Friday

13th Dec 2019

Column / Brussels Bytes

Some EU regulators still don't get internet economics

  • The General Data Protection Regulation and the ePrivacy Regulation will go into effect throughout the EU in May 2018.

While the EU's new data protection rules present a threat to the European digital economy, recent actions by regulators in some member states remind us why EU-wide rules still cannot come soon enough.

Last month, the Belgian Privacy Commission (CPVP) alleged that US tech giant Facebook does not follow the strict consent requirements in Belgian privacy law and therefore should stop collecting personal data for advertising - in effect, calling for the courts to cut off access to one of the most useful online advertising platforms for Belgian businesses.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 20 years of archives. 30-day free trial.

... or join as a group

  • The Belgian Privacy Commission has filed a case against Facebook, claiming that the internet giant does not follow the strict consent requirements in Belgian privacy law. (Photo: portal gda)

While the case appears unlikely to succeed given that Belgian courts have rejected similar claims in the past, it is nevertheless the latest evidence that if the EU is serious about both building a digital single market and becoming a hub for the internet economy, it needs national lawmakers and regulators to commit to reasonable and consistent union-wide rules for targeted online advertising.

CPVP vs Facebook

The case against Facebook is unlikely to succeed because the company has done nothing wrong.

European courts have repeatedly ruled that data processors operating inside the EU should follow the rules of the EU member state in which they are registered; only those operating outside the EU can face legal challenges in each member state where they have customers.

Facebook, in this case, is registered in Ireland and fully complies with Irish data privacy rules.

A Belgian appeals court rejected a CPVP demand last year that Facebook stop using a particular cookie for this very reason. The Hamburg Privacy Commissioner lost a legal battle in the German courts over Facebook's policy of requiring account holders use their real names for the same reason.

Moreover, the already dubious lawsuit appears to be just for show, as the General Data Protection Regulation (GDPR) and the ePrivacy Regulation will go into effect throughout the EU in May 2018, which means new European regulations will replace both Belgian and Irish privacy law within a matter of months.

The new ePrivacy rules for advertising are still taking shape, but look set to put the onus for establishing consent on browsers rather than individual websites, so even if the CPVP were to win its case, the new rules would quickly render it moot by next spring.

While this case is unlikely to succeed, it is still troubling because it shows how regulators in some member states have no interest in building the European digital single market.

The digital single market cannot function if each member state insists on its own data handling policies, because online services, both European and foreign, would be subject to 28 different sets of rules.

The new EU regulations will resolve most intra-EU conflicts over data protection rules, but if policymakers in member states are not fully onboard with the goal of creating a digital single market, they will find many other opportunities to sabotage it with conflicting national laws, regulations, and enforcement actions, such as in the use of artificial intelligence (AI) or free speech online.

Understanding basic internet economics

In addition, the case is a reminder that some European policymakers still do not understand the fundamentals of the internet economy.

The CPVP suit would severely curtail the use of targeted online advertising, which funds virtually all of the free content and services European users access online, because it would make it illegal for websites to collect advertising data until they obtain affirmative consent for each instance of data collection.

In practice, this would mean users might have to click through consent requests before they can access an ad-support website, which is where users spend the majority of their time: over 75 percent of the top 10,000 sites on the internet use ad-tracking technologies.

Similarly, four out of five free mobile apps use advertising for their business model.

Removing this source of income would significantly compromise innovations to free apps and websites, particularly those operated by European small businesses.

Web users have grown accustomed to enjoying a wide variety of online services that cost them nothing. Online advertising allows them to interact with a far wider variety of online services than they are ever likely to pay for. Rather than limit themselves to one news subscription, for example, readers can compare a variety of perspectives, including from high-quality broadsheets that support their online work through personalised ads.

If European policymakers stifle this means of remuneration, then - at best - digital services in the EU will be subsidised by profits from outside it, making it even harder for European digital companies to grow and compete with rivals in America and Asia.

Protecting the digital economy

Policymakers do not have to make a trade-off between users' fundamental right to privacy and protecting the digital economy.

Users who dislike Facebook's use of targeted ads or its practice of collecting data from visitors to third-party websites can opt-out whether they have accounts or not, or can block ads altogether using ad-blockers. Any website that depends on advertising can, in turn, prevent free-riding by denying access to people using ad-blockers and asking them to whitelist the site.

The European Commission's latest draft of the ePrivacy Regulation would establish blanket affirmative consent by forcing users to adjust their browser settings the first time they go online. Unlike the current Belgian rules, this method would not require websites to seek consent from users whose browser settings already allow tracking.

Although EU-wide rules are preferable to 28 different ones, the ePrivacy proposal still poses a problem because it would lead more users to block tracking, which would in turn force ad-supported websites to prevent free-riding by putting up barriers that ask users to either allow targeted ads or pay.

Web users in the EU are already familiar with the annoying cookie notification banners, but the new rules would replace those with barriers that users have to respond to in order to access websites, making the internet a more sluggish and irritating place for everyone.

European policymakers - whether in the Palais de la Nation or the Espace Leopold - need to understand the basic economics of the internet.

If the EU intends to build a digital single market that is home to the next generation of tech companies, it still has a long way to go to educate national policymakers about the value of consistent European policies that allow the businesses in all sectors to take advantage of online advertising.

Nick Wallace is a Brussels-based senior policy analyst at the Centre for Data Innovation. His Brussels Bytes column deals with the digital single market and data-related policy issues in the European Union. Daniel Castro is the director of the Centre for Data Innovation and vice-president of the Information Technology and Innovation Foundation.

Austrian privacy case against Facebook hits legal snag

Austrian privacy campaigner Max Schrems may sue Facebook Ireland in an Austrian court but won't be able to pursue a class action suit in Austria, according to a non-binding opinion by a top EU court advisor.

Privacy rules to create jobs, EU data chief says

Giovanni Buttarelli, the European data protection supervisor, says e-privacy reforms open up new job opportunities for small businesses in Europe and asks EU lawmakers to endorse the proposal in a vote on Thursday.

Column / Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

EU policymakers need to clarify that the e-privacy should not apply to most Internet of Things devices. The current proposal require explicit user consent in all cases - which is not practical.

News in Brief

  1. Slovenia, Croatia ex-leaders highlight jailed Catalans
  2. Italian court tells Facebook to reopen fascist party's account
  3. EU extends sanctions on Russia until mid-2020
  4. UK exit poll gives Johnson majority of 86
  5. Orban: 'financial guarantees' to reach climate neutrality
  6. Merkel hopes EU leaders agree 2050 climate-neutrality
  7. Czech PM: nuclear energy needed for climate neutrality
  8. Hungary: Climate target is burden, EU should help

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Stakeholders' Highlights

  1. Nordic Council of Ministers40 years of experience have proven its point: Sustainable financing actually works
  2. Nordic Council of MinistersNordic and Baltic ministers paving the way for 5G in the region
  3. Nordic Council of MinistersEarmarked paternity leave – an effective way to change norms
  4. Nordic Council of MinistersNordic Climate Action Weeks in December
  5. UNESDAUNESDA welcomes Nicholas Hodac as new Director General
  6. Nordic Council of MinistersBrussels welcomes Nordic culture

Latest News

  1. Huge win for Conservatives in UK election
  2. Behind bars: a visit to an imprisoned Catalan politician
  3. Leaders agree 2050 climate neutrality - without Poland
  4. EU leaders cagey on 'Future of Europe' conference
  5. Pressure mounts to grill Malta's Muscat at EU summit
  6. Revealed: little evidence to justify internal border checks
  7. Europe needs to make mind up on relations with Africa
  8. Leaders face crucial EU summit for climate action

Stakeholders' Highlights

  1. UNESDAUNESDA appoints Nicholas Hodac as Director General
  2. UNESDASoft drinks industry co-signs Circular Plastics Alliance Declaration
  3. FEANIEngineers Europe Advisory Group: Building the engineers of the future
  4. Nordic Council of MinistersNew programme studies infectious diseases and antibiotic resistance
  5. UNESDAUNESDA reduces added sugars 11.9% between 2015-2017
  6. International Partnership for Human RightsEU-Uzbekistan Human Rights Dialogue: EU to raise key fundamental rights issues

Join EUobserver

Support quality EU news

Join us