Regulatory authorities examining privacy as a potential basis for anti-trust issues
You have been waiting for this new app for months. The only thing that stands in your way is a blur of legalese you dexterously scan through, your pointer finger wildly spinning the wheel on your mouse. The “accept” button is now clickable. You know you should read it, but you’re in a hurry. And who can blame you?
A study from Carnegie Mellon estimates that it would cost the U.S. economy $781 billion if people actually read all the privacy polices they came across in a year (and this was in 2008!). Surveys of American and European consumers have found that they increasingly feel they are no longer in control of their personal data. A European Commission report found that 71 percent of respondents said that “it is not acceptable for companies to share information about them without their permission, even if it helps companies to provide new services they might like”. A recent Pew study of Americans found that “fully 91% of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies.”
There is clear disconnect between this discomfort with services that are invasive to people’s privacy, and the usage of many services that actively, and opaquely, use personal data. This has led to growing regulatory interest, mostly in the EU, for examining how large technology companies use consumer data through the lens of anti-competitive law. The OECD convened a conference last year specifically to address this intersection of the growth of big data, and anti-trust concerns.
In many specific segments of the tech industries there are only a few players due to the almighty forces of network effects. In a traditional monopoly, and absent government intervention, consumers suffer because a company can charge whatever price it wishes. For this reason, governments often only allow monopolies to continue in industries where the duplication of services (e.g., utilities) would be inefficient for society. These allowances usually come with restrictions and responsibilities. But how does this play out in industries where the product is often “free?” In these circumstances, product quality, (or consumer privacy in the case of technology companies) suffers.
An independent German competition authority recently launched an investigation against Facebook related to this very issue (The UK house of Lords has been publicly discussing it as well). The authority asserts that “dominant companies” have “special obligations,” much like in a more traditional government-sanctioned market position. Relatedly, they note that [in relation to a hypothetical M&A deal] “If two horizontal competitors compete on privacy as an aspect of product quality, their merger could be expected to reduce quality. For some analysts, a reduction of privacy is indeed tantamount to a reduction of product quality.” The longer a company keeps a dominant position the better and more comprehensive its consumer data becomes. This makes it increasingly difficult for new entrants to the field. This positive feedback loop increases the potential for an anti-competitive market to appear.
What should companies that might find themselves in this position do? This situation can be considered low-probability given current regulatory uncertainty, but also potentially high financial impact should a regulatory agency chose to make an example of the company. Companies could lessen the opaqueness of this tail-risk for investors if they disclosed, in line with SASB standards, how they acquire, store, and use customer data. In the Internet Media & Services industry SASB’s analysis has found that no companies are currently providing metrics around data privacy in their 10-Ks, although 86 percent of companies have some sort of boilerplate statement. These acknowledge the related risk, but provide no insights to analysts as to how the company is handling this issue.
Transparency could go a long way with regulatory authorities who have shown themselves suspicious of how technology companies use customer data. There is currently no precedent for a lawsuit of this nature, but growing concerns surrounding lack of consumer choice in some technology fields (such as search), and subsequently how consumer privacy could be eroded, could conceivably cause a significant lawsuit in the coming years.
Companies (or at least the ones you’re invested in) should be paying attention and making sure it is easy to read the fine print.