Apple, Amazon and Google Also Are Bracing for Privacy Regulations
Apple, Amazon and Google Also Are Bracing for Privacy
Regulations
U.S. technology companies have stayed largely exempt from
significant government regulation and self-policing of privacy, but that is
about to change
By Christopher Mims April 8, 2018 8:00 a.m. ET
We are finally waking up to the fact that we aren’t
merely “the product” of companies like Facebook Inc. and Alphabet Inc.’s
Google. As one Silicon Valley investor put it, we are their fuel.
At least our personal data is: Every week, it seems, we
are treated to fresh revelations of hacks, leaks and exploitation of our
information, along with ever louder cries for regulation and consumer
protection, in the U.S. and Europe.
What is less appreciated is the degree to which Apple
Inc. and Amazon.com Inc. —which must maintain a direct relationship with their
paying customers—could also be affected, both for good and for ill. (Another
tech giant, Microsoft Corp., hasn’t played as big a role in the smartphone
revolution and hasn’t seen similar growth, but it too must comply with
forthcoming regulation.)
The past decade saw an explosion in revenue and value for
these four companies sufficient to put them atop the global economy. But the
laissez-faire environment in which they have operated is for the first time plausibly
coming to an end.
Facebook Rises
Going public during a decade largely devoid of
regulation, the data-hungry Facebook has seen revenues explode.
Google Also Rises
Google’s fortune was aided by the Android mobile OS,
which enabled better ad tracking and location services.
Amazon, Too
Unlike other giants, Amazon doesn’t need to buy your
shopping history to track your spending. That data fuels its recent boom.
And Let’s Not Forget Apple
The iPhone’s mobile OS may be designed with privacy in
mind, but its App Store has been a data collector’s dream.
Facebook is the lightning rod: Across the political
spectrum, statements by public figures and recent surveys reveal Americans are
suddenly more concerned about the power of Facebook. Possibilities that seemed
remote just six months ago, such as action by state attorneys general, are now
reality. Missouri’s AG is demanding Facebook say which political campaigns paid
for users’ personal data and whether users were notified.
In Europe, strict privacy regulations known as the
General Data Protection Regulation come into force on May 25.
GDPR is designed to include penalties that are “effective
and dissuasive.” Depending on the offense—including mishandling of personal
data, failure to exclude children from age-inappropriate services or content
and many others—fines can be as high as 4% of a company’s global revenue. Based
on 2017 revenue, for Facebook that could be $1.6 billion.
And as GDPR rules could cover EU citizens no matter where
they live or travel, multinational companies may not be able to simply fence
off their services geographically. Facebook Chief Executive Mark Zuckerberg
recently said his company is working on extending GDPR protections to every
user.
Mr. Zuckerberg also recently said that regulation of
companies like Facebook is inevitable, and that he supports mandating that
internet companies label political advertising, something the company has
already pledged to do.
This is on top of the EU’s parallel effort to force U.S.
tech giants to change how their services work on antitrust grounds, which is
inspiring lawmakers in the U.S.
The recent bipartisan passage of the Stop Enabling Sex
Traffickers Act, which potentially opens up all online services to liability
for facilitating human trafficking, was a blow to tech’s decades of legal
immunity. Calls for more industrywide regulation are coming from many quarters,
and rumblings of legislative action are now coming from Big Tech’s former
allies.
“Almost uniquely in the U.S. economy, internet giants
have had essentially no regulatory burdens,” said Roger McNamee, an early
investor in Facebook and now frequent critic of it and others like it. “That’s
not normal for businesses that have as much impact as these have.”
Brianna Wu, a game developer now running for Congress in
Massachusetts, said if elected she will propose an “omnibus bill of rights”
governing how tech companies will have to handle our data. Like GDPR, this
would affect every company gathering our data, from Big Tech to the many
companies that recently had breaches, including Equifax and Saks and Lord &
Taylor.
Google has an advertising model that is just as
data-hungry as Facebook’s. It doesn’t just gather our search history and
location; its YouTube platform tracks our taste in media. Since 2012, the
company has pooled data on us across all its properties.
Arguably, Google has more experience than Facebook with
regulators: In 2013, Google settled with the Federal Trade Commission over
competition issues, and for months it has been promoting its efforts to comply
with GDPR. Yet unlike Facebook, Google isn’t planning to roll out GDPR-type
privacy protections everywhere it operates, so it could be less prepared should
similar rules come to the U.S.
Amazon already runs a $2.8-billion-a-year advertising
business that targets ads using harvested data. But Amazon doesn’t have to buy
our purchase history from data brokers—information even Facebook says it will
eliminate from its advertising system. Since Amazon’s retail-and-advertising
ecosystem is mostly self-contained, it won’t have to change as many practices
as its competitors will. Still, the full burden of GDPR won’t become clear
until customers and their lawyers begin to test its sometimes-vague
protections.
“Amazon has a longstanding commitment to privacy and data
security, and we are committed to complying with GDPR requirements when they
come into effect,” an Amazon spokesman said.
GDPR is likely to strengthen Apple’s position in the
short term. “Apple will find GDPR to be very much consistent with its value
system,” Mr. McNamee said. Apple advocates differential privacy, an approach to
data collection that is meant to prevent our data from being personally
identifiable. It has already rolled out changes to the iOS mobile operating
system in anticipation of the regulations.
Apple CEO Tim Cook likes to say his company would never
make the same kind of mistakes that Facebook has. But Mr. Cook’s confidence
belies the fact that Facebook—now overwhelmingly accessed via mobile
devices—would scarcely exist without the iPhone and its Android-powered
imitators.
Apple also makes it possible for developers to obtain
lucrative personal information. For example, in at least one instance, vague
permissions on the iPhone and Android phones mean we are a tap away from
letting strangers sell our location data.
While Apple does enforce rules in its App Store and
requires developers to justify requests for unusually rich information, the
company doesn’t require every developer to protect privacy to its same rigorous
standards.
Facebook may be making most of the headlines right now,
but in the long run Apple, Google and Amazon also are likely to face emboldened
regulators who make rules not just for what companies do with our data, but for
the devices that gather the data in the first place.
Comments
Post a Comment