Regulating tech monopolies is important, even necessary. As Google, Facebook, Amazon, and other tech giants grow, so does the potential harm of massive user data breaches to the populace. The Cambridge Analytica scandal of 2018 is a case in point, and one of historic proportions.
Legislation, however, tends to get it wrong. A prime example is the European Union’s General Data Protection Regulation (GDPR). The aims of GDPR and oversight efforts like it are good ones in principle: protecting consumers and giving them more control over their data. But early signs indicate that GDPR is missing its targets.
While fines have been levied against Google and Facebook in Europe, the giants are not suffering. GDPR is helping them. Smaller competing tech companies are being seriously hurt, in some cases beyond repair.
As an example of how badly GDPR has misfired, British Airways and Marriott have been substantially fined for recent violations under the new law. But the precarious data-hoarding practices of companies like Google and Facebook, not hospitality brands or airlines, were the impetus behind GDPR.
In effect, it’s a scattershot crackdown on any firm — very large, very small, or anywhere in between — that interacts with EU consumers, has a business model dependent on internet infrastructure, and fails to comply, even in simple ways, with consumer privacy rules. Small and midsize technology companies in the adtech lanes dominated by Facebook and Google stand to lose the most.
The modern tech monopolies have the capital, infrastructure, and preexisting market dominance to weather the storm of laws like GDPR. No matter how hard the hits, big tech is virtually assured to stay afloat while smaller competitors sink.
Google, for example, has seen some unique market benefits following the activation of GDPR in May 2018. From April to July of last year, Google’s market share increased by 0.93% while most other adtech vendors in North America and Europe lost ground. The lowest rank of adtech companies — the top 150 to 100 — lost the most market share, a decline of 31.86% on average. Google was of course prepared for privacy regulation ahead of time, having spent “hundreds of years of human time” and, ostensibly, billions of dollars to shore up its defenses.
Facebook was similarly ready to face the music. Shortly after the launch of GDPR, Facebook reinterpreted the law’s security breach reporting rules, taking 2 months instead of the required 72 hours to report a breach affecting 7 million users’ private photos.
And just last week, the FTC announced a record-breaking $5 billion fine for Facebook’s user privacy violations, from which the company recovered on the trading floor within hours. Given that the fine represents a mere fraction of quarterly revenues, the FTC’s effort can hardly be considered a deterrent.
Over in Europe, while quarter-on-quarter revenue growth has slowed for Facebook and Google after the introduction of GDPR, the giants are still going strong, leaving smaller advertising service providers to wither under the threat of fines and legal action.
What’s happening? GDPR is conferring a market advantage to exactly those companies who need it the least: the tech platform monopolies.
While they may not like the new regulations, Facebook and Google can afford as many technologists, product specialists, and lawyers as they wish to ensure GDPR compliance and insulate themselves against any incidental losses. However, smaller competitors can’t.
Smaller companies are hard-pressed to come up with the time, money, and personnel to tackle privacy compliance.
For example, GDPR stipulates that companies must obtain explicit consent from users before collecting personal data. In practice, when users provide their email address to sign up for a newsletter, companies must have them confirm it’s OK to start sending messages. The user ends up clicking one or two more links to say “Yes” a second time.
This “double opt-in” might seem like a minor imposition. But for small firms, it peels off subscribers and hurts revenues in the long run. The tech giants, meanwhile, have the technological heft on hand to make “double opt-in” instances seamless. They can conduct usability tests and deploy updates across a massive user base with ease, preserving an experience that millions have come to expect.
In light of issues like this, smaller companies might feel the pressure to halt data collection practices, even when they are integral to business, for fear of noncompliance. That’s because the costs of noncompliance can be fatal.
You can already see the effects in action, as GDPR is knocking off small-to-midsize competitors, and reinforcing the economic moat the tech monopolies already enjoy. Advertisers are choosing to spend more with the platform giants because of their ability to withstand regulatory assaults. Many European adtech companies are folding in response.
Of course, this isn’t the first time regulation has helped big players. This dynamic has played out for years in the financial sector. The scrappiest of fintech companies still face an uphill battle for the regulatory green light enjoyed by large legacy banks, who are experienced with stringent regulation and the twists and turns of compliance.
GDPR and similar oversight on the horizon in the US provide a context in which tech monopolies like Google and Facebook can solidify their economic moats, even beyond the market dominance that they enjoyed before.
So as long as the new rules are broad and untargeted enough to strengthen monopolies, Facebook and Google have a lot to thank European regulators for.
Filed under: Platform Regulation | Topics: