Latest Jobs Posts

Technology Policy Brief #166 | By Mindy Spatt | April 14, 2026

SUMMARY

Do social media companies try to hook children on their products?  Do they fail to adequately protect those children from harmful content, predators, and exploitation?  Millions of parents would probably agree with the juries in California and Texas that recently answered those questions with a resounding yes.  As a result, one young plaintiff was awarded $6 million from YouTube and Meta in one case, and Meta was ordered to pay $374 million in civil penalties in the other.  Meta and YouTube have, of course, vowed to appeal.   Despite a growing awareness of the risks to children and teens online, new legislation on children’s online safety remains stalled in Congress, and a robust regulatory system is nowhere in sight.

ANALYSIS

Thousands of families of distressed teens are suing META, Tik Tok, Google, and other social media companies, alleging their children were deliberately hooked on platforms that disregarded their safety, subjecting them to exploitation and harmful content.

Social media companies have always ducked responsibility for their content, and receive immunity through Section 230 of the Communications Decency Act of 1996, which does not hold them to the same standards as actual publishers, who are considered liable for what they publish.  Two recent suits took a different approach to establishing liability.

In the California case, a young woman claimed she had become hooked on social media at a young age, resulting in her suffering from depression and anxiety. The evidence presented by the plaintiff focused on the way the platforms had been designed, including showing that the companies knew full well that features like infinite scroll, push notifications, and algorithm amplification would help hook young people, and that hooking them was absolutely the goal.

The youth market generates billions in profits, and advertisers know the easiest way to reach young people is on social media.  According to a survey by the  Pew Research Center, 36% of U.S. teens report using TikTok, YouTube, Instagram, Snapchat, and/or Facebook “almost constantly.”

A day before the California verdict, a jury in New Mexico found Meta liable for not protecting young people from online harm, such as sexual predators, in breach of the state’s consumer protection laws.  Dozens of other states have filed similar cases, and the financial stakes are higher than in the individual suit, with Meta ordered to pay $374 million in civil penalties.

Evidence presented by the New Mexico attorney general included internal Meta documents and testimony from former Meta employees demonstrating how Meta’s design features enabled child exploitation by pedophiles and predators. In that case, evidence of Meta’s intentional strategies to hook young people on their products was also presented.

“These products were purposefully designed to harm and addict millions of young people, and lead to lifelong mental health consequences,” commented Sacha Haworth, Executive Director of The Tech Oversight Project, in a press release about the verdict.  She urged passage of the Kids Online Safety Act, now making its way through Congress.

Known as KOSA, it would establish a “duty of care” for platforms to act to prevent harmful activities like cyberbullying and sexual exploitation, strengthen privacy protections for minors, and provide parents and children with better ways to opt out of addictive algorithmic recommendations.

KOSA is controversial and has attracted the ire of free speech advocates and LGBTQ groups that fear the “duty of care” provisions will result in censorship.  The Electronic Frontier Foundation questioned its likely effectiveness, saying, “This bill won’t bother big tech.  Large companies will be able to manage this regulation, which is why Apple and X have agreed to support it. In fact, X helped negotiate the text….”

Age limits and parental controls have turned out to be largely ineffective,  shifting even more responsibility away from the companies, even as they continue to rake in huge profits from their youngest subscribers.  As is often the case, the European Union is considering a much stronger approach with proposals for:

• Complete bans on the most harmful addictive practices for minors, and automatic disabling of many addictive features for including infinite scrolling, auto-play, and reward loops,
• Actions to rein in targeted ads, influencer marketing, and addictive design, and
• Bans on engagement-based recommendations for minors and protection from commercial exploitation by prohibiting offering minors financial incentives, which is now common practice for “kidfluencers.”

