Europe: the Web’s Last Hope?

This is an excerpt from the latest book I am writing, entitled: Wild Wild Web – what the history of the Wild West teaches us about the future of the Digital Society. Comments are welcome.

It’s not all bad news for the Web these days. In a dossier compiled in May for the Washington Post, authors Tony Romm, Craig Timberg and Michael Birnbaum voice their belief that “Europe, not the U.S., is now the most powerful regulator of Silicon Valley“, an impression that is rapidly solidifying.

• In June 2018 the British government imposed a maximum fine of half a million Pounds on Facebook for failing to adequately protect its users’ data, thus allowing Cambridige Analytica to use information about 87 million Facebookers to create voter profiles which they sold to the Trump campaign.
• In 2017, the EU Commission pronounced a penalty of 110 million Euros against Facebook for illegally combining their user data with those of their subsidiary WhatsApp and then lying about it.
• The same year, it was Google’s turn. The search giant was forced to pay a recordbreaking fine of 2.42 billion Euros for abusing its market power to rank its own ads above those of competitors.
• A few months later the EU Commission decreed that Amazon must pay 250 million Euros in back taxes because of an illegal deal they struck with authorities in Luxembourg.
• Again in autumn 2017, the EU Commission took its member state, Ireland, to task for allowing Apple to save an estimated 13 billion Euros through a special tax loophole created for them. Ireland has appealed this sentence to the European High Court.

And it’s not just GAFA who must fear the might of Europeans which, after all, is the world’s second-largest economic zone with some 510 million inhabitants and a GDP of 17 billion Dollars. Uber, for instance, was recently sentenced to fines of 800,000 Euros each in France and Germany. And AirBnB faces a growing spate of legal actions by local authorities from Berlin to Barcelona and Mallorca, where owners are facing still fines if they are caught renting the apartments to tourists and other short-term occupants, given the scarcity of affordable housing in these popular places.

But it is in the realm of privacy and data protection where Europe is showing Americans the way to go. In May 2014, the European High Court ruled that individual have the right, under certain circumstances, to demand that search engine links concerning them must be permanently deleted. This “Right to be Forgotten” is aimed primarily at old snippets of news that have long become irrelevant, but live on forever online, causing embarrassment or even harm to people who thought they had put all that behind them long ago. Activists in Europe are demanding that all online information be given a “use before”-date, after which they will automatically be deleted.

The Right to be Forgotten is now enshrined in the new European GDPR, or General Data Protection Regulation, which went in force in May and is now part of the common law in all EU countries. It expressly requires companies to seek the approval of users and customers before storing or processing their personal information (the so-called “opt-in” principle) – unlike the U.S., which generally uses the “opt-out” principle which means that users must actively forbid companies to use their data.

The guy whose guts GAFA loves to hate

Max Schrems, an Austrian who was born in Salzburg but now lives in Vienna, is probably the guy U.S. tech companies love to hate most. He has a PhD in corporate law and he has been suing them now for years, often successfully. In 2015, the European High Court ruled in his favor by declaring the “Safe Harbor” agreement between the United States and Europe to be illegal. Safe Harbor gave companies the right to move personal data from European territory to the U.S., but only to certain servers that were considered “safe”. Schrems was able to prove that, in fact, at least nine big American tech companies, including Microsoft’s subsidiary Skype, Google, YouTube, Facebook, Yahoo, Apple, AOL, had provided the U.S. spy agency NSA with backdoors which gave them unfettered access to data from millions of EU citizens.

In 2014, Schrems unsuccessfully tried to file a class-action suit against Facebook and actually got 25,000 claimants to sign on but was dismissed by the European High Court on procedural grounds.

For his unceasing efforts on behalf of digital human rights, Schrems was awarded the Pioneer Award by the Electronic Frontier Foundation. Last year, Schrems founded noyb, which stands for None Of Your Business, a non-profit organization that bills itself as the “European Center for Digital Rights”. It’s aim is to force Tech companies to abide by European data protection and privacy norms. To do this, noyb collects donations to fund a series of class-actions against those who misuse personal information.

The GDPR will almost certainly reshape the online world as we know it today. “Ironically, many Americans are going to find themselves protected from a foreign law”, says Rohit Chopra, the new commissioner at the Federal Trade Commission, which for years has been the federal government’s most aggressive privacy regulator. And several American consumer advocates are threatening to turn to European courts in their fights against the biggest American tech companies such as Amazon, Facebook, Google, and Microsoft, forcing them to change their business practices not only there, but at home in the U.S. as well.

“The path to privacy in the United States has to be fought through Europe, Jeff Chester, executive director of the Center for Digital Democracy, is quoted as saying be the Washington Post.

So, will Europe set the standards for privacy and data protection for the rest of the world to follow? Aildh Callandar, head of the British NGO Privacy International, believes so. While American companies operate branches in Europa (and pay millions to lobbyists in Brussels), their clout on this side of the Atlantic is much smaller than back home where the current administration seems keener on dismantling existing regulatory frameworks that creating new ones.

“Europe is now a preview of coming attractions in the United States, and as each day goes by, people are growing increasingly concerned about their privacy”, said Senator Eduard J. Markey (D-Mass.) according to the Post.  Public policy, he believes, will have no choice but to play catch-up with the Europeans to meet their domestic public’s demands.

And don’t let’s forget that under the American federalist system, individual states have a mighty word to say about all this. California experienced its first Gold Rush back in 1848, bringing hundreds of thousands flocking to the valley of the Sacramento. Today, the gold diggers are being drawn to Silicon Valley, so when California passed its Consumer Privacy Act A.B.375 a few weeks ago, the shot was heard around the world. For the first time, citizens of California, at least, will enjoy the kind of data protection and privacy regulation Europeans have long become accustomed to, including forcing companies to disclose which information they are collecting and why. Finally, users can demand that certain personal information must be deleted, and they can opt out of allowing the sale of their data. And perhaps most importantly, users must be given access the personal information in a “readily useable format” that enables its transfer to third parties without hindrance, which may eventually force tech companies to embrace open API standards.

Could this be the beginning of a bright new day for privacy and data protection in America? Will more and more states follow California’s lead and raise their standards? And will America one day, maybe when the ongoing nightmare of the current administration is only a distant memory, finally move to adapt legal norms and protection which inhabitants of the Old World of Europe have long enjoyed? We’ll see…