Press play to listen to this article
By MARK SCOTT
Send tips here | Subscribe for free | View in your browser
WELCOME BACK TO ANOTHER DIGITAL BRIDGE. I’m Mark Scott, POLITICO’s chief technology correspondent, and without giving away my age, I do remember life before the internet (shocker!). But don’t let us old-timers lie to you. Not everything in those analog days was a good idea.
Now let’s break out those smartphones and get to it:
— Time is ticking down to get U.S. federal privacy rules on the books. The main sticking point: California.
— Everywhere you look on Arabic-language social media is a sh*tshow. It’s really the Wild West out there.
— Negotiators are finishing up the (long-awaited) transatlantic data transfer deal. For real this time.
THE GOLDEN STATE VS. THE REST
I HAVE TO ADMIT IT. I didn’t give the latest effort to pass federal privacy rules in the United States — known as the American Data Privacy and Protection Act — much of a chance ahead of the upcoming midterm elections. But after a congressional committee overwhelmingly backed a draft version of the proposals last week, it’s fair to say there’s now at least a 50-50 chance that something could happen before U.S. lawmakers disappear for their summer vacation in August.
The biggest issue that still needs to be resolved, though, is major grumblings from California over how the new federal rules will overrule the state’s existing data protection rules, dubbed the California Privacy Rights Act, which come into force on January 1, 2023. The Golden State is adamant that any privacy revamp from Washington shouldn’t supersede its own proposals. Federal policymakers argue the same rules must apply nationwide.
It’s a classic game of states’ rights. And leading the charge is the California Privacy Protection Agency (CPPA) — a U.S. version of a European-state data protection authority — that will hold a meeting on July 28 (watch along here from 9 a.m. West Coast time, which is 6 p.m. CET) to discuss its opposition to the federal proposals. The basic gist comes down to this: The California watchdog wants unfettered powers to pursue privacy cases and does not want to be beholden to Washington and potential changes to federal rules that could harm its local citizens.
So who’s right? With all things related to data protection, both California and Congress have legitimate points. As Gabriela Zanfir-Fortuna explained while I was on vacation, the federal privacy reforms are pretty solid — and in many ways copy from Europe’s General Data Protection Regulation. To win over California, U.S. politicians also tweaked the proposals to give the CPPA explicit enforcement powers; reduced the time people would have to wait to file private lawsuits; and increased the oversight of the U.S. Federal Trade Commission.
In the Golden State’s defense, some (but not all) of its upcoming privacy rules are better than what Washington has proposed. Wonky issues like mandated data protection risk assessments and greater flexibility to update the state’s rules to keep up with technology should not be underestimated. California has been ahead of the rest of the U.S. on updating its privacy rulebook. So it’s fair that local officials don’t just want to pass the baton to their federal counterparts without a fight.
That fight is only going to continue. Already, U.S. state attorneys general (led by California); the state’s governor and scores of local politicians have called on Washington to pass federal rules that create a floor, not a ceiling, for national data protection regulation. If and/or when the proposals come to the floor of the U.S. House of Representatives, the speaker of the House, Nancy Pelosi, herself a card-carrying Californian, will have to decide how to corral her fellow California lawmakers into either supporting or defeating arguably the best chance of passing federal privacy legislation in a decade.
This battle concerns those outside of the U.S. Sure, Europe’s data protection rules remain the de facto global standard (outside of China). But having a legitimate alternative, albeit with similarities to the bloc’s regime, would help solidify the West’s approach to privacy just as China pushes ahead globally with its rival approach. That now all hinges on the standoff between California and Washington. Time is short ahead of the August recess to figure out a compromise.
ARABIC SOCIAL MEDIA: AND YOU THOUGHT ENGLISH CONTENT WAS BAD
WHEN IT COMES TO COMBATING online hate, state-backed disinformation and other nastiness (in English) on social media, there’s a playbook that goes something like this: Bad stuff is found online. The platforms hold up their hands to apologize. The content is removed. And things go back to normal. But for the more than 350 million Arabic speakers spread around the globe, that level of enforcement — even when it comes to the basic implementation of companies’ terms of service — is woefully lacking.
To figure out how bad, and widespread, the problem is, I again teamed up with Moustafa Ayad, a researcher at the Institute for Strategic Dialogue, a think tank that tracks online extremism. He’s previously helped me track ISIS sympathizers on right-wing social media platforms; outline how jihadists used an emoji-based codebook to sidestep Facebook’s content rules; and explain why Western far-right groups welcomed the Taliban’s victory in Afghanistan back in 2021.
“I don’t see it changing at any point in time,” he told me when asked about what, if anything, the social media platforms had done to better police Arabic-language content in recent years. Reminder: Internal Facebook documents made public by whistleblower Frances Haugen showed that the company had few Arabic-language content moderators and had done little to stop the spread of the worst content. “It’s just that the odds are so stacked up against those fighting, essentially misinformation, disinformation extremism in this context.”
