Yesterday, the European Commission announced that it had reached agreement with the European Parliament and the Council on a new EU Data Protection regulation. The new regulation, which is not yet public, has been under negotiation since January 2012, and would replace Europe’s 1995 Data Protection directive, which left implementation up to nation states.

Europe has a collective insecurity complex about the Internet,” said Berin Szoka, President of TechFreedom. “The problem isn’t that Europeans aren’t innovative, but that Europe’s most innovative usually leave the gray continent to start web businesses in the U.S., where innovation doesn’t require permission. Now, it seems, European governments have thrown in the towel: instead of trying to stop the digital brain drain by making Europe more open to innovation, they’re cracking down on the data flows that drive web companies. Their hodgepodge of new measures will prove either crippling, counter-productive or utterly unworkable.”

The worst idea is banning young teens from using social media without parental consent,” continued Szoka. “We already know that kids 13 and under simply lie about their age to get access to the sites they want to use. Teens will do the same, making the promise of parental control utterly illusory. That, in turn will undermine social media platforms’ efforts to offer age-appropriate experiences for their users. The only way to avoid this will be to age-verify all users, which means tying everyone’s Internet use to a verified identity — in short, ending online anonymity. Similarly, the ‘right to be forgotten’ sounds great, but in practice, means giving users a right to censor speech about them they don’t like.”

The new regulations will harm startups most,” concluded Szoka. “Allowing fines of up to 4% of a company’s global revenue will make all companies reluctant to experiment with new offerings that unsettle established norms. From Google’s Street View to Facebook’s NewsFeed, yesterday’s ‘creepy’ has proved to be today’s ‘awesome.’ Now, that line will be drawn by bureaucrats rather than consumers. Ironically, it’s established, American companies that will be most able to deal with the burden of compliance — which is why, of course, these heavy-handed regulations will no doubt be enforced arbitrarily. Regulatory discretion will be used as a tool of digital protectionism — yet another way for regulators to vent their frustration as Europe falls further and further behind Silicon Valley. Ordinary Europeans will be told that only tougher measures will bridge the gap, and Europe’s sad spiral of digital self-destruction will go on, and on, and on…”


We can be reached for comment at See our other work on child protection and COPPA, including:

  • TechBriefing on the legal and policy issues surrounding COPPA
  • COPPA 2.0: The New Battle Over Privacy, Age Verification, Online Safety & Free Speech, a study by Berin Szoka & Adam Thierer (2009)
  • COPPA: Past, Present & Future of Children’s Privacy & Media, a TechFreedom event