Tuesday

24th May 2022

Brussels Bytes

Some EU regulators still don't get internet economics

  • The General Data Protection Regulation and the ePrivacy Regulation will go into effect throughout the EU in May 2018.

While the EU's new data protection rules present a threat to the European digital economy, recent actions by regulators in some member states remind us why EU-wide rules still cannot come soon enough.

Last month, the Belgian Privacy Commission (CPVP) alleged that US tech giant Facebook does not follow the strict consent requirements in Belgian privacy law and therefore should stop collecting personal data for advertising - in effect, calling for the courts to cut off access to one of the most useful online advertising platforms for Belgian businesses.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • The Belgian Privacy Commission has filed a case against Facebook, claiming that the internet giant does not follow the strict consent requirements in Belgian privacy law. (Photo: portal gda)

While the case appears unlikely to succeed given that Belgian courts have rejected similar claims in the past, it is nevertheless the latest evidence that if the EU is serious about both building a digital single market and becoming a hub for the internet economy, it needs national lawmakers and regulators to commit to reasonable and consistent union-wide rules for targeted online advertising.

CPVP vs Facebook

The case against Facebook is unlikely to succeed because the company has done nothing wrong.

European courts have repeatedly ruled that data processors operating inside the EU should follow the rules of the EU member state in which they are registered; only those operating outside the EU can face legal challenges in each member state where they have customers.

Facebook, in this case, is registered in Ireland and fully complies with Irish data privacy rules.

A Belgian appeals court rejected a CPVP demand last year that Facebook stop using a particular cookie for this very reason. The Hamburg Privacy Commissioner lost a legal battle in the German courts over Facebook's policy of requiring account holders use their real names for the same reason.

Moreover, the already dubious lawsuit appears to be just for show, as the General Data Protection Regulation (GDPR) and the ePrivacy Regulation will go into effect throughout the EU in May 2018, which means new European regulations will replace both Belgian and Irish privacy law within a matter of months.

The new ePrivacy rules for advertising are still taking shape, but look set to put the onus for establishing consent on browsers rather than individual websites, so even if the CPVP were to win its case, the new rules would quickly render it moot by next spring.

While this case is unlikely to succeed, it is still troubling because it shows how regulators in some member states have no interest in building the European digital single market.

The digital single market cannot function if each member state insists on its own data handling policies, because online services, both European and foreign, would be subject to 28 different sets of rules.

The new EU regulations will resolve most intra-EU conflicts over data protection rules, but if policymakers in member states are not fully onboard with the goal of creating a digital single market, they will find many other opportunities to sabotage it with conflicting national laws, regulations, and enforcement actions, such as in the use of artificial intelligence (AI) or free speech online.

Understanding basic internet economics

In addition, the case is a reminder that some European policymakers still do not understand the fundamentals of the internet economy.

The CPVP suit would severely curtail the use of targeted online advertising, which funds virtually all of the free content and services European users access online, because it would make it illegal for websites to collect advertising data until they obtain affirmative consent for each instance of data collection.

In practice, this would mean users might have to click through consent requests before they can access an ad-support website, which is where users spend the majority of their time: over 75 percent of the top 10,000 sites on the internet use ad-tracking technologies.

Similarly, four out of five free mobile apps use advertising for their business model.

Removing this source of income would significantly compromise innovations to free apps and websites, particularly those operated by European small businesses.

Web users have grown accustomed to enjoying a wide variety of online services that cost them nothing. Online advertising allows them to interact with a far wider variety of online services than they are ever likely to pay for. Rather than limit themselves to one news subscription, for example, readers can compare a variety of perspectives, including from high-quality broadsheets that support their online work through personalised ads.

If European policymakers stifle this means of remuneration, then - at best - digital services in the EU will be subsidised by profits from outside it, making it even harder for European digital companies to grow and compete with rivals in America and Asia.

Protecting the digital economy

Policymakers do not have to make a trade-off between users' fundamental right to privacy and protecting the digital economy.

