August 3, 2022 • 35 mins
Mark Zuckerberg has said that Facebook and Instagram might have to shut down operations if there's not a change to EU privacy requirements. It turns out that's not a threat, it's a cry for help. We learn about what might force these platforms out of the EU.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Welcome to Tech Stuff, a production from I Heart Radio.
Hey there, and welcome to tech Stuff. I'm your host
Jonathan Strickland. I'm an executive producer with I Heart Radio.
And how the tech are you so? Not long ago,
David Meyer wrote a piece titled even Facebook's critics don't
(00:25):
grasp how much troubled meta is in and he wrote
it for Fast Company. And if you've been keeping up
with meta slash Facebook, you probably have a long list
of things that Meyer could have been referring to. Could
it be that various governments, such as the United States
are frequently scrutinizing meta and calling company leaders to appear
(00:48):
before legislative bodies to answer tough questions. Could it be
the fact that TikTok continues to dominate as the social
platform favored by younger people, meaning that meta slash Facebook's
user base is slowly aging out and it's not replacing
it when new younger users. Is it that the company
jumped the gun in an effort to be the front
(01:10):
runner to define whatever the heck the metaverse is going
to be? Well, all of those are factors that should
be matters of concern for Facebook executives and for shareholders.
But what Meyer was talking about with something else, something
involving privacy and the law and a change that happened
a couple of years ago that has affected everything. So
(01:33):
on July twenty twenty, the European Union's Court of Justice
made a decision that would have enormous consequences. It concluded
that an earlier data transfer process called the EU US
Privacy Shield was not sufficient to protect the private data
(01:54):
of EU citizens, and that it would thus be struck down.
It would be invalidated. This has massive repercussions for companies
like Meta, not just Mata, in fact, as repercussions for
any company that operates within the EU, but in fact
has it's you know, any kind of data transfers that
exit the EU. So Mark Zuckerberg said essentially that unless
(02:19):
the EU changes the stance or makes an exception for
the company, platforms like Facebook and Instagram will have to
pull out of the European Union. That sounds kind of
like they're making a threat, right, like somehow you know
Zuckerberg saying, Hey, if you don't play by my rules,
I'm taking my ball and going home. But really this
is more of a plea. It's really more, please, please,
(02:42):
please don't do this, because I can't do my thing
if you do. So. Today I thought I would talk
about what the privacy shield was, why it existed, why
the EU decided it wasn't sufficient, what they're planning in
its place, and what all this means for come Benese
like Meta. To do that, we actually have to look
(03:03):
back at the history of the EU and its stands
on data privacy and security. Now, depending on how you
look at it, the EU really traces its history back
to the conclusion of World War Two, but the single
market that we would refer to as the European Union
would not formally emerge until nine Now. Around that same time,
(03:24):
there was a growing general awareness about the Internet, in
large part helped by the introduction of something new called
the Worldwide Web, and it would take a few years
for the Web and the Internet at large to really
gain a foothold in the minds of the mainstream public,
but some leaders in the EU were already dealing with
concepts like data privacy. Data privacy doesn't just require you know,
(03:50):
digital transfers, right like, you don't have to have that
be part of the process for data privacy to be
a concern, and in fact, the countries that made up
the European Union had already been concerned about protecting EU
citizen privacy when dealing with companies that existed outside the
European Union. How can you guarantee that their private data
(04:14):
remains safe when it's going into the hands of companies
that aren't based in the European Union itself. That had
already been a concern, but the EU member states knew
that there needed to be put in place laws that
could protect citizen data, that there are fundamental rights associated
(04:35):
with data that have to be protected. To that end,
the EU built upon an earlier, non binding list of
guiding principles relating to protecting citizen information. These principles included
pretty common stuff like alerting someone as to win their
(04:55):
data would be collected, a requesting consent before the disclose
that information to some other party. So if you were
to collect an e uses and information, you would then
have to get their consent before you could share it
with someone else, and various other concepts that are pretty
common to what we see in in privacy protection laws.
(05:16):
They had been around before the rise of the Internet,
but because they were non binding, they didn't really have
any teeth to them. It was like, it would be
nice if everyone agreed to obey these things, but there
was no requirement to do so. The EU decided to
formally establish data privacy rules, though these would have limitations
(05:38):
to which we'll talk about and that. These rules became
known as the Data Protection Directive or dp D. This
directive set out the parameters for when and how entities
would be allowed to collect European Union citizen information and
how they could use it. Specifically, you know, how they
(05:58):
would be allowed to use it if it required a
transfer outside the EU and U, and also how they
were to alert citizens of things like collecting their data.
Each member's state of the EU was responsible for establishing
a supervisory department to make sure that all parties were
complying with this directive, and the directive stated that the
(06:19):
only time data could be shared with countries outside the
European Union is when those countries could adequately protect the
data's security. So if a if a country or company
was unable to do that, then by this directive, it
would not be allowed to transfer information outside the EU
(06:42):
now right away. These rules created challenges both within and
without the EU and when you really break it all down,
all traffic on the Internet is information, and a lot
of that information ends up including personal identification information or
at least personally identify alable information. So you might argue
(07:03):
that personal information should only include stuff like, you know,
a legal information like a person's name, or their address,
or their birth date or maybe the hospital where they
were born. That kind of stuff. You know, information that
relates directly to that individual, and when you take this
information in a hole, it's more or less unique to
(07:25):
that person. I have to say more or less simply
because you know, weird stuff. Anyway, that kind of information
is absolutely important. It is worthy of being protected, and
it's very easy to define. Right. You could say, this
information directly corresponds to this individual, therefore we need to
protect it. But then there's also other information that, well,
(07:45):
not specifically about a particular individual, could collectively identify that
person all the same, So an IP address could be
part of that. You might argue that's personal information, or
you might argue, well, IP addresses aren't fully reliable because
you could use something like a VPN which would hide
(08:07):
your IP address, so you can't just rely on that
to identify a person. However, it falls into this gray area.
But then there's stuff like the person's browsing behaviors, you know,
what they like, what they don't like, how long they
stay on a page. All of these things can actually
start to create a digital fingerprint that points to a
specific person. And it sounds wild, but it really doesn't
(08:31):
take that many points of data to narrow down folks
and figure out who created those data points. In the
old days, doing that would have been tough simply because
you're talking about a lot of data being generated and
then trying to suss out what is signaled based on
all the noise, you know, to actually analyze that information
to get something useful out of it. It was a
(08:52):
time consuming process and it just you know, when you
look at it from a return on investment standpoint. In
the old days, it just it makes sense, right, unless
you were going after someone specific for nefarious purposes. You
wouldn't do that for just anybody because it was too
much effort. However, we have gotten a lot better at
analyzing enormous data sets in a short amount of time
(09:14):
using things like artificial intelligence and machine learning and various algorithms,
so this has become less of an obstacle. It's not
like science fiction level yet, but it's pretty darn close.
