The Monopoly Report

In this episode, Alan chats with Vermont State Representative Monique Priestley about her multi-year attempt to get a privacy law passed in the State of Vermont. They discuss Vermont's approach, what Monique has learned from the successes and failures of other state efforts, and what a "good" privacy law looks like.  Rep Priestley's bio may be found at: https://priestleyvt.com/about/ The discussion re: Private Rights of Action in Privacy Laws with Dr. Lauren Scholz is available at: https://www.youtube.com/live/RVb8xXWkYPQ?si=sb89gvUiT_WzKYsp&t=2448. My reaction to Dr. Scholz's testimony is available on my Substack at: https://chapell.substack.com/p/more-on-the-private-right-of-action Takeaways Lobbying pressure shapes privacy bills long before the public ever sees them. Consumer rights only work if people can actually enforce them. Data minimization is essential but difficult to regulate. Political campaigns are major contributors to data misuse. States struggle to keep definitions aligned as technology shifts. Chapters 00:00 Origin story of Rep. Priestley 03:15 How lobbying shapes privacy legislation 08:10 What a strong privacy law should include 13:20 Why data minimization is so complicated 18:45 The role of political campaigns in data abuses 24:30 Data brokers and updates, states are pushing 31:40 Authorized agents and deletion requests 36:30 How Vermont approaches sensitive data Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Butler from the Electronic Privacy Information Center (EPIC) joins Alan Chapell to discuss EPICs recent blog post critiquing the March 2025 decision of the French competition authority holding that Apple's App Tracking Transparency (ATT) is anti-competitive. This is a robust discussion pitting the views of the advocacy community against those of the business community... and demonstrating the tension that can sometimes exist between privacy and competition law.  The discussion referenced a number of articles and consumer research. Epic's blog post on ATT is at https://tinyurl.com/2avfss69 The French Competition decision is at https://tinyurl.com/27tav2dv Research from Columbia Univ is at https://tinyurl.com/399az6ht Research from USC is at https://tinyurl.com/55d76n87 Takeaways EPIC saw Apple’s App Tracking Transparency (ATT) as a rare, meaningful win for user privacy amid decades of unchecked data collection. Alan Butler draws a distinction as between first-party tracking and third-party behavioral tracking - a distinction that may be at odds with competition regulators such as the UK Competition and Markets Authority. Butler argued that consent pop-ups and CMPs are manipulative, not genuine privacy controls - Chapell agreed, but noted that Apple uses its own form of manipulation with ATT. European regulators viewed ATT as anti-competitive, but Butler said ATT rightly prioritizes user privacy over ad-tech interests. Chapell provided research suggesting that Apple's cohort tracking might not be as user-friendly as some advocates have suggested. Apple’s ad revenue growth in the wake of ATT raised competition and fairness concerns. Butler called for ad models that allow publisher sustainability without compromising user privacy. Chapters00:00 Introduction and EPIC’s role in privacy advocacy02:30 Apple’s App Tracking Transparency explained04:45 Ad-tech backlash and regulatory scrutiny in Europe06:15 First-party vs. third-party data use distinctions09:50 How tracking and profiling differ across contexts12:40 Consent mechanisms and why they fail users15:50 The “double consent” debate under EU law20:00 Competition concerns and privacy as a design choice24:30 Publisher monetization and skepticism of tracking’s value28:00 Intersection of privacy, competition, and market power31:30 Consumer understanding of ATT and tracking preferences34:00 Apple’s data use and the question of transparency37:00 Whether ATT unfairly advantages Apple41:00 Broader implications for competition and privacy balance45:30 Parity between ATT and consent systems discussed48:30 Closing reflections on privacy, fairness, and user control   Learn more about your ad choices. Visit megaphone.fm/adchoices

Cory Doctorow is a prolific writer of both fiction and non-fiction. His latest book is Enshittification: Why Everything Suddenly Went Wrong and What To Do About It. Cory and host Alan Chapell discuss the three stages of enshittification, its root causes, and the underlying social movement that is critical to addressing (and perhaps even reversing) its impact. Recognizing that they come at this from very different perspectives, Alan and Cory also go deep into some of the endemic challenges of the ads space while wrestling with pro's and con's of data minimization, contextual advertising and how to offer a private right of action to the enforcement of privacy laws.  