We’ve already talked a bit about Elon Musk’s obvious censorial bullshit lawsuit against Media Matters. It’s quite obvious from the lawsuit that his intent is to intimidate critics and suppress speech about hateful content on ExTwitter. So far, it’s not working, as that lawsuit seems to have inspired more people to find more ads next to more hateful content. It’s also exposed just how many of the ‘free speech’ supporters who cheer on Musk’s every move are a bunch of hypocrites, as they’re now supporting a lawsuit to silence speech.
Incredibly, it seems to be getting even more ridiculous.
Over the weekend, Musk famously reinstated conspiracy theorist Alex Jones, despite early on promising never to do so. On Sunday Jones and Musk did a Spaces together (with a bunch of other nonsense peddlers), in which Musk again (1) insisted that his support for free speech was why he reinstated Jones, and simultaneously (2) that he’d not just continue to sue Media Matters over its free speech, but that he’d sue them in “every country that they operate,” and (3) that he’d sue “anyone funding” Media Matters. His reasoning? That “Media Matters is an evil propaganda machine” that “can go to hell.”
Yes. At the same time he not only was re-platforming and joining an online panel with Alex Jones, one of the most infamous propaganda machines ever, he’s claiming that Media Matters needs to be sued out of existence for being a propaganda machine.
The claim that he’d sue MMFA in “every country” seemed odd, given that the “A” in MMFA is “America.” Media Matters for America is pretty focused on the US. However, soon after that came out, I found a (very light on the details) report that ExTwitter has already sued Media Matters in Ireland as well.
Unfortunately, as of right now, I can only find that single news report about it, and no links to any details to look over, but:
X, FORMERLY TWITTER, has taken legal action in the Irish courts against a US media monitoring site.
Court papers filed this week show that Twitter International Limited Company, the name of its Ireland-based entity for operations, has taken legal action against Media Matters for America.
That’s basically it as details go. A search on the Irish court website does note that a filing has been made, but there’s no complaint. Just a “plenary summons.”
But, um, what the actual fuck?
What kind of “free speech absolutist” decides to go on a libel tourism trip to Ireland, filing a clearly bogus vexatious censorial lawsuit over an issue between two US-based organizations that had fuck all to do with Ireland?
It’s unclear what kind of impact this would have. While jurisdiction for defamation claims works differently in the EU (assuming he even is filing a defamation claim, which he didn’t actually do in the US), assuming MMFA has no operations or assets in the EU, it’s not clear if such a lawsuit can actually do anything. Worst case, ExTwitter wins… and then is blocked from enforcing it in the US thanks to the SPEECH Act (another law that actually protects free speech, which Elon is seeking to undermine).
As for the claim that he’s going to sue funders of MMFA, well that’s equally censorial. It’s an attempt to intimidate donors and silence their speech as well. While there are some exceptions, if the donors are somehow actively involved in a particular tort, the idea of suing donors to a non-profit because you don’t like the (admitted as true) speech of that non-profit is… so extraordinarily ridiculous and censorial that it seems very open to getting sanctioned.
For what it’s worth, it also seems to be backfiring. On social media, I’ve seen a bunch of people who had never donated to MMFA before tossing $10 or $20 their way and then posting the receipts in Elon’s mentions, asking if he’s going to sue them.
Elon Musk is not a free speech absolutist. He’s not even a free speech supporter.
He’s a vexatious, anti-speech litigant, eagerly abusing and exploiting the courts in an attempt to silence and suppress voices that criticized him and his companies.
There is no space for nuanced discussion about reality any more, as it seems that nonsense floods the zone. So, please try to follow along here as there needs to be some nuance to finally get down to the details of this issue. It’s nonsense, piled on top of nonsense, piled on top of nonsense, which ends with Elon Musk suggesting he’s going to sue George Soros for… advocating for laws that Elon doesn’t like (for what it’s worth, I’m pretty sure the laws being talked about are problematic, but the details aren’t clear, and there’s no law against advocating for bad laws).
Let’s start here: we’re extremely skeptical of any sort of “hate speech law.” This is not because we like hate speech, far from it. But as we’ve reportedagain and again and again, in practice hate speech laws are frequently abused by the powerful to punish the powerless and marginalized. We’ve long argued that there are better ways to deal with hate speech than criminalizing it. Shun it, shame it, diminish it’s power, counter it, etc.
Of course, in the age of social media, some very, very silly people consider attempts to do the latter the equivalent of censorship. That is, when a private company chooses to de-prioritize hateful speech, they claim that this is the same thing as the government “censoring” it. But nothing is farther from the truth. The government cracking down on hate speech is a free speech issue. A private company refusing to host or promote hate speech is a way for them to use their own speech to condemn such speech. It is a quintessential “more speech” type of response.
