#58 Why do bans fail? How has the social media ban for minors in Australia turned out?
Poorly, it has turned out poorly
Today, we start with “the paper of the week” for your interest: one that is quite easy to read:
Why Bans Fail: Tipping Points and Australia’s Social Media Ban Why Bans Fail: Tipping Points and Australia’s Social Media Ban by Leonardo Bursztyn, Angela Duckworth, Rafael Jiménez-Durán, Aaron Leonard, Filip Milojević, Christopher Roth, and Cass R. Sunstein.
They have delighted us all with their conclusions about the success of the Australian ban on access to social media for minors under 16 years old. Organized through a survey of 507 teenagers who want to act tough by defying the established order, with expected and wonderful conclusions:
Only one in four (27%) teenagers aged 14 and 15 comply with the ban four months after its entry into force.
75% of teenagers (je: the rest) consider that bypassing the restrictions is “easy” or “very easy”. Namely: entering a false date of birth when registering (44%), lying about their age in verification requests (57%), using an older sibling’s or parent’s account (42%), and redirecting traffic through a VPN (30%).
The prohibition will only start to take effect if there is a sufficient critical mass of users who comply with it. The old saying about “locking the stable door after the horse has bolted” or “life always finds a way.”
That 52% consider that the minor who complies is a fool. Insert Spanish-made meme of “I smoke to act cool.” And that influencers who have social media as their main entertainment (and source of income) wouldn’t even consider limiting access to networks.
That 25% have received help from a parent, older sibling, or another adult to maintain or regain access to their accounts. The one we already mentioned about the Australian mother who found it funny that the girl got around it by posting a picture of her. Parental supervision also needs to be decisive and not just for laughs.
Those who comply report positive aspects such as less pressure and more time with family, but at the cost of being bored and disconnected from their environment.
72% would prefer applications with built-in time limits rather than a total ban. What China did by restricting gaming times during the weekend, but without overdoing it with the greater possibility of enforcement over there (let’s call it that).
That non-compliance is higher at 15 years old (68.3%) than at 14 years old (57.1%). The greatest social need.
Note to all of us, ArgonEUtas.
The book “Irresistible” by Adam Alter describes an experiment that gives us more clues about the difficulties of removing anything from your mind: the problem, according to him, is that suppression needs alternatives.
You know what you should avoid, but you don’t know what to occupy your mind with instead.
When a group was asked to ring a bell every time they thought about a white bear (the object of prohibition), the bells did not stop ringing.
However, when they were told that it might help them think about a red Volkswagen instead, their bells rang half as often. Suppression alone does not work, but suppression combined with distraction does quite well.
The most interesting thing is that, when they were later allowed to think about the white bear, those who had struggled to suppress their thoughts before were consumed by the image of the white bear. It was all they could imagine.
Meanwhile, the people who received a distraction in the form of the red car thought about the white bear occasionally—but they also had many other ideas.
You are reading ZERO PARTY DATA. The newsletter about tech and legal affairs by Jorge García Herrero and Darío López Rincón.
In the free time that this newsletter leaves us, we solve complicated issues related to personal data protection regulations and artificial intelligence. If you have any of those, give us a hand. Or contact us by email at jgh(at)jorgegarciaherrero.com
“I trust that small pieces of information, shared with different services (today, or agents tomorrow) will not be aggregated and correlated to create an inappropriately invasive model of me as an individual, violating my privacy.”
This is one of the classic premises of trust formulated by Benjamin Kuipers in the “Oxford Handbook of Ethics of AI” in 2020 as one more of the robotics laws in the style of Isaac Asimov.
But rules are made to be broken and Frank Pasquale coined the concept of “mosaic effect” a decade ago about that fracture. An empire of unheard-of size was built by combining and monetizing all those crumbs of information into profiles specific to each purpose.
Profiles that have never been used in favor of the data subject (as the innocent “premises” of Kuipers intended), but against them. Every time.
In the era of agentic AI, it is mandatory to revisit Choudary and his book “Reshuffle”.
