By Christopher Mims
We are finally waking up to the fact that we aren't merely "the
product" of companies like Facebook Inc. and Alphabet Inc.'s
Google. As one Silicon Valley investor put it, we are their
fuel.
At least our personal data is: Every week, it seems, we are
treated to fresh revelations of hacks, leaks and exploitation of
our information, along with ever louder cries for regulation and
consumer protection, in the U.S. and Europe.
What is less appreciated is the degree to which Apple Inc. and
Amazon.com Inc. -- which must maintain a direct relationship with
their paying customers -- could also be affected, both for good and
for ill. (Another tech giant, Microsoft Corp., hasn't played as big
a role in the smartphone revolution and hasn't seen similar growth,
but it too must comply with forthcoming regulation.)
The past decade saw an explosion in revenue and value for these
four companies sufficient to put them atop the global economy. But
the laissez-faire environment in which they have operated is for
the first time plausibly coming to an end.
Facebook is the lightning rod: Across the political spectrum,
statements by public figures and recent surveys reveal Americans
are suddenly more concerned about the power of Facebook.
Possibilities that seemed remote just six months ago, such as
action by state attorneys general, are now reality. Missouri's AG
is demanding Facebook say which political campaigns paid for users'
personal data and whether users were notified.
In Europe, strict privacy regulations known as the General Data
Protection Regulation come into force on May 25.
GDPR is designed to include penalties that are "effective and
dissuasive." Depending on the offense -- including mishandling of
personal data, failure to exclude children from age-inappropriate
services or content and many others -- fines can be as high as 4%
of a company's global revenue. Based on 2017 revenue, for Facebook
that could be $1.6 billion.
And as GDPR rules could cover EU citizens no matter where they
live or travel, multinational companies may not be able to simply
fence off their services geographically. Facebook Chief Executive
Mark Zuckerberg recently said his company is working on extending
GDPR protections to every user.
Mr. Zuckerberg also recently said that regulation of companies
like Facebook is inevitable, and that he supports mandating that
internet companies label political advertising, something the
company has already pledged to do.
This is on top of the EU's parallel effort to force U.S. tech
giants to change how their services work on antitrust grounds,
which is inspiring lawmakers in the U.S.
The recent bipartisan passage of the Stop Enabling Sex
Traffickers Act, which potentially opens up all online services to
liability for facilitating human trafficking, was a blow to tech's
decades of legal immunity. Calls for more industrywide regulation
are coming from many quarters, and rumblings of legislative action
are now coming from Big Tech's former allies.
"Almost uniquely in the U.S. economy, internet giants have had
essentially no regulatory burdens," said Roger McNamee, an early
investor in Facebook and now frequent critic of it and others like
it. "That's not normal for businesses that have as much impact as
these have."
Brianna Wu, a game developer now running for Congress in
Massachusetts, said if elected she will propose an "omnibus bill of
rights" governing how tech companies will have to handle our data.
Like GDPR, this would affect every company gathering our data, from
Big Tech to the many companies that recently had breaches,
including Equifax and Saks and Lord & Taylor.
Google has an advertising model that is just as data-hungry as
Facebook's. It doesn't just gather our search history and location;
its YouTube platform tracks our taste in media. Since 2012, the
company has pooled data on us across all its properties.
Arguably, Google has more experience than Facebook with
regulators: In 2013, Google settled with the Federal Trade
Commission over competition issues, and for months it has been
promoting its efforts to comply with GDPR. Yet unlike Facebook,
Google isn't planning to roll out GDPR-type privacy protections
everywhere it operates, so it could be less prepared should similar
rules come to the U.S.
Amazon already runs a $2.8-billion-a-year advertising business
that targets ads using harvested data. But Amazon doesn't have to
buy our purchase history from data brokers -- information even
Facebook says it will eliminate from its advertising system. Since
Amazon's retail-and-advertising ecosystem is mostly self-contained,
it won't have to change as many practices as its competitors will.
Still, the full burden of GDPR won't become clear until customers
and their lawyers begin to test its sometimes-vague
protections.
"Amazon has a longstanding commitment to privacy and data
security, and we are committed to complying with GDPR requirements
when they come into effect," an Amazon spokesman said.
GDPR is likely to strengthen Apple's position in the short term.
"Apple will find GDPR to be very much consistent with its value
system," Mr. McNamee said. Apple advocates differential privacy, an
approach to data collection that is meant to prevent our data from
being personally identifiable. It has already rolled out changes to
iOS in anticipation of the regulations.
Apple CEO Tim Cook likes to say his company would never make the
same kind of mistakes that Facebook has. But Mr. Cook's confidence
belies the fact that Facebook -- now overwhelmingly accessed via
mobile devices -- would scarcely exist without the iPhone and its
Android-powered imitators.
Apple also makes it possible for developers to obtain lucrative
personal information. For example, in at least one instance, vague
permissions on the iPhone and Android phones mean we are a tap away
from letting strangers sell our location data.
While Apple does enforce rules in its App Store and requires
developers to justify requests for unusually rich information, the
company doesn't require every developer to protect privacy to its
same rigorous standards.
Facebook may be making most of the headlines right now, but in
the long run Apple, Google and Amazon also are likely to face
emboldened regulators who make rules not just for what companies do
with our data, but for the devices that gather the data in the
first place.
Write to Christopher Mims at christopher.mims@wsj.com
(END) Dow Jones Newswires
April 08, 2018 08:14 ET (12:14 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Apple (NASDAQ:AAPL)
Historical Stock Chart
From Mar 2024 to Apr 2024
Apple (NASDAQ:AAPL)
Historical Stock Chart
From Apr 2023 to Apr 2024