ENGAGEMENT RESOURCES

• What is Technology Addiction? https://www.psychiatry.org/patients-families/technology-addictions-social-media-and-more/what-is-technology-addiction
• The Tech Accountability Project https://law.yale.edu/mfia/projects/tech-accountability-project 
• Kids Online Safety Act https://www.congress.gov/bill/119th-congress/house-bill/7757/text
• The Kids Online Safety Act Will Make the Internet Worse for Everyone by Joe Mullin, May 15, 2025, https://www.eff.org/deeplinks/2025/05/kids-online-safety-act-will-make-internet-worse-everyone

Technology Policy Brief #165 | Mindy Spatt | March 21, 2026

Summary

The Pentagon is enriching the pockets of the tech billionaire owners of AI companies. While the Department of Defense/War has broken its contract with the company Anthropic, other AI companies are signing large contracts, such as Open AI and Palantir.

Analysis

The clash between Anthropic and the Pentagon over the military’s use of the company’s technology was just a tiny blip in the huge shift in military operations toward Artificial Intelligence.  Anthropic’s “Claude” AI system was key in the first 24 hours of the war with Iran, and was likely used in the US’s attack on Venezuela and kidnapping of Nicolas Maduro in January.   In fact, Anthropic was one of the first AI companies to contract with the Pentagon.  That ended a few weeks ago when Anthropic refused to allow its AI to be used for targeting autonomous lethal weapons.

Even before Open AI stepped into Anthropic’s combat boots it too had inked contracts with the Defense Department, one worth $200 million (as is the newest one), and was vying for a $100 million Pentagon prize challenge to produce autonomous drone swarms

Peter Theil and Alex Karp’s Palantir is a leading government contractor, providing AI analysis to the military and other agencies, both in the US and abroad, which may be why its market value is up to $375 billion this month.  That is much more than any traditional weapons manufacturers like Lockheed Martin, Northrop Grumman and General Dynamics are worth.

Palantir and many other AI companies are also supplying weapons technology to Israel, where AI is deployed to create lists of supposed Hamas targets on the basis of billions of data points.  It does not appear to have been successful; reportedly a mere 17% of the people killed in Gaza were actual fighters, meaning the vast majority of the 75,000 dead were civilians, approximately 30% of them children.

Those disturbing statistics haven done nothing to slow the surge. Meta, Google and OpenAI, all which once had language in their corporate policies  eschewing the use of AI in weapons, have removed such wording and are inking contracts worth billions to provide war and surveillance technology.

One massive multi-year $9 billion secure cloud computing contract with the military includes services from Amazon, Google, Microsoft, and Oracle.  Relative newcomer Anduril, a defense tech company, just signed a $20 billion deal for A.I.-backed software for the US military’s use.

This year, the Department of Defense/War intends to spend $13.4 billion on “autonomous systems” alone.  That money will go toward remotely operated drones that are navigated by AI, including when they strike, and will give rise to numerous other operational costs.

In a report on the military’s use of AI technology, the Brennan Center for Law and Justice points out that the same companies raking in billions in government contracts routinely use their fortunes to influence policy and advocate for the unfettered deployment of their technology.  Add to that the way tech CEOs are sucking up to Trump personally and “donating” to his vanity projects and you’ve got the recipe for the next phase of tech’s takeover of the world.  Funded by your tax dollars.

Engagement Resources

• The Business of Military AI, Amos Toh and Emile Ayoub, Brennan Center for Justice at New York University School of Law. March, 2026 https://www.brennancenter.org/our-work/research-reports/business-military-ai
• AI’s Safety Promises Crumble as Defense Contracts Take Priority, The Tech Buzz, Mar.6, 2026 https://www.techbuzz.ai/articles/ai-s-safety-promises-crumble-as-defense-contracts-take-priority

Technology Policy Brief #165 | Inijah Quadri | March 14, 2026

Policy Issue Summary

A single, binding global data privacy standard does not yet exist. Instead, governments and companies operate under regional systems with different priorities. The European Union’s General Data Protection Regulation (GDPR) focuses on privacy as a legal right and limits how organizations collect, use, and keep personal data. The Global Cross-Border Privacy Rules (CBPR) system takes a different approach: it uses a certification model to help companies transfer data across borders more easily. In practice, a company is reviewed against shared privacy requirements, and if it qualifies, it can display a certification mark showing that it met the program’s baseline standards. That approach can support trade, but it does not create one uniform level of privacy protection. As a result, people receive different protections depending on where they live, and companies face a patchwork of obligations.

