Abstract

Consumer welfare has been a north star of the Federal Trade Commission (FTC), providing an organizing principle for diverse issues under the Commission’s dual competition and consumer protection missions and, specifically, a uniform ground on which to examine the law and economics of privacy matters and the tradeoffs that privacy policies entail. This paper provides the first contemporary literature synthesis by former FTC staff that brings together the legal and economics literatures on privacy. Our observations are the following: (a) privacy is a complex subject, not a simple attribute of goods and services or a simple state of affairs; (b) privacy policies entail complex tradeoffs for and across individuals; (c) the economic literature finds diverse effects, both intended and unintended, of privacy policies, including on competition and innovation; (d) while there is diverse and growing evidence of the costs of privacy policies, countervailing benefits have been understudied and, as of yet, empirical evidence of such benefits remains slight; and (e) observed costs associated with omnibus policies suggest caution regarding one-size-fits-all regulation.

I had thought we were in the dog days of summer, but the Farmer’s Almanac tells me that I was wrong about that. It turns out that the phrase refers to certain specific dates on the calendar, not just to the hot and steamy days that descend on the nation’s capital in . . . well, whenever they do (and not just before Labor Day, that’s for sure). The true dog days, it turns out, are July 3-Aug. 11, no matter the weather. So maybe this is just the cat’s tuches of summer, as if that makes it better.

Read the full piece here.

Abstract

Depending on implementation details, the EU Digital Markets Act (DMA) may have negative consequences regarding information privacy and security. The DMA’s interoperability mandates are a chief example of this problem. Some of the DMA’s provisions that pose risks to privacy and to the protection of personal data are accompanied either by no explicit safeguards or by insufficient safeguards. The question is then: how to interpret the DMA consistently with Articles 7-8 of the EU Charter of Fundamental Rights which ground the rights to privacy and the protection of personal data? Using the example of the prohibition on restricting users from switching and subscribing to third-party software and services (Article 6(6) DMA), I show that Charter-compatible interpretation of the DMA may depart from the intentions of the DMA’s drafters and even be perceived by some as significantly limiting the effectiveness of the DMA’s primary tools. However, given that—unlike the GDPR—the Charter takes precedence over a mere regulation like the DMA, such policy objections may have limited legal import. Thus, the true legal norms (legal content) of the DMA may be different than what a superficial reading of the text could suggest or, indeed, what the drafters hoped to achieve.

ICLE Director of Law & Economics Programs Gus Hurwitz was a guest on The Cyberlaw Podcast to discuss commitments made last week by leaders of the artificial-intelligence (AI) industry to political leaders in Washington, as well the European Commission’s struggles to get other jurisdictions to adopt the EU’s regulatory framework for AI.

Other topics included the Federal Communication Commission’s new cybersecurity label for IoT devices, the Environmental Protection Agency’s regulations for water-system cybersecurity, and the latest U.S. Justice Department/Federal Trade Commission draft merger-review guidelines.

The full episode is embedded below.

The Oregon State Legislature is considering HB 3631, a bill that would ensure that consumers have a “right to repair” their electronics devices. The legislation would require that manufacturers provide consumers and independent repair shops access to relevant repair information, as well to make available any parts or tools necessary to carry out the repair.

Read the full piece here.

ICLE Director of Law & Economics Programs Gus Hurwitz was a guest on The Cyberlaw Podcast to discuss the Federal Trade Commission’s (FTC) recent settlement with Amazon of a claim regarding children’s privacy, as well as separate FTC efforts to rewrite its 2019 consent decree with Meta over children’s advertising and services.

Other topics included Amazon settling another FTC  complaint over security failings at its Ring doorbell operation; Microsoft losing a data protection case in Ireland; and whether automated tip suggestions should be condemned as “dark patterns.”

The full episode is embedded below.

In an appearance on the Mobile Dev Memo podcast, ICLE Senior Scholar Miko?aj Barczentewicz outlines the legal impact of the EU’s Digital Markets Act and Digital Services Act, with specific attention paid to the digital-advertising market. He also discusses the latest news related to Meta’s recent fine by the Irish DPC for using first-party data without consent to empower personalized advertising, as well as the temporary ban that the Italian DPA enforced on OpenAI’s ChatGPT. The full episode is embedded below.

Mandates to restrict the flow of data across national boundaries have taken hold in a growing number of jurisdictions, including India. Spearheaded by nations like China, Iran, and Russia, the idea has vocal proponents among those who claim it will forward the goal of “digital sovereignty.”

Read the full piece here.

ICLE Senior Scholar Miko?aj Barczentewicz was a guest on the Mobile Dev Memo podcast to discuss the recent spate of European Union decisions related to digital privacy. The full episode is embedded below.