The Monopoly Report

Alan Chapell is joined by Dr. Travis Hall - Director for State Engagement at the Center for Democracy & Technology (CDT), a nonpartisan organization focused on civil rights and liberties in the digital age. They talk about the ads space through a lens balancing consumer expectations with business interests and debate the merits of the private right of action. Travis Hall’s bio is available at https://cdt.org/staff/travis-hall/  Chapell Regulatory Insider is available at https://chapellreport.substack.com/ Takeaways: CDT focuses on a broad range of digital rights, not just privacy. Data minimization is essential for effective privacy laws. Consumer expectations often differ from actual online behavior. State privacy laws need strong enforcement mechanisms. The private right of action can drive regulatory change. Targeted advertising is an area of continued focus. Understanding technology is crucial for effective policymaking. Advocacy must balance user rights with industry needs. Collaboration between stakeholders is vital for progress. Historical context shapes current privacy advocacy efforts. Chapter: 00:00 Introduction and Personal Insights 01:18 Understanding the Center for Democracy and Technology 04:33 The Role of CDT in State Privacy Legislation 10:20 Consumer Expectations and Privacy Law 16:11 Elements of Effective State Privacy Laws 21:26 Challenges in Data Minimization Enforcement 24:27 The Impact of GDPR on Ad Tech 26:22 Enforcement Challenges in Digital Media 30:22 The Role of Private Right of Action 38:52 Improving Targeted Advertising Practices 46:02 Acknowledging the Tension in Data Practices Learn more about your ad choices. Visit megaphone.fm/adchoices

Professor Daphne Keller joins host Alan Chapell to discuss the implications of the EU Court of Justice decision in Russmedia - demonstrating that "breaking the Internet" is no longer solely the domain of pop stars like Taylor Swift. An expert in platform regulation and intermediary liability, Professor Keller explains how the CJEU's Russmedia decision poses significant challenges for companies operating in the digital media space in Europe. Daphne Keller's bio may be found at https://law.stanford.edu/daphne-keller/.  The Chapell regulatory outlook report may be found at https://chapellreport.substack.com/. Takeaways The Russmedia case shifts the EU rules on intermediary liability significantly. Intermediary liability laws aim to balance online safety, free speech, and innovation. The court's decision highlights a long-standing tension as between GDPR and the e-commerce directive. Platforms may now be considered joint controllers of user data under GDPR. Identifying harmful content at scale is a major challenge for platforms. The Russmedia case Chapters 00:00 Welcome and show premise 02:05 Daphne Keller and why Russmedia matters 04:00 Why intermediary liability shields exist 06:20 Distinction between Section 230 in the U.S. (absolute liability shield) and the EU notice and takedown regime under the e-commerce directive. 08:45 GDPRand right to be forgotten as background context. 11:00 Russmedia facts and Romanian state court path 13:45 Advocate General view processor vs controller 16:00 CJEU view as joint controllership is the lynchpin of the case. 23:30 Proactive checks and the general monitoring contradiction 34:40 What platforms can do now and the practical tradeoffs Learn more about your ad choices. Visit megaphone.fm/adchoices

Host Alan Chapell welcomes Commissioner Mark Meador of the Federal Trade Commission to talk about the future of conservative antitrust, the importance of protecting kids and the impact of the regulatory environment on the digital media marketplace. Commissioner Meador's bio can be found at https://www.ftc.gov/about-ftc/commissioners-staff/mark-r-meador. The Chapell Report can be found at https://chapellreport.substack.com/ Takeaways Privacy and online safety for children are top priorities for the FTC. The FTC is focused on tangible harms rather than ethereal issues. Antitrust enforcement has seen a bipartisan consensus on the need for more action. The FTC uses 6B studies to understand new markets and inform future regulations. Learning from past FTC experiences is crucial for effective enforcement. AI and deceptive claims are monitored under existing laws. Consumer choice is essential in a competitive marketplace. The FTC is committed to enforcing laws that protect children online. Regulatory actions should avoid creating unintended consequences. Chapters 00:00 FTC Priorities for 2026 03:53 Antitrust Focus and Challenges 07:50 Protecting Children Online 12:08 The Role of 6B Studies 15:54 Learning from Past FTC Experiences 19:41 Addressing AI and Deceptive Claims 23:43 Consumer Choice and Market Dynamics 27:43 Key Takeaways for Digital Media Stakeholders Learn more about your ad choices. Visit megaphone.fm/adchoices

