@techreport{88211534026541ac90344c802619b124,
title = "How Policy Is Failing to Secure Privacy on Platforms",
abstract = "There is an important policy effort underway in the United States to evaluate consumer privacy legislation for the digital age. The European Union{\textquoteright}s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) are suggested by many as the “gold standard” or “floor” for privacy regulation. Those frameworks would be warranted if in fact the they delivered the expected outcomes. However, as has been shown in the 18 months since the promulgation of the GDPR, the revenues and market shares of the largest internet companies have increased; many small firms have lost market share or have exited the market; and consumer trust online has reached its lowest point in the European Union since 2006. Moreover, the adoption of the GDPR is associated with a number of unintended and negative security consequences including the blocking of public information in the WHOIS internet protocol database, identity theft through the hacking of the Right to Access provision (Article 15) and other provisions, and the proliferation of network equipment with security and privacy vulnerabilities. 1 As this paper describes, the key problem is that policymakers have characterized every online entity as the equivalent of a global platform and imposed regulations meant for the largest players on everyone. Complying with the expensive and onerous rules has thus, unwittingly, become an advantage for the largest companies and has strengthened their market position to the detriment of small and medium sized firms which were promised a ”level playing field” as a result of the rules. It is estimated that less than half of all applicable firms comply with the GDPR and many believe they will never be able to comply. Given the size and scale of the platforms, there is a tendency to overdo privacy and data protection regulation when the issues implicated are more correctly addressed with antitrust.2 A review of the regulatory history, assumptions, and theory is helpful to inform the policy development.",
keywords = "Policy, Platforms, Privacy",
author = "Layton, {Roslyn Mae} and Henten, {Anders Hansen}",
note = "CMI Working Papers provide a means of early dissemination of completed research, summaries of the current state of knowledge in an area, or analyses of timely issues of public policy. They provide a basis for discussion and debate after research is completed, but generally before it is published in the professional literature. CMI Papers are authored by CMI researchers, visitors and participants in CMI conferences, workshops and seminars, as well as colleagues working with CMI in its international network. Papers are refereed before publication. For additional information, contact the editors. Editor: Anders Henten, co-editor: Jannick S{\o}rensen.",
year = "2019",
month = dec,
language = "English",
series = "CMI Working Paper",
number = "18",
publisher = "Center for Communication, Media and Information technologies (CMI), Electronic Systems, Aalborg University Copenhagen",
type = "WorkingPaper",
institution = "Center for Communication, Media and Information technologies (CMI), Electronic Systems, Aalborg University Copenhagen",
}