So now some of the technical restrictions that meant we
didn't have to worry about this so much in the
past aren't really a thing anymore. Anyway, The euse directive
(09:39):
meant that the United States, that the country you know,
where the Internet got its start, would need to figure
out a way to comply with this set of rules
if it wanted to allow information to pass between the
US and the EU. Because a lot of these companies,
their servers all exist within the United States, so by
the nature of their business this any any information that
(10:01):
would be coming from the European Union would have to
go across the Atlantic to a server in the US.
To that end, some EU officials began to piece together
what would become known as the International Safe Harbor Privacy Principles.
Now we're going to take a quick break, but when
we come back, I'll talk a bit about Safe Harbor,
what it was meant to do, and why it no
(10:24):
longer is a thing. But first, these messages, the International
Safe Harbor Privacy Principles. What the heck was this? Well,
it was a program that US companies could apply to join.
(10:45):
The companies would apply for certification, and that certification essentially
said these companies are taking the necessary steps to protect
user data so they can be considered to be compliant
with the Data Protection Directive that the EU had obviously passed.
So ultimately, the goal here was to prevent the accidental
disclosure of EU citizen private information that happened to be
(11:10):
stored on servers within the United States so it's outside
the e use control. This was the system by which
companies would guarantee they would make sure that data would
remain safe. The Safe Harbor system became effective in two thousand.
It took several years for it to formalize and then
to be enacted, and US companies that receive certification under
(11:33):
Safe Harbor and then registered with the EU would be
allowed to operate things that would transfer data between the
U S and EU without much trouble. Oh and in
order to qualify, those companies would also have to be
companies that were regulated by the United States FTC, Federal
Trade Commission, or the Department of Transportation. Those were the
(11:54):
only companies that could qualify for Safe Harbor. Anything that
didn't fall into those categories was an exception, and that
actually cuts back on a lot of businesses, believe it
or not. Now, something that I'm sure will not surprise
many of you out there is that various reviews that
were done on this system showed that a lot of
the participating US companies were not complying with the program,
(12:18):
at least not to the extent that they should. Companies
were found to be reluctant to actually enforce the principles
defined by the Safe Harbor program, and questions arose as
to whether or not the industry could really be self regulating,
like can we trust these companies to regulate themselves? And
of course we can't. All right, so quick side rant,
(12:41):
But this applies directly to the topic. So, the currency
of the modern world isn't bitcoin, It's not any other
cryptocurrency because it goes a level deeper than that. The
currency of the modern world is information. Data is valuable
you or data is valuable. If it weren't companies like
(13:04):
Meta Slash, Facebook or Google, they wouldn't even exist if
your data had no value. These companies depend upon us
generating information, which the companies can then leverage in various ways. Now,
an obvious way they do this is through advertising, specifically
targeted advertising. You know, by analyzing the information I generate,
(13:25):
a platform like Facebook or Google can suss out what
matters to me and to compare my experience with ads
that are more likely to get my attention and my action.
That is money right there that is incredibly valuable to
these platforms. It's incredibly valuable to the advertisers and to
their clients. So my information does have value. Yours does too.
(13:50):
But even beyond targeted advertising, this information has incredible value.
Through real time analysis of browsing data across millions or
hundreds of millions of users, platforms can detect and respond
to trends before anyone is even aware that there is
a trend there. So I think back to the description
(14:12):
of chaos theory that says, imagine the flap of butterflies
wings in South America setting into motion the variables that
are necessary to generate a typhoon that hits Southeast Asia.
That it without that one instigating event, the variables are
not in the right place to make that happen. Well,
think for a moment about how many people use platforms
(14:35):
like Google or Amazon or Facebook individually that users. Data
is valuable, right, but collectively across all users, that can
drive corporate strategy. So there should be absolutely no surprise
that companies are eager to exploit information personal information. It's
(14:56):
key to their business model and their success. Which is
why it's also not a big surprise that a lot
of companies were slacking off when it came to self
regulation and complying with the principles of safe harbor. If
the companies could get away with it, if they could
operate without having to actually worry about complying with these rules,
(15:17):
then they do it. And I'm sure there were no
shortage of companies that weren't being outright nefarious or flaunting
the law or anything like that. But we're falling short
of holding up to their end of the bargain, you know,
because it's also hard to do. It's hard to pull
off and still do business in a way that is
cost effective. Right, in order to comply with these rules,
(15:40):
you do have to spend some money, honestly, was what
it really comes down to. It might not be money money,
it might be more assets and resources or time or whatever,
but it's ultimately a cost. Whatever the reason, it was
clear that this particular approach to protecting information wasn't sufficient
if the EU actually wanted to keep EU citizen information
(16:01):
secure and servers that weren't even in the European Union
all right. Flash forward to two thousand and twelve, the
EU decided it needed to take another stab at creating
a unified data protection law to replace the Data Protection Directive.
So the Director had ultimately been too lucy goosey, and
that meant that different member nations had different principles and
(16:22):
enforcement strategies. It was two piecemeal and it wasn't unified
the way a European Union needed to be. So this
new law would resolve the various differences between the different
implementations and the member states of the EU and create
a more coherent policy that it was EU wide and
would protect citizen data privacy. That took four years two
(16:47):
actually formalize, but in April fourteen sixteen, the EU approved
the new set of rules called the General Data Protection
Regulation or g d p R, and this became a
truly huge deal for any company outside the EU that
wanted to do business inside the EU, particularly for Internet
based companies. The rules covered any entity that processed or
(17:11):
transmitted data from within the EU to somewhere else. A
whole bunch of other stuff was in those rules too,
But I've done episodes about g d p R in
the past, so we're just gonna say this was a
more broad, sweeping, and yet unified approach to data privacy,
and it created big old headaches for companies around the
world to ensure that they were compliant with g DPR.
