Trade and Tech Council has been a success. It’s also a clear sign why social media data access remains crucial to effective digital rulemaking — and how the upcoming demise of CrowdTangle will leave a massive hole to fill. “I think it’s pretty embarrassing,” Frances Haugen, the Facebook whistleblower, told me when I asked her about CrowdTangle’s demise. “The thing that we should be talking about Crowdtangle is: what is Meta hiding? If things weren’t that bad, why would you shut it down?”

BY THE NUMBERS

infographic



WHEN WASHINGTON AND BRUSSELS TALK ANTITRUST

WHEN IT COMES TO CATCHY NAMES, THE SO-CALLED Joint Technology Competition Policy Dialogue, or JTCPD, as no one calls it, does not roll off the tongue. But that entity — compromising Lina Khan, head of the U.S. Federal Trade Commission; Jonathan Kanter, assistant attorney general for antitrust in the U.S. Department of Justice; and Margrethe Vestager, the EU’s competition czar — will meet Thursday in Washington in what may be the final iteration of this stepchild of the EU-U.S. Trade and Technology Council.

These biannual meetings are supposed to be a talking shop for competition regulators focused on digital matters. It doesn’t include formal information-sharing on specific cases, like the Department of Justice’s recent wide-reaching lawsuit against Apple. But you can be sure, amid bad coffee and even worse U.S. government-bought pastries, officials will swap informal notes about how their separate cases are going.

As I laid out last week, Washington is rerunning many of the digital antitrust themes that began in Brussels. They may have more luck, even as the EU has shifted toward tackling potential competition issues before they harm consumers. The key question now is: Will these meetings continue if or when Kanter, Khan and Vestager are no longer in post?

WONK OF THE WEEK

THIS WEEK, WE’RE GOING MORE FOR A TREND than a particular wonk. Over the last year, Ireland’s Coimisiún na Meán — the country’s media regulator and arguably a key player in charge of implementing Europe’s new social media legislation — has hired scores of regulatory experts from across the EU and, interestingly, poached officials from its British counterpart, the Office of Communications.

That includes Aidan O’Sullivan, former head of cabinet of European Ombudsman Emily O’Reilly, becoming the regulator’s director of user engagement. Maria Donde, formerly head of international content policy at Ofcom, joined last month as the regulator’s director of international relations.

The agency also has tapped heavily into Dublin’s role as headquarters for many tech giants. That includes Wayne Moroney, a former Twitter executive, as its director of platform supervision; Flore Bouhey Dwan, an ex-Google and Twitter official, as its director for digital services; and Anne-Marie Pollock, a former Meta compliance expert, as its director of policy, democracy and fundamental rights.

THEY SAID WHAT, NOW?

“I’ll support commonsense bipartisan steps to take one of Beijing’s favorite tools of coercing and espionage off the table,” said Republican Mitch McConnell, the U.S. Senate’s minority leader, after backing legislative proposals to force ByteDance’s sale of TikTok on national security grounds.

WHAT I’M READING

— HuggingFace, the AI startup, outlined what information it had provided to policymakers, including its responses to legislative requests in the U.S., the EU and the U.K. More here.

— The U.S. Department of Commerce and TSMC, the Taiwanese semiconductor giant, announced a preliminary $6.6 billion subsidy deal as part of the company’s $65 billion investment in Arizona.

— Vestager, Europe’s digital and competition chief, had strong words for how China had not always played fair in the global arena to promote its own economic security interests. Here’s her speech from an event at Princeton University.

— Meta’s approach to how it labels AI-generated content on its platforms raises a number of questions, including how it will make such determinations and why it won’t remove potential problematic content, argues Claes de Vreese, a professor at the University of Amsterdam.

— Tech Hive Advisory put together a regulatory overview of how 55 African countries are approaching policymaking around artificial intelligence and data protection. Take a look.

— Canada announced more than $2 billion in investment for homegrown artificial intelligence projects, including about $50 million for the country’s AI Safety Institute. More here.

SUBSCRIBE to the POLITICO newsletter family: Brussels Playbook | London Playbook | London Playbook PM | Playbook Paris | EU Election Playbook | Berlin Playbook | Global Playbook | POLITICO Confidential | Sunday Crunch | EU Influence | London Influence | Digital Bridge | China Watcher | Berlin Bulletin | D.C. Playbook | D.C. Influence | All our POLITICO Pro policy morning newsletters

SITE COUNT Amazing and shiny stats
Copyright © 2005-2021 Peter Burgess. All rights reserved. This material may only be used for limited low profit purposes: e.g. socio-enviro-economic performance analysis, education and training.