Another week gone by, another breach of consumer data. These days, it seems like exposure of consumers’ sensitive, personal information is turning into a regular occurrence.
The current news cycle is dominated by the most recent revelations involving Facebook and Cambridge Analytica, but similar incidents may be on the horizon: Facebook CEO Mark Zuckerberg has said that more bad actors will be discovered. Perhaps this is why Facebook suspended CubeYou, another company harvesting Facebook users’ private information.
But Facebook isn’t the only Silicon Valley company facing consumer privacy issues; Google’s YouTube service is being accused of illegally collecting behavioral data on children under the age of 12.
And let us not forget about the data hacks at Equifax, Target or the U.S. government’s Office of Personnel Management. With so many data breaches and privacy violations happening on what feels like a routine basis, one starts to forget who did what to how many millions of Americans. It’s a data tsunami with no end in sight.
How can so many companies mishandle so much private data yet remain immune to customer dissatisfaction, and ultimately, regulation? After last week’s hearings on Facebook, the answer is pretty clear: policymakers with jurisdiction over the tech sector are operating in the dark. They have little to no understanding of how tech companies make money or how ad-supported business models work. And until last week, they were focused on an issue their constituents don’t seem to care about, at the expense of focusing on how to protect consumers’ private information online.
Three weeks ago, policymakers in Washington were focused on which archaic section of the U.S. Communications Act of 1934 should be used to codify "net neutrality” into law. Big Tech has been a vocal advocate for net neutrality rules, so long as they only apply to internet service providers (ISPs). Crippling competition via regulation: a classic regulatory arbitrage play.
Unfortunately, numerous lawmakers were either unable or unwilling to see through the rhetoric and fell for Big Tech’s “Don’t regulate us, regulate our competitors” mantra. But just like most politicians and pundits misread American voters during the 2016 Presidential election, so too are they misreading their constituents on the issues of net neutrality and privacy.
American consumers want—and expect—the basic net neutrality principles of no blocking, throttling or discrimination to apply equally to all players across the internet ecosystem, network operators and tech companies alike.
According to a recent Recon Analytics survey, 83% of American consumers believe that ISPs and tech companies must play by the same net neutrality rules. The same number of consumers support legislation that would enshrine net neutrality rules that apply to both network operators and edge providers. An even greater number of American consumers—88%—believe federal legislation is needed to make Big Tech more transparent about the data they collect on users & what they do with that data.
With the Facebook revelations having captured the attention of both citizens and lawmakers the question now is what will come out of this increased focus by way of actual regulation? In all likelihood, nothing that would materially impact edge companies’ business models or revenue streams.
While Big Tech may emerge unscathed today, a far-reaching regulatory response—one that impacts the entire internet ecosystem, not just Facebook, Google et al—is just a scandal away. This underscores the importance and the need for policymakers to understand ad-supported business models.
Ad-Supported Business Models 101
Google and Facebook understand that the highest barrier to consumer usage of a product or service is cost. Remove that barrier—make a product or service free—and the potential market for said product or service increases drastically.
Google Maps, for example, is a free service. It’s also a major revenue driver for Google parent company Alphabet Inc. By 2020, Maps is projected to generate $5B in incremental revenue for Google, according to some estimates. How does this free service make money? In lieu of charging fees for usage Google collects information on Maps and monetizes that data via targeted online advertising to recoup costs related to developing, maintaining and managing the Maps platform.
What types of information does Google collect on Maps users, and indeed, users of all of Google’s other platforms and services? It is not only who they are, but also everything they do: what websites they visit; what diseases they search for; the messages they send; the calls they make and receive; friends they've deleted from social networks; appointments they've made. The list is extensive and creepy.
For example, Google’s Android OS for mobile devices collects where you are every three minutes, stores that information, analyzes it, and then sells it to anyone interested in being able to geo-target their ads to you. With all your location, demographic, and search information, Google and Facebook know more about you than even your best friend.
In 2017, Google generated $110 billion in revenues, with the vast majority of that coming from advertising. To add insult to injury, when searching for current events, the top search results prominently feature state-controlled foreign media like RT (Russia Today) and Sputnik. The same year, Facebook took in $40 billion for allowing companies and foreign government-controlled entities to target Facebook users.
