Research Programs
More
What are you looking for?
Showing 9 of 97 Results in Data Security
Presentations & Interviews ICLE Director of Law & Economics Programs Gus Hurwitz joined Steptoe & Johnson’s The Cyberlaw Podcast to discuss content moderation and “coordinated inauthentic behavior.” The . . .
ICLE Director of Law & Economics Programs Gus Hurwitz joined Steptoe & Johnson’s The Cyberlaw Podcast to discuss content moderation and “coordinated inauthentic behavior.” The full episode is embedded below.
Scholarship Many people hope that data interoperability can increase competition, by making it easier for customers to switch and multi-home across different products. The UK’s Open . . .
Many people hope that data interoperability can increase competition, by making it easier for customers to switch and multi-home across different products. The UK’s Open Banking is the most important example of such a remedy imposed by a competition authority, but the experience demonstrates that such remedies are unlikely to be straightforward. The experience of Open Banking suggests that such remedies should be applied with focus and patience, may require ongoing regulatory oversight to work, and may be best suited to particular kinds of market where, like retail banking, the products are relatively homogeneous. But even then, they may not deliver the outcomes that many hopes for.
Data portability and interoperability tools allow customers to easily move their data between competing services, either on a one-off or an ongoing basis. Some see these tools as offering the potential to strengthen competition in digital markets; customers who feel locked in to services that they have provided data to might be more likely to switch to competitors if they could move that data more easily. This would be particularly true, advocates hope, where network effects grant existing services value that new rivals cannot emulate or where one of the barriers to switching services is the cost of re-entering personal data.
The UK’s Open Banking system is one of the most mature and important examples of this kind of policy in practice. As such, the UK’s experience to date may offer useful clues as to the potential for similar policies in other markets, for which the UK’s Furman Report has cited Open Banking as a model. But fans of interoperability sometimes gloss over the difficulties and limitations that Open Banking has faced, which are just as important as the potential benefits.
In this article, I argue that Open Banking provides lessons that should both give hope to optimists about data portability and interoperability, as well as temper some of the enthusiasm for applying it too broadly and readily.
I draw on my experiences as part of the team that produced the industry review “Open Banking: Preparing For Lift Off” in 2019. That report concluded that Open Banking, though promising, needed several additional reforms to succeed, a few of which I discuss in this piece. I was also the co-author of a white paper that argued for an Open Banking-like remedy in the UK’s retail electricity market, which I discuss briefly below. All views expressed here are my own.
I argue that there are three main lessons to draw from Open Banking for considerations of similar remedies in other markets:
I conclude that Open Banking has not yet led to noticeably stronger competition in the UK banking sector. Implementation challenges suggest that taking an equivalent approach to other markets would require more time, investment and effort than many advocates of interoperability requirements usually concede and may not deliver the anticipated benefits. To the extent that Open Banking is to be a model, it would be best applied as a focused approach in markets that bear particular characteristics and where the costs are outweighed by the benefits, rather than a blanket measure that can be applied to every market where customer data matters.
Read the full white paper here.
TOTM We can expect a decision very soon from the High Court of Ireland on last summer’s Irish Data Protection Commission (“IDPC”) decision that placed serious . . .
We can expect a decision very soon from the High Court of Ireland on last summer’s Irish Data Protection Commission (“IDPC”) decision that placed serious impediments in the way of using “standard contractual clauses” (SCC) to transfer data across the Atlantic. That decision, coupled with the July 2020 Court of Justice of the European Union (CJEU) decision to invalidate the Privacy Shield agreement between the European Union and the United States, has placed the future of transatlantic trade in jeopardy.
Read the full piece here.
Scholarship In a new paper published by the Progressive Policy Institute, ICLE Senior Fellow Dirk Auer and PPI’s Caleb Watney make the case that while the . . .
In a new paper published by the Progressive Policy Institute, ICLE Senior Fellow Dirk Auer and PPI’s Caleb Watney make the case that while the EU desires to be at the forefront of developing regulations to manage emerging issues relevant to artificial intelligence, the European Commission’s leadership have failed to grapple meaningfully with the significant tradeoffs that regulation of these new technologies entails.
TL;DR The European Union has unveiled draft legislation that seeks to tame so-called “gatekeeper” Big Tech firms. If passed into law, this Digital Markets Act (“DMA”) would create a list of “dos and don’ts” by which the platforms must abide, such as allowing interoperability with third parties and sharing data with rivals.
The European Union has unveiled draft legislation that seeks to tame so-called “gatekeeper” Big Tech firms. If passed into law, this Digital Markets Act (“DMA”) would create a list of “dos and don’ts” by which the platforms must abide, such as allowing interoperability with third parties and sharing data with rivals. In short, the DMA would give the European Commission significant powers to tell tech companies how to run their businesses.
