Over the past decade, user influencing practices have gained prominence in academic and digital policy debates in Europe. These practices include dark patterns, dark nudges, sludge, and highly personalised processes such as hypernudging. In essence, they rely on manipulating users’ cognitive and environmental constraints to steer their behaviour in a predictable manner. Growing empirical evidence of harms have triggered regulatory responses in the recent Digital Services Act, Digital Markets Act, Artificial Intelligence Act, and Data Act. In addition, the enforcement guidance documents were updated to sharpen the application of EU data protection and consumer laws to capture these practices. In this blog post, I focus on European competition law as an alternative instrument that has so far been largely overlooked in user influencing debates. As user influencing may lead to distortion of competition and consumer harm, competition authorities should take a more active, yet pragmatic, role in addressing these challenges.
Continue reading “User Influencing and a Pragmatic Role for Competition Authorities”Tag: enforcement
Effectiveness and Procedural Protection in Cross-Border GDPR Enforcement
Enforcement of the General Data Protection Regulation (Regulation 2016/679 or GDPR) is organized mainly alongside decentralized procedures, where national supervisory authorities (SAs) are responsible for monitoring and supervising the diverse market of small and large data controllers and processors. Since processing often has a transnational character, enforcement becomes a transnational affair too. Therefore, the GDPR lays down a (complex) cooperation mechanism according to which national SAs in different Member States shall coordinate the outcome of enforcement procedures, in order to address violations together – potentially with involvement of the European Data Protection Board (EDPB) too. While this procedure was, from the outset, infamous for its complexity, concerns regarding under-enforcement of cross-border cases now seem to materialize in practice. This blogpost highlights a number of recommendations that aim to increase the effectiveness of cross-border GDPR enforcement and the protection of data subjects within these procedures.
Continue reading “Effectiveness and Procedural Protection in Cross-Border GDPR Enforcement”Not so flexible? The instrumental usage of soft law in EU telecommunications regulation
What is ‘instrumental usage’ of soft law and why does it matter?
At the hand of a case study in the telecom sector, this blogpost maintains that soft laws can erode the principles of accountability and vertical division of powers when used instrumentally/strategically by enforcers. An example of such strategic use will be the instance when, due to its ineffectiveness, a soft law instrument is converted/leveraged into hard law. The working definition of instrumental use coined by this author is as follows: deploying soft law in order to obtain enforcement outcomes that are consistent with an enforcer’s own vision of the ‘correct’ modus operandi of EU (utility) regulation (and away from public interest/public good considerations).
Continue reading “Not so flexible? The instrumental usage of soft law in EU telecommunications regulation”