On EU Regulation & Unanticipated Outcomes

Ben Thompson's recent Stratechery article on Apple and the EU's Digital Markets Act (DMA), and the sub-optimal web experience these regulations have caused for EU citizens, got me thinking about the broader implications of privacy laws in Europe. Especially considering how major businesses are threatening (and sometimes implementing) slower or restricted rollouts of products in the EU (see @threads and looming Apple Intelligence delays).

With the EU’s AI Act starting to roll out, and to Ben’s point about the forking of code bases to create distinct products and experiences in differently regulated markets, I wonder if we are cutting off our proverbial nose to spite our face.

GDPR, in its most common implementations, is a joke (and IMHO, especially onerous in Ireland). The EU Commission's opinion on the 'Pay or OK' model being problematic for consumers is emblematic of the EU’s “helicopter parenting” of its citizens potentially leading to poorer outcomes for said citizens. Once again, the Stratechery article offers an excellent & far more articulate perspective on this.

All this said, I was wondering why there is a bias toward over-regulation of tech in the EU, even at the cost of innovation and market growth (see tech companies fleeing the FTSE for NYSE and NASDAQ). NB: Am aware the FTSE is UK not EU but I think you get my point.

An insight into this came from an unexpected source this week. I was listening to PJ Vogt's excellent 'Search Engine' podcast episode on the adventure of two of his friends, and in turn PJ’s attempts to get into the famous exclusive club Berghain. The topic of stringent German privacy laws and, by extension, EU regulations being deeply rooted in historical experiences came up. In a nutshell he posits that the fall of the Berlin Wall and the legacy of the Stasi's pervasive surveillance have led to a cultural and legal framework in Germany that prioritises privacy. I am building on that to suggest that since Germany is generally considered to be the most influential nationstate on EU policy that German privacy bias influences EU regulations like the GDPR and DMA.

Anyway, this "GDR hangover" leads to a German bias toward citizen privacy, which influences EU privacy regulation, leading to over-regulation of technology. Consequently, EU consumers are late to, and more importantly, entrepreneurs have a more burdensome environment and access to innovative tech.

The seemingly inexorable solution to future privacy concerns is DID (decentralised identity) or tokenised digital identity (sovereignty of personal data that allows the owner—you—to use your personal data as, when, where, and with the level of anonymity you desire). While the EU is working on initiatives in this area, such as the European Blockchain Services Infrastructure (EBSI) and the European Digital Identity Wallet (EUDIW), I worry that regulators are focusing on each ingredient separately rather than considering the whole picture.

With GDPR, the DMA, the AI Act, and so on, all potentially leading to a more burdensome marketplace for innovators and users alike, as well as increasing geopolitical activity and a changed world of work and creativity, one wonders if a potential outcome will be a rise in sovereign citizenship. Let’s face it, the world changes pretty fast; movements rise and empires fall. While I believe that we, as global citizens, ought to put in more than we take out (as much as possible), the ways we interact with the world, our nation-states, currencies, employers, tax systems, and financial systems are unlikely to remain the same. Don’t get me wrong; I am pro-regulation and big on governance, but like parenting, applying the rules of one generation to the next rarely creates anything but stubbornness and rebellion.