One of the people who has a long history of misrepresenting private companies expressing their own free speech rights of association as the equivalent of government censorship is a nonsense peddler named Michael Shellenberger, one of the hand-picked nonsense peddlers that Elon gave some of his “Twitter Files” to, allowing them to completely misrepresent things. Shellenberger, who has a long career peddling complete and utter nonsense, took to the job perfectly, and so completely misunderstood things in the Twitter Files that he ridiculously claimed that FBI was paying Twitter to censor accounts.
The truth was nothing of the sort, and anyone with even the most basic understanding of the law and basic facts could explain it to you (as far as I can tell, Shellenberger has yet to retract or correct his false statements on this). What he was actually reporting on were investigatory requests for data under a 2703(d) request (which require a court order or a warrant, depending on the type of data sought). These are requests for customer communications or records, not for taking down information. That law says that when the government makes a 2703(d) request, the government needs to reimburse the service provider “for such costs as are reasonably necessary and which have been directly incurred in search for, assembling, reproducing, or otherwise providing such information.”
Now there are lots of concerns about the 2703(d) program, and we (unlike the nonsense peddlers who are screaming today) have been calling out the problems with that program for at least a decade. But we’re focused on what the program actually is, not some made up idea that this is “the FBI paying Twitter to censor.”
Shellenberger has continued to peddle more nonsense about social media content moderation, a concept he does not seem to understand one bit, falsely accusing researchers who study information flows of being part of a “censorship industrial complex” and a bunch of other ridiculous stuff. But, of course, a bunch of very silly people eat this nonsense up and believe every word of it, because why not?
Not surprisingly, Shellenberger these days has a very popular Substack where his nonsense is often published. He probably makes more money each week from subscribers than Techdirt makes in a year, because we deal in facts, not nonsense, and facts don’t seem to pay as well.
Anyway, on his Substack, he had another reporter publish an article with the headline “Soros-Funded NGOs Demand Crackdown on Free Speech as Politicians Spread Hate Misinformation.” The article is behind a paywall, so I have no idea what it’s actually referring to. It is entirely possible that Open Society (which is funded by Soros) is advocating for hate speech laws, but the parts that are available to read are just a lot of fluff about whether or not hate is on the rise in Ireland, not the specific laws or what the various NGOs are advocating for.
So maybe Open Society NGOs are supporting hate speech laws. If true, that would be bad, as we’ve described above (and for years here on Techdirt) how such laws are prone to abuse and don’t do much to stop actual hate. But, of course, Soros is free to spend his money as he wishes, and the NGOs he funds are free to advocate for whatever laws they want. That’s part of their free speech.
Anyway, here’s where we finally get around to Elon Musk, who saw this story being promoted… and claimed he’s going to sue over it.
That’s Elon responding to a Shellenberger tweet. Shellenberger’s tweet says:
Politicians & George Soros-funded NGOs say “hate incidents” are rising, but they’re not. The data show the opposite: higher-than-ever and rising levels of tolerance of minorities. The reason they’re spreading hate misinformation is to justify a draconian crackdown on free speech.
So… first off, an increase in “levels of tolerance of minorities” (which is, by itself, an odd way to frame this) is not mutually exclusive with “rising hate incidents.” Both things could be true. I don’t know what points are being conveyed in the article itself (again, paywall), but the Irish police have published stats saying that “hate crimes” and “hate related incidents” went up from 2021 to 2022.
That’s not to say those stats are trustworthy. Also, hate speech and hate crime are not the same thing.
None of that means that Irish politicians aren’t overhyping the matter. They may well be. They may also be pushing for laws that intend to stifle free speech. I’m sure some are, because politicians all over the world seem to keep doing that. And it’s possible that Open Society funded NGOs are supporting some of those laws. And, as frustrating as that may be to us, it’s still very much allowed because of free speech.
Yet, then we have Elon jumping in to respond to Shellenberger’s already questionable claim by saying:
Exactly.
X will be filing legal action to stop this. Can’t wait for discovery to start!
There’s a lot to break down in this short tweet. What is he saying “exactly” about? And what kind of legal action is he filing?
But, first, let’s just make this point that I’ve made before, but is important to make again. It’s pretty common when lawsuits are threatened for some people to say something along the lines of “can’t wait for discovery,” which generally just shows that they have no idea how any of this works. Many people seem to think that “discovery” is some magical process by which all your dirty laundry gets aired publicly.
That is… rarely the case. First off, while discovery is a total pain for basically everyone involved, discovery is (generally) limited to issues directly dealing with the legal issues at hand. Parties may seek a lot more, and those on the other side may push back on those requests. But, more importantly, most of the time, what’s handed over in discovery never sees the light of day. Sometimes there are direct limits on what parties can share publicly, and often the only bits of discovery that become public are what’s revealed as the case moves towards trial (if it gets that far). People who are “eager” for discovery are… usually disappointed.
And, of course, in theory, any such “legal action” would take place in Ireland, which seems to have fairly similar discovery rules as the US, such that any discovery has to be “relevant and necessary” to the claims at hand.
