Earlier this month, US President Joe Biden appealed in the Wall Street Journal for Democrats and Republicans in the new Congress to unite and pass a series of ambitious measures to regulate big tech. That agenda includes comprehensive privacy legislation, limits on online platforms’ immunity from being held responsible for the content they host, and rules reducing the alleged competitive advantages enjoyed by the biggest platforms. If passed by the new Congress, these items would benefit not just Americans, but also the broader transatlantic relationship.
The European Union (EU), which has enacted legislation in all three areas in recent years, can only be nodding in satisfaction. The Biden manifesto closely resembles the positions taken by European Commissioners Margrethe Vestager, who handles competition and platform regulation, and Didier Reynders, who’s responsible for justice and privacy. But will the newfound rhetorical alignment between the White House and the Berlaymont actually translate into lasting transatlantic technology policy coherence?
That depends, first, on the US Congress. The last Congress drafted bills on all the topics Biden outlined in his op-ed but, in the end, brought none to a decisive vote. The House of Representatives Energy and Commerce Committee made striking progress on the American Data Privacy and Protection Act (ADPPA) after years of stalemate. For the first time, it reached bipartisan compromise on difficult issues such as preempting state law and empowering individuals to sue. However, outgoing Speaker of the House Nancy Pelosi blocked floor consideration of the ADPPA, and, in any case, Senator Maria Cantwell (D-WA), who chairs the commerce committee, considers parts of it too weak.
Two bills on tech competition—Senator Amy Klobuchar’s (D-MN) American Innovation and Choice Online Act and Senator Richard Blumenthal’s (D-CT) Open App Markets Act—also made progress in the last Congress but failed to get over the finish line. They would prohibit tech companies from forms of conduct such as preferencing their own products and services over those of rivals. Versions of Klobuchar’s bill cleared both the House and Senate judiciary committees with bipartisan support but never came to floor votes.
While the competition and privacy bills have seen cross-aisle cooperation, partisanship has complicated congressional efforts to address extreme and polarizing content hosted by internet platforms. Platforms currently enjoy immunity from liability for content they intermediate, thanks to the part of the Communications Decency Act—a law long considered a pillar of the internet—known as Section 230. In recent years, however, there have been several legislative proposals to remove its protections for cases in which hosted content could lead to criminal conduct. Many Republicans insist on linking these potential cutbacks to Section 230 immunity to their allegations that conservative political speech is being repressed by platforms. This dynamic seems likely to continue in the new Congress or, at least, in the House.
The EU, by contrast, has accomplished much more. The General Data Protection Regulation (GDPR), which took effect in 2018, sets out individual protections that partly inspired those in the proposed ADPPA. Although GDPR enforcement remains a work in progress, there is no denying the dominant role it has come to play in how companies handle personal information in Europe.
Last year the EU achieved the feat of completing major legislation on both platform competition and content in the Digital Markets Act (DMA) and the Digital Services Act (DSA), respectively. The European Commission is in the early stages of implementing both laws, beginning by identifying the companies meeting the scale criteria and thereby becoming subject to an array of legal obligations. The DSA left undisturbed the EU-law equivalent to the United States’ Section 230, opting instead for a series of content-transparency measures.
The disparity between Washington gridlock and Brussels action on tech legislation has become glaring. One former US regulator has pointed out that US technology companies are quietly complying with the new EU measures, asking rhetorically: “You can do this to help Europeans, why not help Americans?”
In fact, Brussels could use some competition when it comes to tech regulation. More than six years after their adoption, some of the GDPR’s policy judgments already appear outdated. For example, its strict limits on reusing data and its precautionary approach toward risk could constrain the development of artificial-intelligence (AI) technologies, which depend on access to broad data pools, observers have pointed out. A comprehensive US privacy law conceivably could better accommodate the fast-evolving applications of AI.
Even if Congress passes comprehensive privacy legislation, the United States is unlikely to become a global leader in the field. Many countries already have adopted such laws, and the GDPR invariably has been a major influence—even in authoritarian countries such as China and Russia. Notably, an increasing number of foreign countries follow the EU’s approach of conditioning international data transfers on the adequacy of a foreign jurisdiction’s data-protection laws.
In December, the European Commission proposed an adequacy finding for data transfers from Europe to the United States under the commitments set in the EU-US Data Privacy Framework (DPF). If the United States were to pass a comprehensive privacy law, it would solidify Europe’s case for US adequacy. Even more importantly, when the expected challenge to the DPF is lodged before the Court of Justice of the European Union, the United States would be better placed to argue that the framework’s protections meet European fundamental-rights standards.
Adopting legislation in Washington on platform content and competition also would set the stage for deeper transatlantic technology policy coordination. If Brussels avoids applying DMA and DSA restrictions only to US companies, the US government’s past suspicions about any discrimination by the Commission toward US platforms could be overcome. The two governments then could undertake detailed work under the auspices of the EU-US Trade and Technology Council to better align their approaches on platform transparency, for example.
All of this depends on whether the Biden administration and Congress can muster the necessary bipartisanship to enact even a portion of the technology policy agenda. Legislation that better protects children’s privacy remains one area of possible compromise. By waiting to make a forceful push until a Republican-controlled House of Representatives has taken office, the White House has generated skepticism about its commitment. If areas of consensus can be found, though, the benefits would be transatlantic as well as domestic.
Kenneth Propp is a nonresident senior fellow at the Atlantic Council Europe Center, teaches EU law at Georgetown University Law Center, and is a former legal counselor to the US Mission to the EU in Brussels.
Fri, Dec 2, 2022
New Atlanticist By Kenneth Propp
The TTC’s exclusion of the issues of greatest import in transatlantic economic affairs does not inspire confidence that it will prove to be a lasting institution.
Wed, Nov 2, 2022
What does the European Union's push for "digital sovereignty" mean in practice? Frances Burwell and Ken Propp provide an update to digital sovereignty and its transatlantic impacts.
Fri, Oct 7, 2022
Experts react By
Biden's executive order is the next step toward establishing a new EU-US Data Privacy Framework; but will the new agreement be viable? Our experts break down the details.