The unspoken (and sometimes very loudly spoken) corollary of this is, "Only a tech-critic as perspicacious and forward looking as me is capable of matching wits with those slippery tech-bros, and I have formulated a *sui generis* policy prescription that can head them off at the pass."

17/

Take the problem of deepfakes, including deepfake porn. There's a pretty straightforward policy response to this: a privacy law that allows you to prevent the abuse of your private information (including to create deepfakes) that unlawfully process your personal information for an illegitimate purpose.

18/

To make sure that this law can be enforced, include a "private right of action," which means that individual can sue to enforce it (and activist orgs and no-win/no-fee lawyers can sue on their behalf). That way, you can get justice even if the state Attorney General or the federal Department of Justice decides not to take your case.

19/

Privacy law is a great idea. It can navigate nuances, like the fact that privacy is collective, not individual - for example, it can intervene when your family members give their (your) DNA to a scam like 23andme, or when a friend posts photos of you online:

jacobin.com/2021/05/cory-docto…

But privacy law gets a bad rap. In the EU, they've had the GDPR - a big, muscular privacy law - for nine years, and all it's really done is drown the continent in cookie-consent pop-ups.

20/

Novelist Cory Doctorow on the Problem With Intellectual Property

Patents were once seen as a temporary reward for inventors. Now, as novelist Cory Doctorow tells Jacobin, they've become supposedly inviolable "intellectual property" rights that simply enrich people like Bill Gates.

^jacobin.com

But that's not because the GDPR is flawed, it's because Ireland is a tax-haven that has lured in the world's worst corporate privacy-violators, and to keep them from moving to another tax haven (like Malta or Cyprus or Luxembourg), it has to turn itself into a crime-haven. So for the entire life of the GDPR, all the important privacy cases in Europe have gone to Ireland, and died there:

pluralistic.net/2025/12/01/eri…

21/

Again, this isn't a complicated technical question that is hard to resolve through regulation. It's just boring old corruption. I'm not saying that corruption is *easy* to solve, but I *am* saying that it's not *complicated*. Irish politicians made the country's economy dependent on the Irish state facilitating criminal activity by American firms. The EU doesn't want to provoke a constitutional crisis by forcing Ireland (and the EU's other crime-havens) to halt this behavior.

22/

That's a hard thing to do! It's just not a *complicated* thing to do. The routine violations of EU privacy law by American tech companies isn't the result of "tech racing ahead of the law." It's just corruption. You can't fix corruption by passing more laws; they'll just be corruptly enforced, too.

23/

But thanks to a mix of bad incentives - politicians wanting to be seen to do something without actually upsetting the apple-cart; AI critics wanting to inflate their importance by claiming that they're fighting something novel and complex, as opposed to something that's merely boring and hard - we get policy proposals that will likely *worsen* the problem.

Take Denmark's decision to fight deepfakes by creating a new copyright over your likeness:

theguardian.com/technology/202…

24/

Denmark to tackle deepfakes by giving people copyright to their own features

Amendment to law will strengthen protection against digital imitations of people’s identities, government says

^{Miranda Bryant (the Guardian)}

Copyright - a property right - is an incredibly bad way to deal with human rights like privacy. For one thing, it makes privacy into a luxury good that only the wealthy can afford (remember, a discount for clicking through a waiver of your privacy right is the same thing as an extra charge for *not* waiving your privacy rights). For another, property rights are *very* poorly suited to managing things that have joint ownership, such as private information.

25/

As soon as you turn private information into private property, you have to answer questions like, "Which twin owns the right to their face" and "Who owns the right to the fact that your abusive mother is your mother - you, or her? And if it's her, does she get to stop you from publishing a memoir about the abuse?"

Copyright - a state-backed transferable monopoly over expression - is really hard to get right.

26/

Legislatures and courts have struggled to balance free expression and copyright for centuries, and there's a complex web of "limitations and exceptions" to copyright. Privacy is *also* incredibly complex, and has its own limitations and exceptions, and they are *very different* from copyright's limits. I mean, they have to be: privacy rules defend your human right to a personal zone of autonomy; copyright is intended to create economic incentives to produce new creative works.

27/

It would be very weird if the same rules served both ends.

I can't believe that Denmark's legislators failed to consider privacy as the solution to deepfakes. If they did, they are very, very stupid. Rather, they decided that fighting the corruption that keeps privacy law from being enforced in the EU was too hard, so they just did something performative, creating a raft of new problems, without solving the old one.

28/

Here in the USA, there's lots of lawmakers who are falling into this trap. Take the response to chatbots that give harmful advice to children and teens. The answer that many American politicians (as well as lawmakers abroad, in Australia, Canada, the UK and elsewhere) have come up with is to force AI companies to identify who is and is not a child and treat them differently.

29/

This boils down to a requirement for AI companies to collect *much more* information on their users (to establish their age), which means that all the AI harms that stem from privacy violations (AI algorithms that steal wages, hike prices, discriminate in hiring and lending and policing, etc) are now even *harder* to stop.

30/