At the end of May, European regulators will implement sweeping privacy rules known as the General Data Protection Regulation, or GDPR. The GDPR is intended to harmonize data protection regulations throughout the European Union and to give E.U. citizens and residents control over their personal data. While most companies fret about compliance with these new online privacy rules, we really should worry about what the rules mean for the future of the Internet, and, ultimately, how they could cripple democracy’s watchdog: journalism.
The GDPR creates more stringent rules for buying and selling European citizens’ personal information, and it’s the evolution of the E.U.’s Data Protection Directive law which, starting in 1995, was intended to safeguard the personal data of people as they started using the internet. The GDPR, despite its noble privacy intentions, will ultimately influence how information flows — or doesn’t flow — across the internet.
The GDPR stands as one of many recent attempts by democratic governments to restrict Internet access and ban certain content, effectively splintering the world wide web into dozens of digital fiefdoms where local rules apply. The intention is laudable: protecting privacy and allowing people a say in how their personal data is used. However, in practice, this changes the rules of the internet—not just the legal ones, but the code itself—and creates tiered access. Some people, like Americans, will see everything, even if what they can post to GDPR nations is restricted. Meanwhile, people in the E.U. will find themselves grappling with notification screens and consent forms everywhere they click, which will make their digital experiences more frustrating and cumbersome. E.U. member states are implementing local GDPR laws differently, posing a daunting challenge for news organizations hoping to do business worldwide.
News publishers aren’t the primary target of the GDPR, but in the digital realm, attention is currency, and newsrooms rely on data for revenue. Both platforms and news organizations use personal data to, among other things, monitor the articles you read, match your search preferences to articles, retarget you with advertisements as you hop from site to site, track your newsletter opens and clicks on links, analyze social media to predict which news stories are likely to be of interest next. Your data isn’t used nefariously by quality news organizations (like the one you’re reading now)—it’s part of a 21st century publishing process.
Under the new regulations, news organizations must now get consent before collecting any data about their consumers, which likely means lots of new pop-up screens forcing users to tick a box. The revenue model for digital news is complex—and it is largely outside the direct control of publishers. Traffic is sent by search engines, which are known to change the parameters for what gets seen and by whom; ad networks tend to set their own pricing; and platforms prioritize content without fully explaining how or why they’re making decisions. The business model for news, already tenuous, could be further weakened. The penalties for violating the GDPR are high: fines of up to €20 million, or four percent of a company’s annual global revenue, whichever is greater.
The GDPR includes the “Right to Be Forgotten,” which allows individuals to request that search engines and other platforms remove specific information about them. Effectively, this would allow an E.U. citizen to request that Google remove stories and websites from search, and it could have a profound effect on the dissemination of newsworthy information. While there are some exemptions in place to protect news outlets, journalists and researchers, it’s possible that investigative projects like this year’s Pulitzer Prize-winning #MeToo series, which relied on a tremendous amount of personal data, may not be seen, at least not easily, in some democratic countries that uphold the tenets of free speech. The subjects of those stories might object to the reporting and demand that their names and likenesses be removed.
To date, Google says it has received requests to remove 2.43 million URLs since the initial right to be forgotten laws went into effect. In 2014, the E.U.’s Court of Justice ordered Google and other search engines to delist results if the information is “inadequate, irrelevant or excessive”––but these are subjective assessments.
It’s plausible within a decade, we could find ourselves stuck in a new digital divide, where many disparate splinternets behave and function differently, depending on where in the world the net is being accessed. Citizens in GDPR countries could find their version of the internet having to exclude public interest journalism––the sort that demands accountability, exposes corruption and often leads to change––a vital backbone for healthy democracies.
And here’s the kicker: The GDPR was intended to harmonize E.U. privacy rules, but it could cause the reverse. The more disparate and complex the global internet rules become, the harder they will be to enforce. Misinformation could become easier to spread than to curtail. In the near-future, it’s possible that the strictest rules, perhaps even from an authoritarian country, could become the new standard.
Ideas about how our global information superhighway ought to be regulated, and by whom, are diverging rapidly. Even in the United States, the Internet’s birthplace, ideas about news and freedom of the press are shifting. Traditional news is under siege, as newspapers and magazines shutter and shrink, and local broadcast news viewership continues to decline.
The internet today is far from its idealized potential as a global space for the free exchange of ideas. As with every well-meaning technology, it’s been repurposed for malicious goals, like when Russia infiltrated social media platforms during the 2016 election and filled our feeds with well-disguised propaganda parading as what appeared to be real news.
The internet in 2018 isn’t perfect. Sweeping regulations like the GDPR don’t necessarily solve our current problems without creating many new challenges. Without coordinated efforts on the parts of tech companies and governments, splinternets will increasingly proliferate during the next decade, leading to less informed citizens and civil unrest. As the free-exchange of information erodes, so does one of its principal accomplishments: democracy.