Which brings us to the big question: who is he suing and for what? Many people (perhaps reasonably?) interpreted Musk’s statement to mean he was going to sue Soros. But, of course, he has no standing whatsoever for that, and the only thing he could possibly sue Soros over was for his advocacy (and funding), both of which would be protected speech. If the implication is that Elon is going to sue Soros for his free speech, that will (yet again!) raise questions about Elon’s actual commitment to “free speech.”
Perhaps a more charitable explanation here is that Elon actually means he’d be suing in Ireland (or, perhaps more likely, in the European Court of Justice?) to block any such law should it pass. But… that would require the details of the law to understand what the issue was. And, if that was the plan, then it’s difficult to see what sorts of “discovery” he’s expecting to get access to.
And, sure, if Ireland passes a really bad law, I do hope that exTwitter challenges it in court. But that’s got nothing to do with Soros, and I don’t see how discovery is going to be even remotely meaningful.
Of course, even if his plan really is to challenge the eventual Irish law (should it ever become law), it’s pretty clear from the replies to his tweet, that most of his gullible fans think he’s talking about suing Soros directly for his speech… and they’re ridiculously claiming that this shows how much Elon supports free speech. It’s possible that Elon recognizes that his confusingly worded tweet implies one thing when he really means another, though he hasn’t tried to correct the misperception at all. Or, of course, he really thinks that he’s going to sue Soros for exercising his own free speech, and his idiot fans are insisting that suing someone for their own speech is support of free speech.
Some big news out of the EU this week as the Irish data protection authority has fined Meta over $400 million, claiming it violated the GDPR. The full details of the ruling are not yet out (apparently, the officials are working with Meta over what needs to be redacted — which is not out of the ordinary in the EU, but still feels sketchy), but the basic idea is that Meta sought to get around some of the GDPR’s consent rules regarding using data for customization / targeting by including “consent” directly in the terms of service. The Irish regulator overseeing the case had initially indicated that this was legitimate, but apparently changed their minds.
Meta is pushing back on the ruling, claiming that the GDPR allows you to collect and process this data for personalization so long as it’s considered a “contractual necessity.”
GDPR allows for a range of legal bases under which data can be processed. The rules of GDPR are clear: there is no hierarchy between these legal bases – none should be considered better or more legitimate than any other. Which basis is most appropriate to use depends on the specific situation. Like many companies, Meta uses a combination of legal bases to provide various services.
Facebook and Instagram are inherently personalised, and we believe that providing each user with their own unique experience – including the ads they see – is a necessary and essential part of that service. To date, we have relied on a legal basis called ‘Contractual Necessity’ to show people behavioural advertisements based on their activities on our platforms, subject to their safety and privacy settings. It would be highly unusual for a social media service not to be tailored to the individual user.
That said, there’s a bit more background here that is worth understanding. As you may recall, last year, we noted that officials on the EU Commission were getting annoyed that the Irish data protection authority was seen as going easy on US internet companies. There has been a variety of efforts to update the GDPR to effectively give more power to either the Commission itself in Brussels, or possibly other country data protection authorities, to avoid the situation where US companies set up an EU “headquarters” in Ireland in order to be regulated by that DPA.
Given that, the Irish DPA has been somewhat under pressure to come up with a scalp to show the rest of the EU to prove that it’s “serious.” This is why we’ve mentioned that Elon Musk’s Twitter might be an easy target. But, as always, going after the “big guys,” is always preferable.
This might also explain why it looked like the Irish regulators were originally okay with Meta’s clickthrough / browserwrap arrangement, and then reversed course.
While it’s fun to see Meta struggle (especially given all the troubles its had recently after Apple effectively kneecapped a whole bunch of Meta’s data collection efforts) and face some consequences after playing fast and loose with data for years… it does feel like this kind of decision could have serious problematic consequences going forward. I’m loathe to give Meta any credit for anything that it does, but it’s kinda true that when people are signing in to most social media these days they do expect personalization.
Are there ways that Meta could give users a lot more control? Yes. Could Meta be more transparent about how it’s using data? Also yes. But I fear that the end result of this ruling is that we’re going to just end up with even more useless and annoying “cookie pop up” type warnings in which every company is going to feel the need to make you “opt-in” to personalization over and over again in a manner that is extremely annoying and does nothing to really protect anyone’s privacy.
But, alas, this is the state we live in today with the European approach to privacy laws, where most of the focus is just on getting companies to do something that is annoying for users, but which allows politicians to claim that they’re “protecting your privacy.”
The EU-Canada Comprehensive Economic and Trade Agreement (CETA) is one of several long-running trade deal sagas covered by Techdirt. It seemed to be almost over in 2017. After a constant on-off excitement about whether CETA would survive, it was ratified by the European Union. But it still needed to be approved by all the EU Member States’ national parliaments before it came into force. The chief stumbling block to national ratification was the investor-state dispute settlement (ISDS) provisions, which would allow investors to sue governments over laws or decisions which could potentially harm future profits. This imposition of corporate sovereignty through trade deals is an issue that Techdirt has been covering for many years. Despite widespread concerns about ISDS, in 2019 the Court of Justice of the European Union, the EU’s top court, ruled that corporate sovereignty was compatible with EU law, apparently removing the last obstacle to CETA’s ratification by Member States.
