The turn of the New Year marks the end of a tumultuous year for Facebook who, once again, found itself on the receiving end of public backlash.
Facebookâs Data Use Headaches
In September, Frances Haugen, former Facebook product manager turned whistleblower, leaked internal documents demonstrating Facebookâs acknowledgement and apparent disregard of the platformâs harmful impacts on society. The so-called underline the lack of transparency surrounding the internal workings of a company that is increasingly seen to prioritize profit over the wellbeing of its consumers. As this story unfolded, rumors regarding plans to change the companyâs name, a rebranding surely aimed at distancing itself from a long list of controversies, became reality. Welcome, . Interesting here is the timing, as this for the Facebook Group might or might not successfully divert public attention away from longer standing critiques of the companyâs management of privacy and user data.
As a company with close to 3 billion monthly users, Facebookâs efforts to protect its public image are unsurprising. Its underlying is based on its ability to compile highly sophisticated data from its users, effectively turning user traffic into profit. Public outrage over Facebookâs more dubious practices would surely limit its consumer base and ability to profit off its most valuable asset: big data. Facebookâs main source of revenue is derived from targeted advertisements, using data points gathered from its users to sell targeted advertisement (âadâ) space to third parties. In principle, this is not illegal. However, that is not to say Facebookâs use of data is always legitimate. There is a general lack of information surrounding Facebookâs data practices. Media attention has largely focused on privacy breaches; however, the lack of transparency may also impact market competition. Namely, by imposing conditions on access to other businesses and exploiting user preferences to obtain information that constitutes a competitive advantage on competitors, as , most recently appointed to chair the Federal Trade Commission (FTC), has consistently .
Facebook has repeatedly come under fire for mishandling consumer data. This was the case in the aftermath of the , in which Facebook was heavily faulted for its lack of privacy protections after improperly providing consumer data to third-party developers. At the time of the confidentiality breach, Facebook chose not to disclose it to the public, as it had done in previous instances. The risk posed to consumer privacy has steadily increased with Facebookâs growing ability to gather sophisticated data from its users. Through its dominance, Facebook has extended its services across , effectively acting as to millions of third-party developers and advertisers. With its complex network of algorithms and data flows, it connects users and service providers to its platforms within an intricate and opaque infrastructure.
The companyâs management of user data constitutes one of the most widely discussed issues in relation to Facebookâs and other social media platformsâ seemingly unlimited ability to collect, store, process and share . With each corporate acquisition and the related expansion of social media platformsâ user bases the problem only continues to exacerbate. As Facebook continues to add to its platform and increases its number of users, other third-party advertisers become increasingly reliant on Facebookâs digital infrastructure to reach their target consumers. Facebook can then gather data from both sides of the customer-supplier relationship to obtain valuable insight into their respective behaviors. In the past, this has likely enabled Facebook to discern successful avenues for diversification into online commerce, dating and gaming. In turn, its data integration capacities may enable Facebook to obtain an undue advantage over its ânewâ competitors. Regulatory failure to address these big data-based harms is partly attributed to the secrecy surrounding corporate data practices. Internet platform companiesâ maintain whose complexities remain far removed from the public eye, thus remaining unexplainable and seemingly unchallengeable by regulators.
Ìę
Facebookâs Acquisitions: Buy or Bury
Its most prominent acquisitions are Instagram and WhatsApp, bought in 2012 and 2014 respectively, but the company has also acquired a long list of smaller technology start-ups. Often these companies pose a competitive threat to Facebook, which the company might respond to by what is often referred to as a âBuy or Buryâ strategy. This means Facebook either systematically purchases competitors that threaten its dominance, or â a practice that insulates Facebook from competition. Some expect that an on-going FTC , initially launched in December 2020 and amended in August 2021, can bring more clarity to whether, and if so, how exactly the company has been resorting to âBuy or Buryâ schemes. What the FTC risks underestimating, however, is the level of data integration Facebook has been able to achieve through these acquisitions, namely due to the lack of transparency surrounding Facebookâs data practices. The still unfolding may offer additional insights.
