Public policy debates over consumer privacy and platform liability will feature prominently in 2021. Some are even hopeful that policymakers can reach bipartisan agreement on solutions. These are two important issues that I want to explore. However, I wonder if they aren’t the byproduct of a bigger problem.
Consumer privacy: A policy patchwork
One could argue that the digital advertising industry has been “regulated” (even if enforcement was less than robust) since 2010 when the industry’s self-regulation group, the Digital Advertising Alliance (DAA), rolled out its AdChoices program. In 2018, Europe began enforcing the General Data Protection Regulation (GDPR). In 2020, the California Consumer Protection Act (CCPA) came online followed by the November passage of the GDPR-like California Privacy Rights Act (CPRA).
Against this alphabet soup of patchwork regulation, we may be reaching a tipping point. For one thing, more states are expected to pass consumer privacy laws in 2021. Even with pandemic-altered legislative calendars, 16 states nearly passed laws in 2020.
Additionally, Congress has held countless hearings over the last two years to investigate big tech’s massive data collection operations. Those hearings are sometimes painful to watch, but they are serving to educate members of Congress, who appear to be much more knowledgeable now than they were a few years ago. (Remember when one of them asked Mark Zuckerberg how Facebook makes money? Oy.)
As further evidence of an increasingly savvy Congress, there is a bipartisan group of Senators quietly negotiating to craft a national consumer privacy framework. From what I’ve seen and heard, their approach is fairly solid. With slim Democratic majorities in both houses of Congress, this kind of bipartisan approach is the only way that any meaningful privacy law can get passed. However, the deck may be stacked against them. It is difficult to move major legislation with slim majorities in the House and Senate because the margin for error is very small.
All that said, the California laws (CCPA and eventually CPRA) are likely to serve as the de facto national standard. Many companies already apply those laws nationwide, not just for California residents. Besides which, most of the big tech giants are based in California. While the CCPA was a strong first law designed to give consumers more control over how their data is collected and used, CPRA is directly targeted at curbing Google and Facebook’s massive data collection and profiling operations.
GDPR has a similar focus. However, Google and Facebook have employed creative compliance strategies that have allowed them to temporarily evade a direct hit to their businesses. The big question is whether European and California regulators can force big tech companies into finally complying with the spirit of these consumer privacy laws. Fines are fine. But the laws were actually intended to empower and protect consumers.
Section 230: A Tale of two parties
Often referred to as “The 26 Words That Created The Internet,” Section 230 became a target of both political parties in 2020. Prominent Republicans and Democrats — including each party’s Presidential nominee — have called for the elimination or massive overhaul of Section 230. And yet Congress is not all that close to resolving anything.
The problem is that each party’s concerns lead them to propose different solutions. Democrats and Republicans both agree that big tech platforms have too much market power. Hence, the flurry of antitrust lawsuits filed by a Republican Department of Justice (and likely to be carried forward by a Democratic Department of Justice) and a bipartisan flotilla of state attorneys general.
With regard to Section 230, however, Democrats criticize tech platforms for not taking action quickly enough to combat disinformation, harassment, and demagoguery. Republicans, on the other hand, allege that big tech companies use the legal shield of Section 230 to suppress conservative speech. Essentially, Democrats want tech companies to do more while Republicans want tech companies to do less. These fundamentally different viewpoints are likely to make it difficult for Congress to agree on any big changes to Section 230.
Big picture, bigger issue
What’s interesting to me is that the public policy debates around consumer privacy and Section 230 are largely driven by dominance and anticompetitive behavior of big tech companies. I wonder if we would even be having these debates if Google and Facebook faced meaningful competition.
The aforementioned alphabet soup of consumer privacy regulations was developed to address consumer concerns about the ubiquitous and non-transparent collection of consumer data for use in behaviorally targeted ads. The two most dominant players in the digital ad industry, Google and Facebook, have built massive ad targeting businesses (basically the digital equivalent of junk mail), which are fueled by the collection of consumer data across the web and our lives. The duopoly, as we have called Google and Facebook for years now, accounts for 70 to 80% of the growth in the digital advertising marketplace. Much of this advertising is delivered on their own properties regardless of where they mined the data.
With regard to Section 230, the original intent of the law was to incentivize companies for making “good faith” actions to clean up their services. However, without meaningful competition among digital platforms, those companies are merely incentivized to protect themselves against legal action as opposed to competing for consumer loyalty.
Anticompetitive by design
Imagine a world where Facebook and Instagram were separate companies competing for consumers. I think they would be vying to prove which company would be the best at snuffing out disinformation, stamping out illegal activity, and generally providing the most trustworthy service.
Significantly, when Facebook was first launched, it touted a super strong set of privacy protections and controls to differentiate from the established market players at the time. But not now. The “like” button was originally designed as a user signal to show content interests. It has become an opaque means to track people’s movement around the web. Facebook’s business model is so reliant on tracking users it ran a national ad campaign last month to publicly pressure Apple to blink on its plan to restrict the use of its advertising identifier (IDFA). And let’s not forget that Facebook only reluctantly and belatedly de-platforms hate groups and removes disinformation.
If there was meaningful competition, big tech platforms would behave very differently within the industry and for consumers. The latest bit of evidence that Google and Facebook agreed to cooperate rather than compete with each other was particularly appalling. The two dominant players in digital advertising decided to carve up the market for themselves while icing out everyone else. The fact that the agreement exists at all is quite amazing. Perhaps more amazing is that these two companies had enough chutzpah to even engage in the negotiation in the first place. In many ways merely confirmed what many industry insiders already suspected. It’s the Duopoly’s world and we’re just living in it.
While we engage in meaningful and important debates about consumer privacy and the responsibilities of companies in a digitally-dominated world, let’s not lose sight of the fact that the competitive landscape is heavily tilted in favor of the big tech companies. The antitrust lawsuits and regulatory scrutiny faced by Google and Facebook are hugely important for restoring a heathy dose of competition, which could alleviate some of the downstream public policy concerns.