Alan's Substack on CIPA the VPPA and anti-SLAPP laws is at https://chapell.substack.com/p/can-anti-slapp-save-ad-tech-from and should complement the discussion. Cory's bio is at ⁠https://craphound.com/bio/⁠ and you can find out more about his book Enshittification at ⁠https://tinyurl.com/y7u698a6⁠.  Takeaways Enshittification describes how digital platforms decay under monopoly power, shifting value from users to advertisers and then shareholders. Monopoly and weak regulation allow corporations to capture markets and regulators, eroding user rights and competition. Loss of interoperability and restrictive IP laws (like the DMCA) prevent users from fixing or improving technology. Privacy and data exploitation are central to tech monopolies’ power, stronger, simpler rules are needed over complex consent systems. Behavioral advertising should be replaced by contextual models to reduce surveillance and restore balance for publishers. Private right of action can help enforce privacy rights when regulators fail. Global antitrust movements in Europe, Canada, and Asia show more progress than the U.S. Coalition building across privacy, labor, and antitrust advocates is key to countering corporate concentration. Chapters00:00 Introduction and Enshittification explained04:20 How monopolies cause platform decay11:15 Market consolidation and regulatory capture13:30 Tech worker power and the loss of interoperability20:25 Key issues, privacy, competition, and IP27:25 Problems with consent-based privacy systems29:45 Case for banning behavioral advertising41:25 Enforcement and the role of private litigation51:00 Antitrust progress and shifting global momentum55:30 Building coalitions to fight tech monopolies Learn more about your ad choices. Visit megaphone.fm/adchoices

The care and feeding of a successful career - particularly in privacy or regulatory circles remains an under-discussed topic. Career coach Doug Miller joins Alan to discuss the changing role of the privacy pro over the past two decades and the challenges we all face as we try to juggle the goals of making an impact while finding happiness.  Takeaways Privacy executives must engage with the organization to change minds. Building alliances is crucial for effective privacy advocacy. It's important to connect with C-suite members beyond the CEO. Understanding product launch goals can align privacy initiatives. Strategic thinking is essential for future planning in organizations. The context of the industry influences product implementation. Collaboration across teams enhances privacy efforts. Privacy considerations should be integrated into product development. Long-term planning is vital for organizational success. Effective communication can bridge gaps in understanding privacy needs. Career burnout for privacy and regulatory pros is real - Doug shares a number of tips for career development.  Chapters00:00  Introduction & Evolution of Privacy  04:20  Early Privacy Careers & AOL Story  07:30  Mergers, Culture & Lessons Learned  09:20  Shifting from Reactive to Proactive Privacy  16:30  Convincing Leadership & Building Value  20:50  Career Growth, Burnout & Reinvention  38:40  Curiosity, Purpose & Closing Thoughts   Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Alan Chapell is joined by Connecticut State Senator James Maroney as the Senator shares the backstory regarding how he got involved in pushing for a privacy law in Connecticut, how those efforts are impacted by lobbying efforts, and how different states are collaborating to create the privacy and AI patchwork. The Senator also shares what's on his mind when it comes to future privacy and AI laws for Connecticut. The Senator's bio is available at https://www.senatedems.ct.gov/senator/james-maroney/bio" Takeaways Privacy policymaking often starts accidentally, not by design. Lobbying pressure remains the biggest barrier to passing strong privacy laws. Persistence and bipartisan cooperation helped Connecticut succeed after three years. The Global Privacy Control requirement made Connecticut a national privacy leader. Simplified opt-out processes improve user empowerment and enforcement. Consent fatigue weakens privacy protections; minimization is a better path. Broad definitions of personal data can discourage privacy innovation. Data brokers and AI oversight are the next frontiers in state privacy policy. Multi-state collaboration is reshaping privacy and AI governance in the U.S. Federal law should set a strong floor, not a ceiling, for privacy protections. Chapters 00:00 Introduction and Senator Maroney’s background 01:00 How privacy legislation found him 02:32 Early challenges and heavy lobbying resistance 05:04 Lessons from failed attempts and building allies 07:46 Adding the Global Privacy Control requirement 10:02 Balancing consent fatigue with real user protection 12:45 Defining personal vs. de-identified data 15:31 Strengthening Connecticut’s law through updates 17:47 Considering data broker oversight and the DELETE Act 20:31 Multi-state collaboration and AI policy efforts 23:45 Regulating sensitive data and consent standards 27:00 Authorized agents and consumer rights limits 31:02 Rulemaking challenges and avoiding patchwork laws 35:32 Federal preemption, enforcement, and private actions 40:30 Enforcement, lawsuits, and the search for balance 43:00 Closing remarks and UConn basketball predictions Learn more about your ad choices. Visit megaphone.fm/adchoices

