The demand is neither rhetorical nor futuristic, but rather a simple exercise in political provocation. It comes up repeatedly every time abuse, filters or massive surveillance practices are normalized, and it was back on the agenda when Pedro Sánchez publicly considered pushing the guidelines of major platforms because of the damage they cause.
The problem is that this particular path is not feasible in the current legal framework of the European Union. But just because one option isn’t legal doesn’t mean there isn’t another, and that’s where the debate really matters.
In the last few years, the European Union has built a regulatory body that affects much of what my member states can and cannot do for themselves. The General Data Protection Regulation (GDPR) makes it clear that systematic surveillance of citizens is not a neutral or harmless activity and sets limits, obligations and sanctions.
The Ley de Servicios Digitales (DSA) and Ley de Mercados Digitales (DMA) went further, reserving a central role for the European Commission in the supervision of large platforms and limiting the ability of states to act unilaterally.
This has a direct consequence: Spain cannot decide to prosecute the directors of Meta or TikTok or impose structural conditions on them on the fringes of a common European brand, even if there is a political temptation.
From now on, no one can conclude that Spain is holding its hands. What cannot be done is to create a repressive regime incompatible with Community legislation. But what can be done is to consistently apply existing standards, use all available administrative tools and, above all, stimulate debates that will eventually be transferred to the European level, where the essentials are decided.
The relevant question is that in Spain you can ban Instagram, Facebook, Threads or TikTok by decree, because the honest answer is no, although that would be great. The question is that we can make a decisive contribution to ensuring that certain business models become legal in Europe.
In this context, a false solution that enjoys great political popularity often appears: banning access to welfare kingdoms to persons under the age of 16. It’s an intuitive idea, seemingly protective and highly profitable in name, but deeply problematic.
Not only does it not attack the core of the problem, the tracking and data mining model, until it introduces more serious risks. To deny access for this reason, it is necessary to identify the user in a trusted way, which raises a technical and political dilemma of the first order.
Identifying data online is not a trivial problem. In advanced cryptographic systems, such as verifiable anonymous credentials or knowledge audits, the only real alternative is some type of centralized registry: proofs of identity, databases, intermediaries that confirm it.
It is said, the exact opposite of what is said to protect. And to think that this type of solution can be implemented in a secure and privacy-respecting way in a country where the public debate is only about what cryptography is, how it works, or why it is necessary for digital data is somewhat naive.
Also open the floodgates to a mandatory identification system for access to social networks not only for adults. Create a control infrastructure that can easily scale across the population. Now it’s “protecting children” but “combating misinformation”, ensuring “good behavior” or “national security”.
Technological history is replete with examples of herramiens created with the most noble of ends that were used to track, discriminate, or suppress. By introducing a generalized mechanism of identification in social networks, the state and third parties are supposed to gain power, which they will later take away. And you never know who might go to work.
First, banning a trade model is very different from banning a collection. Massive surveillance for commercial purposes is not a natural law or an inevitable consequence of the Internet until they are the result of political decisions and specific rebuttals previously made (or not made).
Spain, like my country, can strengthen the implementation of the GDPR, give its data protection authority real resources, systematically sanction malpractices and avoid fines that are a simple cost of doing transactions. It can also be implemented within consumer protection and competence, dealing with fictitious consents, manipulative interfaces and opaque advertising markets.
And above all, one can discuss the debate that latently developed in Brussels: whether behavioral publicity based on the surveillance of users must be legal. Because this debate is not just about the big social networks.
If we look at the tracking model in detail, Google, ad intermediaries like Criteo, and much of the media and services that now depend on targeting their users in a systematic way will take center stage. This explains the resistance: we are not talking about four specific platforms until we have a complex economic infrastructure built around the systematic harvesting of personal data.
In Spain today you cannot outlaw Instagram or TikTok for your content, you cannot solve the problem with symbolic bans because they generate more risks than those that eliminate them.
However, it is possible to abandon grandiose gestures without legal recourse and fall back on a more inconvenient and effective strategy: to enforce the law to the end, to push for regulatory changes at the European level and to assume that a business model based on the exploitation of citizens is not an inevitable collateral damage of the digital economy, but a political decision. A true question cannot be answered until you are satisfied.
***Enrique Dans is Professor of Innovation at IE University.
Leave a Reply