Testimony of Ryan Radia: The Need for U.S. Leadership on Digital Trade

View Full Document as PDF

Testimony of Ryan Radia
Research Fellow & Regulatory Counsel
Competitive Enterprise Institute

Before the Joint Economic of the United States Congress

Hearing: The Need for U.S. Leadership on Digital Trade

Chairman Paulsen, Ranking Member Heinrich, and Members of the Committee, thank you for giving me the opportunity to testify before you today. My name is Ryan Radia. I am research fellow and regulatory counsel at the Competitive Enterprise Institute (CEI),[1] where I focus on adapting law and public policy to the unique challenges of the information age. CEI is a nonprofit, nonpartisan public interest organization dedicated to the principles of limited constitutional government and free enterprise. CEI has supported trade liberalization through analysis and advocacy for over 25 years.[2]

At this critical juncture for international trade and Internet commerce, the United States must maintain its historic role as the global leader in efforts to promote free trade and open markets. This leadership is especially important in the information economy. In the U.S. technology sector, half a million businesses collectively employ over 11 million Americans and generate $1.6 trillion in annual economic output.[3] This sector’s global reach is extensive: U.S. tech firms export over $300 billion annually in products and services, supporting over 800,000 American jobs.[4] Therefore, it should, come as no surprise that public policies inhibiting the unfettered flow of digital services between the United States and the rest of the world threaten consumers, workers, and innovation.

Tariffs and non-tariff barriers to trade can and do undermine free trade in the digital marketplace. In my testimony, I wish to focus on another set of policies that threaten digital trade: governmental regulations regarding privacy, copyright, and antitrust. Of particular importance in the regulatory arena is the European Union (EU), whose member states collectively represent America’s single largest trading partner in goods and services.[5] EU residents play an especially influential role in the information economy, with roughly 430 million Internet users residing in EU member states.[6] As such, Facebook has more European users than American users,[7] while Google’s popularity as a search engine among Europeans exceeds that among Americans.[8]

Although most major U.S. technology companies consider EU residents to be a core aspect of their user bases, the European Union’s approach to regulating the information economy differs from the approach of U.S. policymakers, in some cases dramatically. A complete overview of EU regulation of the technology sector is beyond the scope of my testimony, but I wish to focus on three areas of EU regulation that pose a particularly large threat to the free flow of digital goods and services between the United States and the European Union: (1) privacy; (2) copyright; and (3) antitrust.

EU Privacy Regulation and U.S. Internet Companies

On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) entered into force, marking perhaps the most significant policy change in EU history regarding how data collection is regulated.[9] The GDPR applies to any company that processes or controls data on EU “data subjects,” no matter where the company is domiciled or has a physical presence.[10] The GDPR purports to affirm “digital rights” for EU persons by requiring companies to, among other things, provide users all their data in a machine-readable format and delete a user’s data at his or her request.[11] While the GDPR does not distinguish between online and offline data collection, high-tech and financial services companies will bear the brunt of complying with the regulation.[12]

The GDPR entered into force less than one month ago, but the regulation has already resulted in several notable changes for Internet users in the EU and around the world. The recent onslaught of privacy policy updates and mass emails from Internet companies is perhaps the most widespread result of the GDPR’s implementation.[13]

Yet, the regulation’s less noticeable implications for Internet users may well prove to be far more significant in the long run. In particular, the GDPR has changed how many companies, including U.S. companies, interact with EU users—and, in some cases, all of their users. Failing to comply with the GDPR may entail a fine of up to €20 million ($23.16 million) or 4 percent of a firm’s global revenue, whichever is greater.[14] This risk, along with the uncertainty surrounding many of the regulation’s provisions, has led many U.S. firms to simply stop allowing EU subjects to access their platforms and services.

For instance, the major American media company Tronc (formerly Tribune Publishing), which owns major news outlets including the Chicago Tribune, Los Angeles Times, New York Daily News, and Baltimore Sun, began blocking access to European users almost immediately after the GDPR entered into force.[15] A&E Networks, which owns several television channels, followed suit.[16] Even several firms outside the United States—such as Ragnarok Online, a South Korean massively multiplayer online role-playing game—have also responded to the GDPR by blocking European users.[17]

Some firms responded to the GDPR’s implementation by shuttering their doors entirely. For instance, Klout, an Internet analytics firm that enabled thinkfluencers to gauge the effectiveness of their social media presence (“nextification”), ceased operations on May 25, 2018, the day the GDPR became effective.[18] And the GDPR has resulted in several independent American video game developers temporarily or permanently shutting down their Internet gaming platforms in EU member states.[19]

As EU member states implement local GDPR laws and begin to bring enforcement actions, the GDPR may ultimately result in U.S. firms erecting digital walls to deny access to EU residents on an unprecedented scale.[20] This disruption in digital trade risks not only denying EU residents the benefits of accessing American platforms and content, but also depriving U.S. firms of revenues generated from serving European users. This may in turn hurt U.S. consumers: many tech firms can deliver their services at a trivial marginal cost, but a declining user base means there will be fewer customers from which tech firms are able to recoup their high fixed costs.[21] Consumer choice will suffer as a result, especially if firms find that it no longer makes economic sense to offer advertiser-supported content and services.