(17:34):
In fact, to this day, that's still a big thing. Ultimately,
that's at the heart of the meta problem we were
talking about. It was g d p R that would
necessitate things like a pop up message that would alert
users to a sites reliance on web cookies, for example,
because that's a type of tracking. It would also require
foreign services to expressly ask for the consent of users
(17:56):
in order to collect their data. And you know, companies
tried to find in different creative ways to get around
that to maximize the number of people who had quote
unquote uh agree to this by making it a difficult
thing to opt out of. That doesn't fly very well
on the g d PR. There are a lot of
regulatory agencies that pounce on that kind of practice. They're
(18:18):
also supposed to explain how information is going to be used,
and to give people the opportunity to opt out of
any data collection and that kind of thing. So the
g d p R replaced the Data Protection Directive and
became enforceable in all right now in the meantime where
that was happening, the Safe Harbor Principles, which remember this
was a framework that companies could follow in order to
(18:42):
be considered UH safe under g d p R rules
that had already been invalidated by the EU in ten
They said, well, you know, Data Protection Directive is not
sufficient and Safe Harbor, which was designed to work within
Data protet Action Directive that by extension, is not sufficient,
(19:03):
so it doesn't apply anymore. It was not robust enough
to satisfy the requirements of the upcoming g DPR. So
the European Commission and the United States government negotiated a
new political agreement to codify rules on how commercial transatlantic
exchanges of personal information from EU citizens to U S
servers could actually happen. Those rules would become known as
(19:28):
the EU US Privacy Shield. Like the Safe Harbor Principles,
this was really meant to create a framework in which
companies could operate legally within the European Union. US companies
that gather user data would have to comply with this
set of rules in order to make services available to
citizens in the EU, Otherwise they would be violating privacy
(19:50):
law in Europe. Like the previous system, the Privacy Shield
includes guiding principles that all organizations are expected to follow.
While it beefed up some other protections incorporated into the
previous systems, critics were worried that there were still some
big gaps in the Privacy Shield process and that ultimately
(20:11):
it would get challenged and struck down by the European Commission,
and those concerns likely went into overdrive in twenty seventeen
when then President Donald Trump signed an executive order that
denied US privacy protections to anyone who is not a
US citizen or resident. So, in other words, according to
that executive order, US companies would not be held accountable
(20:34):
for guaranteeing data privacy and security for any non US
citizens or residents. Considering that g DPR demands that any
entity that transfers e U citizen data overseas must protect
that information, that was a problem. By the way. Joe
Biden would later rescind that executive order in one but
by then things that already changed in Europe. So we're
(20:58):
going to talk about those chain ages and how Privacy
Shield would follow in the footsteps of Safe Harbor and
get invalidated after we come back from these messages. So,
as I was alluding before the break the critics of
(21:20):
the Privacy Shield process who said this is not going
to be seen as sufficient, that we're absolutely right. The
EU Commission reviewed the Privacy Shield policy in twenty and
determined that it was not enough to protect EU citizen
private data and struck it down. Specifically, there were concerns
that the US government would be able to conduct surveillance
(21:44):
on EU citizen data and that under EU law that
was a violation of of human rights and freedom rights
of EU citizens. So there was a need to formulate
yet another data privacy framework that would address this issue,
and that's kind of where we are now. See, without
a framework, it becomes very difficult to do business in
(22:07):
the European Union. The framework, you know, it smooths things out,
it speeds things up because it's it's one point one
system that companies in say, well specifically the United States,
can go through in order to qualify to do business
in the EU and be considered compliant with the rules
(22:29):
of g d p R. So this new framework is
still taking shape. It doesn't exist yet, it is in
the process of existing, and it will take even longer
for the EU to formalize and adopt and enforce that
rule once it is finished. In the meantime, we're in
an era where things are really unstable now. One way
(22:53):
companies have managed to continue to operate in the absence
of a formal framework is to file what are called
standard contractual clauses or sc c s with the EU.
You can think of this as essentially being a legal agreement,
and that this legal agreement provides a guarantee that the
(23:14):
non EU company is taking pains to conform to g
d p R requirements, so it's essentially saying, you know,
we're obeying the rules. Securing sccs can be time consuming
and it isn't a smooth process, at least not as
smooth as being able to just apply to a framework
(23:39):
like Privacy Shield or Safe Harbor, so it can be
a bit of a headache. And now let's talk about
Ireland and its Data Protection Commission or DPC, because this
relates directly to the Meta story. The DPC determined back
in twenty that two of Meta's platforms, namely face Book
(24:00):
and Instagram, relied on a data controller that could not
provide a guarantee that data from Irish citizens would be
protected from US government surveillance, and so by extension that
would violate data privacy laws in the EU. That would
also mean that Meta would not qualify for an sc C,
(24:23):
at least in terms of Facebook and Instagram. WhatsApp, a
totally different platform, uses a completely different data controller and
is not part of this like WhatsApp, can operate in
the EU find because it is not subject to the
same vulnerabilities that Facebook and Instagram are. Then, last month,
(24:43):
which for those listening in the future would be July
of two thousand twenty two, the DPC, this regulatory agency
in Ireland, filed an updated draft order to shut down
Instagram and Facebook services in the U and filed that
with other regulators within the EU. So the other member
(25:06):
states that have regulated Tory agencies, they all received a
filing of this updated draft decision. While the contents of
that order weren't made entirely public, it did become clear
that DPC was telling other regulators that they should halt
Facebook and Instagram's ability to transfer EU citizen data to
the US because it could not guarantee safety against US surveillance.
(25:30):
This would effectively shut down Facebook and Instagram within the
European Union and to EU citizens. So let's get into
some complicated political stuff now. Under Article sixty of the
g d p R, the rest of the EU's data
protection agencies have four weeks from that filing to comment
(25:53):
on the dpc's conclusion. Uh. Those four weeks are up
this week, by the way. So if after four weeks
there are no objections to the dpc's decision, which is
again to essentially shutter Facebook and Instagram within the EU,
that decision then becomes binding YEWSA. Now, if there are objections,
(26:17):
which you know likely there are some, then the DPC,
the Irish regulatory agency, has two weeks to respond and
address any objections, or alternatively, they can choose not to
change anything and just submit their decision to the European
Data Protection Board or e d p B. This is
(26:38):
like the overall regulatory agency the agency of regulatory agencies,
and the e d p B would then decide whether
or not the decision should apply across the European Union.
