To the Brussels mind, content services are a conundrum: why don’t market forces naturally take advantage of the Single Market? The canonical example, see the recent Commission consultation, is why can people exercising their ‘free movement rights’ (i.e. ex-pats or Eurocrats) not get access to services from their ‘home’ country?
At first glance, it is an odd situation as large language-based markets already exist:
- I can buy physical books, CDs and DVDs in the UK and have them delivered to Belgium without difficulty; and
- A massive ‘blind-eye’ is turned by the entertainment industry to the grey market for foreign satellite TV subscriptions.
Meanwhile, rights holders appeal to a ‘tradition’ (!) of national licensing, and that they can best maximise profits by working within national regimes. The latter at least is no surprise to the economically literate – consumers vary in wealth and price discrimination is a reasonable aim (if the seller can prevent arbitrage between purchasers).
When I sit on a plane, I can be almost certain that the person next to me has paid a different price for their ticket. No one really thinks twice about it, and the student in seat 26A relies upon the fact that the business woman in 3F will pay 10x more. The former had to show their student pass, and security requirements (conveniently) prevent resale to the executive.
But online we hit two big snags:
- the price transparency that otherwise makes markets work well, facilitates comparison-based advocacy such as the infamous episode in 2000 that led Amazon to commit never to use price discrimination.
- Brussels feels uncomfortable with price differences in the single market.
The iTunes decision of 2008 classically combined the two phenomena for online content.
The real world examples above suggest that rights holders are, in practise, generally satisfied with the market segmentation possible on the basis of language. What I suspect they really fear is:
- the ‘politics of benchmarking’, and they know that cross-country comparisons have become the soft-law weapon of choice for the Commission (e.g. car prices).
- the uncertainty in the consultation document from opening up debate about second-hand markets, which inevitably expand arbitrage opportunities.
Consequently, my recommendation is that political leadership is more important than legislative change:
- defending price diversity as much cultural differences in the single market; and
- publicly rejecting the ‘property’ metaphor – information is not the same as e.g. apples. Resale should therefore not be a major policy focus, but the time saved can be used for a fuller review of IP without the rhetorical distortions of the ‘property’ metaphor!
With the the e-Privacy Directive now entering into force across Europe with it’s upgraded cookie rules, it could have been disappointing to read this new academic article about “browser profiling“, a practise that achieves profiling without using cookies.
The e-Privacy Directive does not mention cookies by name in its Article 5.3, although they are referred to in the recitals. Instead the Article addresses “the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user“. The notion was of a unique identifier (UID) stored on the users computer enabling successive visits to a website to be matched. The provision is beginning to fail one the EU’s stalwart regulatory principles – technology neutrality.
Browser profiling involves a webpage loading a script that combines a set of relatively unique (‘high entropy’) features of the browser’s environment, in particular the list of fonts available, into a UID sent back to the website. The resulting profile is unique in seemingly 95%+ cases, and does not require the local storing of information.
But while the Directive does not apply, the industry responses to policy maker anxiety about cookies do. The IAB Europe self-regulation rules and the Do Not Track (DNT) provisions refer to the practise of ‘tracking’ or ‘profiling’, rather than technologies. While the main online ad companies and publishers are complying with these rules, the article’s authors lament the fact that the sites they found using finger-printing (404 of the top 1 million sites, see chart) were also not respecting the DNT signal. That can hardly be a surprise as few were providing details of their practises in their privacy notices either.
So the real issue is enforceability against bad actors. This is a function of the enforcement agent’s (data protection agencies) determination, and the assistance the law provides in proving a transgression. I believe that privacy-based ‘collection & processing of personally identifiable information’ approaches are poorly suited in these instances. Recall that browser profiling is based on looking at installed fonts!
Are there other approaches possible? The draft EU Privacy Regulation promises a ban on profiling, which passes the technological neutrality test, but in the process has been criticised for over-broadly inhibiting all manner of legitimate business activity. Another is to look at this kind of practise from a cybercrime perspective – for example Article 13.4 of the e-Privacy Directive provides that “the practice of sending electronic mail for the purposes of direct marketing which disguise or conceal the identity of the sender … shall be prohibited“. Interestingly the article refers to the practise of some browser profiling code to delete itself after having sent the fingerprint back to the site owner (presumably to make itself harder to detect).