And yet here we are, eight years after the final text of CETA was “celebrated“, and another major problem has emerged. The Irish Supreme Court has just ruled that ratification of CETA would be unconstitutional without holding a countrywide referendum on it. The argument that was used successfully to convince the court to halt Ireland’s ratification is the following:
The court was told during the March hearing that “sovereignty” was at the heart of the appeal, with the Dublin South Central [member of the Irish parliament] expressing concerns about the constitutionality of provisions in Ceta for “investor courts” to decide complaints by Canadians who invest in EU member states.
It was submitted the State cannot authorise the treaty “without the mandate of the people”, by way of a referendum.
Yes, it’s corporate sovereignty rearing its ugly head again, just as it has done many times in the past. But there’s a big difference now. As Techdirt wrote a few weeks ago, governments are finally waking up to the dangers of ISDS, and are actively seeking to withdraw from the Energy Charter Treaty, which also contains corporate sovereignty provisions.
Since politicians are themselves turning against the idea, it would not be surprising if its opponents succeed in convincing a majority of the Irish people to vote against allowing ISDS in CETA in the new referendum, whenever that is held. And if Ireland refuses to ratify ISDS in CETA, that would nullify the ISDS provisions across the whole of the EU. CETA would then come into effect, but without its worst feature.
We’ve already pointed out that the new Twitter under Elon Musk may be facing some big challenges from the FTC in the US. The company is under a consent decree, and it’s not clear that Musk is complying with the terms of the consent decree. And unlike SEC violations, violating an FTC consent decree can hurt. Between the FTC and the DOJ, they can make it hurt. The fact that basically all of the remaining Twitter execs whose necks were on the line for potentially violating the FTC consent decree quit at the same time should tell you something (I guarantee it told the FTC something).
That said, the FTC may be the least of Musk’s problems once the EU gets ahold of him. Natasha Lomas, over at TechCrunch, has an interesting article detailing how the Musk-run Twitter may be falling out of compliance with the GDPR in the EU. That’s potentially a big deal, given that the GDPR can lead to pretty massive fines.
Under the EU’s GDPR, meanwhile, Twitter is obliged — in just one very basic requirement — to have a data protection officer (DPO) to provide a contact point for regulators.
Hence the departure of Kieran, its first and only DPO since the role was created at the company in 2018, has not gone unnoticed by its data protection watchdog in Ireland — as we also reported Friday. But the Irish Data Protection Commission (DPC)’s concerns are already spiraling wider than Twitter’s compliance with notifications about core personnel: Last week, the authority — currently Twitter’s lead EU DPA under the GDPR’s OSS — put the social media firm on watch by signaling public concern when it said it would be putting questions to the company about the status of its main establishment in Ireland at a meeting scheduled for early this week, to discuss all the recent privacy changes since the Musk takeover.
Twitter has not commented publicly on the DPC’s warning nor on the departures of senior regulator-facing staffers. Indeed, since Musk took over, its communications department appears to have been dismantled and the company no longer responds to press requests for comment — so it was not possible to obtain an official statement from Twitter about these departures or on the substance of our report.
Not great! And, timing wise, it’s potentially much, much worse. Though, to understand why you need to know a bit of what’s been happening in the EU under the GDPR (something I’d pretty much guarantee that Musk has no idea about, though Twitter’s mostly departed legal team most likely did).
Right now there’s a bit of a turf war over the GDPR. You see, as it stands, under this “one-stop shop” (OSS) policy, Twitter really only has to deal with the Irish data protection authority (DPA). Indeed, a bunch of American tech companies have all basically done the same thing in the (possibly correct!) belief that the Irish DPC is probably the most business/innovation friendly of the various DPAs out there.
And that’s been pissing off Brussels. As we reported earlier this year, EU officials in Brussels have been whining that the GDPR has been a mess, but reading between the lines, they’re really complaining that the Irish DPC simply hasn’t been willing to stand up to American tech companies and fine them for things that the folks in Brussels are mad about. The technocrats in Brussels have been making noises about updating the GDPR to effectively take power out of the hands of the local DPAs, and to stop tech companies from forum shopping for DPAs.
So… that means, right now, the Irish DPC has tremendous incentive to find a head to scalp to prove that it’s up to the task of regulating data protection issues within American tech companies.
Enter Elon Musk (and exit everyone who could have explained this to him).
It could get even worse, as described above in the TechCrunch article, because by screwing up the OSS process, Twitter could open itself up to facing regulatory scrutiny from other, much, much, less forgiving DPAs:
If the DPC assesses (or is informed by Musk) that it no longer has its main establishment in Ireland, the company will crash out of the OSS — opening it up to being regulated by the data protection authority across the bloc’s 27 Member States, which would become competent to oversee its business.