The e d p B, which by the way is
hard to say quickly, would have one month to make
that decision, uh, though it could also request a month
(27:00):
extension if the board determined that the matter is complicated
enough to warrant more consideration, So two months maximum to
decide on this matter. At that point, After a month
or two months if it's extended, the board would go
to a vote. If the vote passes in either direction
by two thirds majority, then that's the decision. So you
(27:23):
have to have a two thirds majority for there to
be a clear decision on the matter. If it doesn't
get two thirds, then the whole thing is given another
two weeks of debate and then it goes to another vote,
and then this one just requires a simple majority. So
it does get bureaucratically complicated. If like all of this
plays out, now, will that happen? That's hard to say.
(27:46):
Let's take a few different scenarios in turn. So Ireland's
DPC filed the decision in early July, it's already been
four weeks. So if no other data protection agency in
the EU has objected to the dpc's conclusion whom the
decision becomes binding and will know really soon. If some
data protection agency objected, well, then that adds another two
(28:07):
weeks for the DPC to respond, at which point, if
there are no other objections, boom, decision becomes binding or
the DPC might submit this decision to the overall agency,
the e d p B. And boy, how do these
initialisms are really getting clunky? And the e d p
B would have at least one month at most two
(28:28):
to come to a vote on the matter. If the
vote fails to gain two thirds majority in either direction,
then again another two weeks and then it goes to
another vote with majority rules. Meta has indicated that it
might have to shut down its services of Facebook and
Instagram in the EU anyway, at least until the new
framework takes effect. The new framework is called the Transatlantic
(28:51):
Data Privacy Framework, and even then it's uncertain because, after all,
the European Commission has already determined that two seating frameworks,
safe Harbor and Privacy Shield, that were meant to be
in in compliance with EU law, we're lacking and both
of those got struck down, So there's no guarantee that
(29:14):
the same thing would not happen yet. Again, this raises
the question if it's even possible for a company like
Meta to operate these services in the EU, at least
the way it has been doing without a massive overhaul
and its data handling services. Maybe if Meta were to
establish EU centric servers that were separate from everything else,
(29:36):
it was not sending EU data to any place outside
the European Union. It was like a EU specific version
of Facebook and an EU specific version of Instagram. Maybe
then it would be fine, but that would be kind
of ridiculous. Also, I have a feeling that a lot
of users would be upset that they wouldn't be able
to access or interact with stuff outside the EU. Or
(29:58):
if Meta were able to guarantee that it's, you know,
the the agencies that are handling data from the EU
to the US were in fact, uh protected against US surveillance,
then maybe it would be all right. But it can't,
at least not now. Now. It's possible that this new framework,
once enacted, would allow METTA to continue operating Facebook and
(30:21):
Instagram within the EU through some sort of exception, though
again there's no guarantee that this framework will withstand court scrutiny.
Over time. This is the situation that Meyer referred to
in that article in Fast Company that Meta may have
no choice but to stop offering Facebook and Instagram services
to EU citizens. Meyer also quotes a Facebook investor named
(30:44):
Robert mcnami who snarkily said that this could be a
real disaster for Meta because users would soon figure out
that they're much better off without access to those platforms.
I happen to agree with macnamy as someone who got
off of Instagram and Facebook. Um, I feel like I'm
better off for doing that. Better off in the larger sense.
(31:06):
I do miss being able to interact with my friends
in a concentrated, easy way. It does take a little
more effort, and you quickly figure out which friends decide
you're worth that effort, all right. Obviously, the loss of
a market the size of the European Union would be
a huge blow to Meta, a company that's already dealing
(31:28):
with other crises. Not still too early to say if
that's definitely gonna happen, But no matter what the outcome,
this ongoing struggle to find ways for non EU companies
to comply with EU privacy laws is going to be
an enormous challenge it has been and it will continue
to be. EU regulators and politicians are exceedingly wary about
(31:51):
the sincerity of US companies when it comes to their
claims of protecting information, and for good reason. There's lots
of evidence to point that we should be suspicious of
those kinds of claims. And while I have focused on
Meta in this episode, the truth is those requirements apply
to all non EU companies. H And I've been really
(32:11):
focusing on the US here, but that applies to anything
outside the EU. So doing business in the Internet age
and doing business within the EU is going to require
regular investment to assure the EU that companies are playing
by the rules. And uh, that's just gonna be difficult.
You have entire companies that exists as consulting firms to
(32:33):
help other companies make sure that they are complying by
the rules, because the cost of business if you're found
by some regulatory agency in the EU too have fallen short,
is enormous. That's what Meta is going through now. I
don't know if Facebook and and Instagram or are not
long for this world in the EU. UM, we will
(32:54):
have to keep our eyes on it. It wouldn't surprise
me if we see politicians struggle to make sure that
there remains access within the EU for these platforms. They're
incredibly popular, they're important for things like small businesses within
the EU. But you know, you have the regulators and
then you have the politicians, and politicians move slowly when
(33:15):
it comes to creating these policies that sometimes get overturned
later on, regulators move way faster. So it may see
that we'll see in eruptions in service, perhaps with a return.
I mean there you would have to imagine that Meta
would want to return even if it's business is curtailed
for you know, some indeterminate length of time, because you
(33:38):
don't want to leave money on the table. Anyway, I
thought that that was an interesting topic. It relates heavily
to technology because ultimately it is very hard to guarantee
data security. Uh, it's it's hard to do because often
you come up with ways that data is really valuable
(34:00):
you want to use it, and sometimes that breaks the
rules or sometimes it's it's just hard because creating any
secure system is incredibly difficult. If someone's really determined to
get access to a secure system, often they can find
a way. So yeah, a difficult difficult challenge and uh
you know, the European Union has created laws that in
(34:23):
many ways have made it difficult to innovate uh in
in certain ways and also comply with those laws. That's
not necessarily a bad thing, you know. It may be
that whatever the innovation was isn't worth the trade off
in privacy and security, but it also means that it
(34:44):
creates this extra hurdle that innovators and companies and and
all sorts of people have to get over in order
to make their vision a reality. Um. Yeah, it's a
balancing act. Well, that's it for this episode. If you
have some sugestions for future episodes of tech Stuff, please
reach out to me and let me know. One way
to do that is to download the I Heart radio app.
(35:07):
It is free to download. You can then search for
tech Stuff, navigate over to the podcast page. There's a
little microphone icon there. If you click on that, you
can leave a voice message up to thirty seconds in
length let me know what you would like to hear,
or if you prefer, you can reach out on Twitter.
The handle for the show is tech Stuff H s
W and I'll talk to you again really soon. Tech
(35:35):
Stuff is an i heart Radio production. For more podcasts
from my heart Radio, visit the i heart Radio app,
Apple Podcasts, or wherever you listen to your favorite shows.
