The good news is that Europe didn’t ban bitcoin. The bad news is that tougher fights across multiple governmental battlefields lie ahead.

European Parliament member Stefan Berger called MiCA “pioneering” in its establishment of “reliable supervisory structures.”

Crypto won a significant victory in Europe on Monday. The European Parliament voted to advance a regulatory proposal without a controversial provision that would ban proof-of-work-based cryptocurrencies like bitcoin.

But the debate in Europe is far from over. And it highlights a major challenge for the industry: The battle over how crypto should be regulated is playing out in different ways in major geographies.

The EU’s approach on crypto regulation is slow but steady. The proposed regulatory framework in the Markets in Crypto Assets bill could set the stage for the digital asset industry on an international level if adopted into law.

The U.K., meanwhile, is cracking down on crypto, with an emphasis on stablecoins. The U.K., which has forged a separate regulatory path since Brexit, is working through getting the industry properly licensed and registered.

Crypto is grappling with bigger regulatory problems in the U.S. The country’s fragmented financial regulatory scheme, including multiple agencies jockeying for a role in crypto and 50 states exercising some level of financial oversight, is a headache.

Get access to the Protocol | Fintech newsletter, research, news alerts and events.

Your information will be used in accordance with our Privacy Policy

Thank you for signing up. Please check your inbox to verify your email.

Sorry, something went wrong. Please try again.

A login link has been emailed to you - please check your inbox.

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

The parties can’t agree on much — except that Congress should act on Big Tech sooner rather than later.

Both sides of the aisle are coming together over Big Tech.

Bradley Tusk (@bradleytusk) is a venture capitalist, political strategist and writer. He is the founder and CEO of Tusk Ventures, the first venture capital fund to work with and invest solely in high-growth startups facing political and regulatory challenges.

Bradley Tusk is co-founder and managing partner at Tusk Venture Partners.

We live in a society where each party instinctively opposes the views of the other. If Democrats say they like ice cream, Republicans say that ice cream has secret microchips that spy for the Chinese. If Republicans say they like apple pie, Democrats say the dessert is a symbol of oppression and must be banned. Sadly, it sometimes does reach levels almost this silly. But there seems to be one issue defying political gravity: tech regulation.

From Congress to the Supreme Court, from states to presidential candidates, from think tanks on the left to those on the right, the stars have aligned far differently around regulating Big Tech than they have for almost any other current issue.

For example, the U.S. Supreme Court recently issued a stay of a Texas law that was designed to ban online platforms from restricting user posts based on political views. The social media companies argued that the Texas law violated their First Amendment rights to control the content on their platforms. So you have what’s meant to be a pro-Republican position on the Texas law — preventing platforms like Twitter from banning people like Trump — against what’s normally a Democratic position, protecting the First Amendment.

But the outcome was surprising. The majority who voted to pause the Texas law — Chief Justice John Roberts (appointed by George W. Bush) and Justices Stephen Breyer (appointed by Bill Clinton), Sonia Sotomayor (appointed by Barack Obama), Brett Kavanaugh and Amy Coney Barrett (both appointed by Donald Trump) — make an unusual set of allies. And on the other side, Justice Elena Kagan (Obama), one of the most liberal members of the court, sided with Justices Samuel Alito (W. Bush), Neil Gorsuch (Trump) and Clarence Thomas (George H.W. Bush) to oppose the stay — not the usual coalition.

But justices aren’t beholden to voters, so maybe it’s easier for them to agree while everyone else still has to toe the party line. Disproving that theory, though, only requires one glance at the American Innovation and Choice Online Act in Congress. The bill prohibits dominant media platforms, defined by their market cap and number of users, from discriminating against other businesses that rely on their services. So for example, Amazon wouldn’t be able to make products from outside vendors far less attractive or easy to find than their own products.

