Sunday

2nd Apr 2023

Brussels Bytes

Some EU regulators still don't get internet economics

  • The General Data Protection Regulation and the ePrivacy Regulation will go into effect throughout the EU in May 2018.

While the EU's new data protection rules present a threat to the European digital economy, recent actions by regulators in some member states remind us why EU-wide rules still cannot come soon enough.

Last month, the Belgian Privacy Commission (CPVP) alleged that US tech giant Facebook does not follow the strict consent requirements in Belgian privacy law and therefore should stop collecting personal data for advertising - in effect, calling for the courts to cut off access to one of the most useful online advertising platforms for Belgian businesses.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • The Belgian Privacy Commission has filed a case against Facebook, claiming that the internet giant does not follow the strict consent requirements in Belgian privacy law. (Photo: portal gda)

While the case appears unlikely to succeed given that Belgian courts have rejected similar claims in the past, it is nevertheless the latest evidence that if the EU is serious about both building a digital single market and becoming a hub for the internet economy, it needs national lawmakers and regulators to commit to reasonable and consistent union-wide rules for targeted online advertising.

CPVP vs Facebook

The case against Facebook is unlikely to succeed because the company has done nothing wrong.

European courts have repeatedly ruled that data processors operating inside the EU should follow the rules of the EU member state in which they are registered; only those operating outside the EU can face legal challenges in each member state where they have customers.

Facebook, in this case, is registered in Ireland and fully complies with Irish data privacy rules.

A Belgian appeals court rejected a CPVP demand last year that Facebook stop using a particular cookie for this very reason. The Hamburg Privacy Commissioner lost a legal battle in the German courts over Facebook's policy of requiring account holders use their real names for the same reason.

Moreover, the already dubious lawsuit appears to be just for show, as the General Data Protection Regulation (GDPR) and the ePrivacy Regulation will go into effect throughout the EU in May 2018, which means new European regulations will replace both Belgian and Irish privacy law within a matter of months.

The new ePrivacy rules for advertising are still taking shape, but look set to put the onus for establishing consent on browsers rather than individual websites, so even if the CPVP were to win its case, the new rules would quickly render it moot by next spring.

While this case is unlikely to succeed, it is still troubling because it shows how regulators in some member states have no interest in building the European digital single market.

The digital single market cannot function if each member state insists on its own data handling policies, because online services, both European and foreign, would be subject to 28 different sets of rules.

The new EU regulations will resolve most intra-EU conflicts over data protection rules, but if policymakers in member states are not fully onboard with the goal of creating a digital single market, they will find many other opportunities to sabotage it with conflicting national laws, regulations, and enforcement actions, such as in the use of artificial intelligence (AI) or free speech online.

Understanding basic internet economics

In addition, the case is a reminder that some European policymakers still do not understand the fundamentals of the internet economy.

The CPVP suit would severely curtail the use of targeted online advertising, which funds virtually all of the free content and services European users access online, because it would make it illegal for websites to collect advertising data until they obtain affirmative consent for each instance of data collection.

In practice, this would mean users might have to click through consent requests before they can access an ad-support website, which is where users spend the majority of their time: over 75 percent of the top 10,000 sites on the internet use ad-tracking technologies.

Similarly, four out of five free mobile apps use advertising for their business model.

Removing this source of income would significantly compromise innovations to free apps and websites, particularly those operated by European small businesses.

Web users have grown accustomed to enjoying a wide variety of online services that cost them nothing. Online advertising allows them to interact with a far wider variety of online services than they are ever likely to pay for. Rather than limit themselves to one news subscription, for example, readers can compare a variety of perspectives, including from high-quality broadsheets that support their online work through personalised ads.

If European policymakers stifle this means of remuneration, then - at best - digital services in the EU will be subsidised by profits from outside it, making it even harder for European digital companies to grow and compete with rivals in America and Asia.

Protecting the digital economy

Policymakers do not have to make a trade-off between users' fundamental right to privacy and protecting the digital economy.

Users who dislike Facebook's use of targeted ads or its practice of collecting data from visitors to third-party websites can opt-out whether they have accounts or not, or can block ads altogether using ad-blockers. Any website that depends on advertising can, in turn, prevent free-riding by denying access to people using ad-blockers and asking them to whitelist the site.

The European Commission's latest draft of the ePrivacy Regulation would establish blanket affirmative consent by forcing users to adjust their browser settings the first time they go online. Unlike the current Belgian rules, this method would not require websites to seek consent from users whose browser settings already allow tracking.

Although EU-wide rules are preferable to 28 different ones, the ePrivacy proposal still poses a problem because it would lead more users to block tracking, which would in turn force ad-supported websites to prevent free-riding by putting up barriers that ask users to either allow targeted ads or pay.

Web users in the EU are already familiar with the annoying cookie notification banners, but the new rules would replace those with barriers that users have to respond to in order to access websites, making the internet a more sluggish and irritating place for everyone.

European policymakers - whether in the Palais de la Nation or the Espace Leopold - need to understand the basic economics of the internet.

If the EU intends to build a digital single market that is home to the next generation of tech companies, it still has a long way to go to educate national policymakers about the value of consistent European policies that allow the businesses in all sectors to take advantage of online advertising.

Nick Wallace is a Brussels-based senior policy analyst at the Centre for Data Innovation. His Brussels Bytes column deals with the digital single market and data-related policy issues in the European Union. Daniel Castro is the director of the Centre for Data Innovation and vice-president of the Information Technology and Innovation Foundation.

Austrian privacy case against Facebook hits legal snag

Austrian privacy campaigner Max Schrems may sue Facebook Ireland in an Austrian court but won't be able to pursue a class action suit in Austria, according to a non-binding opinion by a top EU court advisor.

Privacy rules to create jobs, EU data chief says

Giovanni Buttarelli, the European data protection supervisor, says e-privacy reforms open up new job opportunities for small businesses in Europe and asks EU lawmakers to endorse the proposal in a vote on Thursday.

Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

EU policymakers need to clarify that the e-privacy should not apply to most Internet of Things devices. The current proposal require explicit user consent in all cases - which is not practical.

Opinion

Big Tech's attempt to water down the EU AI act revealed

The launch of ChatGPT has sparked a worldwide debate on Artificial Intelligence systems. Amidst Big Tech's proclamations that these AI systems will revolutionise our daily lives, the companies are engaged in a fierce lobbying battle to water-down regulations.

Latest News

  1. EU to press South Korea on arming Ukraine
  2. Aid agencies clam up in Congo sex-for-work scandal
  3. Ukraine — what's been destroyed so far, and who pays?
  4. EU sending anti-coup mission to Moldova in May
  5. Firms will have to reveal and close gender pay-gap
  6. Why do 83% of Albanians want to leave Albania?
  7. Police violence in rural French water demos sparks protests
  8. Work insecurity: the high cost of ultra-fast grocery deliveries

Stakeholders' Highlights

  1. EFBWWEFBWW calls for the EC to stop exploitation in subcontracting chains
  2. InformaConnecting Expert Industry-Leaders, Top Suppliers, and Inquiring Buyers all in one space - visit Battery Show Europe.
  3. EFBWWEFBWW and FIEC do not agree to any exemptions to mandatory prior notifications in construction
  4. Nordic Council of MinistersNordic and Baltic ways to prevent gender-based violence
  5. Nordic Council of MinistersCSW67: Economic gender equality now! Nordic ways to close the pension gap
  6. Nordic Council of MinistersCSW67: Pushing back the push-back - Nordic solutions to online gender-based violence

Join EUobserver

Support quality EU news

Join us