I love so many things about the European Union—the history, the people, the cheese, the capital Eszett. Also the EU’s commitment to protecting its citizens from the depredations of Big Tech. For instance, via meaningful antitrust investigations.
Or via the GDPR, the EU’s new data-privacy law. If you didn’t hear about it in 2016 when it was enacted, you surely have in the weeks before May 25, during which we all received a welter of messages announcing updated, GDPR-compliant privacy policies.
You won’t be getting one of these messages from me, however. (What follows is a summary of my thinking about the GDPR. But I am not your lawyer. This is not legal advice.)
As written, the GDPR claims enormous scope: it wants to regulate “the processing of personal data” collected from EU citizens even when the processor of that data is “not established” in the EU. Much of the commentary about the GDPR has taken this claim at face value—e.g., the “GDPR applies to any site that collects user data”.
Oh really? Certainly, the EU can regulate businesses within its borders (or foreign businesses with a presence in the EU). But businesses entirely outside the EU? I’m not persuaded. In general, international law doesn’t apply to people in the US absent an explicit treaty—for instance, the Geneva Conventions or NAFTA. There is no US / EU treaty covering the GDPR. Indeed, the GDPR itself concedes this is so, and therefore contemplates the creation of “international cooperation mechanisms” to enforce the GDPR. But as long as those mechanisms are missing, so is the possibility of enforcement outside the EU.
To plug this hole, the GDPR demands that I, as a “data collector” outside the EU, “designate ... a representative” in the EU, thereby bringing myself under its jurisdiction. But what happens if I don’t? Ostensibly, that refusal would itself become a GDPR violation—except that the GDPR is still unenforceable against me. So AFAICT, the cheapest & safest way for me to “comply” with the GDPR is to totally ignore it.
That doesn’t mean I don’t take data privacy seriously. On the contrary, unlike just about everyone else on the internet, my websites have never had any advertising, surveillance, or tracking (other than basic Google Analytics, which I use for technical troubleshooting). I collect the minimum amount of personal information for any sales transaction. I’ve never shared or sold any customer information, and never will.
I didn’t adopt these policies because I had to. Rather, I sincerely—though maybe quixotically—believe that there’s still some future for the internet that isn’t entirely premised on surveillance and advertising. Of course, I’m always interested in generating more sales. Call me a Luddite, but I want to do it the old-fashioned way: a voluntary exchange of money for goods & services. Regardless of who you are or where you are.
I thought a 750-page book about Israel’s covert assassination programs would exceed my appetite for the subject. Or at best would be generously padded.
Wrong on both counts. Journalist Ronen Bergman’s book (translated from the original Hebrew) is meticulously researched and reported, in many cases based on his own interviews with the original participants. The pace of the action is relentless—Bergman has collected so much good material that he can afford only three pages for the famous 1976 hostage rescue at Entebbe airport.
In one sense, the book is a history of Israel, as told through its targeted-killing programs. But it’s also a story of the costs and consequences of warfare conducted primarily via covert methods (including torture and drone strikes). Bergman depicts an Israeli government that, although largely successful in defending the nation, is increasingly corroded by its accumulated moral lapses. At turns exciting, heartbreaking, infuriating, and chilling. This is one of the best books I’ve read in a long time.
(The interior typography is atrocious, per the low typesetting standards of American publishers. But I can’t hold that against Bergman.)