The legislation, led by prominent Democratic Sen. Amy Kloubchar, passed out of the Senate Judiciary Committee in January with a 16-6 vote, reflecting broad bipartisan support. Republican Sens. Chuck Grassley, Lindsey Graham, Ted Cruz, Josh Hawley and John Kennedy all supported it, with Grassley and Kennedy both serving as co-sponsors. Passing anything in Congress is still akin to a miracle, but if one bill has a shot of passing this year, it may be this one.

The bipartisan trend toward regulating Big Tech even occurred during the 2020 presidential race, one of the ugliest races in history. Trump and Biden didn’t agree on much, but they did agree on one issue: revoking Section 230. Sec. 230 is a federal law that protects platforms like Facebook or Twitter from being sued for content posted by its users. In my view, it is the single biggest contributor to making the internet toxic. And that issue is so much of concern to both sides that Trump publicly called out “the horrendous tech giants,” and argued for repealing Sec. 230 at a rally in Georgia. Biden then said the same thing: “Sec. 230 should be revoked, immediately should be revoked, No. 1. For Zuckerberg and other platforms. It should be revoked because it is not merely an internet company. It is propagating falsehoods they know to be false.”

Now, given Washington’s ineptitude, Sec. 230 is of course still alive and well. But in a world where most issues are automatically doomed because one side’s support immediately prevents the other’s, there’s at least a chance something can get done.

The same holds true at the state level. California, a blue state if there ever was one, approved the California Consumer Privacy Act in 2018, giving consumers the ability to protect themselves and their data from big tech companies. The CCPA, which went into effect in 2020, contains a broad array of consumer protections, ranging from the right to opt out of a business’s sale of their personal information to the ability to request that business delete their personal information.

Which were the next three states to follow along? Colorado and Virginia, both purple states, and Utah, an extremely red state. The legislation in each state effectively does the same thing, providing consumers with some ability to protect their privacy and their data. If Big Tech regulation were a strictly partisan issue, this never would have happened.

Even think tanks on the left and right are in unusual places. No one ever confuses the Brookings Institution and the Heritage Foundation, but they both agree strongly on regulating Big Tech. Brookings supports the creation of a federal agency to oversee Big Tech. The Heritage Foundation has equated big tech to totalitarianism, calling for aggressive reforms to constrain tech’s ability to reshape society.

Unlike almost every other issue out there — guns, climate, immigration, education, health care, abortion and so on — regulating Big Tech appeals to elected officials, judges and scholars on both sides of the aisle. Does this mean we should now expect a torrent of bipartisan legislation that finally takes on issues like privacy, antitrust and platform liability? No. We’re still talking about the government; you should always bet on failure and incompetence. But if you wanted to find one issue that at least has a shot in an impending divided government — with a likely Republican-led House and Senate and a Democratic-led White House — regulating Big Tech may be your best bet.

Bradley Tusk (@bradleytusk) is a venture capitalist, political strategist and writer. He is the founder and CEO of Tusk Ventures, the first venture capital fund to work with and invest solely in high-growth startups facing political and regulatory challenges.

Joe Byrne is Vice President of Technology Strategy and Executive CTO at AppDynamics, a part of Cisco. His primary focus is on working with customers and prospects on APM strategy and helping with digital transformations. He also works closely with Sales, Marketing, Product and Engineering on product strategy. Prior to AppDynamics, Joe held technology leadership roles at Albertsons, EllieMae and Johnson and Johnson.

Over the last two years, technologists have come under unprecedented pressure to embrace digital transformation and innovation at record speeds. The pandemic accelerated the expansion of the digital economy at a rate that was previously unthinkable.

As a consequence, consistent availability and performance of the applications and digital services that customers and end users rely upon has never been more important. But at the same time, this has never been harder to achieve. To facilitate rapid innovation many technology leaders turbo-charged their move to the cloud and now preside over increasingly complex IT environments and sprawling cloud infrastructure.

Now the clock is ticking for IT teams to get control over their IT environments and achieve the level of visibility and insight needed to manage the next wave of digital change.