Peter Craddock joins Alan Chapell to discuss the EU Digital Omnibus proposal - and debate the value of simplification of the digital privacy rules in Europe. Peter views these changes as pragmatic, while Alan is concerned that we’re trading in one set of ambiguities to another. More on Peter Craddock https://www.khlaw.com/people/peter-craddock. More on Alan's Regulatory Outlook Substack https://chapellreport.substack.com/welcome Takeaways Peter believes the Digital Omnibus changes are intended to add a layer of pragmatism to EU data protection law. The GDPR was designed to enshrine privacy as a fundamental right, but that doesn’t mean privacy should prevail over everything else. You also take into account other fundamental rights: fundamental right of information and freedom of expression. Chapters 00:00 Peter returns and sets the stage for what the EU Digital Omnibus is and why it exists. 04:20 How the proposal and Court of Justice rulings reshape the meaning of personal data for ad tech. 10:00 What pseudonymous companies can argue today under SRB and related cases. 15:40 Why ePrivacy consent rules still bite even if GDPR does not apply. 20:40 Browser-based consent controls and why industry expects pushback. 26:10 How regulators may respond, and why pragmatism is becoming more visible. 35:40 Legitimate interest for AI training versus consent for monetization. 41:00 Whether the changes help smaller players and what uncertainty remains. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Digital Omnibus proposal seeks to upend the EU data protection rules. In part 1 of our coverage, Alan Chapell chats with Dr Gabriela Zanfir-Fortuna of the Future of Privacy Forum about what's driving the Digital Omnibus, and whether it is likely to have a positive impact. More on Gabriela at https://fpf.org/person/dr-gabriela-zanfir-fortuna/. More on Alan's Substack at https://chapellreport.substack.com/. Takeaways The Digital Omnibus aims to simplify, reduce compliance burden and boost EU competitiveness, but may introduce new ambiguities and complexities.  Narrowing the definition of personal data could let some pseudonymous ad tech processing fall outside GDPR coverage. A browser level do not track style signal is proposed, yet timelines and technical feasibility remain uncertain given past failures and current standards backlogs. AI model training via legitimate interest raises difficult questions about privacy choices. Some EU regulators are likely to resist these shifts, meaning enforcement may stay privacy forward - creating a lack of certainty for those seeking to comply with these new rules.  Chapters 00:00 Alan introduces the show, the guest, and why the Digital Omnibus matters for GDPR and the AI Act. 03:40 Gabriela shares her privacy origin story and why privacy harms can be systemic, not just individual. 11:40 The pair unpack the Commission’s stated goals of simplification and competitiveness, and why Gabriela doubts the path. 17:00 They examine the proposed narrowed definition of personal data and the risk of fresh compliance confusion. 20:50 Discussion of a new consent revocation signal and the long road to workable standards. 26:40 A media services carve out is questioned, especially its impact on consent fatigue and digital ads. 32:00 Gabriela outlines the biggest AI related proposals, especially legitimate interest for training and use. 44:40 They predict regulator pushback and what that means for enforcement over the next decade. 50:30 Closing reflections on why the Omnibus may fail its simplification promise and what comes next. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Alan chats with Vermont State Representative Monique Priestley about her multi-year attempt to get a privacy law passed in the State of Vermont. They discuss Vermont's approach, what Monique has learned from the successes and failures of other state efforts, and what a "good" privacy law looks like.  