Big tech has 2 elephants in the room: Privacy and competition

The question of how policymakers should respond to the power of big tech didn’t get a great deal of airtime at TechCrunch Disrupt last week, despite a number of investigations now underway in the United States (hi, Google).

It’s also clear that attention- and data-monopolizing platforms compel many startups to use their comparatively slender resources to find ways to compete with the giants — or hope to be acquired by them.

But there’s clearly a nervousness among even well-established tech firms to discuss this topic, given how much their profits rely on frictionless access to users of some of the gatekeepers in question.

Dropbox founder and CEO Drew Houston evinced this dilemma when TechCrunch Editor-in-Chief Matthew Panzarino asked him if Apple’s control of the iOS App Store should be “reexamined” by regulators or whether it’s just legit competition.

“I think it’s an important conversation on a bunch of dimensions,” said Houston, before offering a circular and scrupulously balanced reply in which he mentioned the “ton of opportunity” app stores have unlocked for third-party developers, checking off some of Apple’s preferred talking points like “being able to trust your device” and the distribution the App Store affords startups.

“They also are a huge competitive advantage,” Houston added. “And so I think the question of … how do we make sure that there’s still a level playing field and so that owning an app store isn’t too much of an advantage? I don’t know where it’s all going to end up. I do think it’s an important conversation to be had.”

Rep. Zoe Lofgren (D-CA) said the question of whether large tech companies are too powerful needs to be reframed.

“Big per se is not bad,” she told TC’s Zack Whittaker. “We need to focus on whether competitors and consumers are being harmed. And, if that’s the case, what are the remedies?”

In recent years, U.S. lawmakers have advanced their understanding of digital business models — making great strides since Facebook’s Mark Zuckerberg answered a question two years ago about how his platform makes money: “Senator, we sell ads.”

A House antitrust subcommittee hearing in July 2020 that saw the CEOs of Google, Facebook, Amazon and Apple answer awkward questions and achieved a higher dimension of detail than the big tech hearings of 2018.

Nonetheless, there still seems to be a lack of consensus among lawmakers over how exactly to grapple with big tech, even though the issue elicits bipartisan support, as was in plain view during a Senate Judiciary Committee interrogation of Google’s ad business earlier this month.

On stage, Lofgren demonstrated some of this tension by discouraging what she called “bulky” and “lengthy” antitrust investigations, making a general statement in favor of “innovation” and suggesting a harder push for overarching privacy legislation. She also advocated at length for inalienable rights for U.S. citizens so platform manipulators can’t circumvent rules with their own big data holdings and some dark pattern design.

Lofgren said she doesn’t oppose antitrust enforcement, but argued that scrutiny of privacy policies and practices offers a faster way to rein in exploitative business models.

The congresswoman introduced a bill last November with Rep. Anna Eshoo (D-CA), called the Online Privacy Act they describe as “sweeping legislation that creates user rights, places obligations on companies to protect users’ data, establishes a new federal agency to enforce privacy protections, and strengthens enforcement of privacy law violations.” Eshoo’s adjoining district also includes much of Silicon Valley.

“Sometimes the remedy is not necessarily a very bulky, lengthy antitrust measure, but take a look at the privacy issues and that might be a more effective way to deal with the concerns that people have about control,” said Logfren during her Disrupt interview, describing the bill as “the most expansive, control of abuse of information about people” that could have “a lot bigger impact than some DOJ action.”

Whittaker noted that Europe has long had a comprehensive data protection framework, updated most recently in 2018 with the application of the General Data Protection Regulation and asked why the U.S. has been dragging its feet on the issue for so long.

Lofgren said the European case was instructive “because it really hasn’t worked.”

EU lawmakers would certainly dispute that assessment. Although they did admit this summer — in a two-year review of the GDPR — that there’s a problem with a lack of uniformly vigorous enforcement. However, at the same time, the EU is a bloc of nation states, not a federal “united states” of Europe, so some difference in application of the framework is inevitable.

Additionally, GDPR bakes in cooperation mechanisms for managing cross-border complaints (i.e., all those related to big tech) — to push for agreement in cases that affect multiple member states — which can also inject friction into GDPR enforcement. All of which certainly complicates the process of regulating big tech in the region.