Full-stack observability is quickly emerging as a technology that can help solve some of these challenging and complex issues. The latest report from AppDynamics, The Journey to Observability, reveals a surge of organizations making serious moves to improve visibility within their IT environment with as many as 90% of organizations planning to be somewhere along the journey to full-stack observability during 2022.The next 12 months will be pivotal for many in this journey. Here we explore three important reasons why full-stack observability should be in every IT team’s toolkit as they prepare for the next wave of innovation.

Combat complexity, achieve real-time visibility

It’s no secret that there has been a massive increase in complexity for IT departments in the last few years as the world shifted online. The result is they were left to manage increasingly fragmented IT estates as they rushed to keep application and digital experiences running.

Technologists have been overwhelmed by data noise and have not had the tools readily available to identify which issues really matter and where to focus their efforts. But as we enter a new phase where immediate reactive response to the pandemic has evolved to proactive planning for the future, technologists need to find a way to tame complexity and manage data noise. Full-stack observability is enabling them to be more strategic in their approach.

This technology provides users with unified, real-time visibility into availability and performance up and down the IT stack for compute, storage, network and public internet, from the customer-facing application all the way into the back end. It enables IT teams to quickly and easily identify anomalies, understand dependencies and fix issues before they affect customers.

And the results are clear to see. Organizations that have already started the move to a full-stack observability approach are seeing results and clear return on investment (ROI). In the AppDynamics research, 86% of technologists reported greater visibility across their IT stack over the last 12 months when implementing full-stack observability.

Reduce costs with improved productivity and collaboration

When we look more deeply at the specific benefits that early adopters of full-stack observability are seeing, it’s clear that ROI and reduction in costs are achieved in a number of ways.

Half of IT teams say that a full-stack observability approach has led to improved productivity and 46% have reduced operational costs in the IT department as they now need to spend less time identifying anomalies and understanding dependencies in order to perform fixes. Others say they can also deploy team members to more strategic work that can better impact the business. 43% explain that they have seen better collaboration between IT operations, development and networking teams as they now have a single source of truth for data. No more working in silos with independent, disconnected monitoring tools.

Customers tell us they are removing themselves from the constant cycle of firefighting that has characterized most IT departments in recent years. Teams are becoming more productive and operational costs are falling because availability and performance issues are being addressed earlier and more quickly.

Against this backdrop of success, it perhaps shouldn’t be surprising that 80% of technologists believe that organizations that fail to make significant strides in their journey towards full-stack observability in 2022 will face competitive disadvantage versus their peers.

But where full-stack observability really comes into its own is when technology performance is directly linked to the most important business metrics. In fact, 98% of technologists believe that it’s important to be able to directly correlate performance across the full IT stack with business outcomes.

Full-stack observability with business context enables companies to digest IT performance to easily identify where they can prioritize performance and tackle issues that strategically impact their bottom line. This correlation of technology and business data allows IT leaders to make smarter, strategic decisions based on actual business impact.

Making the shift is absolutely critical in order for businesses to successfully embed a sustainable digital-transformation-as-usual culture across their operations to thrive in the post-pandemic economy.

And critically, whereas before IT teams may have had to battle to get buy-in from senior leaders for procuring new technology solutions — such as full-stack observability — business leaders are now huge advocates. 93% of technologists report that the wider business has been supportive of their efforts to implement full-stack observability, in terms of providing the necessary budget and resources.

This is a hugely significant development in the evolution of full-stack observability, suggesting that technologists are now well positioned to ramp up their implementation programs with the sponsorship and investment they need to deliver success.

It’s clear that the implementation of full-stack observability will be mission-critical for technologists as they shift gears and ramp up transformation programs. A full-stack observability approach is central to technologists delivering their organization’s future objectives, enabling them to be more strategic, prioritize resources and influence vital and strategic decisions that drive the bottom line.

