A 21st Century Tea Party Against A Modern European Overreach

A 21st Century Tea Party Against A Modern European Overreach

The Boston Tea Party was an exhibition of resolve against unjust and unfair taxes imposed from the other side of the Atlantic, where European rulers were plundering American success. Fast-forward 240 years; American businesses once again are enduring unfair taxation and treatment from across the pond, now under the guise of "protecting privacy."

Google is one of the first victims of Europe's recent taxation overreach. A few weeks ago, EU officials fined the company $57 million for alleged privacy violations — ensnaring them in a Catch-22 violation to provide cover to plunder the business' finances.

This Catch-22 is enshrined in the new European privacy law — the General Data Privacy Regulation (GDPR). Under GDPR, businesses are required to communicate their privacy policies in a simple and easy-to-understand way. But they also are required to provide comprehensive and detailed information about all their data collection and use practices

As any lawyer will tell you, when it comes to terms of service contracts, simplicity and comprehensiveness are often mutually exclusive.

To comply with GDPR, Google simplified their privacy policies while retaining information. They separated out the privacy policies of their different services. When using an Android device, Android privacy policy is presented. When using Gmail, the Gmail privacy policy is presented. This sectoral approach made for simpler and intuitive useful privacy policies.

Yet, EU officials saw it differently, and demanded that all Google services’ privacy policies be in one giant and all-encompassing privacy policy. Of course, if Google did this, then EU officials likely would protest that the omnibus privacy policy is too long and complex — also violating GDPR. To be clear, in neither situation are privacy concerns of the consumer advanced.

GDPR and its enforcement would rightly be unconstitutional if enacted in the U.S. Here, conflicting laws are struck down in court. Such draconian notions of fairness, however, do not bind the EU.

There is undeniable, inherent unfairness in the GDPR-style of enforcement. In essence, GDPR makes the EU judge, jury, and executioner with much to gain for granting huge fines on foreign companies — particularly American technology companies that EU officials are eager to tarnish. This paradox leaves open the opportunity for abuse, an opportunity that has now been seized.

Couched as "privacy protection," this latest fine against Google is taxation and anti-foreign business sentiment. And this is certainly not going to be the last time that an American business finds itself the subject of a fine based on an unwinnable GDPR situation.

Regardless of the GDPR, big technology companies, like Google, have taken action and invested billions to protect the data of their consumers and users in an overtly transparent fashion. Yet, the GDPR has been positioned by EU officials as untouchable as it spreads havoc on American Fortune 500 companies that scrambled to comply at a tune of nearly $8 billion dollars. With the need to hire attorneys, consultants and engineers to comply with GDPR, many companies were forced to forgo investments and slow hiring decisions. And in many cases, companies opted to stop doing business in Europe altogether, or simply dumped the data they were holding. The opportunity cost was evident — and U.S. lawmakers would do well to consider this impact.

GDPR is a threat to businesses and consumers across the globe. The immensely strict rules and excessive fines threaten a competitive tech industry and undermine consumer choice. While Google may be able to swallow $57 million fines from the EU, albeit painfully, small businesses would easily be bankrupted by GDPR's punitive measures.

The strict privacy regime also ignores key legislative principles — that laws should be clear, fair, and have well-defined benefits to citizens. These three pillars of the rule of law are of even greater importance when a law is as far reaching as the EU's privacy regulations. GDPR miserably fails all three.

Despite the widespread scramble for U.S.-based companies trying to comply with GDPR when it took effect in 2018, the full impact of Europe's unrelenting privacy regulation is yet to be felt. Congress must step in and protect American businesses from European overreach.

Without their involvement, Americans will soon find themselves subjected to rules created by a European body over which they have no democratic power. America's founding fathers fought against government overreach.

Recent actions by the EU warrant the need for American legislators to pushback against this modern form of "taxation without representation" and plundering of American successes, or the EU’s fine against Google likely will be the first of many assaults on American businesses.

Carl Szabo is the Vice President and General Counsel at NetChoice, an association of eCommerce businesses who share the goal of promoting convenience, choice, and commerce on the net. Szabo is frequently called on as a subject matter expert on topics of privacy, Internet, e-commerce, and government regulation and contractual matters, and is an adjunct professor of privacy law at the George Mason Antonin Scalia Law School.

Show comments Hide Comments

Related Articles