On 26 September 2018, the Commerce, Science, & Transportation Committee of the US Senate hosted a hearing with representatives of ISPs (AT&T, Spectrum) and tech companies (Amazon, Apple, Google, Twitter). The hearing examined privacy policies of those companies and reviewed the current state of consumer data privacy regulation in the US.
Tech companies face greater scrutiny under EU Consumer Protection rules
The EC Commissioner for Justice, Vera Jourova, has made statements welcoming Airbnb’s effort to comply with EU consumer protection rules, particularly on the front of price transparency and recognition of users’ rights. Jourova also took the chance to criticise Facebook and Twitter, which are yet to implement some changes requested by the EC earlier this year.
Amendments to the EC Copyright Directive will not end controversy
On 12 September 2018, the EU Parliament has passed its negotiating position on the proposal for a New Copyright Directive. The new text follows the demise of the initial one in July, and means the trialogue negotiations between Parliament, Council, and Commission can now begin.
New York shows the pivotal role of cities in regulating online platforms
Two recent decisions of New York City’s Council have imposed stringent rules on platforms in the vehicle hire and in the short-term rentals markets (in short, this means Uber and Airbnb, respectively). The rulings create significant obstacles to the current business models of both companies, and show how the impact of these platforms on the life of cities is still, at best, unclear.
Far-reaching regulation of social media in the UK draws closer
The interim report published by the DCMS committee of the UK parliament has cast a light not only on the role of social media platforms in spreading disinformation, but more importantly on the willingness of policymakers to take the matter into their own hands. The report issues a set of recommendations which would result in strong regulatory safeguards around platforms’ activity. If the UK government takes the committee’s recommendations on board, the self-regulatory approach could be off the table, in the UK at least.
Why the ICO’s Facebook investigation demonstrates the power regulators now have
On 10 July 2018, the UK Information Commissioner Office (ICO) published an update on its investigation into data analytics in political campaigns i.e. the Facebook-Cambridge Analytica scandal. The ICO has decided to fine Facebook £500k – the maximum possible amount under pre-GDPR data protection rules. The fine would have been much higher had GDPR applied. It also sent warning letters to 11 political parties, requiring them to accept audits of their data protection practices, among other actions.
Technology companies start tackling screen addiction – social media should follow suit
The fact that the biggest OS providers have started taking action shows how important it is to tackle this issue; social media platforms now need to take similar steps, to avoid prescriptive regulation and to make sure they do not suffer reputational damage. We have captured these developments as part of our ongoing research into Fake News, which shows social media companies still have a lot to do in this respect.
Two weeks into GDPR: How do tech companies’ new privacy policies compare?
GDPR has been in place two weeks now, much to the relief of the many individuals who were swarmed with emails requiring fresh consent to the receipt of newsletters and other marketing messages. Leading up to the 25th May, customers have also been notified of the changes to the privacy policies most tech companies inevitably had to make. Assembly has studied how they compare, with particular regard to the validity of GDPR’s safeguards outside the EU, and to the legal bases adopted for treatment of personal data.
GDPR is almost here, but it will not change the world in a day
The most talked about day of the last two years is almost upon us. The European General Data Protection Regulation (GDPR) will come into force tomorrow, promising much stronger rights and safeguards for users’ personal data. For now, the main effect it has had has been, paradoxically, to irritate the very people it is supposed to protect, due to the deluge of emails we have all received from companies seeking fresh consent.
Are DPAs ready for the consistent approach required by GDPR?
Among the significant changes it will bring about, the GDPR includes detailed rules for Data Protection Authorities to adopt consistent approaches and interact more regularly and effectively with one another. To this end, the newly founded European Data Protection Board will play a key role in overseeing the consistency mechanism created by GDPR. Assembly’s research shows there are still striking differences in funding and staff across DPAs.
