And the sector may be the better for it
Print edition | Briefing
Mar 23rd 2019 | PARIS
Around 19 in every 20 European internet searches are carried out on Google. Not those done by Margrethe Vestager. The European Union’s competition chief says she mostly looks stuff up on Qwant, which prides itself on not tracking users in the manner its larger rival does. Forget also Google Maps, or Gmail, or any other product from the Alphabet stable: “I have better alternatives that provide me with more privacy,” the Danish politician recently told a crowd at sxsw, an annual festival of tech, music and thought in Austin, Texas.
Ms Vestager is hardly at the vanguard of a movement: even in its domestic French market, Qwant has less than 1% market share. Nor, at first, might her focus on privacy seem linked to her trustbusting brief. But, as she has explained, popular services like Facebook use their customers as part of the “production machinery”. You may not pay in cash to like a friend’s pictures, or every time you ask Alexa what a “cup” of butter is in grams—but you might as well do, given how much personal data you have to fork over. Rather melodramatically, Ms Vestager says what seem to be free services are ones for which you “pay with your life”.
Those appointed, by governments or themselves, to worry about competition have a strong interest in big tech firms such as Google and its parent Alphabet, Apple, Amazon and Facebook. How could they not, given how quickly those firms have come to dominate the business landscape. On both sides of the Atlantic, the reputation that big-tech companies other than Apple have for making free with people’s data has led to rules being tightened, and there is talk of tightening them more. There are other concerns, too. Europeans have a fairly strong feeling that the firms do not pay enough tax. Everywhere there are worries about the content which they spread—such as, for a while, video of the massacre in Christchurch—and that which they are thought to suppress.
Tech groups have hordes of lobbyists experienced in weathering these various issues. Occasional losses—such as the €1.5bn ($1.7bn) that Google was fined on March 20th for abusing its clout in the online-advertising market—can to some extent just be treated as a cost of doing business. What they are not so well prepared for is the crossing of some of these streams of complaint. European regulators are bringing together concerns about privacy and rules about competition to create constraints that could up-end the way companies do business online.
Common market power
Campaigners have long lamented that, although the users of online platforms tell pollsters that they care about privacy, they do not act as if they do. If privacy becomes tied to antitrust concerns, though, users do not need to care. They merely need to be content that regulators armed with big sticks—European regulators are empowered to levy fines on companies operating in Europe that are a significant fraction of their global revenue—should care on their behalf. Ms Vestager and her colleagues seem happy to do the honours.
The premise for bringing together concerns about privacy and competition is that the tight grip which big tech companies have over user data is what has turned them into entrenched, and perhaps abusive, incumbents. As Andreas Mundt, head of Germany’s competition watchdog, the Bundeskartellamt, puts it, “Europe says…that data can provide market power.” In February, his agency startled technology companies and those who analyse them with a ruling against Facebook built on such an analysis. In a 300-page finding it argued that Facebook was only able to gather so much data because of its dominant position amid social networks.
The measure of market power usually used to justify action on competition grounds is, roughly speaking, that a company is able to raise prices without losing customers. Such an ability suggests that the level of competition in the market needs at least looking into, and perhaps redressing. Facebook, being free to its public users (though not to the advertisers who buy the users’ attention), cannot have its market power analysed in this way. But Mr Mundt says that the company’s ability to encroach ever more on its users’ privacy without seeing them leave—for example, by starting to track them while they browse sites not connected to Facebook—is also a measure of market power.
This analysis is leading to strict new rules on the amount of data Facebook can collect from German users. It can no longer mesh together the data it gathers from its various services, including WhatsApp and Instagram, as it has said it wants to do. There are also restrictions on how much it can track its users when they browse the internet beyond Facebook. Mr Mundt compares these new constraints on the flow of information inside the company to Facebook being “internally broken up”.
The logical step beyond limiting the accrual of data is demanding their disbursement. If tech companies are dominant by virtue of their data troves, competition authorities working with privacy regulators may feel justified in demanding they share those data, either with the people who generate them or with other companies in the market. That could whittle away a big chunk of what makes big tech so valuable, both because Europe is a large market, and because regulators elsewhere may see Europe’s actions as a model to copy. It could also open up new paths to innovation.
Europe is not an impressive performer when it comes to creating tech behemoths. It is as well represented among big global tech companies as companies other than Google are in search-engine statistics: there is just one (sap, a business software company) in the top 20. Look at the top 200 internet companies and things are, if anything, a touch worse; just eight. But in regulatory heft the eu punches far above its members’ business weight.
There are various ways of explaining this. One is that Europe’s keenness to regulate stops its tech firms from growing in the way that hands-off America encourages. Another is that the rigours of its zealous regulation are experienced, in the main, only by foreigners—which makes them more palatable to, or even popular with, politicians and the public. “Would Brussels be so tough on big tech companies if they were French or German?” asks one American executive, rhetorically.