So what’s out there that is still getting through the platforms’ (pretty porous) nets? Let’s start off with Russian disinformation. Ten Twitter accounts — with a combined following of almost 360,000 people — have been peddling Kremlin narratives, mostly about Moscow’s invasion of Ukraine, with some directly linking themselves to Russian state media outlets. The kicker: The accounts used images of attractive women (with at least one stolen from a well-known Instagram model) to drum up interest from — what I can only assume — is a male-dominated audience. Twitter subsequently removed four of these accounts.
On Twitter and Facebook, Syrian media similarly pumped out Russian talking points about the war to a massive online audience — almost always running without disclaimers, fact-checking labels or any acknowledgment of who was behind the posts. In Iraq, Iranian-backed militias have also been buying Facebook ads to promote disinformation about Ukraine’s president, Volodymyr Zelenskyy, based on Ayad’s research. Similarly, none of those paid-for messages was deleted.
Things get even murkier in Iraq, where there’s an ongoing bloody conflict between Sunni and Shia militias. In at least four locally focused Facebook groups — with a combined following of more than 2 million people — individual users were openly selling firearms in direct violation of the platform’s policy on gun sales. Many of these purchases were organized via the comments on individual posts, while the names of the groups, including “Weaponlovers,” made it clear what was going on.
“Facebook in English in the United States is a fundamentally different product than what is available in every other country in the world,” Haugen told me when I asked her how differently the platform’s content rules were implemented, globally, compared with back home. “Facebook moved into the most fragile parts of the world and became the internet.”
EU VS. US ATTITUDES ON PRIVACY
EU-US DATA PACT PROGRESS
LONGTIME READERS OF DIGITAL BRIDGE will be aware that I’ve called time on these talks before — only for them to continue amid last-minute haggling. But European officials spent three days in Washington this week giving their (hopefully) final approval to the White House’s executive order, which will outline the changes to U.S. national security data collection practices to make them compliant with EU demands. The Americans were more optimistic (“We’ll be officially sending it by the end of the month,” one messaged me) than the Europeans, who remain maddeningly cagey about how they view the whole process.
So let’s talk about time frames. If (and it’s still an “if”) the executive order gets sent this month, or maybe in August, we’re looking at a six-month wait while the European Commission translates the text into its own language. That takes us up to early 2023 for final approval — just in time for the pending pact to get challenged, and we all end up back in front of Europe’s highest court in 2025. Still, it’s not like the Europeans haven’t had time to pore over the executive order. They’ve had access to it for months in Brussels, I’m told, though security around who accesses the document has been tighter than Fort Knox — presumably to stop the text from leaking to pesky journalists. You know where to find me, people.
WONK OF THE WEEK
LET’S DO A TWO-FOR-ONE deal this week after Ilan Gur and Matt Clifford were just appointed the chief executive and chairman, respectively, of the United Kingdom’s Advanced Research and Invention Agency, whose $1 billion budget is supposed to mirror that of the U.S. Defense Advanced Research Projects Agency, or DARPA.
Gur may be known to some of you after he founded the Bay-area nonprofit Activate, which helps scientists turn their geeky ideas and inventions into actual businesses. He has a doctorate in applied sciences from CalTech, and has spent part of his career working on battery technologies.
Clifford is the co-founder of Entrepreneur First, a quasi-talent-scouting program that similarly helps individuals create tech-linked businesses. The investment company now has outposts in Toronto, London, Singapore and Bangalore, and recently raised $158 million from other successful tech entrepreneurs like Stripe’s John and Patrick Collison.
THEY SAID WHAT, NOW?
“The (European) Council cannot be criticized for having considered that the necessary measures to be taken in response to the serious threat to peace at Europe’s borders and the infringement of international law could also include the temporary prohibition on content broadcasting by certain media outlets funded by the Russian State, on the ground that those outlets would support the Russian Federation’s military aggression against Ukraine,” the EU’s Grand Chamber of the General Court ruled when deciding the ongoing ban against RT France should be upheld.
WHAT I’M READING
— Russian-backed hackers are infiltrating cloud computing services to attack private companies and government agencies, according to a report from Unit24.
— The U.S. Securities and Exchange Commission charged three people associated with Coinbase over possible insider trading on crypto assets. Here’s the SEC’s statement, and Coinbase’s response.
— Meta is considering a change to how it polices COVID-19 misinformation after the “situation has evolved.” It has asked its Oversight Board to weigh in. More from Nick Clegg here.
— Offering people “alert messages” ahead of watching videos that could include harmful messages was an effective way of limiting the spread of such content, based on field tests by the British regulator in charge of the country’s upcoming online content rules.
— Brussels is in the clutches of corporate lobbying interests that could undermine Europe’s ability to hold (tech) companies to account, argues Georg Riekeles, a former Commission official and associate director at the European Policy Center. Warning: His post is long.
— The political and economic implications of how artificial intelligence is embedded within business is not sufficiently understood in the scores of AI ethics guidelines that have been recently published, claim Blair Attard-Frost, Andrés De los Ríos and Deneille R. Walters for AI and Ethics.
SUBSCRIBE to the POLITICO newsletter family: Brussels Playbook | London Playbook | Playbook Paris | Politico Confidential | Sunday Crunch | EU Influence | London Influence | Digital Bridge | China Direct | Berlin Bulletin | D.C. Playbook | D.C. Influence | Global Insider | All our POLITICO Pro policy morning newsletters