Joe Byrne is Vice President of Technology Strategy and Executive CTO at AppDynamics, a part of Cisco. His primary focus is on working with customers and prospects on APM strategy and helping with digital transformations. He also works closely with Sales, Marketing, Product and Engineering on product strategy. Prior to AppDynamics, Joe held technology leadership roles at Albertsons, EllieMae and Johnson and Johnson.

The NYPD is just one example of Salesforce’s years-long effort to work more closely with law enforcement agencies.

Salesforce is looking to law enforcement for new projects.

Joe Williams is a writer-at-large at Protocol. He previously covered enterprise software for Protocol, Bloomberg and Business Insider. Joe can be reached at JoeWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

On Dec. 11, engineers in Salesforce’s government division gathered on Google Meet for an unusual meeting. It was a Saturday, and the huddle had been organized quickly.

It’s fair to say most attendees were not expecting what came next. Salesforce executives wanted those employees to agree to and sign a more than 1,000-page legal document in the next 24 hours that, among other things, would allow Salesforce to share their personal information externally.

The fast signatures were necessary if the software giant was to move forward with a new law enforcement customer: the New York City Police Department, according to sources familiar with the situation and emails reviewed by Protocol. An NYPD spokesperson did not respond to multiple requests for comment.

“We apologize for the tight timeline and realize we are asking for your help on the weekend,” former Chief Trust Officer Jim Alkove wrote to employees.

The signatures were also necessary for the employees to continue working in the government division. The warning from the top was clear: Those who didn’t sign would have to move to a different department.

The document in question dealt with a covert hurdle the technology industry has to navigate with clients like the NYPD: the Criminal Justice Information Services, or CJIS, a division of the FBI that stores fingerprints, documents and other data and evidence used to, among other law enforcement activities, review the history of suspected criminals.

For a software provider to do work with, say, a city’s local prison system, engineers on those accounts are required to provide their personal data — including social security numbers — to the CJIS for criminal background and credit checks. It’s similar to the clearance that technology workers need to get in order to work with federal agencies, known as FedRAMP.

But unlike FedRAMP, customers like the NYPD are able to add additional requirements — like prohibiting anyone who has filed for bankruptcy from working on the account — that make the CJIS process more ad hoc. That has prevented Salesforce from being able to deploy a standardized process, according to sources.

“Trust is our number one value, and we take the protection of our customers' data very seriously. Safeguarding customer data includes compliance with various regulatory programs, such as the Criminal Justice Information Services (CJIS) Security Policy, which may place extra requirements on Salesforce employees,” a Salesforce spokesperson said in an emailed statement.

After receiving a detailed run-down of the reporting in this story, the spokesperson declined to comment further.

The dive into CJIS-related work is part of a broader attempt by Salesforce to earn more government business, including top-secret work with agencies like the State Department. The company has at least 12 pending deals with CJIS-related clients, including the U.S. Drug Enforcement Administration, according to one source familiar with the pipeline.

However, the company has struggled to galvanize employee support for the subsequent requirements that go along with its push deeper into the law enforcement industry. In a sign of the struggles Salesforce faces, neither the company nor the NYPD would confirm whether the deal discussed during last December’s meeting is still active.

In order to win more public-sector customers, Salesforce has to prove it can meet the requirements that the NYPD and others mandate. But the December effort set off alarm bells among some that ultimately resulted in several employees being moved from the government cloud division over refusals to sign the contract and submit their personal information, sources said. Salesforce declined to comment on employee-related matters.

With just a few hours to review a contract fatter than “War and Peace,” some engineers pushed back. Salesforce executives ended up having to hold a town hall meeting on Dec. 13 to address employee questions, the sources said.

The engineers were asked to fill out what amounted to booking forms, the sources said, including listing any of their tattoos or visible scars.

Ultimately, workers were given more time to review and sign the contract. But some employees questioned the urgent timeline Salesforce broadcasted. For example, the documents included a signature from an executive who left months prior, indicating that Salesforce had long expected this confrontation, per one source, and a Slack channel that employees had access to showed executive conversations discussing the pending mandate several months prior.

