Over the past decade, the firms that make up the so-called Big Tech have captured enough of the global economy to resemble industrial cartels from a bygone era. Amazon, Apple, Google, Facebook, and Microsoft form behemoths within their respective markets. Whether you’re an individual or a business entity, avoiding these organizations or their subsidiaries is difficult. More than likely, your personal information is regularly collected and used by several of them.
Big Tech and privacy laws
There are numerous reasons why a small number of organizations control such an outsized slice of the digital economy. Alongside a generally frictionless relationship with both legislators and the general public, leveraging user data is a big one. Now, however, this status quo is on course for rapid change.
Public pressure and real-world events are finally forcing legislators to reconsider whether tech giants can effectively self-regulate. This question is particularly pertinent when it comes to their opaque data use practices. Last December, the FTC wrote to nine social media and internet companies demanding more information on how they collect, store, and use customer data.
As regulators shine a light on how many tech giants use personal data, it’s also clear that the business environment they operate in is becoming less friendly. In response to these concerns in the past, social media giants have pointed to self-regulation as a win-win solution. However, in light of recent events, the idea of self-regulation appears to be – at best – a misguided concept.
On one level, laissez-faire regulation is often ineffective, and in the case of the recent Capitol violence, it came too late. On another, it is morally undesirable. As pointed out by German Chancellor Angela Merkel, while the “de-platforming” of various groups and individuals in the wake of the Capitol attack was warranted, it’s not right that tech executives unilaterally possess this power. Today a more rigid legislative approach is not only seen as advisable but also necessary. Big Tech is, expectedly, trying to get ahead of this trend.
Legislation is catching up
Alongside the public “techlash” that has occasionally grabbed headlines over the past couple of years, a groundswell of legislation has been forming, too. The recent unanimous passing of the California Privacy Rights Act (CPRA) in California proved that voters are keen to approve legislation that places stricter controls on how their data is used. Other states, such as New York, Maine, and Nevada, have also recently enacted more stringent data protection laws.
To see where the legal environment around data privacy legislation is headed, look across the Atlantic. The EU-wide GDPR was passed in 2018 and its power is only growing. Last year saw a substantial increase in the number and severity of fines issued to companies operating within the EU. Stricter legislation, which proposes fines of up to 10% of worldwide revenue for breaches, is currently being written.
A recent European Court of Justice ruling also puts Facebook at risk of a barrage of data privacy cases over the next 12 months. Any country in the EU can now take a case against the social media giant directly rather than go through Facebook’s EU base jurisdiction in Ireland, where such cases get backlogged in court. For globally operating tech companies, these developments point to a future where data privacy will become a compliance minefield.
Compliance is set to become more complicated
With a patchwork of legislation across states, countries, and jurisdictions, compliance will not be a walk in the park. While smaller enterprises will naturally struggle, even global tech giants won’t find joining the dots around compliance an easy task.
In the US, meeting the requirements of different current and proposed state data privacy laws might mean taking a smorgasbord of different approaches depending on where customers are based. This will naturally be an expensive and awkward task and will result in fragmented customer experiences.
Off the back of existing “policy innovator” laws such as the CPRA, federal privacy legislation is increasingly likely to become a reality sooner rather than later. With an incoming Vice President who has a strong record of promoting consumer privacy protection legislation and a substantial political mandate for change, more stringent privacy laws are a question of when rather than if.
For organizations that make a large portion of their revenue from monetizing user data and float on market values that promise unfettered growth, the stakes surrounding this issue are incredibly high. It is for this reason that future support for national privacy legislation is likely to come from big tech itself — as long as it can be crafted on their terms.
How will Big Tech shape its own privacy legislation
Faced with a potential requirement for checkerboard compliance that will dent revenues, increase risk, and fragment their user experience, a one-size-fits-all approach to compliance is a far more attractive proposition for tech giants. Supporting federal privacy law efforts will also benefit these organizations by allowing them to portray themselves as being pro- rather than anti-privacy.
An example of this can be seen in the EU, wherein in the face of the upcoming Digital Markets Act, Facebook has come out in favor of provisions surrounding data transparency and anti-competitive practices. However, as the social media giant has also used this issue as a platform for criticizing Apple’s contradictory opinion, the potential for disagreement between tech companies is also evident.
As the US approaches some sort of federal privacy legislation in the near future, a similar scenario is likely. While on the one hand, some companies will naturally oppose legislation that endangers their operations, other factions within Big Tech, taking the lead from Microsoft’s support of GDPR, may be enthusiastic. In the US, support is the most likely option. Belated enthusiasm for privacy is a generational opportunity for firms to head off criticism and get ahead of changing trends.
Future legislation is unclear
Though it’s hard to say what future federal privacy legislation might look like (the CPRA may well form a good template), Big Tech will undoubtedly try to shape its final form. Whether this entails an unprecedented level of direct involvement with legislators is also unknown.
What is certain, however, is that tech companies will increase their lobbying efforts to ensure they have at least an indirect influence on any future US privacy legislation. Again, looking at the enormous increase in lobbying spend in the EU shows us how this might play out. For tech companies, however, this may be money well spent. Getting ahead of the new legislation is more than just an inconsequential PR exercise for tech giants — it may be a matter of existential importance.