Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘EU

Superficial opinions / EU

with one comment

To complement a recent text on naive beliefs, a few words on how my own opinions on the EU have changed. (Also in light of the recent UK general election, and its character as an almost-referendum on Brexit.)

The question of the EU first entered my own life in a major manner with the early 1990s Swedish debates on EU membership, culminating in a referendum in 1994.

At the time, I was extremely positive, seeing advantages like fewer trade obstacles, likelihood of higher growth, easier migration*, a lesser risk of war, …

*And the ease of my own later migration to Germany is a result of the Swedish and German memberships.

In my opinion formation there were (at least) two weaknesses: I was too unaware of disadvantages and, too some degree, I was influenced by “the party-line”, in that the party I supported was strongly positive and that I might not have reflected enough over potential down-sides.*

*An issue that I have observed at a fairly large scale among others, including absurdities like Leftists simultaneously claiming the correctness of Gender-Feminism and Evolution, despite these being largely incompatible, on the basis that these are both “should believe” ideas in some circles. (I am, obviously, pro Evolution and anti Gender-Feminism, having actually looked into these topics with a critical mindset.)

As time has gone by, I have seen a number of problems. Some are of an almost unavoidable nature, unless the EU is to be a half-measure, as with e.g. the extra layers of government that risk to further reduce the independence of the individual, increase costs and bureaucracy, etc., or with the risk that certain political ideas can become more “monopolistic”, reducing the possibility of escaping a “bad” country through migration, because all other near-by countries are equally “bad”.* Others are pure implementation errors, like the excessive redistribution of money from wealthier to less wealthy countries within the EU.**

*Among many examples of potential bad legislation that reduces civic rights in favor of the government or increases copyright durations unduly. Of course, such legislation can equally be made in the “good” direction, but the risks outweigh the chance of benefits in my eyes, and the reduced option of escape remains. What, e.g., if the insane Swedish sex laws were exported to the entire EU at some point? More generally, I have only over time become aware of how ridiculously much of what politicians decide is nonsensical or harmful; and while I have long been in favor of small government, possibly even some version of a Nachtwächterstaat, my realization of the harm that big and/or over-involved governments cause has grown year by year.

**This is unfair, distorts the free markets, creates inappropriate incentives for less wealthy countries to join, and causes resentment in the wealthier (including as a Brexit contributor). Moreover, the money flows often depend on e.g. negotiation skill and the strength of the negotiation position, rather than uniform and objective criteria.

I am still in favor of the EU (and Swedish/German membership), because the overall advantages seem to outweigh the overall disadvantages, but my opinion is far more nuanced than e.g. in 1994 when I, at age 19, voted “yes”. Moreover, I do not rule out that the Brexit will bring a net-benefit to Europe and the citizens of the EU through ensuring a greater degree of diversity of policy and development. (But I suspect that it will still turn out to be bad for the UK and its population and/or the EU when viewed as a state.)

I would also say that there are many implementation errors in the current EU, e.g. the aforementioned re-distribution of wealth between countries, and that many* of the benefits of the EU could be reached by other means. For instance, freer trade and easier border passage could be achieved without the EU (to a large degree, this even amounts to removing artificial obstacles imposed by the individual states); for instance, a high degree of uniformity of e.g. product regulations could be achieved by voluntary means, be it by states or businesses. In this line, I am willing to at least consider suggestions like that an earlier level of integration within the EU was better than the current level.

*By no means all, unless a similarly “heavy” solution as the EU still results. For instance, every or almost every aspect of the EU could be replicated by separate agreements and organizations, but then we would have the same results with a likely greatly increased complexity and overhead. (Possibly, with some degree of eclecticism available for the member states, but this would then reduce the advantages from compatibility improvements.) A particularly interesting example is the use of a common currency: entirely separate countries could use the same currency, but this would lead to great complications (including a risk that some become highly dependent on the monetary policies of others without having any say) and might require the parallel use of a country-internal currency (e.g. Krona in Sweden) with an international (e.g. the Euro as a new creation or D-Mark or Dollar as “imports”).

Excursion on absolutes:
A common problem in political debates, especially from the Left, is the assumption (or deliberate mis-representation) that things are uniformly and absolutely good or bad. The EU is an extremely good example of how things, on the contrary, tend to have positive and negative sides, both strengths and weaknesses, etc.; and of how important it is to have a nuanced understanding. Similarly, if a little of something is good, it does not follow that more of the same thing is even better.

Excursion on the weak-argumentation meta-argument:
Another contributor to my early opinions was the usually weak argumentation of the Swedish anti-EU factions. They might or might not have raised similar concerns that I do above (this was a long time ago and my memory is vague), but the brunt of the argumentation that has remained in my memory was unconvincing and lead me to apply the meta-argument that if someone relies heavily on weak arguments, chances* are that there are no strong arguments. This especially as the main proponents of “no”, e.g. the former Communist party, had a long track record of weak arguments.

*This is not foolproof, e.g. because strong potential arguments might simply be unknown.

One of the most often repeated was roughly “once we are members of the EU, we can never get out again, so we should wait” or “[…] not join at all” (depending on the speaker). A fatal flaw of this argument is, witness the Brexit, that it does appear possible to leave—and the argument was proved largely dishonest by the reactions of the same groups a few years after Sweden had joined, when the trend had turned and the opinion temporarily was against the EU: “We must hold a new referendum to reflect the new will of the people so that we can leave as soon as possible!” If we look at the “wait” version of the original argument, there is some point to it, in that a better decision can made with more information, but (a) this would apply at any given time, implying that one could argue “wait” perpetually, (b) a further wait comes at a cost of missed opportunities, e.g. in that the advantages do no apply during the waiting period, that a longer wait could lead to a worse negotiating position*, and similar. (The “not join at all” version is entirely absurd, because this would preclude any activity with a real or merely claimed permanency.)

*Notably, because the EU grows and the relative size of population, economy, and proportions of import/export of the applicant changes accordingly.

Other weak arguments included “The EU is silly! Look at their banana-shape regulations!”*, “Brussels will decide over our heads and Stockholm will lose power”**, and, in a wider sense, the claim that we should hold the referendum first and negotiate later, which seems more like a delaying tactic or a deterrent tactic than anything else: If someone comes to the negotiating table set to buy, he has little room to negotiate, making the order idiotic. At the same time, those voting will be unable to make an informed choice (again making the order idiotic) and … be more likely to say “no”, just in case. (The ostensible reason was to save the costs of the negotiations, if I recall correctly.)

*As opposed to e.g. “We fear that a membership in the EU will lead to an excess of new regulations with too little tangible benefit.”; an acknowledgment that regulations could have a purpose was usually lacking.

**While this is a possibility, it matters comparatively little to a rational citizen whether politicians decide over his head in Brussels or in Stockholm. The additional layers of politicians (cf. above) is a different matter—there are now more groups of politicians that can decide things over his head.

Written by michaeleriksson

December 15, 2019 at 5:28 pm

Posted in Uncategorized

Tagged with , , , ,

EU’s General Data Protection Regulation (and WordPress’ handling of it)

leave a comment »

Roughly a week ago, EU’s General Data Protection Regulation (GDPR) went into force, as many EU citizens have noticed in form of various emails from businesses* keeping their data, and a more global group in form of more, or more intrusive, alerts concerning use of cookies and whatnot. WordPress bloggers have probably also noticed a notification in their admin areas:

*While I will speak of “business” through-out, seeing that much of the discussion is in a commercial context, the regulation is not limited to businesses in the strictest sense, and replacing “business” with “organization” might be appropriate in some cases.

To help your site be compliant with GDPR and other laws requiring notification of tracking, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, if you or your audience is located in Europe, you need to turn it on.

Below, I will briefly* discuss the GDPR, some of points relating to the Web, and why I will not follow the demand of the WordPress message.

*This is a very wide topic and a more complete discussion would require a considerable amount of both research and analysis.

By and large, the GDPR is a good thing, including a much needed change of philosophy (quoting the above Wikipedia page):

Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately.

This quote alone addresses much of what troubles me with data handling, including that data security is often an afterthought and that users have to run through various settings (or even send a letter) to reduce data use. However, how much it will bring is yet to see, bearing in mind the difference between expectations on paper and their realization in real life, as well as various exceptions and softenings of the rules.

Unfortunately, this change of philosophy is also, indirectly, the source of much of the legitimate* criticism from the business world: Because existing software and procedures were built with a very different philosophy in mind, sometimes decades ago, the transition costs are enormous. On the positive side, while the costs after the transitional period** will be increased compared to the past, it will be by nowhere near as much as during the transitional period.

*As opposed to illegitimate criticism of the “you are spoiling our data party” kind. Other legitimate criticism includes unclear or delayed information from government institutions that have made it harder to implement the GDPR (see also the following footnote).

**In theory, businesses have had several years for this transitional period, implying that much of the cost should be history; however, from news reporting, it does not appear that this period has been used very well on average, implying that there likely will be an additional transition over the coming months. To boot, there are likely very many issues that will need resolution over the coming years, for reasons like later clarifications of regulation, upcoming court cases, and unforeseen practical obstacles.

