(This issue brief is a joint publication of the International Center for Law & Economics and the Progressive Policy Institute)

Executive Summary

Data is, logically enough, one of the pillars supporting the modern digital economy. It is, however, not terribly useful on its own. Only once it has been collected, analyzed, combined, and deployed in novel ways does data obtain its highest utility. This is to say, a large part of the value of data is its ability to flow throughout the global connected economy in real time, permitting individuals and firms to develop novel insights that would not otherwise be possible, and to operate at a higher level of efficiency and safety.

Although the global transmission of data is critical to every industry and scientific endeavor, those data flows increasingly run into barriers of various sorts when they seek to cross national borders. Most typically, these barriers take the form of data-localization requirements.

Data localization is an umbrella term that refers to a variety of requirements that nations set to govern how data is created, stored, and transmitted within their jurisdiction. The aim of data-localization policies is to restrict the flow of data across a nation’s borders, often justified on grounds of protecting national security interests and/or sensitive information about citizens.

Data-localization requirements have in recent years been at the center of a series of legal disputes between the United States and the European Union (EU) that potentially threaten the future of transatlantic data flows. In October 2015, in a decision known as Schrems I, the Court of Justice of the European Union (CJEU) overturned the International Safe Harbor Privacy Principles, which had for the prior 15 years governed customer data transmitted between the United States and the EU. The principles were replaced in February 2016 by a new framework agreement known as the EU–US Privacy Shield, until the CJEU declared that, too, to be invalid in a July 2020 decision known as Schrems II. (Both complaints were brought by Austrian privacy advocate Max Schrems).

The current threatened disruption to transatlantic data flows highlights the size of the problem caused by data-localization policies. According to one estimate, transatlantic trade generates upward of $5.6 trillion in annual commercial sales, of which at least $333 billion is related to digitally enabled services.[3] Some estimates suggest that moderate increases in data-localization requirements would result in a €116 billion reduction in exports from the EU.

One difficulty in precisely quantifying the full impact of strict data-localization practices is that the list of industries engaged in digitally enabled trade extends well beyond those that explicitly trade in data. This is because “it is increasingly difficult to separate services and goods with the rise of the ‘Internet of Things’ and the greater bundling of goods and services. At the same time, goods are being substituted by services … further shifting the regulatory boundaries between what is treated as goods and services.” Thus, there is reason to believe that the true value of digitally enabled trade to the global economy is underestimated.

Moreover, as we discuss infra, there is reason to suspect that data flows and digitally enabled trade have contributed a good deal of unmeasured economic activity that partially offsets the lower-than-expected measured productivity growth seen in the both the European Union and the United States over the last decade and a half. In particular, heavy investment in research and development by firms globally has facilitated substituting the relatively more efficient work of employees at firms for unpaid labor by individuals. And global data flows have facilitated the creation of larger, more efficient worldwide networks that optimize time use by firms and individuals, and the development of resilient networks that can withstand shocks to the system like the COVID-19 pandemic.

In the Schrems II decision, the court found that provisions of U.S. national security law and the surveillance powers it grants to intelligence agencies do not protect the data of EU citizens sufficiently to justify deeming U.S. laws as providing adequate protection (known as an “adequacy” decision). In addition to a national “adequacy” decision, the EU General Data Protection Regulation (GDPR) also permits firms that wish to transfer data to the United States to rely on “standard contractual clauses” (SCC) that guarantee protection of citizen data. However, a prominent view in European policy circles—voiced, for example, by the European Parliament—is that, after Schrems II, no SCC can provide a lawful basis for data transfers to the United States.

Shortly after the Schrems II decision, the Irish Data Protection Commission (IDPC) issued a preliminary draft decision against Facebook that proposed to invalidate the company’s SCCs, largely on the same grounds that the CJEU used when invalidating the Privacy Shield. This matter is still pending, but a decision from the IDPC is expected imminently, with the worst-case result being an order that Facebook suspend all transatlantic data transfers that depend upon SCCs. Narrowly speaking, the IDPC decision only immediately affects Facebook. However, if the draft decision is finalized, the SCCs of every other firm that transfers data across the Atlantic may be subject to invalidation under the same legal reasoning.