Rep Priestley's bio may be found at: https://priestleyvt.com/about/ The discussion re: Private Rights of Action in Privacy Laws with Dr. Lauren Scholz is available at: https://www.youtube.com/live/RVb8xXWkYPQ?si=sb89gvUiT_WzKYsp&t=2448. My reaction to Dr. Scholz's testimony is available on my Substack at: https://chapell.substack.com/p/more-on-the-private-right-of-action Takeaways Lobbying pressure shapes privacy bills long before the public ever sees them. Consumer rights only work if people can actually enforce them. Data minimization is essential but difficult to regulate. Political campaigns are major contributors to data misuse. States struggle to keep definitions aligned as technology shifts. Chapters 00:00 Origin story of Rep. Priestley 03:15 How lobbying shapes privacy legislation 08:10 What a strong privacy law should include 13:20 Why data minimization is so complicated 18:45 The role of political campaigns in data abuses 24:30 Data brokers and updates, states are pushing 31:40 Authorized agents and deletion requests 36:30 How Vermont approaches sensitive data Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Butler from the Electronic Privacy Information Center (EPIC) joins Alan Chapell to discuss EPICs recent blog post critiquing the March 2025 decision of the French competition authority holding that Apple's App Tracking Transparency (ATT) is anti-competitive. This is a robust discussion pitting the views of the advocacy community against those of the business community... and demonstrating the tension that can sometimes exist between privacy and competition law.  The discussion referenced a number of articles and consumer research. Epic's blog post on ATT is at https://tinyurl.com/2avfss69 The French Competition decision is at https://tinyurl.com/27tav2dv Research from Columbia Univ is at https://tinyurl.com/399az6ht Research from USC is at https://tinyurl.com/55d76n87 Takeaways EPIC saw Apple’s App Tracking Transparency (ATT) as a rare, meaningful win for user privacy amid decades of unchecked data collection. Alan Butler draws a distinction as between first-party tracking and third-party behavioral tracking - a distinction that may be at odds with competition regulators such as the UK Competition and Markets Authority. Butler argued that consent pop-ups and CMPs are manipulative, not genuine privacy controls - Chapell agreed, but noted that Apple uses its own form of manipulation with ATT. European regulators viewed ATT as anti-competitive, but Butler said ATT rightly prioritizes user privacy over ad-tech interests. Chapell provided research suggesting that Apple's cohort tracking might not be as user-friendly as some advocates have suggested. Apple’s ad revenue growth in the wake of ATT raised competition and fairness concerns. Butler called for ad models that allow publisher sustainability without compromising user privacy. Chapters00:00 Introduction and EPIC’s role in privacy advocacy02:30 Apple’s App Tracking Transparency explained04:45 Ad-tech backlash and regulatory scrutiny in Europe06:15 First-party vs. third-party data use distinctions09:50 How tracking and profiling differ across contexts12:40 Consent mechanisms and why they fail users15:50 The “double consent” debate under EU law20:00 Competition concerns and privacy as a design choice24:30 Publisher monetization and skepticism of tracking’s value28:00 Intersection of privacy, competition, and market power31:30 Consumer understanding of ATT and tracking preferences34:00 Apple’s data use and the question of transparency37:00 Whether ATT unfairly advantages Apple41:00 Broader implications for competition and privacy balance45:30 Parity between ATT and consent systems discussed48:30 Closing reflections on privacy, fairness, and user control   Learn more about your ad choices. Visit megaphone.fm/adchoices

Cory Doctorow is a prolific writer of both fiction and non-fiction. His latest book is Enshittification: Why Everything Suddenly Went Wrong and What To Do About It. Cory and host Alan Chapell discuss the three stages of enshittification, its root causes, and the underlying social movement that is critical to addressing (and perhaps even reversing) its impact. Recognizing that they come at this from very different perspectives, Alan and Cory also go deep into some of the endemic challenges of the ads space while wrestling with pro's and con's of data minimization, contextual advertising and how to offer a private right of action to the enforcement of privacy laws.  Alan's Substack on CIPA the VPPA and anti-SLAPP laws is at https://chapell.substack.com/p/can-anti-slapp-save-ad-tech-from and should complement the discussion. Cory's bio is at ⁠https://craphound.com/bio/⁠ and you can find out more about his book Enshittification at ⁠https://tinyurl.com/y7u698a6⁠.  