Journalist Patrick McGee joins host Alan Chapell to discuss his book "Apple in China" as Alan draws additional pearls of wisdom from Patrick's work that can be used to guide everyone working in the digital media and regulatory world. From an in-depth discussion of geopolitics, a funny Seinfeld reference and (and a less funny one about Michael Moore) and important lessons for regulatory folks looking to hold your attention.... this is a great discussion. It's also helpful for everyone in the ads space to have a clear sense of Apple's motivations. You can buy Apple in China here - https://www.simonandschuster.com/books/Apple-in-China/Patrick-McGee/9781668053379 Takeaways Apple’s design-first philosophy thrived in China’s uniquely flexible manufacturing ecosystem. The partnership between Apple and China turned into a masterclass in innovation — and imitation “China speed” gave Apple unmatched production agility, but also trained future competitors. Apple underestimated how much intellectual property and know-how it was exporting. Patrick McGee frames Apple’s China story as both a business triumph and a geopolitical shift. Privacy remains central to Apple’s brand — but compromises in China tell a more complex story. The book reveals how Apple’s success fueled China’s tech dominance and influenced global policy. Regulatory lessons: even the biggest players can be blinded by their own success. Patrick’s storytelling turns a complex supply chain saga into an engaging, human narrative.Alan Chapell emphasizes that clear storytelling is key to making policy and economics resonate. Chapters 00:00 Introduction and Guest Welcome 00:52 The Premise Behind Apple in China 03:10 How Apple’s Design Culture Met China’s Flexibility 05:40 Training the Competition: The Hidden Cost of Outsourcing 08:15 “China Speed” and the Rise of Domestic Tech Rivals 12:20 Apple’s Privacy Paradox in the Chinese Market 15:05 Lessons for Regulators and Global Businesses 17:45 Storytelling as a Tool for Complex Topics 19:30 Reflections on Apple’s Future and Geopolitical Risks 21:00 Supporting Local Bookstores and Final Thoughts Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell continues his discussion with Jon Leibowitz on some of the key regulatory issues raised from 2004 - 2013. This includes the investigation re: Google Buzz and Google's settlement of FTC charges it Misrepresented Privacy Assurances to Users of Apple's Safari Internet Browser (which Alan believes had a huge impact on Google's approach to probabilistic advertising). They also talk about the historical regulatory role of telecommunications companies vs edge providers like Google and Meta as well as a discussion of the ongoing antitrust cases Google is facing.  Takeaways First-party data has real limits; it isn’t a universal fix. The FTC’s Intel case shows antitrust can unlock competition (e.g., aiding Nvidia’s rise). Journalism’s sustainability is strained by dominant platforms; collective bargaining may help. Google’s 2012 Safari case (rooted in earlier Buzz issues) became a lasting privacy deterrent. Privacy enforcement reshaped ads, pushing platforms away from third-party data tactics. Structural vs. behavioral remedies: breakups are rare; well-designed conduct rules often carry the day. Chrome divestiture was viewed as overreach; Judge Mehta’s search remedies felt cautious. Consent fatigue is real; data minimization and retention limits may work better. Privacy trade-offs vary by socioeconomic context; one-size rules can entrench incumbents. The ad-supported web has eras: DoubleClick (’94–’03), Google’s ascent (’04–’13), then Big Tech dominance. Chapters 00:09 Introduction & episode setup; first-party data riff; sponsor note 02:06 Intel case lessons; exclusivity, APIs, and competition effects 04:02 Journalism town halls (2009–10); platforms, news economics, misinformation 08:54 Google Safari cookie-circumvention case; ties to Google Buzz order 12:30 Consent vs. probabilistic advertising; platform caution post-settlement 15:00 Privacy trade-offs across economic classe 15:50 Google Search remedies; amicus brief; Chrome divestiture debate 23:30 Remedies are hard: structural vs. behavioral; Microsoft as precedent 26:00 Post-FTC: privacy coalition with Mary Bono; telco vs. edge provider rules 29:31 Rulemaking hurdles (Mag-Moss); unrealized federal privacy push 30:27 Regulation can entrench incumbents; EU lessons for startups 32:01 Data minimization & retention over blanket consent 32:50 Closing: three eras of the ad-supported internet; subscribe CTA Learn more about your ad choices. Visit megaphone.fm/adchoices

