Engine Executive Director Evan Engstrom responds to the European Parliament’s vote to adopt the Directive on Copyright in the Digital Single Market.
On Friday, the White House released an advance copy of its final International Entrepreneur Rule, which will allow qualifying foreign entrepreneurs to build their startups in the U.S. The final rule will be published in the Federal Register today and will become effective on July 17, 2017.
At Engine, we’ve seen firsthand some of the extraordinary contributions that immigrant entrepreneurs have made to the startup economy. One-third of U.S. venture-backed companies that went public between 2006 and 2012 had at least one immigrant founder. Moreover, immigrant entrepreneurs started, in whole or in part, some of the most important technology companies of our time, including Google, Intel, Yahoo!, eBay, and WhatsApp. In fact, the United States was home to almost 2.9 million foreign entrepreneurs who generated $65.5 billion in business income in 2014.
The startup community has been fighting for years for reforms that would allow the world’s brightest innovators to start and scale their companies here in the United States. Engine welcomes the Department of Homeland Security’s International Entrepreneur proposal, which will allow talented foreign-born entrepreneurs to build their companies in the U.S., in turn creating jobs and driving economic transformation. Today’s announcement is an important step towards making our immigration system work for the 21st century innovation economy.
In the months since the original Safe Harbor agreement was invalidated by the European Court of Justice, the startup community has been in legal limbo awaiting resolution. The approval of this revised trans-Atlantic data-transfer framework brings much needed certainty for American startups with European users.
You can also read this post on Medium.
Operating a digital business in the European Union (EU) has long been a challenge due to the often conflicting patchwork of member state regulations that impact online enterprises. Recognizing the drag this regulatory inconsistency has on the future of the EU digital economy, the European Commission (EC) has been hard at work crafting a Digital Single Market (DSM) strategy that would further integrate the U.S. and EU economies, remove regulatory barriers across European states, and promote digital trade within the EU.
The EC’s DSM efforts are critical to growing Europe’s Internet economy, which is why many American stakeholders have welcomed parts of the DSM and European regulators’ efforts to reduce burdens on startups. But, unfortunately, the EC recently asked for feedback on policies that would have the opposite effect and harm online enterprises. Virtually every segment of the Internet community expressed alarm when the EC released a public consultation late last year regarding potential new regulations for online platforms and intermediaries.
The EC’s consultation purported to gather information on how it should regulate so-called “online platforms,” (e.g. search engines like Google or Bing, social networks like Facebook or Twitter, collaborative economy platforms like AirBnB or TaskRabbit, etc.) and in doing so, it signaled to the Internet community that it may issue regulations that, while well-intentioned, are misguided and potentially destructive. The EC’s approach to platform regulation isn’t just a problem for online intermediaries; it poses a threat to the Internet ecosystem as a whole. Not surprisingly then, the consultation saw filings from an enormous range of stakeholders — from large technology trade associations, to public interest organizations, to individual startups — all of whom express similar concerns with the EC’s approach.
Problems with the “Platform Consultation”
There are three key problems with the EC’s platform consultation.
First, online platform regulation as defined in the consultation does not make conceptual sense. The consultation purports to concern “online platforms,” though the range of activities it sweeps into this one category reveals the central flaw in the EC’s regulatory approach. It is simply impossible to craft sensible rules that target “online platforms,” as the consultation defines that term so broadly as to encompass an almost limitless range of activities that share little in common beyond an Internet presence.
As the Center for Democracy and Technology — a leading Internet policy nonprofit — notes in its submission, the definition of “online platform” used in the consultation “is so broad that it captures just about any website and any online application in operation in Europe and globally.”
In purporting to regulate “business in sectors as varied as media, connected cars, financial exchange and commerce” under the same standard, the consultation seems to ignore that “the regulatory needs of those sectors are appropriately distinct from one another,” as the Computer and Communications Industry Association — a trade association representing leading technology and computing firms — explains in its submission.
The Internet Association — another trade association representing some of the most innovative technology companies in the world — points outthe folly in this indiscriminate approach to regulation, asking, “In the physical world, one would not regulate banks, hotels, etc. in the same way, so why regulate the 21st Century version of those services in a blanket way simply because they are ‘on the Internet’?”
The U.S. Chamber of Commerce — a business federation that represents the interests of American companies — notes in its submission that “the [online platform] definition offered misses the mark and we caution against attempting to regulate something that is inherently difficult to define. Platform is not a useful legal or regulatory category as many markets, businesses and services are ‘platforms,’ both online and off, and this essentially includes any function on the continuum between manufacturer/creator and end user.”
General purpose laws are sufficient
Second, even if it was possible to encapsulate all of these entities under a single, well-defined umbrella, the EC does not provide adequate justification for why this class of businesses and services should be subject to an entirely unique regulatory scheme in the first place. As the U.S. Chamber of Commerce notes, “Nowhere does the consultation explain why online ‘platforms’ should be treated in a distinct manner from other businesses.” Yet the consultation foreshadows a heavy-handed regulatory approach that would suppress innovation and significantly increase burdens for entities subject to the new framework.
Reducing, not increasing, burdens on intermediaries fosters speech and creativity
Finally, the consultation signals an intent to increase the liability of intermediaries for illegal third party content beyond existing general law. This is an ill-advised approach. As TechNet — a trade association representing U.S. technology CEOs and senior executives — notes in their filing, “Strong intermediary liability protections promote innovation, empower users and small businesses to use platforms to reach a global audience, and encourage free expression and the democratization of access to information.” The open Internet think tank Public Knowledge put it succinctly in its submission: “The existence of strong and clear limitations on liability for platforms has been critical to the flourishing of online platforms for user expression and speech.”