Although this increasingly restrictive legal environment for data flows has been building for years, the recent problems are increasingly breaking into public view, as national DPAs grapple with the language of the GDPR and the Schrems decisions. The Hamburg DPA recently issued a public warning that the use of the popular video-conference application Zoom violates GDPR. The Portuguese DPA issued a resolution forbidding its National Institute of Statistics from transferring census data to the U.S.-based Cloudflare, because the SCCs in the contract between the two entities were deemed insufficient in light of Schrems II.

The European Data Protection Supervisor has initiated a program to “monitor compliance of European institutions, bodies, offices and agencies (EUIs) with the ‘Schrems II’ Judgement.” As part of this program, it opened an investigation into Amazon and Microsoft in order to determine if Microsoft’s Office 365 and the cloud-hosting services offered by both Amazon and Microsoft are compatible with GDPR post-Schrems II. Max Schrems, who brought the original complaint against Facebook, has through his privacy-activist group submitted at least 100 complaints as of August 2020 alone, which will undoubtedly result in scores of cases across multiple industries.

The United States and European Union are currently negotiating a replacement for the Privacy Shield agreement that would allow data flows between the two economic regions to continue. But EU representatives have warned that, in order to comply with GDPR, there will likely be nontrivial legislative changes necessary in the United States, particularly in the sensitive area of national-security monitoring. In effect, the European Union and the Unites States are being forced to rethink the boundaries of national law in the context of a digital global economy.

This issue brief first reviews the relevant literature on the importance of digital trade, as well as the difficulties in adequately measuring it. One implication of these measurement difficulties is that the impact of disruptions to data flows and digital trade are likely to be far greater than even the large effects discovered through traditional measurement suggest.

We then discuss the importance of network resilience, and the productivity or quasi-productivity gains that digital networks and data flows provide. After a review of the current policy and legal challenges facing digital trade and data flows, we finally urge the U.S. and EU negotiating parties to consider longer-term trade and policy changes that take seriously the role of data flows in the world economy.

Read the full issue brief here.

When Facebook and its other services disappeared from the internet on Monday night, it seemed to confirm many people’s worst fears about the company. The outage, some said, demonstrated how indispensable Facebook had made itself to our lives – and hence, they argued, how important it was to regulate it or break it up.

Read the full piece here.

Words can wound. They can humiliate, anger, insult.

University students—or, at least, a vociferous minority of them—are keen to prevent this injury by suppressing offensive speech. To ensure campuses are safe places, they militate for the cancellation of talks by speakers with opinions they find offensive, often successfully. And they campaign to get offensive professors fired from their jobs.

Read the full piece here.

Introduction

Economist Ronald Coase devoted an article in the 1974 edition of the American Economic Review to an idea he had observed to be common among his academic colleagues:

(I)n the market for goods, government regulation is desirable whereas, in the market for ideas, government regulation is undesirable and should be strictly limited.

He found the idea strange because, as he argued in the paper, the two markets are not relevantly different. The case for regulation is no weaker in the market for ideas than in the market for goods. After all, it is usually easier for a consumer to know when ordinary goods are faulty than when ideas are bogus. Anyone can tell when a television doesn’t work. It takes unusual dedication to figure out, for example, that Hegel was wrong when he said that “absolute form and absolute content [are] identical — substance is in itself identical with knowledge.”

Coase hoped that devotion to consistency would inspire his peers to adopt a more skeptical attitude toward regulation of the market for goods. He got half of what he hoped for. Academics arguably have become more consistent, but rather than favor laissez-faire in the market for goods, they favor regulation in the market for ideas. This goes to show that consistency is not always something you should seek in your opponents.

Many professors are now keen to restrict the ideas their students hear; or, at least, they are willing to go along quietly with the enthusiasts for such restrictions. They do not seek to protect their students from the incoherent abstractions of 19^th century German philosophers or from any other kind of intellectual error. Rather, they seek to protect them from encountering ideas that will offend them or otherwise make them feel uncomfortable, especially when the topics concern race, sex, sexuality, or some other aspect of “identity.”

Universities are not national or state governments, of course. Their regulatory powers stop at the campus gates. But that doesn’t change the point, which is that many academics appear no longer to believe that the benefits of a free market in ideas are worth the harms that accompany it.

Some outside of universities take the same view, not always drawing the line at private organizations being able to constrain the speech of those with whom they have voluntarily entered contracts. Rather, they want governments to protect consumers of ideas by restricting what can be said. Just as government regulation ensures that only cars meeting certain safety standards are offered for sale, so too should government regulation ensure that only ideas meeting certain safety standards are expressed.