Reaction by Washington—What Should Happen
The complete lack of transparency around Big Tech’s collection and sale of consumers’ personal data can and must be addressed by regulators. Only 20% of respondents to our survey knew how much revenue Google and Facebook brought in from selling consumers’ private information to advertisers.
No one should fall for the usual claims of “too hard to explain” or “too technical to regulate.” The companies know or should know with whom they are doing business and on what terms. Imposing more transparency obligations on Big Tech can only be a good thing, for consumers and for advertisers who have begun ringing the alarm bell about how little insight they have into whether their ads are being seen and/or are compelling consumers to act.
Second, there ought to be a restriction on Big Tech being able to sell consumers’ private information to foreign governments or their proxies. Never, not for any reason.
Third, Congress should eliminate the regulatory asymmetry that has plagued the internet ecosystem for decades and let all these players go after each other on equal terms. Big Tech and broadband network operators are not operating in distinct, separate silos anymore.
Almost every year, the executives of Apple, Google, Facebook and Amazon are voted the among most powerful executives in telecom, often ahead of their network operator peers. Their companies are larger by market capitalization than any telecom provider—Google’s parent Alphabet has a market cap of $719 billion and Facebook's is $479 billion, which is a more than the market cap of AT&T ($216 billion) and Verizon ($194 billion) combined.
These companies engage in intermodal competition for customers every day. For example, the combined competitive onslaught of Amazon, Google and Microsoft forced all the telecom companies to exit the data center business.
To the extent the FTC needs more clearly defined powers to enforce consistent and uniform privacy protections across the internet ecosystem, Congress should get busy and make it happen. This is especially important in light of the states moving to erect digital barriers at state borders, potentially balkanizing the internet it into 50+ fiefdoms with their own and different privacy protections.
As we see the internet, media and telecom industries converging, regulators need to ensure the rules of the road align with the competitive realities of the marketplace. Consider the dominant position that Google and Facebook have in digital advertising—more than 90% of every dollar spent on digital advertising goes to one of the two. U.S. regulators need to focus on ways to fuel competition in the digital ad market.
Reaction by Washington—What Will Likely Happen
Post-midterm elections, regardless of which party controls Congress, attention will move beyond the privacy crisis of the day and be replaced by political jockeying leading into the 2020 Presidential election. Any inkling of bipartisanship that currently exists to restore consumers’ confidence in the internet economy will vanish, and we will be stuck with the framework of “trust us” and “do no evil” that has failed to prevent the egregious hacks and privacy violations we’ve been reading about.
The FTC will likely pursue a detailed and lengthy investigation of the Facebook situation, possibly deciding that Facebook has violated the Consent Decree to which they’ve been subject. A fine would then be likely, and if Washington is serious, it could be quite large.
The Facebook FTC consent decree carries the possibility of up to $40,000 per violation. Of the 87 million Cambridge Analytica-affected Facebook users, 70 million reside in the United States. This opens up Facebook to a potential fine that could be $2.8 trillion.
While it is unlikely that the FTC would in fact impose a fine of this size, it could certainly be somewhere in the range of the $2.7 billion the EU fined Google for uncompetitive behavior. It could also be all the way down to $168 million, which is the FTC’s record fine, imposed on DISH Network for violating telemarketing rules.
While nothing will likely happen soon in the form of new legislation or regulation, let’s hope that Washington acts based on facts, recognizing how directly all of these companies compete, while resisting the urge to overreact. The sector would then be able to evolve into a more vibrantly competitive and stable environment in which innovation can flourish, consumers can be protected and Big Tech can continue to grow without putting the entire internet economy at risk.
Roger Entner is the Founder and Analyst at Recon Analytics. He received an Honorary Doctor of Science from Heriot-Watt University. Recon Analytics specializes in fact-based research and the analysis of disparate data sources to provide unprecedented insights into the world of telecommunications. Follow Roger on Twitter @rogerentner.
"Industry Voices" are opinion columns written by outside contributors—often industry experts or analysts—who are invited to the conversation by FierceWireless staff. They do not represent the opinions of our editorial board.