In practice, that means any EU data protection authority would be able to act directly on concerns it has that local users’ data is at risk — with the power to instigate their own investigations and take enforcement actions. So Ireland’s more business-friendly regulator would no longer be leading the handling of any GDPR concerns about Twitter; probes could be simultaneously opened up all over the EU — including in Member States like France and Germany where data protection authorities have a reputation for being quicker to the punch (and/or more aggressive) in responding to complaints compared to Ireland.
If Twitter loses its ability to claim main establishment in Ireland, it would therefore drastically amp up the complexity, cost and risk of achieving GDPR compliance. (Reminder: Penalties under the regulation can scale up to 4% of annual global turnover — so these are not rules a normal CEO would ignore.)
So, all this fucking around seems likely to turn into “finding out” no matter what. The Irish DPC has strong incentives to make an example of Twitter… and if it does not, then lots of others may pile on instead.
That said, the TechCrunch article also includes some kind of eye-opening details that I don’t recall being mentioned publicly before:
The structure Twitter was relying upon to participate in the GDPR’s OSS includes a system of mandatory privacy and security reviews for new products — to enable the Irish entity to insert its feedback and exert influence over product development.
Under this framework, the board of the Irish company was able to raise concerns about planned new features ahead of launch, with input then fed back to U.S. product development teams to be incorporated into products before launch — thereby, assuming the protocol was correctly followed, empowering a local decision-making capacity inside the EU.
However, per our source, the situation at Twitter since Musk took over is that no information is being provided about what products are being worked on in the U.S. to the Irish entity’s management — nor is the Irish entity’s management able to provide any input into any product Musk is working on since it is not being kept apprised of what’s being developed.
Products in development at Twitter are not even being submitted into review pipelines anymore, much less getting reviews before being shipped, according to our source, who told us the system has essentially stopped operating.
So… that seems… not great? I mean, it is very much inline with the EU view of regulation where they often believe regulators should be seen as “partners” with the tech companies, but it still seems highly questionable that the company would allow Irish regulators “to insert… feedback and exert influence over product development.” If that’s an accurate portrayal of the situation, then it would be a good thing for Musk to cut it off, though it’s unclear if this was done on purpose or through sheer cluelessness.
And, of course, things are only likely to get worse for Elon in the EU. The DSA is coming into effect on January 1, 2024. And it’s going to be a huge mess. Like a tremendously big mess. But as we discussed on the podcast in that link, over the next year, there is still a lot of work to be done, often by the big tech companies, to define the exact parameters of how the DSA will work in practice.
Yes, there is some nonsense in the fact that the law is already passed and set to go into effect, but the actual rules are still being written, but that’s the process, so you have to deal with it. For the past few years, as we’ve pointed out, Twitter has been a vocal participant in the dialogue around the DSA, and has done a fair bit to push the final rules in better directions (it could have been much, much worse).
It’s unclear how (or if) an Elon-run Twitter will continue participating. Yes, back in May, Elon met with Thierry Breton, who is leading the process for the DSA, and made some monumentally stupid remarks saying he completely agreed with the DSA’s approach, which will lead to tremendous government-induced censorship. And Breton has been salivating ever since, even gleefully (and somewhat obnoxiously) tweeting about how the EU will control Twitter’s content moderation going forward:
None of that bodes well for Twitter in the EU going forward. Right now is when Twitter should be heavily engaged in helping to define the actual rules under the DSA and how the company will interact with EU enforcers. But I can’t imagine there are many people left at Twitter who even know this is happening.
Yes, I’m sure when the EU comes down on Elon’s Twitter, he’ll whine about the unfairness of government regulations. And, in some cases with the EU, he’s not wrong. But, he should at least be aware of the fucking process, and how it’s playing out right now, rather than just ignoring it entirely and then complaining when they crush him later.
But, for the past four years, within EU policy circles, it has been entirely taboo to even suggest that maybe the EU made a mistake four years ago with the GDPR. Any time we’ve suggested it, we’ve received howls of indignation from “data protection” folks in the EU, who insist that we’re wrong about the GDPR.
However, sooner or later someone had to realize that the emperor had no clothes. And in a surprising move, the first EU official apparently willing to do so is Wojciech Wiewiórowski, the EU’s Data Protection Supervisor.
So far, officials at the EU level have put up a dogged defense of what has become one of their best-known rulebooks, including by publicly pushing back against calls to punish Ireland for what activists say is a failure to bring Big Tech’s data-hungry practices to heel.
Now, one of the European Union’s key voices on data protection regulation is breaking the Brussels taboo of questioning the bloc’s flagship law’s performance so far.
“I think there are parts of the GDPR that definitely have to be adjusted to the future reality,” European Data Protection Supervisor Wojciech Wiewiórowski told POLITICO in an interview earlier this month.
Wiewiórowski, who leads the EU’s in-house privacy regulator, is gathering data protection decision-makers in Brussels Thursday-Friday to open the debate about the GDPR’s failings and lay the groundwork for an inevitable revaluation of the law when the new EU Commission takes office in 2024.