At the same time, there are reasons to criticize it from a consumer point of view. For instance, the Wikipedia page also says:

Recital 47 of the GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

This* is very unfortunate, seeing that direct marketing is one of the greatest sources of abuse of data and something many consumers are more upset with than sloppy data treatment per se.** More than that: If there had been stronger and more severe restrictions on various form of marketing, especially direct marketing, much of the reasons for data use and abuse of today would disappear, and we would almost automatically have a considerable reduction.

*This section of the Wikipedia page simultaneously and confusingly deals with both B2C and B2B marketing, and I must make some reservations for the correctness of my understanding.

**Say, when they give an email address in confidence to complete one purchase and are then spammed with unsolicited and unexpected offers to perform another on a regular basis. This is grossly unethical and should by rights be illegal; however, looking at Germany, the otherwise strong laws against spam were artificially weakened by the legal fiction that someone who had once bought something could be assumed to be keen on buying more, making the unsolicited messages quasi-solicited. This is of course an incorrect reasoning on at least three counts: Firstly, very many customers buy something once and never come back (and have no interest in coming back). Secondly, those who are interested in coming back will usually want to do so on their own terms, e.g. when they see a need. Thirdly, it makes an extremely customer hostile assumption about all those who strongly dislike such messages. As an aside, ethical marketing should always work on an opt-in basis, which is not the case here.

Looking at the German Wikipedia page, which differs considerably in content, there is a very odd claim:

Den Mitgliedstaaten ist es sonst grundsätzlich nicht erlaubt, den von der Verordnung festgeschriebenen Datenschutz durch nationale Regelungen abzuschwächen oder zu verstärken.

(Gist: It is not allowed for the member states to reduce or increase [sic!] the protection offered by the regulation.)

That no reduction is allowed is very positive, but the ban on an increase seems extremely ill-advised. Barring the influence of industry lobbyism, the only plausible seeming reason is to reduce complications when consumers and/or businesses from different (EU) countries are involved. Even so, there must be a better way*, because this way there is an artificial upper limit on consumer protections. Indeed, this could be a contributing factor to the existing protection in Germany being lowered in some cases, including criteria for the consumer’s acceptance of data use**.

*What, in detail, goes beyond the scope of this post, but an obvious step would be to allow stricter rules when both parties are situated in the same country.

**“Prinzipiell sind die Anforderungen an eine wirksame Einwilligung gegenüber dem deutschen BDSG reduziert: Die Schriftform ist nicht mehr die Regel, auch eine stillschweigende Einwilligungserklärung ist nach Erwägungsgrund (32) zulässig, wenn sie eindeutig ist.”

One of the more interesting changes from the English Wikipedia page is that “A right to be forgotten was replaced by a more limited right of erasure”. This is to some degree a limitation of consumer/user/whatnot rights; however, not one that I consider a bad thing: The original “right to be forgotten” always seemed disproportional to me, looking at gains for the individual and efforts needed from others, and also carried a risk of destroying/hiding knowledge, distorting history, …

The sheer amount* of “cookie warnings” and similar poses a considerable problem to comfortable surfing. This especially since the people who surf without cookies and JavaScript are often unable to get rid of them**; while even the rest will have a number of extra clicks to perform over the course of a day. A positive thing is that it becomes obvious how many sites actually use cookies et co, for no legitimate reason: If I enter an online shop to buy something, using cookies for the shopping cart is legitimate, but why would a cookie be needed when I am passively browsing a forum? Using a search engine? Looking at a static site with no means of interaction? My hope is that the mixture of this revelation, in combination with the increased annoyance for the visitors***, will force businesses to reduce their use of such technologies to some degree for fear of losing the visitors. Then again, if a sufficient proportion of the sites give such warnings, the users will have few alternatives and might remain anyway, taking a hit in usability on the way.

*I doubt that the amount will lessen over time, except as mentioned above, seeing that an earlier increase a few years ago, likely related to the original passing of the GDPR, did not.

**Somewhat paradoxical, seeing that these are normally not affected by the data use that necessitated the cookie warning.

***The negative effects of e.g. hidden user profiling do not hurt in such an obvious manner as the warnings: A pin-prick hurts worse than clogged arteries.

In a twist, keeping these warnings from re-occurring will require some way to keep tabs on the users, most likely through cookies… This can cause paradoxical situations where the warnings increase the amount of cookies, tracking, … performed.

A further complication is that the degree of tracking, the needed content of the warnings, whatnot, will not necessarily be under the control of the individual site, possibly necessitating a vagueness that makes the warnings misleading or unhelpful. Consider e.g. a site that uses a tracking network or that allows external content (notably advertising) that can on its pull in tracking functionality. Frankly, what we need are restrictions against user tracking, profiling, …, that goes considerably further than the GDPR—not just warnings.