Many of the questions from employees centered around how their information would be used, the protocols in place to safeguard it, how long it would be stored and, ultimately, whether it would open them up to unauthorized credit or background checks. Salesforce, sources said, provided few answers.

The other glaring problem with the CJIS, they argued, is that each potential customer can have a separate list of requirements for additional information and subsequent demands that could prevent an individual from working on the account. FedRAMP, on the other hand, has a uniform list of requirements that must be met by all companies.

It’s also a problem that some rivals — and close partners — don’t have. Other vendors, namely the cloud providers, likely don’t have to submit employee information to the CJIS system despite working with similar customers. That’s because AWS, Microsoft and Google have, in essence, stricter safeguards in place that prevent the ability of their own workers to access customer information.

“Cloud service personnel are unlikely to have unescorted access to unencrypted” criminal justice information, an FBI spokesperson told Protocol. Spokespeople for AWS, Microsoft and Google Cloud did not respond to multiple emailed inquiries.

However, Salesforce engineers can access such data to help with maintenance and support, according to a source familiar with its inner workings. It’s also hard to prevent engineers from accessing specific accounts given the various systems all share an underlying infrastructure that makes it difficult to erect such firewalls, according to sources. Salesforce, however, is trying to move some self-hosted programs to FedRAMP systems owned and managed by AWS, per one of the sources.

The NYPD had some stringent rules regarding who could work on the account. For example, anyone who had a moving violation carrying a fine over $300 or had filed for bankruptcy was barred from working with the client, sources said.

Some employees immediately balked. At the same time, it was not a new request for many in the room.

Salesforce had attempted a similar move twice before, according to sources: once, in 2017, with the Philadelphia Departments of Prisons, and another time, years later, for a client that could not be independently verified by Protocol.

The contract with the Philadelphia Department of Prisons fell through amid employee resistance. The engineers were asked to fill out what amounted to booking forms, the sources said, including listing any of their tattoos or visible scars. Since the Salesforce employees were technically contractors, it was the only way the prison system could process the necessary background and credit checks.

However, a spokesperson for the Philadelphia Department of Prisons denied that was the reason the deal disintegrated.

“The contract was not rescinded due to employees objecting to providing their personal information to CJIS,” they said in an emailed statement. The spokesperson declined to comment further, citing ongoing litigation with the company. Salesforce declined to comment.

But it’s clear the company was perhaps unprepared for the employee resistance.

One of the CJIS requirements, for example, is employee fingerprints. Salesforce suggested storing all applicable employee fingerprints on a separate, encrypted laptop. That, combined with a signed agreement from the employees, would then make it easier for the company to provide the data on the part of its workers for future customers. The engineers, however, saw it differently and pushed back. The idea was ultimately shelved.

The push to land the NYPD — along with hiring for related roles — is a clear sign that Salesforce is eager to win more law enforcement business. Salesforce is also trying to ramp up its work with other federal agencies. For example, the company is currently hiring for a position on “Project Blackjack,” Salesforce’s codename for a top-secret initiative with the State Department.

The effort to wade deeper in the law enforcement sector comes at an interesting time for Salesforce. Employees are going public with their disappointment over the company’s work with the NRA following the Uvalde shooting. And with the reputation of law enforcement tarnished for some beyond repair, Salesforce’s growth ambitions could once again collide with its cherished cultural values.

Joe Williams is a writer-at-large at Protocol. He previously covered enterprise software for Protocol, Bloomberg and Business Insider. Joe can be reached at JoeWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Part distribution strategy, part product design, embedded finance is drawing the attention of investors who want to fund next-generation financial infrastructure.

Embedded finance includes lending, payments, open banking, banking-as-a-service, data aggregation and data transfer services.

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The lower fintech multiples tumble, the harder VC funding is for founders to find. But savvy investors are betting on a less-flashy type of fintech that’s been overlooked in recent years: startups they believe will form the infrastructure for the next wave of financial services innovation.