Welcome to Tech Stuff, a production from I Heart Radio.
Hey there, and welcome to tech Stuff. I'm your host
Jonathan Strickland. I'm an executive producer with I Heart Radio.
And how the tech are you so? Not long ago,
David Meyer wrote a piece titled even Facebook's critics don't
(00:25):
grasp how much troubled meta is in and he wrote
it for Fast Company. And if you've been keeping up
with meta slash Facebook, you probably have a long list
of things that Meyer could have been referring to. Could
it be that various governments, such as the United States
are frequently scrutinizing meta and calling company leaders to appear
(00:48):
before legislative bodies to answer tough questions. Could it be
the fact that TikTok continues to dominate as the social
platform favored by younger people, meaning that meta slash Facebook's
user base is slowly aging out and it's not replacing
it when new younger users. Is it that the company
jumped the gun in an effort to be the front
(01:10):
runner to define whatever the heck the metaverse is going
to be? Well, all of those are factors that should
be matters of concern for Facebook executives and for shareholders.
But what Meyer was talking about with something else, something
involving privacy and the law and a change that happened
a couple of years ago that has affected everything. So
(01:33):
on July twenty twenty, the European Union's Court of Justice
made a decision that would have enormous consequences. It concluded
that an earlier data transfer process called the EU US
Privacy Shield was not sufficient to protect the private data
(01:54):
of EU citizens, and that it would thus be struck down.
It would be invalidated. This has massive repercussions for companies
like Meta, not just Mata, in fact, as repercussions for
any company that operates within the EU, but in fact
has it's you know, any kind of data transfers that
exit the EU. So Mark Zuckerberg said essentially that unless
(02:19):
the EU changes the stance or makes an exception for
the company, platforms like Facebook and Instagram will have to
pull out of the European Union. That sounds kind of
like they're making a threat, right, like somehow you know
Zuckerberg saying, Hey, if you don't play by my rules,
I'm taking my ball and going home. But really this
is more of a plea. It's really more, please, please,
(02:42):
please don't do this, because I can't do my thing
if you do. So. Today I thought I would talk
about what the privacy shield was, why it existed, why
the EU decided it wasn't sufficient, what they're planning in
its place, and what all this means for come Benese
like Meta. To do that, we actually have to look
(03:03):
back at the history of the EU and its stands
on data privacy and security. Now, depending on how you
look at it, the EU really traces its history back
to the conclusion of World War Two, but the single
market that we would refer to as the European Union
would not formally emerge until nine Now. Around that same time,
(03:24):
there was a growing general awareness about the Internet, in
large part helped by the introduction of something new called
the Worldwide Web, and it would take a few years
for the Web and the Internet at large to really
gain a foothold in the minds of the mainstream public,
but some leaders in the EU were already dealing with
concepts like data privacy. Data privacy doesn't just require you know,
(03:50):
digital transfers, right like, you don't have to have that
be part of the process for data privacy to be
a concern, and in fact, the countries that made up
the European Union had already been concerned about protecting EU
citizen privacy when dealing with companies that existed outside the
European Union. How can you guarantee that their private data
(04:14):
remains safe when it's going into the hands of companies
that aren't based in the European Union itself. That had
already been a concern, but the EU member states knew
that there needed to be put in place laws that
could protect citizen data, that there are fundamental rights associated
(04:35):
with data that have to be protected. To that end,
the EU built upon an earlier, non binding list of
guiding principles relating to protecting citizen information. These principles included
pretty common stuff like alerting someone as to win their
(04:55):
data would be collected, a requesting consent before the disclose
that information to some other party. So if you were
to collect an e uses and information, you would then
have to get their consent before you could share it
with someone else, and various other concepts that are pretty
common to what we see in in privacy protection laws.
(05:16):
They had been around before the rise of the Internet,
but because they were non binding, they didn't really have
any teeth to them. It was like, it would be
nice if everyone agreed to obey these things, but there
was no requirement to do so. The EU decided to
formally establish data privacy rules, though these would have limitations
(05:38):
to which we'll talk about and that. These rules became
known as the Data Protection Directive or dp D. This
directive set out the parameters for when and how entities
would be allowed to collect European Union citizen information and
how they could use it. Specifically, you know, how they
(05:58):
would be allowed to use it if it required a
transfer outside the EU and U, and also how they
were to alert citizens of things like collecting their data.
Each member's state of the EU was responsible for establishing
a supervisory department to make sure that all parties were
complying with this directive, and the directive stated that the
(06:19):
only time data could be shared with countries outside the
European Union is when those countries could adequately protect the
data's security. So if a if a country or company
was unable to do that, then by this directive, it
would not be allowed to transfer information outside the EU
(06:42):
now right away. These rules created challenges both within and
without the EU and when you really break it all down,
all traffic on the Internet is information, and a lot
of that information ends up including personal identification information or
at least personally identify alable information. So you might argue
(07:03):
that personal information should only include stuff like, you know,
a legal information like a person's name, or their address,
or their birth date or maybe the hospital where they
were born. That kind of stuff. You know, information that
relates directly to that individual, and when you take this
information in a hole, it's more or less unique to
(07:25):
that person. I have to say more or less simply
because you know, weird stuff. Anyway, that kind of information
is absolutely important. It is worthy of being protected, and
it's very easy to define. Right. You could say, this
information directly corresponds to this individual, therefore we need to
protect it. But then there's also other information that, well,
(07:45):
not specifically about a particular individual, could collectively identify that
person all the same, So an IP address could be
part of that. You might argue that's personal information, or
you might argue, well, IP addresses aren't fully reliable because
you could use something like a VPN which would hide
(08:07):
your IP address, so you can't just rely on that
to identify a person. However, it falls into this gray area.
But then there's stuff like the person's browsing behaviors, you know,
what they like, what they don't like, how long they
stay on a page. All of these things can actually
start to create a digital fingerprint that points to a
specific person. And it sounds wild, but it really doesn't
(08:31):
take that many points of data to narrow down folks
and figure out who created those data points. In the
old days, doing that would have been tough simply because
you're talking about a lot of data being generated and
then trying to suss out what is signaled based on
all the noise, you know, to actually analyze that information
to get something useful out of it. It was a
(08:52):
time consuming process and it just you know, when you
look at it from a return on investment standpoint. In
the old days, it just it makes sense, right, unless
you were going after someone specific for nefarious purposes. You
wouldn't do that for just anybody because it was too
much effort. However, we have gotten a lot better at
analyzing enormous data sets in a short amount of time
(09:14):
using things like artificial intelligence and machine learning and various algorithms,
so this has become less of an obstacle. It's not
like science fiction level yet, but it's pretty darn close.
