Here’s How the European Commission Could Promote Data Innovation with the Digital Single Market
Online platforms use data for a wide variety of purposes, including maintaining business records, delivering personalized services, and preventing fraud and misuse. And by applying analytics to this data, these platforms can gain valuable insights into customers’ preferences and better understand the evolving needs of different consumer groups in order to develop products and services to meet these needs. Platforms benefit by creating in-demand products, and consumers benefit from easy access to products that meet their needs. In this fashion, platforms offer incredible potential for data-driven innovations that benefit all market players. To maximize this potential, the European Commission should work towards three important goals: prioritize demonstrated consumer benefits over speculative concerns about competition, eliminate restrictions on the free flow of data, and avoid preemptive regulation on technologies like cloud computing.
Consumer Benefits and Competition
Though some have expressed concerns that online platforms require regulations to make it easier for consumers to freely switch between platforms based on the assumption that the resulting increase in competition would benefit consumers, there is no compelling evidence to suggest that any limitation on how consumers can move their personal information between online platforms has created market failures warranting intervention by the European Commission. For example, in the case of ride-sharing and taxi apps, consumers have a number of options and many use more than one service. Furthermore, there is no evidence that online platforms are actually anti-competitive or that consumers are “locked in” to them in ways that unfairly harm consumers. And importantly, many of the benefits of these platforms are generated by the scale effect–the high number of users, not the number of competitors, is what makes particular platforms attractive for consumers. So policymakers concerned about consumer welfare should focus on encouraging adoption than in creating more competitors.
The result of imposing requirements on companies to engineer expensive new features to allow consumers to extract data from their services will require them to impose new costs on consumers. The result will likely be European consumers paying more for existing products and services with no additional benefit. In particular, such requirements would disadvantage people on low incomes that rely on the many platforms that currently provide services for little or no cost.
The Commission’s rule in considering such measures should simply be to ask whether anti-competitive behavior actually exists. The determination that such behavior exists should always rely on evidence that their role impacts negatively on consumers. Any hypothesis that Europe “needs more platform competition” should be tested against actual consumer experience and not treated as self-evident.
Free Flow of Data
The free flow of data is critical to the digital economy. The goal of the Commission should be to ensure the free flow of data across borders by eliminating unnecessary restrictions on where data can be stored or how parties share it with others. In particular, regulators should not impose different rules on data held by digital platforms than data held by other businesses. All companies, including those providing digital platforms, should adopt and use agreed upon codes of practice, and they should be held responsible for data breaches that compromise their customers’ privacy. Existing legislation, as well as fear of bad publicity and damaged reputations, provide a powerful incentive for firms to protect their data. The financial services industry uses rules on outsourcing whereby firms are held responsible for critical services provided to them by contractors to the extent that any failure of contractors to meet required EU standards will be treated as a breach by the original firm. We think this approach could serve as a model for firms doing business in Europe and processing the personal data of EU citizens.
Legislation that tries to anticipate future arrangements to share or use information, including information that is produced automatically, risks unanticipated consequences, such as freezing current patterns of information use, thus preventing further evolution and the future discovery of processes and business models that may yield considerable economic and social benefits. The Commission should also recognize that European contract law is already sufficient to protect the rights of parties in data transfers, including arrangements where one of the parties is outside Europe.
There are also substantial regulatory constraints holding back the development of data markets in Europe, and thus limiting the free flow of data. There is widespread misunderstanding of the 1995 Data Protection Directive and widespread inconsistency in its implementation in legislation and regulation throughout Member States. The proposed Data Protection Regulation attempts to standardize the approach to the protection of personal data and, in principle, this is to be welcomed. However, the draft regulation fails to provide desired standardization and regulatory certainty due to the vagueness of a number of its concepts whilst at the same time it introduces new uncertainties that will prove to be major difficulties for the development of the Digital Single Market. For example, the regulation is designed for a pre-“big data” environment and a number of its measures take aim (possibly unintendedly) at key processes that underpin the development of data-driven innovations. For example, big data blurs the distinction between personal and non-personal data. Big data has the capacity to create “new” information — based upon the correlative application of algorithms to information provided with consent — that has never been collected from the data subject in the first place. This creates two challenges: first, firms using data mining are in no position to notify customers or users — they do not know what they will find until it is too late; second, “new” data are created by correlations and no one can consent to this and it is unclear whether the 1995 Data Protection Directive or the proposed Data Protection Regulation can apply to new data derived from correlations.
Also the regulation contains provisions on the “right to be forgotten” which, whilst aimed at the protection of persons on social networks, could affect the business of organizations that need to hold personal data for longer periods for reasons of public interest — such as insurance companies who wish to prevent fraudulent claims. Insurers are also potential innovators through application of data analytics and the potential for such innovation to extend their understanding of — and ability to insure — risks could have far-reaching economic benefits. Regulations designed to protect privacy on platforms could unintentionally impede the development of such innovation and create significant opportunity costs across the entire economy.
In a recent request for public consultation on regulatory environment for platforms, online intermediaries, data, cloud computing, and the collaborative economy, the Commission sought input on the advantages of “open versus closed service platforms” and regulatory strategies to encourage the use of open service platforms. However, the Commission should explain what it means by “open service platform.” If it means operating systems and mobile platforms (such as Linux or Android) that will accept applications software developed by anyone then such platforms can, under different circumstances, be perceived by consumers as having advantages or disadvantages with respect to closed platforms. One should not, by definition, be viewed or treated as better, or more desirable, than the other. Open platforms allow for greater individual innovation, promoting entrepreneurship from individual developers and small technology companies. Closed platforms offer benefits to end-users in terms of consistency, usability, and security. Customers currently are able to choose between open and closed platforms and the market for these platforms is working quite well. In particular, any attempt to mandate greater openness in platforms is likely to increase the expense for end-users who will try to compensate for the loss of those features that are characteristic of the closed platforms that some of them may prefer. Furthermore, intervention could unintentionally act as a disincentive for entrepreneurs and developers within Europe’s €6 billion app industry.
For cloud computing specifically, the Commission sought to identify specific problems with contractual practices related to cloud platforms. However, the challenges suggested by the request for public consultation were all non-starters and would not serve to stymie the adoption of cloud services.
In the private sector, the cloud computing industry is developing quickly and effectively for commercial use, and there is not a strong case for new regulation of cloud services and contracts. There is no market need, for example, for the government to build trust in cloud services as a model. Cloud services have proved to be exceptionally trustworthy both in terms of security and in terms of reliability, and the private sector is continuing to create new cloud services to meet customer demand.
Moreover, concerns about the security of cloud services are misplaced. Many high-profile breaches of data security in recent years have been the result of poor security in traditional computing environments, including lost laptops and lack of proper authentication, rather than poor security on modern cloud services.
Finally, with regard to new technical innovations such as personal data spaces, regulation should focus on allowing, rather than mandating, these developments so that he possible emergence of private business models would not be preempted by a prescriptive approach in this area.
Image: Eric Fischer.