There is also the consideration that the companies potentially “disrupted” by internet innovators include European carmakers, telecoms companies and media groups, about whom European politicians care a lot. New copyright regulations being voted on by the European Parliament next week have been widely criticised for putting the interests of copyright holders, which largely means media companies, far ahead of the interests of online companies and, indeed, the free expression of users.
Regardless of motive, though, this is now the way of the world. A look at the annual reports of big tech companies clearly shows that they have a lot of European issues to face, including taxes (see chart 1). And this means that differences between the ways in which Europeans and Americans think about competition and privacy matter a lot.
Take competition first. Much of the underlying law governing cartels, mergers and competition is quite similar on both sides of the Atlantic. But the continents’ approaches to handling big companies are leagues apart.
In recent decades, American antitrust policy has been dominated by free-marketeers of the so-called Chicago School, deeply sceptical of the government’s role in any but the most egregious cases. Dominant firms are frequently left unmolested in the belief they will soon lose their perch anyway: remember MySpace? The lure of fat profits is, after all, what motivates firms to innovate in the first place. While there is healthy academic debate over whether online businesses naturally, or even inevitably, have a tendency towards monopoly, it has yet to have much effect on regulation. American courts view dominant firms as a problem only if their position does clear harm to consumers.
By contrast, “Europe is philosophically more sceptical of firms that have market power,” says Cristina Caffarra at Charles River Associates, an economics consultancy. Its regulators want to see competitors that have been less successful continue to exist, and even thrive. Competition is seen as valuable in and of itself, to ensure innovation happens beyond one firm that has conquered the market.
“The debate on whether there has been underenforcement of antitrust is far more dynamic in Europe—there is a sense of urgency,” says Isabelle de Silva, head of France’s competition authority. Germany and Austria have changed laws to allow them to scrutinise takeovers of startups, in the belief tech incumbents are taking out future rivals before they have time to hatch into real competitors. Alphabet, Amazon, Apple, Facebook and Microsoft have together taken over a company per week for the past five years.
There is not just more interest in regulating big tech in Europe; there is also more power to do so. William Kovacic, a former boss of the Federal Trade Commission in America, said recently that Brussels is “the capital of the world” for antitrust, leaving its American counterparts “in the shade”. American antitrust typically involves prosecuting the case in front of a judge. The European Commission can decide and impose fines by itself, without the approval of national governments, though the decisions are subject to appeal in the courts. And whereas, in America, only federal agencies can apply federal law, European antitrust law can be applied both by national authorities and the commission.
Every major tech group has had run-ins with European antitrust rules. Since 2017, Google has been sanctioned three times, running up €8.2bn in fines for promoting its own shopping-comparison service in search results and edging out rivals with its Android phone software, as well as for abusing its strength in advertising. It is appealing the decisions. In 2017 Facebook was fined €110m for misinforming the eu about its plans for integrating WhatsApp with its flagship social network.
In the same year Amazon was rebuked for the way it sold e-books, agreeing to change its practices. It is now under an early-stage investigation both in Germany and Europe-wide for the way it uses sales data from its “Marketplace” platform to compete with the independent retailers who sell through it. On March 13th Spotify, a Swedish music-streaming service, demanded that the commission step in to stop Apple levying hefty fees from those who sell services through its App Store.
Then there is privacy. In the past century almost all European countries have experienced dictatorship, either home-grown or imposed through occupation, which has raised sensitivities. “Privacy is a fundamental right at eu level, in a way that it is not in America,” says Andrea Renda of the Centre for European Policy Studies, a think-tank. That right is enshrined in the eu Charter of Fundamental Rights in the same way that free speech is protected by America’s constitution. Polls show Europeans, and particularly Germans, to be more concerned about the use of their personal data by private companies than Americans are.
When American tech companies first encountered these concerns they were relatively trifling. In 2010 German authorities demanded Google blur the homes of anyone who objected to appearing in its Street View service. (Rural Germany remains one of the last places where well-off people live beyond the service’s coverage.) Four years later, an eu-wide “right to be forgotten” provided some circumstances in which citizens could expunge stories about them from search results.
The General Data Protection Regulation (gdpr), which came into force last May, raised the issue to a new level. Beyond harmonising data protection across Europe, it also established a principle that individuals should be able to choose how the information about them is used. This is an issue not just for the companies which currently dominate the online world—the provisions of the gdpr were central to the German ruling on Facebook—but also for that world’s basic business model.
The data about their users collected by apps and browsers is the bedrock of online advertising—a business which in 2018 was worth $108bn in America according to eMarketer, a consultancy. The most valuable part of the industry works by selling the user’s attention to the highest bidder, a simple-sounding proposition which requires a labyrinthine and potentially leaky “adtech” infrastructure.