“This is the ultimate promise of AI-driven reshuffling. Instead of simply linking tools together, AI makes sense of all the insights it collects through emails, sales calls, contracts, and financial data, weaving them into a coherent narrative. It connects the dots, determines what the picture should be, and fills in the missing details.
Agentic execution reinforces coordination without the need for consensus.
Once AI has regrouped fragmented information into a shared representation, agents can act on that representation autonomously, activating follow-ups, updating tasks, or escalating risks without waiting for human execution. In this way, that unified representation enables unified decisions and executions, which in turn enables coordination. Coordination, in turn, leads to control. The more teams rely on the AI layer to see, decide, and act, the more power that layer will have in the ecosystem.
This same principle is the one formulated by Palantir’s Nazgûls, only in terms more befitting their Sauronian dictatorial dialectic.
Of course, we are still talking about the study that revealed last Monday that the latest source of data to complete our profiles is precisely our conversations with Perplexity, ChatGPT, Grok, and Claude.
World Data News 🌍
.- This thread by Andrew Guthrie Ferguson explains an interesting case about to be tried in the U.S.: Can Google’s data be used against a person when they activated history services or fine location storage? Interesting combination of validity of consent to a service, admissibility of evidence in the criminal sphere, and expectation of privacy. What is relevant is no longer whether Google stores your locations, but whether it is acceptable for consent to a function distributed among several products (convenience) to potentially become a waiver of basic constitutional guarantees.
.- The DPC is going after Shein regarding international transfers to China. Let’s see what changes in the case of TikTok’s 530 million, but is it really possible to prove that nothing is sent or accessed from China headquarters? How much of a copycat will we have from TikTok? Many questions. Will they release several reports from glossy unsigned firms again? Will the DPC self-reference that the exceptional explicit consent of Article 49 is complicated?
The DPC finds that the requirement that consent be “explicit” and that it relate to “the proposed transfer” precludes a single consent being obtained for continuous and ongoing data transfers and/or different sets of transfers. The DPC is also of the view that seeking a single open-ended consent for continuous and ongoing data transfers and/or different sets of transfers is not compatible with the obligation to inform the data subject of the possible risks of the transfers being made.
Nerdy footnote: do not forget that we have an international body among the adequacy decisions in force since 2025: the European Patent Office. That of Article 45(1) “to a third country or international organization”.
On the topic of TikTok, we see in San Luis Montezuma the two resolutions from the two judges who rule on the DPC’s appeal not to lift the suspension. We are confused as to why there are two resolutions from two different judges that complement each other but dismiss the DPC’s appeal to lift the precautionary suspension of the sanction’s application. And nothing about having to ask the CJEU, or the fact that it is a coordinated action with other authorities implies applying specific criteria (which the GDPR determines that the lead authority is the one that has the final decision).
.- From Lukasz Olejnik’s Newsletter:
.-From Noyb comes an interesting one. The incentive/unethical practice of LinkedIn to hide part of the visitors who have viewed our profiles has a butterfly effect on the exercise of the right of access. Here it seems that there is a commercial paradox where LinkedIn releases all the information without any exercise of rights if you pay for premium (it shows it to you), but becomes very particular about Article 15(4) if you request it as an exercise of the right of access.
Noyb points out that under Article 15(4) it could be argued that they only provide information about those who have decided not to be visible to other users, but with the small problem that they incentivize no one to be in “anonymous” mode by limiting visibility. It’s not the first corporation to swing on Article 15(4), but we’ll see how it ends.
📖 Hard data docs for coffeine lovers ☕️
.- The EU is stepping on the gas with a recommendation for the implementation of verification, following the technical verification solution. It is going to be a curious second half of the year: June 30 as the maximum date for member states to present the detailed National Implementation Plan (PNI) to the European Commission, and December 31 for at least one age verification solution based on the “EU blueprint” to be available.
Along the way, a list of providers that the EC deems appropriate will be drawn up, and the report of recommendations from the Special Group on child safety online will be published by the same summer.
