On Wednesday, you might have noticed that part of your brain went missing. You may suddenly have found yourself unable to recall what a heavy metal umlaut was. Or maybe you could no longer quite remember the name of the 1998 “Estonian-style” wife carrying champion (“Imre” something-or-other?). Perhaps you temporarily forgot what a Thagomizer was? Don’t worry, there’s nothing wrong with your brain. The reason for your sudden inability to conjure up irreverent factoids was because, yesterday, Wikipedia went black for 24 hours in protest at the Stop Online Piracy Act (SOPA) currently being debated in the US Senate.
Despite being a US act, critics argue that SOPA will nevertheless affect users globally (including in Europe). Many popular social-networking, search and video-sharing websites are US-based and have a substantial European user-base. Likewise, many European-based sites will have a large American audience. This raises the question: how should the internet be regulated? Is it right for national governments, such as the US, to unilaterally impose new rules that will affect the rest of the world?
It’s not just the US drafting new rules for the internet, of course. The European Commission is currently debating controversial new EU data protection rules, and one of the sticking points is how these rules should affect US-based companies. Last month, Forum Europe organised a conference on Data Protection and Privacy that brought together some of these “internet giants” to discuss the EU’s new rules. Debating Europe attended that event, and we had a chance to speak to some of the participants.
We interviewed Richard Allan, Facebook’s Director of Policy in Europe, and asked him if regulators really understand how technology works.
Allan argued that:
Regulators are still thinking about regulation organisations; either big governmental or private-sector organisations or Internet Service Providers (ISPs), and they’re not thinking about how individuals are using those different services.
Also at the event was James Leaton Gray, Head of Information Policy and Compliance at the BBC. He cautioned the Commission on its proposed “right to be forgotten” – a new rule that would force companies to remove a user’s public data upon request. Leaton Gray argued:
An individual has a right to be forgotten, but it has to be balanced with everbody else’s ‘right to remember’.
Is there an important distinction between the right to have data deleted and the right to keep a public record? And who owns the data that a user uploads? One of the questions put to Richard Allan was about the Europe Versus Facebook website, set up by German Max Schrems, which says it is campaigning to give users full access to all the data Facebook holds on them.
Allan responded that:
Mr Schrems wanted a lot more data than in his profile… We are committed to subject access requests, and we have been offering them for some time. But we have had to put in place restrictions to cope with a high volume of requests… There is a risk that subject access requests are used aggressively to try and cause trouble. That’s not just for Facebook, there have been cases where CCTV photos are requested because a company will find it really difficult to provide them.
Ron Zink, Microsoft’s Chief Operating Officer on EU Affairs, has also written about the costs of complying with data protection rules. These costs tend to fall disproportionately onto smaller companies, which find it harder and more expensive to comply. Does this mean EU data protection rules could discourage smaller start-up companies and unfairly advantage the established “giants”?
We interviewed EU Justice Commissioner Viviane Reding, and asked her how effective regulation at the European level will be if data flows are so internationalised. Reding had previously spoken of the importance of “trust” for the digital economy, but how can European citizens give that trust if legislation in the US (such as the controversial Patriot Act) might create loopholes in data protection laws?
Reding was confident that differences would be resolved. However, German MEP Axel Voss was one of several people at the Forum Europe event raising concerns about the issue of so-called international “legal loopholes” (such as the US Patriot Act, which could see any data housed, stored or processed by a US company – including data from EU citizens using cloud-computing services – being legally intercepted and investigated by US authorities). Voss argued that international agreements were needed to clarify some of these issues.
Data protection is just one of the many challenges being posed by the digital revolution. Another challenge, which we have touched on before, is the issue of changing business models and intellectual property rights. The SOPA act is supported by some companies because it sets out to address the issue of digital piracy. If SOPA is blocked, then what alternative solution is there? In a time when Europe needs all the jobs it can create, shouldn’t we be trying to protect intellectual property rights and the businesses that rely on them?
What do YOU think? We’ll leave the floor open to any questions or suggestions you might have on Europe’s digital future. These are big, challenging issues – and do policy-makers fully understand the new technologies they are struggling to regulate? Is it even possible to regulate the internet? And how can we benefit from growth and job-creation in the digital revolution whilst minimising the disruption to existing businesses? Let us know your thoughts in the form below, and we’ll take them to policy-makers and experts for their reactions.