, 22 tweets, 8 min read Read on Twitter
1. @ANewman_forward and I have a piece in the @FT, on #Facebook and privacy, building on our brand new book, Of Privacy and Power amzn.to/2TWwVWi. Short version - the reason why Facebook is pushing for privacy law goes back to @Snowden revelations. ft.com/stream/ec33ce8…
2. There's a new narrative about Facebook's embrace of #GDPR (@alexstamos gives one recent version of it) - that GDPR is good for companies like Facebook, because it is complex and easier for big companies to comply with than small upstart competitors. Not altogether wrong,
3. but not really right either. Facebook's ginger embrace of European style legislation is making lemonade out of lemons. Zuckerberg would surely have preferred a world with no privacy legislation, where companies were left to self regulate, and market mechanisms predominated.
4. This was the world that US negotiators wanted in their first big fight with Europe over privacy, two decades ago, when the EU introduced the ancestor legislation to GDPR, the Data Protection Directive. US resisted fiercely, pushing for self regulatory approach.
5. Europeans pushed back - and they finally arrived at an ungainly compromise - the Safe Harbor arrangement (for more, see henryfarrell.net/IO.pdf ), combining self-regulation with a state regulatory backstop. Europeans hoped that this would build a foundation for a new US law
6. (after all, if US companies had to comply with EU regs, they would want to impose a similar burden on their domestic competitors), while US hoped that it would be a Trojan horse sneaking self-regulatory principles into European jurisprudence.
7. For a long time, it looked like US had won. US e-commerce companies built a vast international empire with relatively little regulatory oversight - and the Safe Harbor allowed them to facially comply with European privacy law without really shifting their business model.
8. European privacy activists (and some regulators) hated Safe Harbor, but at best could hope to change it around the margins. The EU set out to update its privacy legislation, leading to the #GDPR - and was quickly swarmed by US tech company lobbyists pushing to water it down.
9. Then @snowden revelations happened - and everything changed. First, as Abe and Nik Kalyanpur research shows, Snowden dramatically changed the dynamic of legislative negotiations over GDPR, providing ammunition for privacy proponents dropbox.com/s/8mea1wjx78vv…
10. Second, it opened up a connection between the threat of US surveillance, and the Safe Harbor, which was supposed to support transatlantic commercial data exchange. @maxschrems astutely saw how @snowden revelations could be weaponized against #Facebook.
11. He took a case against Facebook's use of Safe Harbor, and got the European Court of Justice to effectively revoke Safe Harbor - and vastly enhanced the power of activists and national privacy regulators to push back against future Safe Harbor type agreements.
12. All these developments had consequences in US too, where activists in California started to push for GDPR-lite legislation. And GDRP implementation added to the hell that Facebook has found itself in the last couple of years. A powerful GDPR has further empowered activists.
13. Minutes after it came into effect, Schrems' organization @NOYBeu used it to take a series of cases that set out to use GDPR's consent standard to drive a sharpened dagger into the heart of Facebook's business model.
14. The complaint argues that Facebook users can't be required to consent to Facebook's data practices (the basis of its advertising model) as a condition for using its services. On the face of what GDPR says, it seems like a strong case washingtonpost.com/news/monkey-ca…
15. The consequence of this is that GDPR is not a harbor for companies like Facebook - it is a storm. It is not a predictable framework, but an ever-expanding tornado of action possibilities for judges, activists and regulators who don't like what Facebook is doing.
16. And things are only going to get worse as the EU's competition policy and privacy policy become ever more closely linked, creating even more threats to Facebook and other big tech companies in the Commission's cross-hairs - europarl.europa.eu/doceo/document…
17. So why then would Facebook want GDPR-like legislation in the US too? The answer is that it could provide greater predictability. European legislation isn't going to go away, as US negotiators and tech firms wanted - and the US absence of legislation is now a liability.
18. It provides opportunities for European activists and regulators to argue that the US is a "Wild West" (as one EU official described it to us) - and that Europe needs to manage the chaos. A US GDPR would be a potent counterargument and counter-force.
19. It would also provide Facebook and other US tech firms many opportunities to water down the legislation so as to provide something closer to the friendly legal harbor of predictability and limited requirements that they would in fact prefer.
20. And, very importantly, it would probably pre-empt state level legislation, closing off another portal to unpredictable and various requirements and opportunity structures for activists and others looking to constrain big tech.
21. So - surprisingly, the European bet is paying off two decades later. The US is likely to converge on a (substantially watered down) version of European privacy rules and formal legislation. That may in turn provide a platform for new battles in the US.
22. As activists, officials (and perhaps even new agencies, depending on the detail) start to strive for dominance. But it is not the world that tech companies wanted, and in a counterfactual world without @snowden, it probably wouldn't have happened.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Henry Farrell
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!