Of course, the market for ideas is already constrained by some safety regulations. For example, an American may not advocate violence or other illegal activity when directed at “producing imminent lawless action.” But beyond this and a few other constraints established by legislation and the courts—such as those entailed by defamation law—the First Amendment to the U.S. Constitution guarantees Americans the freedom to say all manner of harmful things. Some see this as a problem. For example, Richard Stengel, a former managing editor of Time magazine, argued in a 2019 Washington Post op-ed that the United States should follow the lead of other developed nations and develop a hate-speech law. Harvard University law professor Cass Sunstein proposed in his 2021 book Liars that speech deemed by the government to be false and harmful should lose its constitutional protection.

Section 230 of the Communications Decency Act of 1996, which protects “interactive computer services” from being treated as publishers or speakers of the content they host, is also becoming unpopular among those who worry about excessive freedom in the market for ideas. Some of its critics, usually from the political right, think it gives social media firms such as Facebook and Twitter too much freedom to indulge their political biases when moderating content. Other critics, usually from the political left, think it gives such firms too much freedom to host harmful content. Both President Joe Biden and former President Donald Trump have been critical of Section 230, if for very different reasons.

The fashion for private-sector speech prohibitions and proposals for more restrictive legal regimes agitate those who prize freedom of speech. It’s a hot topic in newspaper columns and on talk radio shows. Organizations have even been established to defend free speech, such as the Free Speech Project at Georgetown University and the U.K.’s Free Speech Union.

But defenders of free speech are generally doing their job poorly. Too many merely assert that “you should not have a right not to be offended,” when this is precisely what is at issue. Others follow the 19^th century English philosopher John Stuart Mill and claim that being offended, or suffering hurt feelings more generally, does not count as harm. Again, most seem to simply take this for granted, offering no reason why the offended are unharmed.

The right way to understand harm is economic. Something harms someone if he would pay to avoid it. Since offense and other hurt feelings can pass this test, they can be genuine harm (Section 1). And since speech can cause this harm—and most people believe that legal restrictions on causing harm are generally justified—we have a prima facie case for the regulation of speech.

Indeed, standard economics seems to provide more reason to regulate speech than ordinary goods. If a new car is defective and harms its drivers, people will be reluctant to buy it and its producer will suffer losses. Because the same goes for most goods, regulations that impose product standards are arguably unnecessary (at least, for this reason). Suppliers already have good reason to make their products safe. Speakers, by contrast, often do not bear the cost of the hurt feelings they cause. In other words, hurt feelings are an “external cost” of offensive speech. When someone doesn’t bear all the costs of an action, he tends to do it too much. That is to say, he does it even when the total social cost exceeds the total social benefit.

In his famous 1960 paper “The Problem of Social Cost,” Coase showed that one party holding a legal right not to suffer the external cost of some activity—such as being disturbed by noisy neighbors—needn’t stop it from happening. Nor would giving the neighbors the right to make noise guarantee that the noise continued. This is because, when certain conditions are met, the legally disfavored party will pay the favored party not to enforce his right (Section 2). When this happens, the outcome is efficient: in other words, it maximizes social welfare. Alas, the conditions for such rights trading are rarely met. When they are not, the initial allocation of rights determines the outcome. Which party’s interests should be protected by law therefore depends on who can avoid the harm at the lower cost. The efficient outcome will be produced by giving legal protection to the party facing the higher cost.

Coase’s conditions for trading rights aren’t met in the case of offensive speech (Section 2). We must therefore consider the costs faced by the offenders and by the offended when trying to avoid the offense. This appears to favor speech restrictions. After all, being offended is expensive, keeping your mouth shut is cheap, and each offensive speaker usually offends many hearers. For these reasons, Coasean analysis would seem on first impression to favor revisions to Section 230 that oblige social media platforms to be more assiduous in their moderation of offensive content. A post that would offend millions of the platform’s users can be removed at a low cost to the platform.

But that is merely a first impression. In this paper, I argue that the Coasean case for legal restrictions on offensive speech collapses when confronted with three facts: that being offended is often a masochistic pleasure; that most of the offensive speech that concerns would-be censors occurs on privately owned platforms; and that the proposed restrictions would impose large costs on society. Neither the First Amendment nor Section 230 of the Communications Decency Act should be weakened to remove protection for offensive speech.