Seeking to shed light on Facebookâs algorithms, the European Commission (EC) and the United Kingdomsâ Competition and Markets Authority (CMA) have opened concurrent antitrust investigations into Facebook âMarketplaceâ, an online trading platform which is part of Facebook with 1 Billion monthly users and, in April 2021, featured more than 250 million shops. Regulators from the European Union (EU) and the UK will look at whether Facebook uses data collected from competitors advertising their services on the platform. In its , the EC raises the possibility that Facebook obtains precise information on usersâ preferences from its competitorsâ advertisement activities and then applies said data to adapt Facebook Marketplace. If proven true, this would constitute that Facebook will have breached EU rules on anticompetitive agreements between companies and rules that prohibit the abuse of a dominant position (Article 101 & 102 of the Treaty on the Functioning of the European Union, respectively).
Facing (âallegedâ) anti-competitive behavior, competing firms are less likely to succeed and forced to exit the market. As a result, both consumer choice and innovation are reduced. High network effects attached to the Facebook platform further limits competition. Network effects arise when the utility derived from a product or service grows with the . For example, if Facebook is the preferred means of connecting with friends and family, the cost of switching away from the platform increases. Therefore, exponential user growth cements Facebookâs competitive advantage, further limiting competitors from entering the market. Unhampered by market competition, Facebook can suppress product quality improvements and subject users to lower levels of privacy and data protections â ultimately producing the ideal parameters which reinforce its existing business model.
Thus far, it seems that the competitive advantage Facebook possesses over its competitors largely resists regulatory intervention. This might be mainly due to . As the by Judge James E. Boasberg of the U.S. District Court for the District of Columbia of 28 June 2021 reminded everyone, the finding of anticompetitive behavior is disproportionately based on purely economic factors such as price increases and output restrictions. Non-price effects are less likely to prompt regulatory action, such as impacts on innovation and privacy protection. Furthermore, these fixations on consumer welfare fail to capture the ability of dominant platforms to leverage their position against competitors, making it almost impossible to bring antitrust actions that are comparable to the EUâs. In the same regard, U.S. privacy regimes fail to address the privacy violations caused by Facebookâs data use. These regulatory gaps contribute to the overall lack of transparency surrounding the Tech Giantâs data practices. In order to properly address these issues, regulators in the U.S. need to establish mechanisms that will constrain Facebookâs ability to utilize data unrestrictedly. Certain public officials have already taken a stand. Tim Wu, Special Assistant to President Biden for Technology and Competition Policy, has openly stated his intention to reform the tech sector, mainly by breaking up industry leaders like Facebook. Lina Khan is also a vocal critic of Big Techâs anti-competitive tendencies. Her appointment as FTC chairperson marks a new era for antitrust law in the U.S. Under her guidance, the FTC amended its complaint against Facebook and is currently investigating Amazon. Amazon is .
Ìę
Antitrust Law must be adapted to the economic particularities of social platforms
The FTCâs current lawsuit against Facebook will be a strong indicator of this supposed new chapter for antitrust enforcement. If Facebook is proven to be a monopoly, its ability to acquire data and cross-leverage it against competitors will be reviewed and limited. Furthermore, a pro-antitrust decision may force the company to sever ownership over its subsidiaries, substantially reigning in its data integration capabilities and sending a strong message to other online platform companies. However, adequate regulatory oversight over anti-competitive behavior, stemming from data misuse, will almost surely require significant antitrust reform. This would require moving away from the consumer welfare standard, which characterizes . By narrowly focusing on price and output metrics this standard is incapable of appreciating the source of internet platformâs anticompetitive power â rampant data exploitation & anticompetitive conflicts of interests, facilitated by the distribution of free products and services.
Furthermore, in order to properly address data misuses within the tech industry, the U.S. must enact a comprehensive Federal Privacy Law, imposing consumer control and transparency mechanisms on data use. Congress has failed to enact federal privacy legislation due to . Though a Reuterâs recent report, exposing how Amazon has â by successfully lobbying against privacy legislation, provides additional clarity on the current status quo.