Many U.S. firms will continue serving EU subjects in spite of the GDPR’s implementation, to be sure. Because the GDPR requires firms to obtain express consent from EU users before using their data for the purpose of delivering individualized advertising, however, the millions of Europeans who have grown accustomed to accessing U.S. platforms and services at no monetary cost may soon end up paying out of pocket for products they traditionally considered to be “free.” For instance, The Washington Post recently began offering a “Premium EU Subscription” to users who decline to consent to the company sharing their information with third parties.[22] This subscription costs 50 percent more than the Post’s traditional online subscription, which includes personalized ads.[23] Some EU residents might prefer to pay for ad-free subscriptions in any event, but to the extent that such business models make sense, several companies offer them already.

For U.S. firms that elect to comply with the GDPR’s mandates, the ensuing costs could be significant. According to estimates from EY (formerly Ernst & Young) and the International Association of Privacy Professionals, the average Fortune 500 company has spent $16 million to comply with the GDPR over the past two years.[24] Brian Donohue, head of Pinterest’s Instapaper unit, wrote in April 2018 that he “underestimated the scope of work and it was not possible to complete by the deadline, this was the required alternative.”[25]

Compliance costs may grow larger still as EU member states enact GDPR legislation in the coming years, especially if ambiguities in the regulation are clarified to extend its scope to U.S. firms that control or process EU user data to a limited extent. For instance, GDPR Article 27 provides that firms are not required to hire a data protection officer if their processing of data on EU subjects is “occasional” and “does not include, on a large scale, processing of special categories of data.”[26] Because defining the terms “occasional” and “large scale” is up to EU member states, even small U.S. firms that handle a relatively limited volume of data on EU residents may end up subject to the full brunt of the GDPR’s mandates. Time will tell.

The GDPR also has implications for competition and entry into the global information economy, in which U.S. firms have been the most successful globally to date. As many commentators have noted, under the GDPR, companies that operate platforms with high worldwide adoption will likely benefit from the regulation. Major technology businesses such as Facebook and Google already employ and retain extensive teams of lawyers, privacy professionals, and engineers. Their would-be rivals, in contrast, face substantial capital constraints regarding compliance costs.

Whereas Facebook and Google were able to upset once-powerful incumbents such as Myspace and Yahoo! on a relatively modest budget, tomorrow’s innovators with brilliant new ideas may struggle to unseat today’s incumbents due to regulations such as the GDPR that did not exist 15 or 20 years ago.[27] According to a recent report in The Wall Street Journal, addressing the GDPR’s imminent implementation, “[s]ome advertisers are planning to shift money away from smaller providers and toward Google and Facebook.”[28] And as The New York Times recently reported, major developing countries such as Brazil and Argentina are considering privacy regulations based on the European approach.[29]

Regardless of one’s views on how governments should regulate how consumer data is used, shared, and protected, the GDPR will undoubtedly have a significant effect on the flow of digital trade between the United States and the European Union. As the U.S. Senate and House of Representatives consider enacting domestic privacy legislation,[30] U.S. lawmakers should carefully examine the repercussions of the GDPR, including its effects on small businesses, market entry, and business models that depend on personalized advertising.

Instead of mimicking the EU’s privacy regime or seeking to impose even more stringent rules on tech companies, it is imperative that American policymakers consider the tradeoffs that restricting data collection would entail for consumers. Reshaping the information economy through privacy regulation may come at a steep price. Just as U.S. leadership has helped steer the world toward freer trade and open markets, the United States should lead by example on privacy, and resist calls to adopt an overly precautionary approach that might endanger the freedoms that have enabled U.S. firms to connect the world through platforms that can help improve the lives of billions of people.[31]

EU Digital Single Market and U.S. Creative Works

EU residents, like consumers worldwide, regularly watch movies, television shows, and streaming video content. The U.S. continues to lead the world in its creative industries, including not only Hollywood’s venerable film studios,[32] but also America’s television and streaming video companies.[33] These companies distribute their content through a diverse array of business models, reflecting consumers’ growing preference for watching video programming over streaming Internet platforms.

