While myriad attempts to pass federal privacy legislation have all fizzled out in recent years, House Energy and Commerce Committee Chairwoman Cathy McMorris Rodgers (R-WA) and Senate Commerce Committee Chairwoman Maria Cantwell (D-WA) recently introduced the American Privacy Rights Act of 2024 as a compromise approach that could pass both chambers.
But before it does, it’s worth considering whether the United States really wants to follow the European privacy model, which has led to much confusion and consumer harm.
Under the APRA, internet users would be served far more ads, but less relevant ones, with negative consequences for consumers, businesses, content creators, and online platforms alike.
Much like the EU’s General Data Protection Regulation, the APRA would erect barriers to the collection and use of data for targeted advertising. It also appears to forbid advertising-reliant platforms from offering users the choice to pay or consent to data collection for targeted ads. This means that online platforms would have to rely on nonpersonalized ads as their primary source of revenue. This change would harm not only the platforms themselves, but also the content creators and smaller publishers with whom those platforms share ad revenues.
In justifying its own regulations, the European Data Protection Board has argued that, in order for consent for data collection to be “freely given,” it must not “lead to any costs for the data subject.” This means that even Meta’s proposed ad-free subscription option for Facebook and Instagram in Europe, which the company made in response to the EDPB’s earlier restrictions on data collection, is likely illegal in the European Union.
Meanwhile, EU member states are still trying to figure out exactly what “freely given” consent means. But the EDPB has offered its opinion that large platforms cannot “confront users only with a binary choice between consenting to processing of personal data for behavioral advertising purposes and paying a fee.”
In a similar vein, Section 8 of APRA states that “a covered entity may not retaliate against an individual … including [by] denying goods or services, charging different prices or rates or goods or services, or providing a different level of quality of goods or services.”
Moreover, the data covered by APRA are defined expansively to include any information that “identifies or is linked or reasonably linkable, alone or in combination with other information” to any individual or a device. This appears to include persistent identifiers such as IP addresses or cookies used in targeted advertising. APRA proposes an opt-out model for targeted ads based on covered data that aren’t considered “sensitive,” but its “retaliation” provision would appear to also make Meta’s “pay or consent” model illegal.
If online platforms are prohibited from offering subscriptions to users instead of targeted advertising, that leaves nontargeted ads as the only available alternative. Since such ads generate less revenue, online platforms will have to serve many more of them. Advertisers will also have to pay more per click for these less-targeted ads.
CLICK HERE TO READ MORE FROM RESTORING AMERICA
In the end, the result is that internet users will see more and less-relevant ads. It’s unclear who this would benefit.
As annoying as targeted advertising may be, the question economists often ask is “compared to what?” It’s debatable whether consumers prefer targeted ads or paying subscription fees for more privacy, as both business models exist online. But there is no reason to believe they would prefer getting even more ads that are less relevant to them just because regulators from Europe or America prefer it that way.
Ben Sperry is a senior scholar with the International Center for Law & Economics (ICLE).
