By 
There’s been such a deluge of data privacy-related news over the past few weeks, I hardly know what to focus on in this newsletter.
Congress debated AI regulations, Montana banned TikTok for everyone (not just on government devices), and Meta got fined more than $1 billion in Europe over a GDPR violation.
Oh, and it was GDPR’s birthday on Thursday. The law went into effect on May 25, 2018. Do you remember where you were? I do. (I’m a weirdo, I know, but it’s sort of my version of “Where were you when JFK was shot?”)
I was in my mother’s kitchen in New Jersey working on this story: “The GDPR Effect Will Reverberate Way Beyond Europe.”
And that’s been the case. Just last week, AdExchanger reported on Oracle fully shutting down AddThis, the consent-challenged social-sharing widget Oracle acquired in 2016 that proved more trouble than it was worth.
They who fail to prepare … prepare to fail
But let’s dive into those developments in a bit more detail.
On May 16, the Senate Judiciary Subcommittee on Privacy, Technology and the Law held a hearing exploring the need for oversight of AI technology, with testimony from OpenAI CEO Sam Altman and Christina Montgomery, IBM’s chief privacy and trust officer.
Both called for rules and regulations to minimize the potential risks of AI technology, which can include unauthorized access to personal information and the spread of misinformation.
(There is also the danger of being exposed to this AI-generated fake beer commercial. Pour me a pint of that nightmare fuel.)
In all seriousness, companies should be thinking about how to use AI responsibly, rather than waiting for the government to act and then having to change their business plans in a panic … which is kind of what businesses did in reaction to privacy regulations.
GDPR and CCPA didn’t fall out of the sky in 2018. The building blocks for more stringent privacy regulations were already being laid years before, said Dominique Shelton Leipzig, a partner at Mayer Brown focused on cybersecurity and data privacy, who spoke at AdExchanger’s Programmatic IO conference in Las Vegas last week.
In short, developing technology with an eye on the future and feet planted firmly in reality is a better strategy than building with your head in the sand.
Dancing around the issues
Not that the specter of regulation will stand in the way of AI development, especially on the part of big platforms.
It was reported on Thursday that TikTok is experimenting with an in-app AI chatbot of its own. “Tako” will be able to converse with users in natural language and make video recommendations.
TikTok is only testing Tako (say that five times fast) in a limited number of markets, including the Philippines. It’s not available in the US, but even if it were, most Montanans wouldn’t get to see it.
And that’s because Gov. Greg Gianforte recently signed a bill into law banning TikTok, making it the first US state to do so.
Gianforte claims he intends to protect the personal information of Montana citizens “from harvesting” by the Chinese Communist Party. Meanwhile, some experts and academics believe the Republican zeal for banning TikTok is more about politics and simmering geopolitical tensions than privacy.
(Totally unrelated, but do you remember when Gianforte pled guilty in 2017 to physically assaulting a reporter for asking him a question about health care? Anyway … )
Fine, whatever
… Back to the topic at hand, TikTok isn’t the only platform in the regulatory crosshairs.
Just a few days after the Montana ban (and unrelated, of course), Meta was hit with a record $1.3 billion fine over a breach of GDPR. According to the fine, Meta was transferring the data of European citizens to the US without a data transfer agreement between the territories.
Meta must also stop exporting EU user data to the US for processing.
At issue here is Privacy Shield, the EU/US data-sharing pact that was struck down by the Court of Justice of the European Union in 2020 after a successful lawsuit brought by Austrian privacy activist Max Schrems.
I imagine that, for Meta’s lawyers, Schrems’s face is probably the first thing they think about when they wake up each morning and the last thing they think about before their head hits the pillow.
Although the fine against Meta is an attention-grabbing sum, it isn’t necessarily evidence that European data protection authorities are going big on GDPR enforcement, writes Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, in an op-ed for The Economist on the eve of GDPR’s anniversary.
“Most enforcement decisions confirmed at the EU level have been reprimands or ‘amicable settlements’ – this is enforcement without tooth or claw,” Ryan writes. “The [Meta] case made headlines around the world, but the truth is that even a penalty of this size is of little consequence to a company that made a profit of more than $23 billion last year.”
For the record, I’ve had more people reach out to me about the cat clips I’ve been sharing than about the content of this newsletter. 😹 And so, please enjoy this gem. It’s apparently from 1899 – the first known cat video ever captured! Let me know what you think (about cats, obviously). Drop me a line at [email protected].