And funders have coalesced around a label for these companies, one that startups are only now starting to adopt: embedded finance.

The picks and shovels on offer include lending, payments, open banking, banking-as-a-service, data aggregation and data transfer services. The offerings are typically API-driven and deeply integrated into another product rather than redirecting consumers to a third-party site.

Companies like Stripe and Plaid are considered early exemplars of embedded finance, joined by newer ventures like Apiture and Yapily. And embedded plays are emerging in both traditional fintech and crypto.

“The next phase is not going to be in the next consumer-facing digital bank or consumer-facing crypto wallet,” said Martin Tantow, a partner at Pegasus Tech Ventures. His firm’s portfolio shows how the tide is shifting, with Pegasus backing early consumer plays like Robinhood and SoFi, which both went public in 2021. But infrastructure is what appeals to him now: “Embedded finance — now, that’s what’s getting interesting for us.”

Tantow is not the only VC shifting focus. Bain Capital Ventures is one of the firms that set the trend, as partner Matt Harris has long encouraged companies to consider embedded finance as a strategy.

“It’s easier now, because of innovation in financial infrastructure, to get fintech products up and running faster and more easily. They take some of the legwork out of legal compliance, regulatory complexity that companies don’t want to take on,” said Christina Melas-Kyriazi, a partner at Bain. “I’m really interested in that.”

Melas-Kyriazi says companies that pitch her with a clear distribution strategy are best aligned with Bain’s investment thesis. “If you’re solving a consumer-facing problem, you want to go direct-to-consumer,” she explained. “But a better way to access that person, at times, can be via software, where they’re doing their work.”

Startups serving up software to financial services companies and other business customers are also earning more investor dollars than other fintech sectors, giving them some buoyancy amid sinking valuations. According to Dealroom, embedded finance investing roughly tripled between 2020 and 2021, and investment in payments startups — a key sector within embedded finance — appears to have held steady in the first three months of 2022.

Melas-Kyriazi said the best embedded-finance companies either leverage data collection or network effects so that “once someone starts using your product, they're going to use it again and again, and it's going to be harder for them to switch.”

Catherine Birkett, CFO at GoCardless, said integrating financial services, like putting payments and accounting together, simplifies business operations in obvious ways. The open-banking company secured $312 million in late-stage funding in February. “This is easy to explain to investors, and from there it’s logical that fintechs that offer convenience and ease of use to merchants are more likely to acquire customers than those that don’t,” she said.

That’s part of the embedded finance pitch: It’s a more efficient and consumer-friendly route to reach other companies’ loyal customers as opposed to branding and launching a new financial product into often-crowded markets. Like other business-to-business models, that makes it dependent on other companies as a channel for growth, but embedded finance’s supporters argue that’s a feature, not a bug.

It’s not enough to just declare yourself an embedded finance company and start pitching investors. Tantow emphasized that in the current environment, companies must have strong financials to back up their pitch — preferably enough revenue to survive a looming downturn. “I want to see what their distribution model is [and] which channels and strategic partnerships they are pursuing,” he added.

For investors now, the most exciting fintechs are ones with low overhead, a clearly defined strategy of marketing to businesses and a promise of infrastructure that will accelerate the transition to a fully digital financial ecosystem.

PitchBook recently warned of a “bifurcation of the market” in fintech: Those serving consumers and small businesses, the firm’s analysts wrote, “will be negatively impacted while enterprise and infrastructure companies will remain at strength.”

Or as “Saturday Night Live’s” trend forecasters might put it: Get embedded, or go to bed.

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

Can Meta be sued for its algorithm, or is the content to blame for social media addiction?

Users are suing social media platforms over alleged harmful effects.

Nat Rubio-Licht is a Los Angeles-based news writer at Protocol. They graduated from Syracuse University with a degree in newspaper and online journalism in May 2020. Prior to joining the team, they worked at the Los Angeles Business Journal as a technology and aerospace reporter.

Social media companies are under fire lately, and Section 230 may no longer provide a solid defense.