The European Commission highlights this as a necessary measure to ensure proper compliance with the DSA. The same DSA for which our CNMC has not been appointed as a relevant authority for its purposes.
And on Wednesday, that is, yesterday, a hearing was held in the LIBE Committee to address this issue. With our AEPD, the CNIL or EDRi. Let’s not let everyone’s rush be noticed.
.- Collective lawsuits against BigTech are making headway in Italy. Milan paves the way for Directive 2020/1828 by admitting a class action against Meta for data scraping that would have affected approximately 533 million profiles. You know: lawsuits filed by authorized entities without relying on individual standing and non-pecuniary damages based solely on fear or loss of control over one’s own data.
.- Paddy Leerssen, Joris van Hoboken, Gabriela Trogrlić, and Iris Toepoel’s book summarizes several actions aimed at enforcing Articles 14, 35, and 25 of the DSA in the civil jurisdiction of Member States. Perhaps the best approach is not the systemic risk, which is too vague, but that of dark patterns. But what do I know.El libro
.- The Institute for the Future of Work warns us how information and personal data captured in the office have become a strategic asset. When AI models roam freely in SaaS, agents, and business flows can capture tacit know-how, processes, and decisions capable of helping you automate procedures but also leaving you competitively on the sidelines: you are giving away the blueprint of your competitive moat. Sovereignty is not limited today to chips or national models; it requires caring for the entire value chain and harmonizing data protection, IP, business know-how, employment, and competition.
.- Along the same lines, Ellen Cushing’s article in The Atlantic: Workplace surveillance now captures and interprets emotions, not just productivity. At least in the USA. The emotion AI industry latches onto your office pipelines to consume and interpret video, audio, chats, or emails to infer attention, mood, attitude, and performance. The barrier to entry is almost non-existent, the promises unlimited, and the risk that they include customer and third-party data (and data from your own employees, of course) without a lawful basis is 120%. Then there’s that prohibition by the AI Act.
💀Death by Meme🤣
Banksy has placed a statue in London and, apparently, people don’t get it.
🤖NoRobots.txt o Lo de la IA
.- There might be an executive order on government oversight of AI models coming up. The irony is that Trump overturned Biden’s executive order that required models that could pose a risk to national security, economy, or public health to submit internally conducted safety reports and evidence.
It is suggested that the new Mythos from Anthropic has the potential to identify security vulnerabilities and how to exploit them, but one can never rule out the usual: vendetta against Antropic for not playing ball and ensuring the United States is the exclusive entity to cyberattack the Chinese, Russians, and whoever else.
Precisely, in Mythos there may be a confidentiality security breach due to unauthorized access. Many media outlets have reported it, but it has not been confirmed yet.
.- The Elon Musk vs OpenAI trial is giving us glorious afternoons. And more are yet to come.
.- AI is NOT your coworker. A long, well-written and better-documented post by Katalina Hernández with which I couldn’t agree more. And I’m not saying this -only- because of the quote she gives us.
🛠️ Useful tools
If you have an API key with some AI provider, you can install Mike, the vibe code version of Harvey or Legora.
Safe: it’s not going to be the same as Harvey or Legora, but it’s also safe to say that no one is going to charge you 3000 florins/user/month like they do.
My opinion: I haven’t tried it, if in two weeks a dozen forks with substantial improvements have already come out I’m pretty sure we’ll have something really functional available by the 27th or before, running locally.
We strongly believe in open-source software.
🙄 Da-Tadum-bass
Will Christopher Nolan’s next movie be a piece of nonsense? It’s impossible to tell, but this interview was fun. Among other things, Nolan-tending says that Odyssey, his upcoming film, is actually a superhero movie.
Share
If you miss any document, comment, or piece of nonsense that clearly should have been in this week’s Zero Party Data, write to us or leave a comment and we will consider it for next time.
Si echas de menos algun doc, comentario o chorradón que manifiestamente debería haber estado en el Zero Party Data de la semana, escríbenos o deja un comentario y lo valoraremos para la próxima.