So now some of the technical restrictions that meant we
didn't have to worry about this so much in the
past aren't really a thing anymore. Anyway, The euse directive
(09:39):
meant that the United States, that the country you know,
where the Internet got its start, would need to figure
out a way to comply with this set of rules
if it wanted to allow information to pass between the
US and the EU. Because a lot of these companies,
their servers all exist within the United States, so by
the nature of their business this any any information that
(10:01):
would be coming from the European Union would have to
go across the Atlantic to a server in the US.
To that end, some EU officials began to piece together
what would become known as the International Safe Harbor Privacy Principles.
Now we're going to take a quick break, but when
we come back, I'll talk a bit about Safe Harbor,
what it was meant to do, and why it no
(10:24):
longer is a thing. But first, these messages, the International
Safe Harbor Privacy Principles. What the heck was this? Well,
it was a program that US companies could apply to join.
(10:45):
The companies would apply for certification, and that certification essentially
said these companies are taking the necessary steps to protect
user data so they can be considered to be compliant
with the Data Protection Directive that the EU had obviously passed.
So ultimately, the goal here was to prevent the accidental
disclosure of EU citizen private information that happened to be
(11:10):
stored on servers within the United States so it's outside
the e use control. This was the system by which
companies would guarantee they would make sure that data would
remain safe. The Safe Harbor system became effective in two thousand.
It took several years for it to formalize and then
to be enacted, and US companies that receive certification under
(11:33):
Safe Harbor and then registered with the EU would be
allowed to operate things that would transfer data between the
U S and EU without much trouble. Oh and in
order to qualify, those companies would also have to be
companies that were regulated by the United States FTC, Federal
Trade Commission, or the Department of Transportation. Those were the
(11:54):
only companies that could qualify for Safe Harbor. Anything that
didn't fall into those categories was an exception, and that
actually cuts back on a lot of businesses, believe it
or not. Now, something that I'm sure will not surprise
many of you out there is that various reviews that
were done on this system showed that a lot of
the participating US companies were not complying with the program,
(12:18):
at least not to the extent that they should. Companies
were found to be reluctant to actually enforce the principles
defined by the Safe Harbor program, and questions arose as
to whether or not the industry could really be self regulating,
like can we trust these companies to regulate themselves? And
of course we can't. All right, so quick side rant,
(12:41):
But this applies directly to the topic. So, the currency
of the modern world isn't bitcoin, It's not any other
cryptocurrency because it goes a level deeper than that. The
currency of the modern world is information. Data is valuable
you or data is valuable. If it weren't companies like
(13:04):
Meta Slash, Facebook or Google, they wouldn't even exist if
your data had no value. These companies depend upon us
generating information, which the companies can then leverage in various ways. Now,
an obvious way they do this is through advertising, specifically
targeted advertising. You know, by analyzing the information I generate,
(13:25):
a platform like Facebook or Google can suss out what
matters to me and to compare my experience with ads
that are more likely to get my attention and my action.
That is money right there that is incredibly valuable to
these platforms. It's incredibly valuable to the advertisers and to
their clients. So my information does have value. Yours does too.
(13:50):
But even beyond targeted advertising, this information has incredible value.
Through real time analysis of browsing data across millions or
hundreds of millions of users, platforms can detect and respond
to trends before anyone is even aware that there is
a trend there. So I think back to the description
(14:12):
of chaos theory that says, imagine the flap of butterflies
wings in South America setting into motion the variables that
are necessary to generate a typhoon that hits Southeast Asia.
That it without that one instigating event, the variables are
not in the right place to make that happen. Well,
think for a moment about how many people use platforms
(14:35):
like Google or Amazon or Facebook individually that users. Data
is valuable, right, but collectively across all users, that can
drive corporate strategy. So there should be absolutely no surprise
that companies are eager to exploit information personal information. It's
(14:56):
key to their business model and their success. Which is
why it's also not a big surprise that a lot
of companies were slacking off when it came to self
regulation and complying with the principles of safe harbor. If
the companies could get away with it, if they could
operate without having to actually worry about complying with these rules,
(15:17):
then they do it. And I'm sure there were no
shortage of companies that weren't being outright nefarious or flaunting
the law or anything like that. But we're falling short
of holding up to their end of the bargain, you know,
because it's also hard to do. It's hard to pull
off and still do business in a way that is
cost effective. Right, in order to comply with these rules,
(15:40):
you do have to spend some money, honestly, was what
it really comes down to. It might not be money money,
it might be more assets and resources or time or whatever,
but it's ultimately a cost. Whatever the reason, it was
clear that this particular approach to protecting information wasn't sufficient
if the EU actually wanted to keep EU citizen information
(16:01):
secure and servers that weren't even in the European Union
all right. Flash forward to two thousand and twelve, the
EU decided it needed to take another stab at creating
a unified data protection law to replace the Data Protection Directive.
So the Director had ultimately been too lucy goosey, and
that meant that different member nations had different principles and
(16:22):
enforcement strategies. It was two piecemeal and it wasn't unified
the way a European Union needed to be. So this
new law would resolve the various differences between the different
implementations and the member states of the EU and create
a more coherent policy that it was EU wide and
would protect citizen data privacy. That took four years two
(16:47):
actually formalize, but in April fourteen sixteen, the EU approved
the new set of rules called the General Data Protection
Regulation or g d p R, and this became a
truly huge deal for any company outside the EU that
wanted to do business inside the EU, particularly for Internet
based companies. The rules covered any entity that processed or
(17:11):
transmitted data from within the EU to somewhere else. A
whole bunch of other stuff was in those rules too,
But I've done episodes about g d p R in
the past, so we're just gonna say this was a
more broad, sweeping, and yet unified approach to data privacy,
and it created big old headaches for companies around the
world to ensure that they were compliant with g DPR.