Before answering the prima facie Coasean case for restrictions on offensive speech, however, we need to appreciate its force, which begins with recognizing that offense can be a real harm.

Read the full white paper here.

In recent years, a diverse cross-section of advocates and politicians have leveled criticisms at Section 230 of the Communications Decency Act and its grant of legal immunity to interactive computer services. Proposed legislative changes to the law have been put forward by both Republicans and Democrats.

It remains unclear whether Congress (or the courts) will amend Section 230, but any changes are bound to expand the scope, uncertainty, and expense of content risks. That’s why it’s important that such changes be developed and implemented in ways that minimize their potential to significantly disrupt and harm online activity. This piece focuses on those insurable content risks that most frequently result in litigation and considers the effect of the direct and indirect costs caused by frivolous suits and lawfare, not just the ultimate potential for a court to find liability. The experience of the 1980s asbestos-litigation crisis offers a warning of what could go wrong.

Read the full piece here.

ICLE President Geoffrey Manne took part in a virtual panel discussion hosted by the Federalist Society on whether common carrier regulations could and should be used to constrain the moderation decisions of digital platforms. The full video is embedded below.

Economist Josh Hendrickson asserts that the Jones Act is properly understood as a Coasean bargain. In this view, the law serves as a subsidy to the U.S. maritime industry through its restriction of waterborne domestic commerce to vessels that are constructed in U.S. shipyards, U.S.-flagged, and U.S.-crewed. Such protectionism, it is argued, provides the government with ready access to these assets, rather than taking precious time to build them up during times of conflict.

Read the full piece here.

[This briefing paper was a joint publication of The Entrepreneurs Network and the International Center for Law & Economics.]

At the end of 2020, the UK government announced plans to create a Digital Markets Unit (DMU) charged with implementing an ex ante regulatory regime for certain digital platforms. Following the recommendations of the Digital Markets Taskforce, led by the Competition and Markets Authority (CMA), this DMU would serve as the de facto regulator of large tech companies that had been designated as having “strategic market status” (SMS). Accordingly, the DMU was formally established within the CMA in April 2021, although Parliament will need to legislate to give it the powers proposed by the Digital Markets Taskforce. That authorization is likely to come in 2022. Until then, the DMU will prepare draft codes of conduct, and potentially conduct further analysis to add more firms to its remit (so far, only Google and Facebook have been proposed as firms to be regulated, following the CMA’s Digital Advertising Market Study).

This announcement followed several official reviews claiming that some digital markets are not working properly because of the dominance of a few platforms. Based on these reports, the DMU would be given powers to designate dominant platforms as having “substantial, entrenched market power in at least one digital activity, providing the firm with a strategic position”, which would lead to their being given the SMS designation. This would make platforms subject to a bespoke code of conduct, potential procompetitive interventions (PCIs), and increased scrutiny of their merger and product expansion decisions.

At first glance, none of these powers may appear novel. Codes of conduct have been used in other sectors, such as groceries and energy markets, and PCIs were part of the package of remedies in the CMA’s 2015 retail banking market review.

But these interventions were limited to a small number of clearly delineated sectors, firms, activities, or products. By contrast, the DMU’s remit will cover all “digital markets”. This is an already large and growing proportion of the UK economy that comprises many different activities, from digital advertising and e-commerce to online search, social media, and news publishing (among others). And it increasingly encompasses markets like taxis, groceries, entertainment, and other sectors that are becoming significantly “digitalised”. What may seem to be a focused mandate now is, over the coming decades, likely to grow to encompass more and more of the economy.

The DMU will thus combine the powers and operating structure of a narrow sector regulator with a cross-sector purview that is much closer to the CMA’s economy-wide reach. And it will do so for one of the most vitally important parts of the economy, where entrepreneurialism is central and where misguided regulation of incumbents may have systemic effects. The implications of this—creating a de facto regulator with goals that are often conflicting, with powers that lack many of the checks and balances that the CMA usually faces, and with a remit that could be as broad as the economy itself have been given little scrutiny so far, with some assuming the DMU’s scope is much narrower and more focused than it really is.

Proponents might view this level of ambition as fit for the challenge presented by digital markets, where strong competition is vital and where markets may naturally gravitate toward a small number of large competitors. And given the broad variety of activities undertaken by digital platforms and the rapidity of technological change, they may argue that an effective regulator needs both a broad remit and extensive powers to act quickly. But there are also clear costs and risks in creating such a powerful new agency, and these have not yet been widely appreciated by many with an interest in economic policy in Britain.