But while there is ongoing delay related to “big tech” GDPR enforcement, this is also a time limit on how long this EU privacy reckoning can realistically be deferred by their lawyers. (Meanwhile, the existence of the EU’s data rights framework is encouraging a new generation of class-action style lawsuits to be filed.)

Lofgren’s dismissal of the GDPR did not delve into that level of detail and was more a sideswipe at consent notifications that have sprung up around tracking cookies as companies nudge users into giving up their privacy.

Hoxton Ventures’ Hussein Kanji also took a pop at what he called the “unintended consequences” of EU cookie rules during a Disrupt chat with reporter Steve O’Hear, bemoaning “every single website now has this stupid button that you have to click on,” which he blamed on regulators’ “lack of experience” that leads to “very static” remedies. He called for regular legislative “amendments” to ensure regulation is iterative and adaptive vis-a-vis user experience.

Again, the letter of EU law is clear that consent manipulation is unlawful — though regulators have, once again, been slow to crack down on flagrant breaches of the rules. (Yet that “grace” period is also running out; Ireland’s Data Protection Commission has said it will begin enforcement over cookie breaches from next month, for example, so watch that space.)

“People are arguing about opt in, opt out — we need to have a law that you can’t waive away,” said Lofgren, sketching her vision for a privacy law with fixed limits. “Because the abuse of collection of private information is a harm, not just to individuals but to society. You wouldn’t allow individuals to waive usury laws or to waive other laws that structure protection for society broadly, and that’s what the bill we wrote did. It doesn’t allow it to become superfluous.”

“I do think the potential manipulation of individuals because of the compilation of detailed personal information is a societal problem and it really does allow tech companies to have an intrusion into our lives that’s unwelcome. That’s what’s causing problems for people,” she added, name-checking adtech giants like Facebook and Google that allow internet users’ information to be used “to manipulate people, either for commercial purposes or for other purposes.”

“I’m hopeful that with a change in the political outlook in the country following this election — we’ll see what the people decide — that we’ll have a new opportunity to pass a bill that actually works,” said Lofgren. “It’s not an opt in, opt out. It sets requirements for tech companies about what they cannot gather about individuals.”

Disagreements on how to rein in big tech certainly aren’t hard to find.

One European Commission insider we spoke to who works on privacy policy said the key to solving privacy abuse is to break up platforms that exploit user data to gain market dominance.

“Take out Facebook, Google and Amazon and 75% of data protection problems go away,” our source suggested, arguing that’s where policymakers should direct their fire, rather than on trying to nail down an inescapable enforcement regime that protects privacy.

It’s a view that aligns with one of the loudest voices in the U.S. policy space in recent years calling to break up big tech.

Matt Stoller, author of a book on how monopoly power threatens democracies, has pushed for lawmakers to use existing powers to fix what he describes as a monopoly problem. And while he is not entirely dismissive of privacy rules as a tool for lawmakers to counter platform power, it’s fair to say he’s less convinced than Lofgren that they are a panacea.

Mixing these approaches is Germany’s Federal Cartel Office, a pioneering European competition regulator that’s currently trying to apply a hybrid approach in an ongoing case against Facebook’s abusive “super profiling.” The agency argues it should be able to use its powers to prevent unlawful data collection if that prevents an abuse of market power. In June, the regulator convinced a court to overturn an earlier suspension of its enforcement order, which means its game of 3D privacy-antitrust regulatory legal chess is back on.

While regulators and policymakers on both sides of the Atlantic explore ideas about the best way to limit big tech’s market power, there’s broad and bipartisan consensus that abuse is happening. The question now hinges on how to address the fact that a handful of gatekeeper platforms have too much leverage over consumers, as well as their competitors.

Change is coming. Europe is working on another regulation — eyeing ex ante checks on platform power and pre-emptive antitrust powers for digital markets — while U.S. states are dusting off existing antitrust tools to aim them at homegrown giants.

One thing is clear: The question of how to smooth away the “big tech”-shaped dent in the digital universe isn’t going away, even as it remains an awkward topic for the industry (and its investors) to chew over in public.