One needs only look to the intermediary liability regime in the U.S. to recognize how critical such limitations are in facilitating technology innovation. The explosive growth of the Internet sector in the U.S. — and of so-called “Web 2.0” companies in particular — is a direct result of strong laws limiting intermediary liability, such as the Digital Millennium Copyright Act and Section 230 of the Communications Decency Act. For its part, the EU has crafted a “balanced, effective and proportionate [liability regime in the EU’s E-Commerce Directive] and has promoted dynamic, competitive services in a technologically neutral way” (TechNet filing). But the implication in the recent consultation that the EC is considering rethinking this strategy to expand the liability of online platforms is incredibly dangerous for the Internet economy, as it would threaten to chill innovation and dramatically increase barriers to entry for smaller players.
The EC’s DSM effort has the potential to completely transform the transatlantic digital economy. But if implemented incorrectly, it could have a grave impact on the European innovation ecosystem and widen the gap between the U.S. and EU digital markets. The sheer number of stakeholders who responded to the EC’s consultation with concerns should raise a red flag for the Commission and convince it to reconsider its approach. Links to some of these responses are below, and over the coming weeks, a number of these stakeholders will use this platform to further outline their concerns. Check back for updates here.
Large industry organizations
Computer and Communications Industry Association: survey
U.S. Chamber of Commerce: memo
Internet Infrastructure Coalition: survey
Software & Information Industry Association: memo
Internet Commerce Coalition: survey
Key startup voices
Apps Alliance: survey
Copia Institute: survey
Public interest community
Center for Democracy & Technology: survey
Public Knowledge: survey
Public Policy Institute: survey
Electronic Frontier Foundation & European Digital Rights: survey
R Street: survey
George Mason University Global Antitrust Institute memo
Center for Data Innovation: memo
Technology Policy Institute: memo
Organization for Transformative Works: memo
The European Court of Justice’s rejection last October of the European Commission’s so-called “safe harbor” agreement with the U.S. forced many American startups to grapple with a difficult choice: spend considerable time and money trying to find a different mechanism to legally import EU consumer data or sit tight and hope regulators worked it out before member states started filing lawsuits. Neither option was particularly appealing, and thankfully, the EC’s announcement this morning that negotiators had reached a framework agreement on Safe Harbor 2.0 (rebranded as “Privacy Shield”) removes some of the uncertainty startups have faced over the past three months. But does this tentative framework provide the future-proof, legal certainty that is essential for startups operating in the EU?
For those of you who are just tuning in, here’s a quick refresher: the EU’s Data Protection Directive imposes certain obligations on how entities in different countries can handle data from EU consumers. To help streamline compliance, the EC and U.S. entered into an agreement that allowed U.S. companies to self-certify compliance with the Directive and thereby legally transfer data across the Atlantic. This system worked quite well in facilitating EU-U.S. data flows, until the ECJ issued a ruling in October that U.S. laws permitting the NSA to conduct mass surveillance of consumer data violated the Data Protection Directive, thereby voiding the safe harbor and opening up the door to potential legal action against companies that continued to import EU consumer data without a different legal justification.
Policymakers in the EC and the U.S. Department of Commerce promptly got to work on a new safe harbor agreement but faced considerable time pressure, as European Data Protection Agencies were set to commence enforcement proceedings against non-compliant companies if the parties could not reach an agreement by January 31. Crafting an important international agreement in such a relatively short time frame was a challenging endeavor, and as Sunday’s deadline approached, the possibility of a world without safe harbor began to set in.
For many U.S. companies that had previously relied on the safe harbor, failing to finalize a new agreement would be an inconvenience, but hardly insurmountable. Large multinationals had many alternative data transfer pathways at their disposal, like Binding Corporate Rules or Model Contractual Clauses. Others could simply set up servers overseas and process EU consumer data locally. But, these strategies were only feasible for those with enormous financial resources and a legal staff sufficient to navigate 28 different state data agencies and regulations—resources that small, cash-strapped startups just don’t have.
Consequently, startups faced a much more dire situation, and many simply had no idea how to proceed. Some mature, better-funded startups followed the lead of larger tech companies, working up model contract clauses, often at the behest of international partners that wouldn’t proceed without such agreements. Other hoped that updates to their privacy policies and consent processes would suffice, though this was something of a legal gamble and a potential disruption to business (how many consumers enjoy having to click through new popup consent forms?). Some companies, devoid of other sensible options, planned to continue business as usual, expecting that policymakers would eventually craft a solution and hoping they were too small to draw the ire of member state regulators if no agreement could be reached.
The EC’s Tuesday announcement of a “political agreement” was therefore met with cautious optimism and relief. The hard work that the EC and the U.S. Department of Commerce put in over the past few months paid off, pulling out an agreement at the eleventh hour and returning stability and some certainty to the international data flows that make the Internet work. Going forward, consumers and companies on both sides of the Atlantic should hope that this newly formulated “Privacy Shield” will provide a simple, well-defined framework for data exchange, so long as it remains in force. But this difficult experience should serve as a reminder of how the heavy burden of regulatory uncertainty often falls hardest on the smallest players. Startups that made user security and privacy a central part of their companies were nevertheless caught in an international dispute between national governments and multinational companies with few feasible options to stay square with laws that quickly became unclear. In the end, the drama surrounding Safe Harbor 2.0 is both a win for prompt, sensible policymaking and a lesson of how policy disputes can impact the startup sector in unexpected ways.