V. Standard Data
Look how revealing Mark Zuckerberg is not, on his own Facebook page. -Robert Ellis Smith
Why are the children of Silicon Valley executives often not allowed to use the very technology their parents have so successfully marketed to the world? In the attention economy that is emerging, the company that dominates your focus for the longest will be the most successful. It’s Not In My BackYard-ism for the 21st century, in which the detrimental effect technology has on the attention span is noted by only a select few. Whatever happened to standing behind your product? The president of the Electronic Privacy Information Center (EPIC), Marc Rotenberg, states: “It’s not clear why a company that has asked us to give up so much privacy should be allowed to maintain so much secrecy.”
It would appear the dam of hypocrisy is starting to crack here. The second section of this series already brought up the landmark settlement against Facebook, but let’s revisit it. In the past, Mr. Zuckerberg has sued to keep information about his career secret in Massachusetts. Now, in the FTC order, “Mr. Zuckerberg will be held accountable for certifying quarterly — under threat of civil and criminal penalties — that the company’s privacy program is in compliance.” Among the specifics this case addresses are:
- Facebook must report to the FTC within 30 days incidents where data of 500 or more users have been compromised, along with the company’s efforts to address the problems.
- It must also increase oversight of third-party apps, including by terminating developers that fail to certify they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data.
This sharp turn towards privacy reflects a sea change in how we use technology and how it uses us.
You shouldn’t have to opt-out of getting taken advantage of, but too often this is baked-in to the business model of companies that claim to disrupt the traditional order. The FTC decision on Facebook is a victory against Standard Data and towards more robust digital security, but don’t let your guard down.
In an opinion piece written recently for Wired, author Dan Salmon discusses how with 20 lines of Python code he could access 115,000 public transactions per day on Venmo. It reveals if you are using Android or iPhone to access its services, which aim to disrupt the traditional bank industry. By changing your privacy settings to private you can protect yourself against potential bad actors, but the fact that you must manually opt-in to this reveals the tech sector continues to make it painfully clear that if you’re not paying for the product, you are the product, providing your valuable information for free.
Privacy in the context of antitrust law is clearly becoming an area of focus on either side of the Atlantic. A quick history of some merger decisions made by the EU’s European Commission and the FTC in the US may provide some context. The FTC greenlit a merger between Google and DoubleClick a little over 10 years ago, despite objections from EPIC and even the FTC Commissioner herself.
As these 2010 Justice Department guidelines make clear, merger reviews can take into account many dimensions of competition including innovation, product quality, and product variety in determining whether a lessening of competition in these areas will harm consumers, but privacy is notably missing from these guidelines. Companies could compete on privacy in any number of ways: providing clearer, easier to read descriptions of their data collection practices, allowing choice about data use in a wider range of circumstances, adjusting the choice architecture to provide for opt-in rather than opt-out choice, allowing secondary use only with affirmative opt-in consent, not sharing customer data for third-party marketing, minimizing the data collected and discarding it after its initial use.
The European Commission approved the Facebook Messenger and WhatsApp merger in 2014 stating there simply wasn’t evidence at the time that consumers chose their communications app on the basis of the privacy. However, WhatsApp’s pro-privacy practices have largely been replaced with the data mining typical of the rest of the Facebook family. Two years later they also approved the merger between Microsoft and LinkedIn, but, unlike in the Facebook case, the Commission concluded that privacy was “an important parameter of competition and driver of customer choice in the market.” LinkedIn’s professional social network competitor in Germany and Austria, Xing, provided opt-in choice for data sharing while LinkedIn offered the less protective opt-out choice, and so approval of the merger was conditioned on Microsoft restricting their conduct in connection with integrating and preinstalling the LinkedIn app.
This trend towards respecting privacy has continued in Europe, and the General Data Protection Regulation (GDPR) was adopted that same year, becoming enforceable on the 25th of May, 2018. The US needs a national privacy law. However good the California Consumer Privacy Act is, addressing privacy issues on a state level causes fragmentation and confusion.
The tide appears to be turning against Standard Data in the EU now via antitrust fines that continue to be levied by the European Commission and specifically its current commissioner, Margrethe Vestager. She’s just been voted to a senior position inside Europe’s top antitrust enforcer for the next five years and will likely do a lot to shape competition on the far side of the Pond. On this side of the Atlantic, too, sentiments are turning to thoughts of trustbusting Standard Data, across the aisle. This is as true with Democratic hopefuls like Senator Elizabeth Warren as it is with the incumbent on the right, President Trump.
The EU has led the antitrust charge against Google/Alphabet for more than a decade, issuing fines totaling more than $9.25 billion. In addition to the Google cases, Margrethe Vestager has also issued a fine retroactively to Facebook for misleading regulators in 2014 in the WhatsApp merger and ordered Amazon and Apple to pay back taxes under what she alleged to be sweetheart deals with tax authorities. Antitrust scrutiny of technology titans continues to rise in the US, with the FTC and Justice Department dividing up oversight of four of the largest (Amazon, Google, Facebook and Apple). Warren has proposed breaking Amazon up and unwinding its Whole Foods acquisition. She also wants to examine Facebook’s market power, a position recently backed by one of the social-media giant’s co-founders, Chris Hughes. Trump has stated that Amazon should pay more in taxes and criticized the company’s effects on competitors.
I would like to bring up an instance of just how much reach tech giants have, and just how necessary busting the new trusts is. The pro-privacy think tank EPIC’s website is replete with useful resources, but the irony of navigating on the website from Our Work > Privacy Campaigns > Internet Privacy is worth highlighting. Below an infographic and blog post travailing the overreaches of Google and Facebook, a couple of badges appear at the bottom of the page:
The big-ticket fine of $5 billion leveled against the successor of MySpace by the FTC is unlikely to satisfy Facebook’s staunchest critics, much as multibillion-dollar penalties against big banks after the 2008 financial crisis did little to reduce anger at Wall Street. The dollar amount obtained in this case is a financial penalty higher than what the European Union could have sought under its privacy law and is more than merely a symbolic gesture. Fiscally symbolic but lexically momentous, the UK’s Information Commissioner’s Office gave Facebook its “maximum penalty” of about $645,000.
Going forward, what are some privacy best-practices? The last part of this series will explore this in-depth. In brief, be skeptical of the seemingly innocuous. As a lead in to the last section, beware fads like FaceApp might store an ageified picture of you in the cloud indefinitely, and as a Russian company it isn’t a huge leap to suspect the man who developed the term “super-presidentialism” to describe his autocracy and pacify the more Chamberlain-esque among us is applying his former KGB training to its modern-day equivalent, the FSB, in yet another ploy to destabilize Democracy: facial recognition databases. Peace for our time? False pretenses abound. Don’t give your data to anyone you don’t trust.
Works Consulted:
Amazon Faces Probe in Europe Over Use of Merchant Data
Antitrust Enforcers Can Think of Privacy as a Parameter of Competition.
Do You Know Who’s Watching You?