Of course, what’s funny is that when that event actually happened, the complaints were not about how maybe the entire approach of the GDPR was wrong, but that the real problem is that the Irish Data Protection Commission wasn’t willing to fine Google and Facebook enough.
European Data Protection Supervisor Wojciech Wiewiórowski on Friday said there isn’t enough privacy enforcement against tech companies like Meta and Google, hinting at a bigger role for a “pan-European” regulator.
In a speech marking the end of a two-day conference designed to scrutinize the EU’s flagship privacy code, the General Data Protection Regulation or GDPR, Wiewiórowski said enforcers had so far failed to rein in data protection abuses by big companies.
“I also see hopes that certain promises of the GDPR will be better delivered. I myself share views of those who believe we still do not see sufficient enforcement, in particular against Big Tech,” he said.
This is really a “no, it’s the children who are wrong” moment of clarity. The GDPR was sold to the European technocrats as “finally” a way to put Google and Facebook in their place. But, in practice, as multiple studies have shown, the two companies have been mostly just fine, and it’s a bunch of their competitors that have been wiped out by the onerous compliance costs.
Rather than recognizing that maybe the whole concept behind the GDPR is the problem, they’ve decided the problem must be the enforcer in Ireland (where most of the US internet companies have their EU headquarters) so the answer must be to move the enforcement to the EU itself.
Basically, the EU expected the GDPR to be a regular tool for slapping fines on American internet companies, and now that this hasn’t come to pass, the problem must be with the enforcer not doing its job, rather than the structure of the law itself. That means… it’s likely only going to get worse, not better.
Hopefully, you will recall our discussion about one YouTuber, Totally Not Mark, suddenly getting flooded with 150 copyright claims on his YouTube channel all at once from Toei Animation. Mark’s channel is essentially a series of videos that discuss, critique, and review anime. Toei Animation produces anime, including the popular Dragon Ball series. While notable YouTuber PewDiePieweighed in with some heavy criticism over how YouTube protects its community in general from copyright claims, the real problem here was one of location. Matt is in Ireland, while Toei Animation is based out of Japan. Japan has terrible copyright laws when it comes to anything resembling fair use, whereas Ireland is governed by fair dealing laws. In other words, Matt’s use was just fine in Ireland, where he lives, but would not be permitted in Japan. Since YouTube is a global site, takedowns have traditionally been global.
But shortly after, as Fitzpatrick revealed in a new video providing an update on the legal saga, someone “high up at YouTube’’ who wished to remain anonymous, reached out to him via Discord. Fitzpatrick said the contact not only apologized for his situation not being addressed sooner, but divulged a prior conflict between YouTube and Toei regarding his videos fair use status.
“I’m not going to lie, hearing a human voice that felt both sincerely eager to help and understanding of this impossible situation felt like a weight lifted off my shoulders,” Fitzpatrick said.
Hey, Twitch folks, if you’re reading this, this is how it is done. But it isn’t the whole story. Before the videos were claimed and blocked, Toei had requested that YouTube manually take Matt’s videos offline. YouTube pushed back on Toei, asking for more information on its requested takedowns, specifically asking if the company had considered fair use/fair dealing laws in its request. Alongside that, YouTube also asked Toei to provide more information as to what and why Matt’s videos were infringing. Instead of complying, Toei utilized YouTube’s automated tools to simply claim and block those 150 videos.
The following week, a game of phone tag ensued between Toei, the Japanese YouTube team, the American YouTube team, Fitzpatrick’s YouTube contact, and himself to reach “some sort of understanding” regarding his copyright situation. Toei ended up providing a new list of 86 videos of the original 150 or so that the company deemed should not remain on YouTube, a move Fitzpatrick described as “baffling” and “inconsistent.” Toei, he concludes, has no idea of the meaning of fair use or the rules the company wants creators to abide by.
“Contained in this list was frankly the most arbitrary assortment of videos that I had ever seen,” he said. “It honestly appeared as if someone chose videos at random as if chucking darts at a dart board.”
While Matt regained control of his videos thanks to his work alongside the YouTube rep, he was still in danger of Toei filing a lawsuit in Japan that he would almost certainly lose, given that country’s laws. Fortunately, YouTube has a method for blocking videos based on copyright claims in certain countries for these types of disputes. The Kotaku post linked above suggests that this method is brand new for YouTube, but it isn’t. It’s been around for a while but, somewhat amazingly, it appears to have never been used specifically when it comes to copyright laws in specific countries.
YouTube’s new copyright rule allows owners like Toei to have videos removed from, say, Japan’s YouTube site, but said videos will remain up in other territories as long as they fall under the country’s fair use policies. To have videos removed from places with more allowances for fair use, companies would have to argue their cases following the copyright laws of those territories.
And so Matt’s review videos remain up everywhere except in Japan. That isn’t a perfect solution by any stretch, but it seems to be as happy a middle ground as we’re likely to find given the circumstances. Those circumstances chiefly being that Toei Animation for some reason wants to go to war with a somewhat popular YouTuber who, whatever else you might want to say about his content, is certainly driving interest publicly in Toei’s products, for good or bad. This is a YouTuber the company could have collaborated with in one form or another, but instead it is busy burning down bridges.