The most important policy gaps are practical. Many companies still collect more data than they need, combine it across services, and share it with outside firms. Some use personal data to create detailed profiles for targeted advertising or to sort people into categories based on income, health interests, religion, or location. Others collect biometric information, such as facial images, fingerprints, or voiceprints, without strong safeguards. Data brokers deepen the problem by buying, combining, and reselling information such as location history, consumer purchases, and demographic traits, often without a direct relationship with the people affected.

A stronger international approach would not require every country to adopt identical rules, but it should establish a shared floor. At minimum, that floor should limit unnecessary data collection, require extra protections for high-risk data such as biometric and precise location information, restrict opaque profiling and micro-targeted advertising, and give people meaningful ways to challenge misuse. It should also strengthen enforcement by allowing collective complaints, raising penalties for repeat violations, and giving workers more say over workplace monitoring tools such as productivity tracking software, keystroke logging, and AI-based performance scoring.

Analysis

The best-known privacy model today is the GDPR. It matters globally because it applies not only to organizations based in the European Union, but also to many organizations outside the EU that offer goods or services to people in the EU or monitor their behavior there. The GDPR also sets out clear principles that are easier to explain in everyday language. Data minimization means collecting only the personal data that is actually needed for a stated purpose. Purpose limitation means using data only for the specific reason it was collected unless there is a lawful basis to do more. These ideas have influenced privacy laws in other countries, but enforcement remains uneven, especially against very large firms operating across borders.

The Global CBPR system reflects a different policy goal. It is run through the Global CBPR Forum and is designed to build trust in cross-border data flows through a common certification process. Under that process, a company applies for review through an approved third-party assessor, is checked against the program’s requirements, and, if approved, may display a certification mark. In practical terms, that can reduce friction by lowering the need for companies to navigate a separate certification or review process in each participating market. The trade-off is that interoperability and data movement are central aims of the system, so it is not the same thing as a single, rights-centered global privacy law.

It is therefore misleading to describe privacy governance as a simple dual system. GDPR and Global CBPR are important frameworks, but they do not divide the whole world neatly into two camps. Many countries have their own national laws, some countries participate in CBPR-related arrangements, and multinational companies often have to satisfy several overlapping systems at once. The real problem is not that two systems exist; it is that there is no single binding baseline that combines strong privacy rights with workable rules for cross-border data transfers. Until that gap is addressed, the world will continue to rely on a patchwork rather than a true global standard.

Engagement Resources

• Privacy International (https://privacyinternational.org/): A global organization campaigning against the exploitation of data by corporations and states, fighting for the right to privacy as a foundation for human dignity and systemic justice.
• Noyb – European Center for Digital Rights (https://noyb.eu/): A non-profit organization utilizing strategic litigation to enforce privacy laws across Europe, specifically targeting tech monopolies and holding them accountable for regulatory violations.
• Electronic Frontier Foundation (https://www.eff.org/): A leading nonprofit defending civil liberties in the digital world, providing extensive research and legal advocacy against invasive surveillance and corporate data overreach.
• Access Now (https://www.accessnow.org/): An international human rights organization dedicated to defending and extending the digital rights of users at risk, with a strong focus on algorithmic accountability and data protection.
• Algorithmic Justice League (https://www.ajl.org/): An organization that combines art and research to illuminate the social implications and harms of artificial intelligence, advocating for equitable and accountable data practices.
• Internet Governance Forum (https://intgovforum.org/en/about): A United Nations-convened multistakeholder forum on digital public policy that brings together companies, technical experts, and civil society to discuss issues such as data privacy, AI, and internet governance.