Dinsdag 15/10/2019

Privacy

How looming privacy regulations may strengthen Facebook and Google

Beeld AFP

SAN FRANCISCO — In Europe and the United States, the conventional wisdom is that regulation is needed to force Silicon Valley’s digital giants to respect people’s online privacy. But new rules may instead serve to strengthen Facebook’s and Google’s hegemony and extend their lead on the internet.

That could begin playing out next month, when Europe enacts sweeping new regulations that prioritize people’s data privacy. The new laws, which require tech companies to ask for users’ consent for their data, are likely to hand Google and Facebook an advantage. That’s because wary consumers are more prone to trust recognized names with their information than unfamiliar newcomers. And the laws may deter startups that do not have the resources to comply with the rules from competing with the big companies.

In recent years, other regulatory attempts at strengthening online privacy rules have also had little effect at chipping away at the power of the largest tech companies, ultimately aiding internet giants rather than hurting them.

“Regulations help incumbents,” said Avi Goldfarb, a marketing professor at the University of Toronto who has studied the effect of privacy regulations on competition. Goldfarb was the co-author of a 2013 report that said privacy regulation could be anti-competitive because the cost of getting permission from users for their data was typically much higher for a younger company than for an established firm.

That Facebook and Google may emerge stronger from all of this can seem like a distant prospect. The Silicon Valley companies have been under scrutiny for months for how they collect and use people’s data, with Facebook reeling from revelations that the political research firm Cambridge Analytica harvested the personal information of up to 87 million of its users. That led to Congress dragging Mark Zuckerberg, Facebook’s chief executive, to Washington this month for a grilling.

Google, too, has grappled with questions about its online video service YouTube as it tries to duck lawmakers who fear that the search giant’s data-collection machinery is as robust as Facebook’s, if not more so.

At the same time, countries like Brazil and Argentina are exploring European-style privacy regulations that will further test the companies’ advertising-based business models. U.S. lawmakers also showed more openness to regulating Silicon Valley during Zuckerberg’s testimony this month.

"Right to be forgotten"

Yet past attempts at privacy regulation have done little to mitigate the power of tech firms. Consider what happened in Europe after earlier attempts at checking the power of Facebook, Google and others.

In 2014, Europe’s highest court ruled that people had the “right to be forgotten” online, meaning they could ask Google and other digital companies to delete search results about them. Since then, Google has instead become a chief arbiter of what information is kept online in Europe because the company itself is responsible for determining the fate of each deletion request.

Another 2011 European law requiring websites to alert visitors to “cookie” trackers that collect data on browsing history has largely turned into a distracting annoyance rather than changing how companies operate. People often accept the tracking to get rid of the pop-up warning without reading details about the tracking.

Today, the uproar over data privacy has also done little to diminish the businesses or usage of Facebook and Google. Zuckerberg said this month that the Cambridge Analytica scandal had no meaningful effect on Facebook’s business, which is expected to show sales growth when the company reports quarterly earnings this week. Alphabet, Google’s parent company, said Monday that its revenue rose 26 percent for its most recent quarter as its ad business continued to grow.

Spokeswomen for Facebook and Google declined to comment.

In Europe, the coming data privacy laws are known as the General Data Protection Regulation. These rules will restrict how tech companies collect, store and use personal data from people across the region. The laws, which take effect May 25, require companies to explain how they plan to use people’s personal information in simple, unambiguous language and detail what other entities will gain access to that data. Companies can no longer hide behind convoluted and often ignored user agreements, but must obtain consent with a full understanding of the user where their data may go.

Lawyers, consultants and businesses preparing for the privacy laws said that reining in the large technology companies was not the primary goal of the European legislation.

Advantages of being a giant

Giovanni Buttarelli, the European data protection supervisor who was involved in the creation of privacy rules, said much of the impact would be determined by regulators who enact the law and who will be up against well-funded teams of lobbyists and lawyers. Google and Facebook will be overseen by the Irish data authority because their European headquarters are in Ireland. Buttarelli noted that Europe had staff of about 2,500 across all the countries working on the issue.

“That’s peanuts compared to the lobbyists in Brussels and Strasbourg,” he said, referring to the cities where the European Commission and Parliament operate.

He said large technology companies had advantages but would also be under a microscope. Enforcement of the law is skewed to companies that handle the most personal data.

“There are pros and cons to being a tech giant,” he said. “We want to treat small and medium-sized businesses differently.”

Meer over

Wilt u belangrijke informatie delen met De Morgen?

Tip hier onze journalisten


Op alle verhalen van De Morgen rust uiteraard copyright. Linken kan altijd, eventueel met de intro van het stuk erboven.
Wil je tekst overnemen of een video(fragment), foto of illustratie gebruiken, mail dan naar info@demorgen.be.
DPG Media nv – Mediaplein 1, 2018 Antwerpen – RPR Antwerpen nr. 0432.306.234