To get the measure of those costs and risks, this paper evaluates the challenges that the DMU will face as a novel regulator tackling firms with complex and highly differentiated business models, whose actions have distinct effects in several markets and startup ecosystems. It focuses on the structure and goals of the DMU, the first pillar of its powers—the codes of conduct it is expected to write and enforce—and the checks and balances that the CMA’s proposals lack. The other two pillars of its powers—procompetitive interventions and changes to the mergers regime—are just as important substantively, but require further consideration in a future paper. We do discuss one element of the mergers proposals below, however, given its importance to startups.

Section 1 sets out the main findings of several official reviews that preceded the announcement of the DMU.

Section 2 summarises the duty and powers that the Digital Markets Taskforce proposes to give to this new regulator.

Section 3 considers the problems of operationalising the DMU’s primary duty, given its vague objectives and different constituencies. Without a clear vision for what success looks like and how to manage the trade-offs involved, the DMU could easily become a hindrance to competition and innovation, instead of a positive force. The number of firms subject to SMS designation, and the consequent interventions, could steadily increase without improving consumer outcomes, because there would be no straightforward way to decide whether regulation worked.

Further, because the determinants of innovation for any given firm or in any given market are so poorly understood, the heightened scrutiny of SMS firms contemplated by the Digital Markets Taskforce’s recommendations could inadvertently chill innovation, both by SMS firms themselves, as well as by small firms and startups, whose venture capital may depend in part on their prospects of being acquired by an incumbent.

Moreover, in its current proposed form, the DMU could influence the activities of companies beyond those found to have market power. This could create major barriers to inter-platform competition — a key part of competition in platform markets, as platforms vie with each other to keep users within their ecosystem and attract new ones. And, if it makes it harder for smaller firms to be acquired, it could reduce both the founding of, and investment in startups in the UK.

Because SMS firms will only be able to contest designations and the associated interventions via judicial review, there is also a bias in favour of intervention built in to the DMU’s design. Lacking meaningful checks and balances, the DMU’s mistakes could go uncorrected for years, further weakening innovation, competition, and startup formation in the UK to the detriment of consumers and the British economy itself.

All of these could combine to create significant unseen costs for British consumers, which go ignored and uncorrected even as they worsen consumer welfare and weaken competition and innovation in the markets the DMU is supposed to be working to improve.

Section 4 evaluates the Taskforce’s proposed participative approach. We consider existing models of conduct-based regulation in the UK, finding that these precedents have generally had much narrower goals and remits than those of the DMU, and that they therefore constitute a poor template for the new regulator. Where existing conduct-based regulation has had a broader remit, such as with the Financial Conduct Authority, it has been criticised by firms as unclear and unpredictable and by other stakeholders as ineffective. We also consider in this section whether co-regulation—mixing statutory objectives with private governance—might best achieve the government’s purpose for the DMU, given the need to optimise across many different margins and the difficulty of doing so from the top.

Section 5 concludes with high-level recommendations to help ensure that the DMU actually serves to promote competition and innovation in UK digital markets. Before moving forward, the government should focus the DMU on the CMA’s core objective, which is to promote competition for the benefit of British consumers. And it should be clear that the codes of conduct it is charged with drafting and enforcing should be done only to promote competition, not to regulate the conduct of incumbents for the purpose of promoting other social goals that may conflict with the goal of promoting competition.

The government should also narrow the scope and extent of the DMU’s powers so that it promotes competition in the specific markets in which it has determined a firm has “strategic market status”, and does not grow into a bloated regulator of these companies’ other activities in competitive markets, or of the wider economy wherever “digitalisation” is taking place. The DMU should be genuinely participative, allowing stakeholders to actively assist in decision-making instead of just offering advice. It should give special consideration to startups, and to the effects of its behaviour on entrepreneurs’ and venture capitalists’ incentives to start and fund a business. Finally, it should allow for appeals on the merits to allow the DMU to be held accountable by courts for its decisions.

Read the full briefing paper here.

The Digital Markets Act (“DMA”) is a complex piece of regulation. It includes some great ideas (as tackling predatory innovation) while being surprisingly conservative (defined as “?the wish to resist great or sudden change” by the Oxford Dictionary).

Read the full piece here.