“Similarly to how video games have embraced the online sphere, I sincerely believe that a collaborative or symbiotic relationship between online creators and copyright owners is not only more than possible but would likely work extremely well for both sides if they are open to it,” Fitzpatrick said.
That Toei Animation is not open to it is the chief problem here.
Last year, the EU’s top court threw out the Privacy Shield framework for transferring personal data between the EU and US. The court decided that the NSA’s surveillance practices meant that the personal data of EU citizens was not protected to the degree required by the GDPR when it was sent to the US. This was the second time that such an agreement had been struck down: before, there was Safe Harbor, which failed for similar reasons. The absence of a simple procedure for sending EU personal data to the US is bad news for companies that need to do this on a regular basis. No wonder, then, that the US and EU are trying to come up with a new legal framework to allow it, as this CNBC story notes:
Officials from the EU and U.S. are “intensifying negotiations” on a new pact for transatlantic data transfers, trying to solve the messy issue of personal information that is transferred between the two regions.
Even if they manage to come up with one, there’s no guarantee that it won’t be shot down yet again by the courts, unless the underlying issues of NSA surveillance are addressed in some way — no easy task. Meanwhile, there’s been a fascinating development on the US side, reported here by The Irish Times:
The US Senate is to debate a proposal to limit foreign countries’ access to US citizens’ personal data and to introduce a licence requirement for foreign companies that trade in this information.
The draft “Protecting Americans’ Data From Foreign Surveillance Act”, presented on Thursday by Democratic Senator Ron Wyden of Oregon, is aimed primarily at curbing the sale and theft of data by “shady data brokers” to “hostile” foreign governments such as China.
The law may be aimed primarily at China, but its reach is wide, and it could hit an unlikely target. As the Irish Council for Civil Liberties (ICCL) explains, the new Bill (pdf) aims to stop the personal data of US citizens being transferred to locations with inadequate data protection — just as the EU’s GDPR does. But according to the ICCL, one country that may fall into this category of dodgy data handling is Ireland:
ICCL understands from those who wrote the draft Bill that Ireland’s failure to enforce the GDPR is of particular concern. The Bill intentionally uses language from the GDPR, and targets this enforcement failure. The draft Bill makes clear that merely enacting strong data protection law such as the GDPR is not enough. That law must be enforced.
Most digital giants have their European headquarters in Ireland. Under the GDPR, it is Ireland’s Data Protection Commission (DPC) that must investigate and ultimately fine these companies for their GDPR infringements anywhere in the EU. The DPC has opened many data privacy inquiries (pdf), but has so far failed to impose serious fines. Without strict enforcement by the Irish authorities, there is a growing feeling that the GDPR could be fatally undermined. Hence the risk that the US might not allow personal data to be transferred to Ireland, if the new “Protecting Americans’ Data From Foreign Surveillance Act” becomes law. Given the long-standing concerns over the protection of personal data flows from the EU to the US, that would be a rather ironic turn of events.
Tony Robbins is American. Buzzfeed is an American news organization. Last week, Buzzfeed published its sixth story in an investigative series about Robbins, that included a story of Robbins allegedly sexually assaulting a high schooler at a summer camp in California. Which, last I checked [looks around quickly], is also in America. So, you might wonder why it is that Robbins has sued Buzzfeed in Ireland. Robbin’s lawyer, Paul Tweed has tried to defend the decision to sue in Ireland, but I’m having trouble seeing how any of this is convincing:
“My client is entitled to have his name cleared. In my opinion the Irish courts are just as capable of making that determination as the English courts or the American courts,” said Mr Tweed.
He said Ireland would be the appropriate forum for both sets of proceedings as Twitter?s European headquarters is in Dublin.
“It is totally appropriate that we try to keep everything under one roof,” he said.
Wait, what? He’s suing Buzzfeed, not Twitter, though apparently he’s threatening to sue Twitter too. For what?
Mr Robbins is not only aggrieved with Buzzfeed?s coverage, but the manner in which it has spread on social media platforms.
Mr Tweed said his firm had put Twitter “on notice” of a potential lawsuit.
That’s not how any of this works.
Of course, the real reason to sue in Ireland is because either lawsuit would be laughed out of court in the US. The bar to prove defamation against a public figure like Robbins would make it nearly impossible for Robbins to win a defamation lawsuit here, unless he could somehow prove that Buzzfeed made up the reporting, which seems highly unlikely. And, of course, Section 230 of the CDA would protect Twitter. Even in Europe, it seems unlikely that Twitter could be held liable for how other people tweeted, just because Mr. Robbins is “aggrieved” about how this story spread.
Robbins himself put up a laughably bad defense of this legal strategy in a Medium post that actually starts with exactly why his lawsuit should be thrown out with Robbins being told to pay the defendants’ legal fees:
U.S. Supreme Court Justice Felix Frankfurter said, ?Without a free press, there can be no free society.?