Host Alan Chapell is joined by Jon Leibowitz, former chair of the FTC to discuss the Commission's impact on the digital media landscape from 2004 until 2013. In part 1 of the discussion, Chapell and Mr. Leibowitz talk about the FTC's COPPA rethink, the DNT standard, some early FTC attempts to rethink journalism, and some of the antitrust and privacy enforcements against big tech during his tenure. Jon Leibowitz' bio may be found here - https://en.wikipedia.org/wiki/Jon_Leibowitz.  Takeaways The FTC’s push for “Do Not Track” showed how hard it is to get industry consensus on privacy. Global Privacy Control may succeed where “Do Not Track” failed, as cookies phase out. COPPA’s update made pseudonymous data count as personal data, reshaping online advertising. Age verification measures create new risks, even while aiming to protect children. Industry self-regulation (like ad icons) fell short, with state laws setting stronger standards. The FTC’s “bully pulpit” speeches often influenced industry behavior more than enforcement. Google’s acquisitions (DoubleClick, AdMob, etc.) raised competition questions but were welcomed by much of the ad industry. The tension between innovation, regulation, and consumer protection continues to shape digital advertising. Chapters00:00 Introductions & Setting the Scene03:00 Achievements at the FTC: Early Digital Ad Regulation08:00 The Rise and Stall of “Do Not Track”15:00 Protecting Kids Online & COPPA’s Redefinition of Data24:00 Self-Regulation vs. State Regulation in Ads32:00 Antitrust and Google’s Expansion40:00 Closing Reflections on Innovation and Oversight Learn more about your ad choices. Visit megaphone.fm/adchoices

UK data protection pro Robert Bateman joins host Alan Chapell to discuss how the EU seems to be heading in the opposite direction than the U.S. as the CJEU narrows the definition of personal data ever so slightly. Robert also shares thoughts on a cookie consent consult taking place in the UK - and gives a prediction on the future of EU to U.S. cross-border transfers.  Takeaways The definition of personal data has evolved significantly since the GDPR. Pseudonymization is often misunderstood and oversold in its benefits. The SRB case clarified the relative nature of personal data definitions. ICO's consultation may lead to significant changes in cookie regulations. Cross-border data transfers are essential for the digital economy. The adequacy decision ensures data safety when transferring data to the US. Max Schrems' challenges have significantly impacted data transfer frameworks. The ICO's approach to enforcement may signal a shift in privacy regulations. The role of journalism is crucial in understanding and shaping data protection issues. Different perspectives in data protection can foster better dialogue and solutions. Chapters 00:00 Evolving Definitions of Personal Data 06:03 The SRB Case and Its Implications 11:45 Rethinking Privacy Regulations in the UK 17:59 Cross-Border Data Transfers and Their Importance 29:40 Challenges to the EU-US Data Privacy Framework 35:43 The Role of Journalism in Data Protection Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Tobias Judin from Norway's data protection regulator, the Datatilsynet (and EDPB representative), joins host Alan Chapell to talk about trust, (mis)aligned incentives, and consent in the European ads marketplace. We go deep on the challenges around pay or consent models for digital media as the EDPB plans to issue guidance for the larger publishing industry. Will pay or consent save the publishing industry - or become a drag on data protection law? Alan refers to the NOYB guidance on pay or consent, so we're sharing that here: https://noyb.eu/sites/default/files/2025-07/Pay_or_Okay_Report_2025_web.pdf. Takeaways Data protection can enhance a company's competitive edge. The EDPB aims for harmonized GDPR interpretation across Europe. Consent mechanisms are often misunderstood and misapplied. Behavioral advertising creates challenges for data protection compliance. The current consent model may not be sustainable long-term. Pay for consent could lead to inequities in data protection. Size and scale of data processing influence regulatory focus. Trust in data handling can lead to increased ad revenue. The GDPR's fairness principle needs reevaluation. Data protection is essential for supporting democracy. Chapters 00:00 Introduction to Data Protection in Europe 01:18 Understanding the Role of the EDPB 04:42 Data Protection as a Competitive Advantage 08:41 The Challenges of Consent Mechanisms 11:54 Proportionality in Data Processing 16:42 The Future of Behavioral Advertising 21:53 The Concept of Pay for Consent 26:58 The Role of Size and Scale in Data Protection Learn more about your ad choices. Visit megaphone.fm/adchoices