Users who dislike Facebook's use of targeted ads or its practice of collecting data from visitors to third-party websites can opt-out whether they have accounts or not, or can block ads altogether using ad-blockers. Any website that depends on advertising can, in turn, prevent free-riding by denying access to people using ad-blockers and asking them to whitelist the site.

The European Commission's latest draft of the ePrivacy Regulation would establish blanket affirmative consent by forcing users to adjust their browser settings the first time they go online. Unlike the current Belgian rules, this method would not require websites to seek consent from users whose browser settings already allow tracking.

Although EU-wide rules are preferable to 28 different ones, the ePrivacy proposal still poses a problem because it would lead more users to block tracking, which would in turn force ad-supported websites to prevent free-riding by putting up barriers that ask users to either allow targeted ads or pay.

Web users in the EU are already familiar with the annoying cookie notification banners, but the new rules would replace those with barriers that users have to respond to in order to access websites, making the internet a more sluggish and irritating place for everyone.

European policymakers - whether in the Palais de la Nation or the Espace Leopold - need to understand the basic economics of the internet.

If the EU intends to build a digital single market that is home to the next generation of tech companies, it still has a long way to go to educate national policymakers about the value of consistent European policies that allow the businesses in all sectors to take advantage of online advertising.

Nick Wallace is a Brussels-based senior policy analyst at the Centre for Data Innovation. His Brussels Bytes column deals with the digital single market and data-related policy issues in the European Union. Daniel Castro is the director of the Centre for Data Innovation and vice-president of the Information Technology and Innovation Foundation.

Austrian privacy case against Facebook hits legal snag

Austrian privacy campaigner Max Schrems may sue Facebook Ireland in an Austrian court but won't be able to pursue a class action suit in Austria, according to a non-binding opinion by a top EU court advisor.

Privacy rules to create jobs, EU data chief says

Giovanni Buttarelli, the European data protection supervisor, says e-privacy reforms open up new job opportunities for small businesses in Europe and asks EU lawmakers to endorse the proposal in a vote on Thursday.

Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

EU policymakers need to clarify that the e-privacy should not apply to most Internet of Things devices. The current proposal require explicit user consent in all cases - which is not practical.

Stakeholder

The CPDP conference wants multidisciplinary digital future

During the Computers, Privacy and Data Protection (CPDP) conference, many high-level discussions will touch upon the dynamics of decision-making in the design of new technologies, including the importance of inclusion, diversity, and ethics perspectives within these processes.

EU Commission won't probe 'Pegasus' spyware abuse

The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

News in Brief

  1. France 'convinced' Ukraine will join EU
  2. Von der Leyen: Russia hoarding food as 'blackmail'
  3. Legal action launched against KLM over 'greenwashing'
  4. Orbán refuses to discuss Russia oil embargo at EU summit
  5. Turkey's Erdogan snubs Greek PM
  6. ECB: Crypto may pose a risk to financial stability
  7. UK PM Johnson faces renewed questions over Covid party
  8. Sweden gives 5th Covid shot to people over 65, pregnant women

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic delegation visits Nordic Bridges in Canada
  2. Nordic Council of MinistersClear to proceed - green shipping corridors in the Nordic Region
  3. Nordic Council of MinistersNordic ministers agree on international climate commitments
  4. UNESDA - SOFT DRINKS EUROPEEfficient waste collection schemes, closed-loop recycling and access to recycled content are crucial to transition to a circular economy in Europe
  5. UiPathNo digital future for the EU without Intelligent Automation? Online briefing Link

Latest News

  1. Orbán oil veto to deface EU summit on Ukraine
  2. France aims for EU minimum-tax deal in June
  3. 'No progress in years' in Libya, says UN migration body
  4. Toxic pesticide residue in EU fruit up 53% in a decade
  5. Orbán's overtures to Moscow are distasteful and detrimental
  6. The Polish-Lithuanian Commonwealth is back
  7. EU aims to seize Russian assets amid legal unclarity
  8. Close ties with autocrats means security risk, Nato chief warns

Join EUobserver

Support quality EU news

Join us