Takeaways Enshittification describes how digital platforms decay under monopoly power, shifting value from users to advertisers and then shareholders. Monopoly and weak regulation allow corporations to capture markets and regulators, eroding user rights and competition. Loss of interoperability and restrictive IP laws (like the DMCA) prevent users from fixing or improving technology. Privacy and data exploitation are central to tech monopolies’ power, stronger, simpler rules are needed over complex consent systems. Behavioral advertising should be replaced by contextual models to reduce surveillance and restore balance for publishers. Private right of action can help enforce privacy rights when regulators fail. Global antitrust movements in Europe, Canada, and Asia show more progress than the U.S. Coalition building across privacy, labor, and antitrust advocates is key to countering corporate concentration. Chapters00:00 Introduction and Enshittification explained04:20 How monopolies cause platform decay11:15 Market consolidation and regulatory capture13:30 Tech worker power and the loss of interoperability20:25 Key issues, privacy, competition, and IP27:25 Problems with consent-based privacy systems29:45 Case for banning behavioral advertising41:25 Enforcement and the role of private litigation51:00 Antitrust progress and shifting global momentum55:30 Building coalitions to fight tech monopolies Learn more about your ad choices. Visit megaphone.fm/adchoices

The care and feeding of a successful career - particularly in privacy or regulatory circles remains an under-discussed topic. Career coach Doug Miller joins Alan to discuss the changing role of the privacy pro over the past two decades and the challenges we all face as we try to juggle the goals of making an impact while finding happiness.  Takeaways Privacy executives must engage with the organization to change minds. Building alliances is crucial for effective privacy advocacy. It's important to connect with C-suite members beyond the CEO. Understanding product launch goals can align privacy initiatives. Strategic thinking is essential for future planning in organizations. The context of the industry influences product implementation. Collaboration across teams enhances privacy efforts. Privacy considerations should be integrated into product development. Long-term planning is vital for organizational success. Effective communication can bridge gaps in understanding privacy needs. Career burnout for privacy and regulatory pros is real - Doug shares a number of tips for career development.  Chapters00:00  Introduction & Evolution of Privacy  04:20  Early Privacy Careers & AOL Story  07:30  Mergers, Culture & Lessons Learned  09:20  Shifting from Reactive to Proactive Privacy  16:30  Convincing Leadership & Building Value  20:50  Career Growth, Burnout & Reinvention  38:40  Curiosity, Purpose & Closing Thoughts   Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Alan Chapell is joined by Connecticut State Senator James Maroney as the Senator shares the backstory regarding how he got involved in pushing for a privacy law in Connecticut, how those efforts are impacted by lobbying efforts, and how different states are collaborating to create the privacy and AI patchwork. The Senator also shares what's on his mind when it comes to future privacy and AI laws for Connecticut. The Senator's bio is available at https://www.senatedems.ct.gov/senator/james-maroney/bio" Takeaways Privacy policymaking often starts accidentally, not by design. Lobbying pressure remains the biggest barrier to passing strong privacy laws. Persistence and bipartisan cooperation helped Connecticut succeed after three years. The Global Privacy Control requirement made Connecticut a national privacy leader. Simplified opt-out processes improve user empowerment and enforcement. Consent fatigue weakens privacy protections; minimization is a better path. Broad definitions of personal data can discourage privacy innovation. Data brokers and AI oversight are the next frontiers in state privacy policy. Multi-state collaboration is reshaping privacy and AI governance in the U.S. Federal law should set a strong floor, not a ceiling, for privacy protections. Chapters 00:00 Introduction and Senator Maroney’s background 01:00 How privacy legislation found him 02:32 Early challenges and heavy lobbying resistance 05:04 Lessons from failed attempts and building allies 07:46 Adding the Global Privacy Control requirement 10:02 Balancing consent fatigue with real user protection 12:45 Defining personal vs. de-identified data 15:31 Strengthening Connecticut’s law through updates 17:47 Considering data broker oversight and the DELETE Act 20:31 Multi-state collaboration and AI policy efforts 23:45 Regulating sensitive data and consent standards 27:00 Authorized agents and consumer rights limits 31:02 Rulemaking challenges and avoiding patchwork laws 35:32 Federal preemption, enforcement, and private actions 40:30 Enforcement, lawsuits, and the search for balance 43:00 Closing remarks and UConn basketball predictions Learn more about your ad choices. Visit megaphone.fm/adchoices