Dr Johnny Ryan FRHistS is a Senior Fellow at the Irish Council for Civil Liberties and a Senior Fellow at the Open Markets Institute. He is focused on surveillance, data rights, competition/anti-trust and privacy.

He is former Chief Policy & Industry Relations Officer at Brave, the private web browser. Dr Ryan led Brave’s campaign for GDPR enforcement and liaised with government and industry colleagues globally. His regulatory interventions and expert commentary have appeared in media such as The New York Times, The Economist, Wired, Le Monde, and the front page of The Financial Times. Protocol published a profile about some of his work. He has testified at both the United States Senate and the European Commission.

Our discussion will cover the vast data breach at the heart of the online advertising system, that exposes the private things we see and do online, to thousands of companies who monetise our private data every day. This data breach enables a business model for disinformation and conspiracy, and undermines the business of journalism.

The Irish Council for Civil Liberties ( ICCL – www.iccl.ie ) is Ireland´s leading human rights organisation. Dr. Johnny Ryan is a senior fellow at ICCL focussed on surveillance, data rights, competition/anti-trust and privacy.

His talk centred around 3 issues:

1. The Massive Privacy Breach and How it Effects Legitimate Media

Dr. Ryan talked about the massive data leakage in online advertising. When we visit websites or use apps, information about us (including details of the site visited, a unique ID, gender, phone model, and even our GPS coordinates) are shared with ad exchanges. This is part of the Real-Time Bidding (RTB) process used to determine which adverts you will see. This information is highly sensitive as details like the web-pages you are viewing can reveal a lot about you.

Online advertising is hitting the legitmate media badly. A legitimate media site may get a reasonable fee the first time they show an advert to a high-value web user. But after that other websites can collect advertising revenue for that same web user at a lower fee. In this way, the advertising model of legitimate media is totally undermined and the “bottom of the web” is taking their revenue.

2. Competition Crisis & Anti-trust

Dr. Ryan stressed the importance of “purpose limitation” – the idea that when information/data is collected for a particular purpose it should not be used for another purpose. The digital giants do not ringfence data in this way. Instead, Big Tech cascades data from market-to-market using information collected in one market in another. This destroys competition and results in monopolies across different markets.

If purpose limitation was enforced against Big Tech it would be like a lobotomy for these companies.

3. Enforcement Problems

The enforcers have the power to act against what Big Tech are doing but it´s not happening. Why? Because GDPR really only exists on paper. Within the EU the different Data Protection Authorities have very few tech speciality investigators: 305 people across all the countries.

Ireland was meant to be a “super-regulator,” but other member states are now side-stepping Ireland. The European Court of Justice said this was legitimate due to “persistent administrative inertia.”

If GDPR loses credibility, so does Europe. 

Final thoughts:

“This is not a good place to be” & “Never use the internet, that’s the answer” Ouch!