This week, Meta was slapped with eight different complaints, filed in as many states, alleging that its algorithms have contributed to mental health issues such as eating disorders, sleeplessness and suicidal thoughts or tendencies in younger users. The complaints allege that excessive time on Instagram and Facebook pose serious risks to mental health, with one plaintiff claiming that Meta “misrepresented the safety, utility, and non-addictive properties” of its platforms.

Rather than going after the content itself, these complaints target the algorithm that serves it to users — making Sec. 230, which states that Meta can’t be held legally liable for third-party content posted on its platform, no longer applicable.

A federal appeals court last year ruled that Snap could be held accountable for its speed filter, which allegedly encouraged reckless driving and caused a fatal car crash in 2017. That ruling opened the door for lawsuits like the ones filed against Meta, said Eric Goldman, co-director of the High Tech Law Institute at Santa Clara University. The plaintiffs in the Snap case argued that the speed filter wasn't considered third-party content, but was rather a design choice Snap itself had made. Because the court ruled that Snap wasn’t protected by Sec. 230 in this case, others are attempting to work around the law in similar fashion.

But, Goldman argued, the Snap ruling and the cases against Meta are “qualitatively different,” because the algorithm and the content it serves are “all the same thing.”

“This idea that we can distinguish between dangerous software and dangerous third-party content on software is in my mind an illusion,” he told Protocol. “The algorithm only directs people to see content. Ultimately, it's the content that's the problem. Then we're back to the fact that that's really a Sec. 230 lawsuit.”

Goldman also noted that the lawsuits against Meta, which were filed in Texas, Tennessee, Colorado, Delaware, Florida, Georgia, Illinois and Missouri, were spread out in the hopes that one of the eight judges overseeing the cases would side against the company. Goldman said what’s likely to happen if one judge rules in favor of Meta is that the rest will follow suit. The question remains if any judge will buy the plaintiff’s argument.

“Basically, it's like a lottery,” said Goldman. “You only really need to win one in order to open up a very, very big door for future litigation.”

Regardless of whether Sec. 230 is in play, social media companies aren’t off the hook for platform addiction. A bill passed by the California State Assembly in late May would give parents the right to hold social media platforms responsible if their children become addicted.

Several platforms are also being investigated by attorneys general all over the country. In November, a coalition led by state AGs from California, Florida, Kentucky, Massachusetts, Nebraska, New Jersey, Tennessee and Vermont began investigating Instagram for the ways that it keeps young people engaged. The group extended its investigation to include TikTok in March.

Facebook whistleblower Frances Haugen also testified to Congress last year that Meta wasn’t forthcoming about Instagram’s effects on young people, even after internal research showed that the app exacerbated mental health issues for teen girls in particular.

“They include addictive design, features, algorithmic amplifications of disturbing content,” Common Sense Media CEO Jim Steyer told me. “Those are just some of the tactics that social media platforms like Meta use.”

Amid public pressure, social media companies seem to be showing signs of wanting to limit user addiction. TikTok announced Thursday that it’s rolling out more screen time controls to help users limit the amount of time they spend scrolling. Instagram implemented similar daily time limits, but quietly rolled back the ability for mobile users to set a daily time limit reminder lower than 30 minutes. Though these moves seem good on the surface, time limits like these are easy to surpass, and may just be a tactic for these companies to save face given that they want to keep users actively using the platform for as long as possible.

If states continue to pass legislation to hold social media platforms responsible for content posted on their platforms, Congress or the Supreme Court may step in to amend or clarify Sec. 230. That could reshape the way social media companies operate altogether.

“We're at a watershed moment, and in the next few years, we are finally going to see major action on multiple fronts,” Steyer said.

Nat Rubio-Licht is a Los Angeles-based news writer at Protocol. They graduated from Syracuse University with a degree in newspaper and online journalism in May 2020. Prior to joining the team, they worked at the Los Angeles Business Journal as a technology and aerospace reporter.

To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.