The hope, if not expectation, is that more stringent privacy standards could help curb Facebookâs (and other industry leadersâ) ability to peer into our daily lives and thereby limit these actorsâ opportunities to engage in largely uncontrolled data accumulation. Looking to privacy laws in other jurisdictions, the U.S. might find inspiration in reviewing its own groundwork for legislative reform. For example, the EUâs (GDPR), introduced already in 2018, sets the standard for data protection and imposes a privacy by design standard on corporations, as well as robust consent and transparency mechanisms constraining corporate data use. Nevertheless, the GDPR has been criticized in the past for its âone stop shopâ provision, effectively providing jurisdiction over corporate compliance to Member states based on a companyâs primary establishment. This has caused inconsistent enforcement across the EU, partly due to poor regulatory funding and limited staff resources. In limited occasions, the GDPR has enabled regulators to take against Big Tech through the imposition of substantial fines. However, these instances are sparse, with fines remaining relatively small compared to available penalties under the Act. Furthermore, compared to a transgressorâs revenue streams these fines might seem inconsequential and therefore unfit to provide an ultimately effective incentive to comply with GDPR obligations. But, fines have been on the rise as a from the first quarter of 2021 shows. Compliance will depend on the extent of pain felt by these fines. Low fines might be driven by a to seek harsher penalties for corporate non-compliance. Ireland, for example, even long after it became a Celtic Tiger in the mid-1990s, still offers a tax-haven economy for many of the big players in the tech industry (including Facebook, Microsoft, Dell, IBM, SAP or Twitter and Paypal). For fear of alienating foreign corporations, the Irish Data Protection Commission (DPC) may be less inclined to sanction corporate misconduct with larger fines. This would explain why the agency has developed a reputation for being that violate their GDPR obligations.
Ìę
Meanwhile, dans la Belle ProvinceâŠ
As a forerunner in Canada, QuĂ©becâs recently adopted is modelled after the EUâs GDPR and enables provincial regulators to sanction any non-compliant companies that carry on a business in the province. Therefore, the Act not only applies to organizations based in the province, but also to all organizations collecting information in QuĂ©bec, whether or not they are established there. Depending on whether regulators are endowed with the necessary funding and resources, this may better ensure consistent privacy protection by restricting the number of regulatory participants and limiting the parallel considerations of decision-makers that are incompatible with enforcement initiatives. In contrast to the EUâs governance and enforcement challenges across a multi-member constituency of sovereign states, QuĂ©bec appears to have provided itself with jurisdiction over all causes of action under the act, thereby ensuring uniform enforcement, and the ability to resolve the issues that currently undermine the GDPR.
The Bill amends QuĂ©becâs Act respecting the protection of personal information in the private sector. In the past, the EC found that QuĂ©bec failed to provide adequate privacy protection for cross-border data transfers. Bill 64 aligns QuĂ©becâs privacy regime with international privacy protection standards and is expected to â.â Most of its measures take effect in 2023 and are backed by rigid enforcement measures which come into force in 2024.
Importantly, the Act provides higher levels of transparency regarding the use of consumersâ personal information. Corporations are prescribed a number of obligations, including providing (i) the purposes for which personal information is collected, (ii) the means by which the information is collected, (iii) rights of access and rectification, (iv) the personâs right to withdraw consent to the communication or use of the information, (v) whether there is the possibility that the information may be communicated outside QuĂ©bec, and (vi) the name of the person(s) for whom the information is being collected if it is being collected for a third person (section 8, , of the Act). These obligations constitute onerous burdens for corporations, particularly for a company like Facebook whose commercial enterprise is driven by the collection of personal data points and does not necessarily know the identities of third parties to whom it will inevitably communicate personal information to. The Act also provides increased consumer control over their data, incorporating meaningful consent mechanisms and the obligation to inform consumers of the purposes and means of data collection. In practice, this may limit the exploitation of sophisticated data accumulation.
Recognizing that the Act for privacy in Canada, Ontarioâs white paper on modernizing privacy in the province cites Bill 64 in support of similar privacy protections. It is likely that other provinces will follow suit as they look to update their own private sector privacy legislation. In comparison, privacy in the U.S. can be considered deregulated territory. No comprehensive federal legislation addressing consumer data privacy protection exists. Instead, it relies on a patchwork of state level statutes. This has created substantial regulatory gaps, prompting that better reflects international privacy standards. Looking to QuĂ©becâs Bill 64, the U.S can take the necessary legislative steps to shine a light into the Blackbox that is Big Tech, ensuring consumers have enforceable privacy rights and control over their data.
Ìę
Platform power is here to stay
Ultimately, the business model of a platform such as Meta aka Facebook rests on its ability to largely operate in mysterious, difficult to decipher ways as it continues to gather and use data from the public but removed from the public eye. Addressing regulatory gaps is becoming increasingly indispensable as Meta gains novel opportunities for data collection through its metaverse. Regulatory reform must be aimed at limiting platform power to gather data and at ensuring its data use practices are adequately monitored. Only through effective regulatory oversight can rights of both consumers and market participants be protected.
Ìę