The DMA essentially shifts competition enforcement against gatekeeper platforms away from an “effects” analysis that weighs costs and benefits to a “blacklist” approach that proscribes all listed practices as harmful. This will constrain platforms’ ability to experiment with new products and make changes to existing ones, limiting their ability to innovate and compete.
Read the full explainer here.
TL;DR Many competition agencies are considering data portability mandates to increase competition. These would require companies to make customers’ data available to move to other services, or to make their services interoperable with others so that users could share their data between different services on an ongoing basis.
Many competition agencies are considering data portability mandates to increase competition. These would require companies to make customers’ data available to move to other services, or to make their services interoperable with others so that users could share their data between different services on an ongoing basis.
Data portability mandates can be costly and cumbersome for service providers, and provide little benefit to users who do not end up using them. This can mean that innovative businesses end up being less able to control and improve their products. Thus data portability mandates may often end up being either too vague to be useful, or too costly relative to the marginal benefits they deliver.
ICLE Issue Brief While data portability may seem like an attractive option in certain markets, experience suggests it is not simple to impose even in cases where the trade-offs seem small.
Lawmakers and regulators are increasingly exploring the imposition of data portability requirements on technology companies, in particular large digital platforms. These would require them to allow users to download their data from those services and/or have it sent to another service on their behalf, either on a one-off or ongoing basis, depending on the proposal.
In this comment, we explore the calls for data portability that arise from distinct and often opposing parts of antitrust law and competition policy, privacy law, and data security. Specifically, we focus on claims that data portability mandates can be used to increase market competition, considering the potential costs and benefits of such requirements, and the relationship between data portability as a pro-competition tool and other moves towards stronger laws governing user privacy.
We begin by discussing the concepts involved in mainstream proposals for data portability. We then examine the various competition issues involved in calls for data portability and discuss the case for and against data portability in these cases. Finally, we discuss in detail the UK’s experience with its Open Banking mandate—the most comprehensive data sharing scheme imposed to effect a compe- tition objective—and assess its effects, both intended and unintended.
Read the full brief here.
Regulatory Comments In this comment, we address the first question presented by the Commission (“Is there a continuing need for the Rule as currently promulgated? Why or why not?”). This comment answers that question in the negative, arguing the FTC should return to the pre-2013 version of the COPPA Rule.
In this comment, we address the first question presented by the Commission (“Is there a continuing need for the Rule as currently promulgated? Why or why not?”). This comment answers that question in the negative, arguing the FTC should return to the pre-2013 version of the COPPA Rule. However, these comments also speak to several other questions, including specifically:
b. What are the aggregate costs and benefits of the Rule?
• The benefits are unclear, but the costs — in the form of restricting the ability of family- friendly content creators to monetize their products — are real.
c. Does the Rule include any provisions not mandated by the Act that are unnecessary or whose costs outweigh their benefits? If so, which ones and why?
• The 2013 amendment’s definition of personal information is not only arguably inconsistent with the statute, but also very costly in restricting targeted advertising.
2. What effect, if any, has the Rule had on children, parents, or other consumers? a. Has the Rule benefited children, parents, or other consumers? If so, how?
• The benefits to parents or children are unclear.
b. Has the Rule imposed any costs on children, parents, or other consumers? If so, what are these costs?
• The costs on children and parents are felt in less-available zero-priced online children’s content.
c. What changes, if any, should be made to the Rule to increase its benefits, consistent with the Act’s requirements? What costs would these changes impose?
• The repeal of the 2013 amendments and returning the focus of COPPA to protecting children from online threats would decrease COPPA’s costs while maximizing its benefits to society.
9. Do the definitions set forth in § 312.2 of the Rule accomplish COPPA’s goal of protecting children’s online privacy and safety?
• The definition of personal information does not clearly protect online privacy and safety, but it does impose costs on online children’s content creation.
12. The 2013 revised COPPA Rule amended the definition of “Personal information” to include, among other items, a “persistent identifier that can be used to recognize a user over time and across different websites or online services.” Has this revision resulted in stronger privacy protection for children? Has it had any negative consequences?
• There are no clear benefits to privacy in this revision, but there are negative consequences in less online children’s content creation.
In Part I, this comment argues that the 2013 amendments got the purpose of COPPA wrong in focusing on targeted advertising rather than protection from predators. In Part II, this comment explains how the 2013 changes to the definition of personal information and the YouTube enforcement action exemplify this changed focus and resulted in making the monetization of children-friendly content online much harder. Part III then analyzes the 2013 definition of personal information in a cost-benefit framework and finds the uncertain benefits to children’s privacy are outweighed by the harm to children’s content creation.
TOTM Despite its tone and ominous presentation style, The Great Hack fails to muster any support for its extreme claims. The truth is much more mundane: the Facebook-Cambridge Analytica data scandal was neither a “hack” nor was it “great” in historical importance.
This excerpt from the beginning of Netflix’s The Great Hack shows the goal of the documentary: to provide one easy explanation for Brexit and the election of Trump, two of the most surprising electoral outcomes in recent history.