Freedom of the press is central to the democratic experiment and our last, best line of defense against those in power who threaten the rule of law.
Yeah, that’s why we don’t let rich assholes sue the media every time they publish an unflattering story. But, I guess, with Ireland not having a 1st Amendment and all, you figure why not jump on a bit of libel tourism to show them who’s boss?
Robbins’ Medium post does highlight some of those quoted in earlier stories who later repudiated their quotes or said they felt pressured by Buzzfeed’s reporters. But that, alone, does not make the original reporting defamatory. And, the fact that Robbins is suing in Ireland, rather than the US certainly suggests that his lawyers here know that he’d lose big time if he tried it here (which also means that any attempt to try to collect money in the US should he somehow win these lawsuits under Irish law, would be easily blocked by the SPEECH Act, which bars attempts by libel tourists to go oversees to get a judgment and then enforce it against US parties).
We learned today that Tony Robbins has started legal proceedings against BuzzFeed in Ireland following a series of reports on allegations of inappropriate sexual advances, verbal abuse and, most recently, an alleged sexual assault of a teen. This reporting is based on hundreds of interviews, audio recordings, and documentary evidence, and we stand by it unequivocally.
Mr Robbin has chosen to sue us abroad rather than address the detailed account of the woman who said he attacked her; the two women who say they saw it happen; and the accounts of dozens of others. The fact that he doesn’t even seek to address these claims, choosing instead to abuse the Irish court system and attack BuzzFeed, speaks for itself.
To be fair, Robbins does pretend to try to address the latest claims of assault in his Medium post… but his “response” is basically “that was a long time ago” and nothing else:
Today, BuzzFeed published another article riddled with falsehoods, concerning an alleged incident from 1985, 34 years ago when I was 25 years old. (I turn 60 in just a few months).
He does not note a single “falsehood” in the story. Instead, the rest of his post is basically a smear campaign against Buzzfeed, filled with out of context statements and innuendo (exactly the kind of thing he claims Buzzfeed is doing to him). He complains about their journalistic technique of asking a source to confirm a story, saying that the source called Robbins instead because he “felt [the reporter] had an agenda.” That may be interesting, but is not defamatory. It also goes on a weird tangent about “current research on the topic of memories” to suggest that “memories can be influenced and distorted.” Look: when you don’t actually respond to accusations of sexually assaulting a teen, other than to say it was a long time ago, and then start babbling on about how memories can be distorted, that doesn’t make it sound like you’re denying anything. It makes it sound like you’re scrambling for excuses.
It seems that Tony Robbins is the latest in a long line of very wealthy men who get so upset about journalists reporting stories they’d prefer not to see who tries to SLAPP them in response. Robbins is adding the overseas element here, perhaps recognizing how badly such a lawsuit would fare in the US. But, as Buzzfeed itself notes, this kind of cowardly attack speaks for itself.
Last August, we wrote about the latest development in an important case moving through the EU’s legal system. At risk is the huge volume of data that flows from the EU to the US, currently authorized by the Privacy Shield scheme. The original complaint was brought by that indefatigable defender of privacy, Max Schrems. Given the importance of the outcome, the Irish High Court referred the case to the EU’s top court, the Court of Justice of the European Union (CJEU). It posed eleven quite searching questions that it asked the CJEU judges to rule on.
Schrems’s specific complaint concerns Facebook, which took the unusual step of appealing against the High Court’s decision. The received wisdom was that this was not an option, but the Irish Supreme Court disagreed, and said it would consider the appeal. Facebook alleged that the questions sent by the High Court to the CJEU contained factual errors that were serious enough to require the request to be thrown out. The Irish Supreme Court has now handed down its judgment (pdf) — against the appeal. Ireland’s Chief Justice explains why:
having analysed each of the remaining heads of appeal, I am satisfied that in each category it is more appropriate to characterise the criticisms which Facebook seeks to make of the judgment of the High Court as being directed towards the proper characterisation of underlying facts rather than towards those facts themselves. In those circumstances, I would not propose making any order overturning any aspect of the High Court judgment. If there had been an actual finding of fact as such, rather than a characterisation of facts, which I considered was not sustainable on the evidence before the High Court in accordance with Irish procedural law, I would have been happy to propose an order overturning that fact. However, it does not seem to me that any such matter has been established on this appeal.
Facebook likely again invested millions to stop this case from progressing. It is good to see that the Supreme Court has not followed Facebook’s arguments that were in total denial of all existing findings so far. We are now looking forward to the hearing at the Court of Justice in Luxembourg next month.
That hearing is something Facebook really wanted to stop. Afterwards, the CJEU will rule whether the Privacy Shield framework should suffer the same fate as its predecessor, Safe Harbor. If it is ruled invalid, it will be a big headache not just for Facebook, but for the many US companies that depend upon Privacy Shield to make the transfer of personal data about EU citizens legal under the region’s strict data protection laws.