On Narratives (Pt1): The Regulation Narrative
The European mind cannot comprehend this. The American mind is screaming in horror.
(estimated reading time: 6 minutes, 4 seconds)
There’s a special meme that can be found making the rounds on social media, so much that it has become a truism:
What is regulation?
Let’s, first, align on the semantics. Regulation consists of requirements the government imposes on private firms and individuals to achieve government’s purposes. These include better and cheaper services and goods, protection of existing firms from “unfair” competition, cleaner water and air, and safer workplaces and products. Regulation is, or should be, a fix to the free market’s “failures”. Prominent among those failures are negative externalities, that is a firm involved in an economic activity not taking into account the cost of this activity to third parties. In short, leave it to the free market and tech peeps will optimise their product to keep a child through their early and teen years in front of a screen so they can increase their DAU north star.
(see more here)
In general, Europe’s notoriety as a regulator is well-deserved; the GDPR (General Data Protection Regulation), the AI Act, the DSA (Digital Services Act), or any other acronym, are all harrowing examples of Europe regulating, according to most, and EUs attempt to cement its role as über-regulator of the virtual world, according to few. However, while detested by the internet crowd, these policies seem to be setting an example for policymakers worldwide. Anu Bradford of Columbia notes that EU laws, particularly digital ones, tend to become global standards and termed this the “Brussels effect”. Indeed, a number of governments around the world have adopted GDPR to make trade with the EU easier or have released their own version, most notably UK with the UK GDPR, and California with the California Consumer Privacy Act (CCPA). From their side, tech companies, while threatening at times to leave the EU market (yeah, right) have found it more beneficial to their bottomline to comply with the GDPR.
The AI Act
The latest piece of regulation that had the internet specific narrative pushing accounts and meme followers at arms, was arguably the AI Act, a European Union regulation that was proposed by the European Commission as early as April 2021 and passed on March 13, 2024, with its primary goal being to establish a common regulatory and legal framework for AI across the EU. Without going into detail about the AI Act (i think AI regulation deserves it’s own post), the reactions were telling:
while some were more.. enthusiastic
Apart from the AI Act, there’s an upcoming regulation that passed on 22’ waiting to be implemented targeting specifically big tech:
The DSA Act
The Digital Services Act (DSA) is a legislative proposal introduced by the European Commission in December 2020 and aiming to update and modernize the rules governing digital services within the European Union (EU), particularly online platforms and intermediaries. The DSA targets VLOPS and VLOSES (Very Large Online Platforms and Very Large Online Search Engines), that is Amazon, Apple, Google, Meta, Microsoft, Snapchat and TikTok, or anyone that reaches at least 45 million monthly users. VLOPS and VLOSES (again, acronyms) is what the EU thinks big tech is and fines can reach up to 6% of annual revenue so theres some agitation from big tech.
The ultimate goal of DSA is to address some of the most serious concerns that critics of large tech platforms have raised in recent years, including the spread of misinformation and disinformation; possible harms to mental health, particularly for young people; rabbit holes of algorithmically recommended content and a lack of transparency; and the spread of illegal or fake products on virtual marketplaces. That, in a nutshell is almost everything that is wrong with big tech, and in a sense, the worse part of our human nature and the EU aims to solve all of that with a 100-page document. Talk about ambition.
But while the AI Act was the last episode and the DSA is the episode to come in the regulation meme wars, there was one regulation that kicked-off the meme:
The one that started it all
GDPR is a legal framework that focuses on information privacy within the EU and the European Economic Area (EEA). The GDPR aims to harmonize data privacy laws across Europe and enhance the protection of individuals’ personal data. It is the inexorable hand of a Brussels-based bureaucrat that, through GDPR, forces us to click the “Accept All” every time we visit a website, resulting in a large number of work-hours wasted. At the same time, it is GDPR that was the first and most deafening effort by a state actor (or union) in ensuring user privacy. It is hated by most but, I want to make 2 counterintuitive points in particular. The first one:
EU Regulation is (mostly) in the right direction
Is user privacy important? A few weeks ago, while building a product and in need of people data, I came in contact with a US-based data broker. I offered them a list of LinkedIn URLs (people I knew so I could judge the quality of the data returned) and they came back with mostly past experience and education data, but also phone numbers, connected Facebook and Twitter profiles along with their interests (‘beach volleyball', 'backpacking and travel', etc.) and a few other data columns for those individuals. To nobody’s surprise, I had some personal info about the list of individuals I provided; I could literally phone a few of them to sell them anything, schedule a robocall agent through LiveAgent to spam them and so on. But more than that, imagine what a powerful model could do with this abundance of data, how much users are exposed and how this privacy burden will play out in the near future if regulation is not there. And that’s exactly what policy like GDPR is trying to avoid. And to answer the initial question: user privacy is more important now than it was when GDPR was introduced.
Adding to that, the AI Act, immediately met with disdain and… the usual meme
but has found allies on both sides of the Atlantic, while the power of frontier models was being understood. And here comes the second point, and please allow some time to have your head explode:
It is a myth that the US does not regulate
Again, a few weeks back I posted a meme as a reply to a rare Dylan Field (Figma’s cofounder) late-night serial tweet posting:
and to everyone’s surprise, Dylan responded!
And then it hit hard; this deal where everyone credited (or hoped, or thought) that fell through, due to the EU Commission’s blockage, was stopped by the Department of Justice in the US. But the dominant narrative says something else.
Another example was the Acquisition of Activision Blizzard by Microsoft, where “…following shareholder approval of the acquisition, the merger was reviewed by several national anti-trust bodies, with early approvals granted by the European Commission and China's State Administration for Market Regulation (SAMR), among others while the United States' FTC and the United Kingdom's Competition and Markets Authority (CMA) issued formal challenges to the acquisition.” But even in the last few months that were surrounded by the GPT craze, more specifically, on October 23’, President Biden passed an Executive Order on AI, that “..establishes new standards for AI safety and security, protects Americans' privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world, and more.” while the U.S. House has set a strict ban on congressional staffers' use of Microsoft Copilot. Doesn’t that sound European to you?
so where do we go with all of this and what do we do with all this info?
(to be continued…)
(shortly i hope)
PS: Again, this newsletter is highly infrequent so apologies for that. I am currently building a product that will allow for a far quicker and efficient finding and matching with the people your organisation needs to hire, so we would love to have you as a beta tester.
References
https://www.economist.com/europe/2023/12/10/europe-a-laggard-in-ai-seizes-the-lead-in-its-regulation
https://www.economist.com/europe/2023/09/21/why-the-eu-will-not-remain-the-worlds-digital-uber-regulator
https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops
https://www.axios.com/2024/03/29/congress-house-strict-ban-microsoft-copilot-staffers
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022R2065