Data Wars: Startups are facing a perfect storm from Cambridge Analytica, GDPR, and Antitrust paradox.
The direction of Mark Zuckerberg’s testimony in Congress opens up doors to accidental anti-competitive regulation, potential 1st Amendment violations, and some paradoxical questions that even the best lawyers disagree on.
There are fundamentally hard problems that we need to address, and
- every founder I know is underestimating it’s impact.
- every lawyer I know, including those at the top of their field, are unable to advise practically for several issues
- every operator I know is looking the other way, or advises “flying under the radar”
I’ve been studying it for a while — This past week, I watched all 10 hours of Mark Zuckerberg’s testimony in Senate. I got certified for EU GDPR and did a Data Protection Officer 101 training. I read some case law about data privacy, and various lawsuits related to Facebook and LinkedIn. In total I’ve done 40–50 hours of research on these issues.
It’s not about Facebook , it’s about the fate of all startups, networks, and really, the internet.
The worst part is that no one knows the right solution.
Before I make you read something very long and well, somewhat esoteric, here’s a basic framing of the problems.
First — The walled garden problem
- Regulators want to protect consumers’ data privacy. One of this protections includes not letting your friends share your information with a new app.
- Regulators want to avoid and prevent monopolies, also for consumer protection. This means that you should have good alternatives to monopoly networks like Facebook and LinkedIn
- Excessive data privacy regulations are easy for incumbents to comply with but hard for startups, and also create anti-network effects, thereby legally enforcing monopolies on consumers in the name of data privacy. If a new regulation for example, prevented you from inviting your friends to an app, that would really hurt that app’s chances of competing with Facebook.
Second — The SPAM paradox
- Every network based app that has seen competitive, fast, and successful growth has ONE feature in common - Suggested Invites.
- If you’ve ever used WhatsApp, Snapchat, Instagram, Facebook, LinkedIn, Twitter, Telegram, WeChat, or basically any other social app, the way it finds your friends is by asking you to “upload your contacts to the cloud”.
- If your friend owns their own contact information and you upload your contacts, then the app would have to ask your friend for permission to store it under a conservative interpretation of GDPR-esque laws.
- However, also under GDPR-esque laws, the app would not be allowed to contact your friend without their consent to ask for such permission.
Third — Who owns data?
- In a nutshell, GDPR esque regulation requires that you should be able to control data that can personally identify you and understand where it goes. Sounds great on the surface, I for one want to know if my home address or social security number is being passed around like candy.
- Now let’s say I apply to a job through a careers page, go through the interview process, and then ask that the company erase all record of my application and interview records after I don’t get the job. Who owns the data about my application? Surely I own my resume, but I knowingly applied to the company, and it’s kind of unfair to the company to lose data about it’s applicants.
- Now let’s say hypothetically that I write down my first pet’s name on a thumb drive and give the thumb drive to a friend of mine as a birthday present, who pockets it. Six months later I go back to my friend and invoke privacy regulation and say “hey you aren’t allowed to have that anymore”. What is the right thing for my friend to do?
- The hard question here is whether data about you is owned by you, even if someone else rightfully has it, and whether they are allowed to give it away.
- This last part is actually very important. Because when you give someone your number and they use Snapchat, that means that Snapchat now has your number. Is that Snapchat’s fault, your friend’s fault, your fault, or no one’s fault?
Fourth — content, censorship, liability, and wiretapping
- As Zuckerberg clearly pointed out several times during his testimony, (everyone can agree that) there are some kinds of content that are clearly unacceptable to allow on a platform like Facebook, for example — content that is used to recruit terrorists and conspire to commit acts of terrorism”
- At some level, Facebook and Zuckerberg personally was being held responsible for billions of pieces of content flowing through the platform ranging from content contributing to the opioid crisis to hate speech.
- At the same time, there were several indirect accusations that Facebook was censoring it’s users by unfairly blocking more conservative than liberal content on the platform.
- Facebook is a private company of course and not subject to the 1st Amendment. Neither is Google, LinkedIn, or Twitter.
- At the same time, services like WhatsApp and Telegram are being built to purposely make it impossible for anyone to regulate the content being transmitted across them. So with non-censorship comes “illegal” activity.
- If you wanted to keep a company like Facebook accountable for being “neutral, yet safe” — it would necessarily involve giving access to a government auditor or say, the NSA, for content that may not be public. That doesn’t really seem appealing as a solution either.
Last week, on Data Wars:
Facebook opened up a developer platform. Having the kind of data available to the average developer was a big deal (many businesses flourished instantly, like Zynga).
Alexander Koenig built an app on the developer platform that followed the rules on paper, but was just a little misleading because it collected some data that it didn’t need.
300,000 people signed into the app and opted-in to share their friends list.
Alexander Koenig sold this data to Cambridge Analytica — a total of 87 million friends. This sale was against Facebook rules.
This made everyone upset, but it didn’t really get political attention until the Trump campaign hired Cambridge Analytica to use the s*** out of that data to get a leg up during the 2016 general election.
As you can imagine, almost every single one of these hard questions is part of an international discussion about digital rights, privacy, and how information is allowed to flow on the internet. This can have implications not only for startups, but also for net neutrality.
Each week, I’ll try to dive deeper into how different cases have developed around some of these issues, and get opinions from legal and industry experts to try and find some of the solutions. Follow me to stay updated :)