I will not comply with the notification from WordPress (cf. above):

I do not actively gather or track any user data, except what is provided through e.g. comments and subscriptions*; I do not use cookies, JavaScript, …; I have no access to data excepting fully pre-anonymized read-only access statistics provided by WordPress (and the aforementioned comments etc.) To boot, I am blogging in a private capacity, as a natural person, with no monetary interests involved, which makes it likely that the GDPR does not apply to me in the first place (in this particular context).

*And even here the “actively” is typically limited to me passively accepting e.g. a comment through the wordpress software, reading (and possibly answering) it, and then forgetting that it is there.

Should* WordPress choose to engage in such practices in a manner exceeding the reasonable minimum, this is simply not my problem, not within my control, and contrary to my preferences**. WordPress, not I, has the responsibility to inform people correspondingly—better yet, it should cease these activities. An attempt to roll the responsibility over to the bloggers is unethical and amateurish. This especially seeing that the notification contains no reason whatsoever why it would be my duty to comply. Almost certainly, there is no such reason.

*Going by the privacy notice provided together with the notification, it appears that WordPress is abusive. This includes unethical over-tracking of user data, e.g. “browser type, unique device identifiers, language preference, referring site, […], operating system, and mobile network information” as well as potentially (depending on details unknown to me) unethical over-communication to e.g. “Independent Contractors” and “Third Party Vendors”. Cf. also an older analysis of WordPress’ privacy policy—a very similar document.

**If I had the power, I would explicitly forbid them to do certain things in relation to my WordPress blog. I definitely recommend readers to surf with cookies, JavaScript, …, off to the degree realistically possible, as well as to user various forms of anonymizers, in order to minimize their exposure.

To boot, if the responsibility were to reside with the bloggers, the means of communication chosen is entirely insufficient, and WordPress would have exposed its bloggers to an unnecessary period of involuntary law violation…

I note that the restriction to Europe* is somewhat arbitrary: The ethics of data economy, respect for user privacy, etc., does not end at borders, even should the law do so. It also raises so many questions and caveats that the typical blogger will not be able to make an informed decision without consulting an independent expert. For instance, what if a non-European blogger has an European following that he is not aware of? What if he blogs while spending time within Europe? Is this different for a one-week vacation and one-year period as an exchange student? Etc. With very few exceptions, he would have to activate these notifications in a blanket manner to be on the safe side.

*Of course, the GDPR does not apply to all of Europe to begin with, again making the notification too vague and poorly thought through.

What I will do is to add an extra page, giving fair warning that WordPress might be engaging in dubious practices outside of my control.

Note that the external pages quoted are unusually likely to undergo changes over time. The quotes reflect the state of the page at the time of my visit.

Written by michaeleriksson

June 3, 2018 at 11:20 am

Follow-up: International Day Against DRM

leave a comment »

As a brief follow-up to my recent post on DRM, a few claims* from a (German) article on a piracy study/>:

*I have not investigated the details myself, and I draw only on this source; however, the source has a very strong reputation—then, again, it is still journalists at work.

  1. The EU commission ordered a study on content piracy in 2015, and later tried to suppress and misrepresent the study.
  2. The found overall negative effects of piracy were small.
  3. Movies saw a loss of 27 legal “transactions” (“Transaktionen”) per 100 illegal. This was dominated by block-busters. (I note, looking back at my original post, that block-busters are a prime target of organized and/or professional pirates, who are hindered far less by DRM than e.g. ordinary users wanting to make a backup copy.)
  4. Music saw no impact—despite music piracy being the favorite industry target for a long time.
  5. Computer games saw a gain of 24 legal transactions: An illegal download increases the chance of a legal purchase.

As for the paradoxical result for computer games, and to a lesser degree music, I would speculate that this is partially a result of an informal trial by prospective consumers: Download a product, check-it out, and then either reject the product or buy it legally. This makes great sense for games, where the total playing time often goes into weeks, sometimes even months; with a movie, many users might see no major point in re-watching even a very good movie, considering the sheer number of new releases, and more than several re-watchings are reserved for the best-of-the-best-of-the-best. Music could be somewhere in between, like the numbers suggest, and there is always the possibility of someone additionally buying other music from the same artist. I also note that in terms of “bang for the buck”, games and music usually fair far better than movies. The authors of the study, according to the above article, mention that computer-game purchases often come with additional perks, e.g. bonus levels.

Written by michaeleriksson

September 22, 2017 at 6:17 pm