(17:34):
In fact, to this day, that's still a big thing. Ultimately,
that's at the heart of the meta problem we were
talking about. It was g d p R that would
necessitate things like a pop up message that would alert
users to a sites reliance on web cookies, for example,
because that's a type of tracking. It would also require
foreign services to expressly ask for the consent of users
(17:56):
in order to collect their data. And you know, companies
tried to find in different creative ways to get around
that to maximize the number of people who had quote
unquote uh agree to this by making it a difficult
thing to opt out of. That doesn't fly very well
on the g d PR. There are a lot of
regulatory agencies that pounce on that kind of practice. They're
(18:18):
also supposed to explain how information is going to be used,
and to give people the opportunity to opt out of
any data collection and that kind of thing. So the
g d p R replaced the Data Protection Directive and
became enforceable in all right now in the meantime where
that was happening, the Safe Harbor Principles, which remember this
was a framework that companies could follow in order to
(18:42):
be considered UH safe under g d p R rules
that had already been invalidated by the EU in ten
They said, well, you know, Data Protection Directive is not
sufficient and Safe Harbor, which was designed to work within
Data protet Action Directive that by extension, is not sufficient,
(19:03):
so it doesn't apply anymore. It was not robust enough
to satisfy the requirements of the upcoming g DPR. So
the European Commission and the United States government negotiated a
new political agreement to codify rules on how commercial transatlantic
exchanges of personal information from EU citizens to U S
servers could actually happen. Those rules would become known as
(19:28):
the EU US Privacy Shield. Like the Safe Harbor Principles,
this was really meant to create a framework in which
companies could operate legally within the European Union. US companies
that gather user data would have to comply with this
set of rules in order to make services available to
citizens in the EU, Otherwise they would be violating privacy
(19:50):
law in Europe. Like the previous system, the Privacy Shield
includes guiding principles that all organizations are expected to follow.
While it beefed up some other protections incorporated into the
previous systems, critics were worried that there were still some
big gaps in the Privacy Shield process and that ultimately
(20:11):
it would get challenged and struck down by the European Commission,
and those concerns likely went into overdrive in twenty seventeen
when then President Donald Trump signed an executive order that
denied US privacy protections to anyone who is not a
US citizen or resident. So, in other words, according to
that executive order, US companies would not be held accountable
(20:34):
for guaranteeing data privacy and security for any non US
citizens or residents. Considering that g DPR demands that any
entity that transfers e U citizen data overseas must protect
that information, that was a problem. By the way. Joe
Biden would later rescind that executive order in one but
by then things that already changed in Europe. So we're
(20:58):
going to talk about those chain ages and how Privacy
Shield would follow in the footsteps of Safe Harbor and
get invalidated after we come back from these messages. So,
as I was alluding before the break the critics of
(21:20):
the Privacy Shield process who said this is not going
to be seen as sufficient, that we're absolutely right. The
EU Commission reviewed the Privacy Shield policy in twenty and
determined that it was not enough to protect EU citizen
private data and struck it down. Specifically, there were concerns
that the US government would be able to conduct surveillance
(21:44):
on EU citizen data and that under EU law that
was a violation of of human rights and freedom rights
of EU citizens. So there was a need to formulate
yet another data privacy framework that would address this issue,
and that's kind of where we are now. See, without
a framework, it becomes very difficult to do business in
(22:07):
the European Union. The framework, you know, it smooths things out,
it speeds things up because it's it's one point one
system that companies in say, well specifically the United States,
can go through in order to qualify to do business
in the EU and be considered compliant with the rules
(22:29):
of g d p R. So this new framework is
still taking shape. It doesn't exist yet, it is in
the process of existing, and it will take even longer
for the EU to formalize and adopt and enforce that
rule once it is finished. In the meantime, we're in
an era where things are really unstable now. One way
(22:53):
companies have managed to continue to operate in the absence
of a formal framework is to file what are called
standard contractual clauses or sc c s with the EU.
You can think of this as essentially being a legal agreement,
and that this legal agreement provides a guarantee that the
(23:14):
non EU company is taking pains to conform to g
d p R requirements, so it's essentially saying, you know,
we're obeying the rules. Securing sccs can be time consuming
and it isn't a smooth process, at least not as
smooth as being able to just apply to a framework
(23:39):
like Privacy Shield or Safe Harbor, so it can be
a bit of a headache. And now let's talk about
Ireland and its Data Protection Commission or DPC, because this
relates directly to the Meta story. The DPC determined back
in twenty that two of Meta's platforms, namely face Book
(24:00):
and Instagram, relied on a data controller that could not
provide a guarantee that data from Irish citizens would be
protected from US government surveillance, and so by extension that
would violate data privacy laws in the EU. That would
also mean that Meta would not qualify for an sc C,
(24:23):
at least in terms of Facebook and Instagram. WhatsApp, a
totally different platform, uses a completely different data controller and
is not part of this like WhatsApp, can operate in
the EU find because it is not subject to the
same vulnerabilities that Facebook and Instagram are. Then, last month,
(24:43):
which for those listening in the future would be July
of two thousand twenty two, the DPC, this regulatory agency
in Ireland, filed an updated draft order to shut down
Instagram and Facebook services in the U and filed that
with other regulators within the EU. So the other member
(25:06):
states that have regulated Tory agencies, they all received a
filing of this updated draft decision. While the contents of
that order weren't made entirely public, it did become clear
that DPC was telling other regulators that they should halt
Facebook and Instagram's ability to transfer EU citizen data to
the US because it could not guarantee safety against US surveillance.
(25:30):
This would effectively shut down Facebook and Instagram within the
European Union and to EU citizens. So let's get into
some complicated political stuff now. Under Article sixty of the
g d p R, the rest of the EU's data
protection agencies have four weeks from that filing to comment
(25:53):
on the dpc's conclusion. Uh. Those four weeks are up
this week, by the way. So if after four weeks
there are no objections to the dpc's decision, which is
again to essentially shutter Facebook and Instagram within the EU,
that decision then becomes binding YEWSA. Now, if there are objections,
(26:17):
which you know likely there are some, then the DPC,
the Irish regulatory agency, has two weeks to respond and
address any objections, or alternatively, they can choose not to
change anything and just submit their decision to the European
Data Protection Board or e d p B. This is
(26:38):
like the overall regulatory agency the agency of regulatory agencies,
and the e d p B would then decide whether
or not the decision should apply across the European Union.
The e d p B, which by the way is
hard to say quickly, would have one month to make
that decision, uh, though it could also request a month
(27:00):
extension if the board determined that the matter is complicated
enough to warrant more consideration, So two months maximum to
decide on this matter. At that point, After a month
or two months if it's extended, the board would go
to a vote. If the vote passes in either direction
by two thirds majority, then that's the decision. So you
(27:23):
have to have a two thirds majority for there to
be a clear decision on the matter. If it doesn't
get two thirds, then the whole thing is given another
two weeks of debate and then it goes to another vote,
and then this one just requires a simple majority. So
it does get bureaucratically complicated. If like all of this
plays out, now, will that happen? That's hard to say.