Enterprises called “supply-side platforms” use data from apps and from cookies in browsers to pass a profile of every person who visits an advertising-supported page to an advertising exchange. There the rights to show adverts are auctioned off user by user. Bidders use the data from the supply-side, along with further data procured from brokers, to decide how likely the user is to act on their ad, and thus how much it is worth to show it to him. The highest bidder gets to put its ad on the user’s screen (see chart 2). Meanwhile, data associated with the transaction are used to update the brokers’ records.
The more pertinent data the bidders get, the more the winning advertiser is likely to bid. This builds in incentives to get as much data to as many bidders as feasible. And that is not particularly conducive to the protection of privacy.
The introduction of the gdpr spurred legal challenges to this system across Europe (see article). Some decisions are already headed to appeal, and it seems sure that eventually at least a few will make it all the way up the tree to the European Court of Justice.
The price of freedom
Those cases will help determine the long-term impact of the gdpr. So will the degree to which other countries take up ideas like those of Mr Mundt, the German regulator. European regulators do not all see eye to eye on mingling privacy and antitrust, according to Alec Burnside of Dechert, a law firm. But he notes that there is something much closer to consensus on it than there would be in America. The way Ms Vestager talks about privacy seems quite in line with her German counterpart.
Tech lobbyists in Brussels worry that Ms Vestager agrees with those who believe that their data empires make Google and its like natural monopolies, in that no one else can replicate Google’s knowledge of what users have searched for, or Amazon’s of what they have bought. She sent shivers through the business in January when she compared such companies to water and electricity utilities, which because of their irreproducible networks of pipes and power lines are stringently regulated.
Sometimes the power of such networks gets them broken up: witness at&t. Elizabeth Warren, a senator who wants to be the Democratic Party’s presidential candidate in 2020, has suggested Facebook and Google could also be split up. Ms Vestager pours cold water on the idea. But Europe’s privacy-plus-antitrust approach offers a halfway house: force the companies to share their data, thus weakening their market power and empowering the citizenry.
In mid-March a panel appointed by the British government and led by Jason Furman, a Harvard economist who was an adviser in Barack Obama’s White House, advocated such an approach, suggesting a regulator empowered to liberate data from firms to which it provided “strategic market status”. An eu panel with a similar remit is expected to issue recommendations along the same lines soon.
The idea is for consumers to be able to move data about their Google searches, Amazon purchasing history or Uber rides to a rival service. So, for example, social-media users could post messages to Facebook from other platforms with approaches to privacy that they prefer. The innovative engineers of the tech incumbents would still have vast troves of data to work with. They could just no longer count on privileged access to them. The same principle might also lead to firms being able to demand anonymised bulk data from Google to strengthen rival search engines. Viktor Mayer-Schönberger of Oxford University points to precedent: large German insurers have to share data with smaller rivals to help them gauge risk.
This may not be as fine a solution as it might sound. Getting lots of personal data to move freely while also keeping it safe is not straightforward. Users would be required to give serious thought to the question of with whom they wanted to share their information, as opposed to blindly clicking “Accept” buttons to get rid of pop-ups, as mostly happens today. Anonymising a large dataset—such as a compendium of Google searches which might then be used to train a rival’s algorithms—is harder than it might seem. Identifiable data about individuals can seep regardless.
And there may not be much appetite for it. Following Britain’s lead, the eu has forced banks to allow their clients to move their data to third parties. But demand for services that let personal-finance apps look at your bank statements has yet to take off. Google and Facebook offer their users the possibility of downloading a portion of the data those users have provided to the firms (though those taking the offer up are best advised to have a large hard drive). But few rivals have invested in complementary systems that allow you to upload those data, suggesting that a lack of user data is not the factor limiting their ability to take on today’s incumbents.
Still, the assumption remains that a combined focus on antitrust and privacy could, over time, both reduce the incumbents’ market power and open up new routes to competition. Enthusiasts point to ibm, faced with antitrust action, divorcing its software and hardware businesses in 1969. That created a new industry for software writers to explore. A world of social networks empowered to share aspects of Facebook’s map of who knows whom and likes what, while being free to explore business models other than advertising could produce all sorts of profitable, socially useful innovation by firms in Europe and around the world. And though Facebook might not do as well in such a future as it would if given free rein, it could still prosper. The past half-century has not been an irredeemably shabby one for ibm.
Europe alone might not be able to bring all this about. But a mixture of the accommodations companies make to it and the example it sets to others could have a catalysing effect. The appearance of a European commissioner at sxsw is a rarity. Progressive American politicians were this year rarely a thumbdrive-throw away. They could have done worse than stop by and listen. Demanding that tech giants be broken up may get the odd rally chanting, but it would be hard to bring about. Calling on them to give power back to the people, though, has a certain ring to it.
This article appeared in the Briefing section of the print edition under the headline “The power of privacy”