The EU has long pursued regulations governing how content owners make their programming available in various ways to EU residents of different member states.[34] Existing EU regulations require content providers to allow EU consumers who have purchased content in their home country to allow those consumers to access that content while traveling elsewhere within the EU on the same terms as if they were still in their home country.[35]

But ongoing EU efforts to promote a “digital single market,” though admirable on many levels, threaten to foreclose content owners’ ability to engage in pricing diversity, tailor content packages on a country-by-country basis, and effectively enforce intellectual property laws. Although parity across EU member states with respect to taxation and regulation is generally a laudable objective, mandating that all copyright owners that distribute audiovisual works—including U.S. companies from movie studios to Internet video platforms—treat all EU subjects in an identical manner may well cause some EU residents to pay more for online content than they would otherwise. Such a requirement might also undermine the incentive of U.S. firms to invest in creating original programming, especially content aimed at suiting the tastes of European audiences.

Moreover, given the wide variance among EU member states in terms of purchasing power, as well as in preferences, language, and culture, many content owners and distributors currently tailor their streaming video offerings based on the unique characteristics of audiences in each EU member state.[36] Despite the long-term trend of economic convergence within the European Union, among the EU’s 28 member states, GDP per capita in 2017 (adjusted for purchasing power parity) ranged from $21,686 in Bulgaria to $106,373 in Luxembourg, with an EU average of $40,890.[37]

If the European Union’s goal of achieving a digital single market ends up prohibiting content owners from offering customized packages of streaming video programming to residents of the EU’s diverse member states, many of these consumers will likely suffer.

In addition, given the high fixed costs and trivial marginal costs of distributing video content over the Internet, American consumers who enjoy films and shows that Europeans also consume will suffer indirectly, as U.S. content companies will invest less in producing creative works due to the lower potential total revenue.

The United States should lead the way in affirming the freedom of creators and distributors to experiment with creative arrangements for streaming video over the Internet without prescriptive licensing terms dictated by centralized regulatory bodies.

EU Antitrust Law

The European Union, like the United States, enforces a set of laws designed to prevent companies from engaging in anticompetitive conduct that harms consumers.[38] But the EU’s recent history of antitrust enforcement suggests a bias against leading American technology companies.

On several recent occasions, the European Commission, which enforces EU antitrust law, has taken extremely punitive actions against U.S. technology firms based on questionable theories of competitive harm. For instance, in 2009, the European Commission levied a $1.26 billion fine against Intel, the leading U.S. semiconductor chip maker, for allegedly disadvantaging its rival AMD.[39] In 2013, the European Commission levied a $732 million fine against Microsoft for allegedly failing to abide by a four-year-old settlement regarding the promotion of browsers other than Microsoft’s Internet Explorer to users of the company’s Windows operating system.[40] And in 2017, the European Commission levied a $2.7 billion fine against Google for allegedly disadvantaging rivals in its shopping comparison service’s search results.[41]

Although EU regulators maintain that these antitrust enforcement actions arose not out of bias against U.S. firms but because of meritorious complaints of anticompetitive conduct, there is ample cause to be skeptical of this claim. This month, the Initiative on Global Markets at the University of Chicago Booth School of Business polled a panel of leading academic economists with a diverse set of ideological perspectives on the question of whether the EU “often uses its antitrust powers to protect EU-based firms from international competition, rather than to promote greater competition in European markets.”[42] Although a plurality of the economists surveyed were uncertain about the question, when weighted for confidence, 32 percent of the economists agreed or strongly agreed with the statement—compared to 25 percent who disagreed or strongly disagreed with it.[43]   

Several economists have criticized the EU’s approach to dominant technology firms, which tends to target companies that succeed in gaining and maintaining a considerable share of a particular market through innovation and progress. Some commentators have attributed this tendency to the EU’s historical desire to combat concentrated economic power regardless of its form—without regard to whether a firm that allegedly gains “too much” concentration faces a meaningful threat of disruptive entry from newcomers or fails to serve its consumers more effectively than its rivals.[44]

Perhaps not coincidentally, high-tech innovation in the European Union lags behind the comparatively dynamic information technology sectors in the United States, Asia, and many parts of the developing world. According to the Digital Evolution Index published by the Tufts University Fletcher School in late 2015, “fifteen European countries have been losing momentum since 2008 in terms of their state of digital evolution.”[45] The United States, by contrast, belongs to the “stand out” category of nations considered by the index.[46]

Antitrust enforcement poses plenty of challenges of its own without governmental bodies employing it as a means of achieving competitive parity with other countries’ technology sectors. U.S. leadership in competition law is increasingly important, especially as developing countries work to craft and implement their antitrust regimes.

Thank you for the opportunity to testify before the Committee, and I welcome your questions.