(27:46):
Let's take a few different scenarios in turn. So Ireland's
DPC filed the decision in early July, it's already been
four weeks. So if no other data protection agency in
the EU has objected to the dpc's conclusion whom the
decision becomes binding and will know really soon. If some
data protection agency objected, well, then that adds another two
(28:07):
weeks for the DPC to respond, at which point, if
there are no other objections, boom, decision becomes binding or
the DPC might submit this decision to the overall agency,
the e d p B. And boy, how do these
initialisms are really getting clunky? And the e d p
B would have at least one month at most two
(28:28):
to come to a vote on the matter. If the
vote fails to gain two thirds majority in either direction,
then again another two weeks and then it goes to
another vote with majority rules. Meta has indicated that it
might have to shut down its services of Facebook and
Instagram in the EU anyway, at least until the new
framework takes effect. The new framework is called the Transatlantic
(28:51):
Data Privacy Framework, and even then it's uncertain because, after all,
the European Commission has already determined that two seating frameworks,
safe Harbor and Privacy Shield, that were meant to be
in in compliance with EU law, we're lacking and both
of those got struck down, So there's no guarantee that
(29:14):
the same thing would not happen yet. Again, this raises
the question if it's even possible for a company like
Meta to operate these services in the EU, at least
the way it has been doing without a massive overhaul
and its data handling services. Maybe if Meta were to
establish EU centric servers that were separate from everything else,
(29:36):
it was not sending EU data to any place outside
the European Union. It was like a EU specific version
of Facebook and an EU specific version of Instagram. Maybe
then it would be fine, but that would be kind
of ridiculous. Also, I have a feeling that a lot
of users would be upset that they wouldn't be able
to access or interact with stuff outside the EU. Or
(29:58):
if Meta were able to guarantee that it's, you know,
the the agencies that are handling data from the EU
to the US were in fact, uh protected against US surveillance,
then maybe it would be all right. But it can't,
at least not now. Now. It's possible that this new framework,
once enacted, would allow METTA to continue operating Facebook and
(30:21):
Instagram within the EU through some sort of exception, though
again there's no guarantee that this framework will withstand court scrutiny.
Over time. This is the situation that Meyer referred to
in that article in Fast Company that Meta may have
no choice but to stop offering Facebook and Instagram services
to EU citizens. Meyer also quotes a Facebook investor named
(30:44):
Robert mcnami who snarkily said that this could be a
real disaster for Meta because users would soon figure out
that they're much better off without access to those platforms.
I happen to agree with macnamy as someone who got
off of Instagram and Facebook. Um, I feel like I'm
better off for doing that. Better off in the larger sense.
(31:06):
I do miss being able to interact with my friends
in a concentrated, easy way. It does take a little
more effort, and you quickly figure out which friends decide
you're worth that effort, all right. Obviously, the loss of
a market the size of the European Union would be
a huge blow to Meta, a company that's already dealing
(31:28):
with other crises. Not still too early to say if
that's definitely gonna happen, But no matter what the outcome,
this ongoing struggle to find ways for non EU companies
to comply with EU privacy laws is going to be
an enormous challenge it has been and it will continue
to be. EU regulators and politicians are exceedingly wary about
(31:51):
the sincerity of US companies when it comes to their
claims of protecting information, and for good reason. There's lots
of evidence to point that we should be suspicious of
those kinds of claims. And while I have focused on
Meta in this episode, the truth is those requirements apply
to all non EU companies. H And I've been really
(32:11):
focusing on the US here, but that applies to anything
outside the EU. So doing business in the Internet age
and doing business within the EU is going to require
regular investment to assure the EU that companies are playing
by the rules. And uh, that's just gonna be difficult.
You have entire companies that exists as consulting firms to
(32:33):
help other companies make sure that they are complying by
the rules, because the cost of business if you're found
by some regulatory agency in the EU too have fallen short,
is enormous. That's what Meta is going through now. I
don't know if Facebook and and Instagram or are not
long for this world in the EU. UM, we will
(32:54):
have to keep our eyes on it. It wouldn't surprise
me if we see politicians struggle to make sure that
there remains access within the EU for these platforms. They're
incredibly popular, they're important for things like small businesses within
the EU. But you know, you have the regulators and
then you have the politicians, and politicians move slowly when
(33:15):
it comes to creating these policies that sometimes get overturned
later on, regulators move way faster. So it may see
that we'll see in eruptions in service, perhaps with a return.
I mean there you would have to imagine that Meta
would want to return even if it's business is curtailed
for you know, some indeterminate length of time, because you
(33:38):
don't want to leave money on the table. Anyway, I
thought that that was an interesting topic. It relates heavily
to technology because ultimately it is very hard to guarantee
data security. Uh, it's it's hard to do because often
you come up with ways that data is really valuable
(34:00):
you want to use it, and sometimes that breaks the
rules or sometimes it's it's just hard because creating any
secure system is incredibly difficult. If someone's really determined to
get access to a secure system, often they can find
a way. So yeah, a difficult difficult challenge and uh
you know, the European Union has created laws that in
(34:23):
many ways have made it difficult to innovate uh in
in certain ways and also comply with those laws. That's
not necessarily a bad thing, you know. It may be
that whatever the innovation was isn't worth the trade off
in privacy and security, but it also means that it
(34:44):
creates this extra hurdle that innovators and companies and and
all sorts of people have to get over in order
to make their vision a reality. Um. Yeah, it's a
balancing act. Well, that's it for this episode. If you
have some sugestions for future episodes of tech Stuff, please
reach out to me and let me know. One way
to do that is to download the I Heart radio app.
(35:07):
It is free to download. You can then search for
tech Stuff, navigate over to the podcast page. There's a
little microphone icon there. If you click on that, you
can leave a voice message up to thirty seconds in
length let me know what you would like to hear,
or if you prefer, you can reach out on Twitter.
The handle for the show is tech Stuff H s
W and I'll talk to you again really soon. Tech
(35:35):
Stuff is an i heart Radio production. For more podcasts
from my heart Radio, visit the i heart Radio app,
Apple Podcasts, or wherever you listen to your favorite shows.
TechStuff News
Hosts And Creators
Oz Woloshyn
Karah Preiss
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.