Today almost every country in the world is united on the front that Tech giants, like Facebook and Amazon, should be regulated. However, the bigger issue, how that should be done, remains unresolved. It is argued that between two extremes of self-regulation and breaking them up, there lies a middle-ground approach of regulating their collection and use of data. From prohibition on combining and collection of data between multiple platforms of single-parent company, as seen in the recent German case, to allowing data portability among different platforms, these regulations will allow room for competition and will lessen their monopoly in the marketplace. Similarly, by directly attacking their source of income i.e. data, such regulations will force them to avoid exploitative behavior using consumer biases, avoid misuse of data, and address privacy concerns. Moreover, contrary to the common perception that regulation of tech will hinder innovation, these data-based regulations, like data portability, can encourage innovation by creating more chances of success for substitute platforms and less chances of acquisitions. However, not every data-regulatory solution can reap the same results and some proposed measures, like forcing big companies to share data with smaller companies, can lead us into pitfalls that will undermine consumer welfare and create more privacy concerns. Furthermore, some other areas associated with Big tech might need regulatory measures such as the issue of harmful content on social media and equal access to platforms. However, every harm associated with Big tech platforms can’t be covered under one umbrella. Therefore, it is argued that the most significant and substantial effect on the working of Big tech, i.e. to weaken the monopoly, create competition and promote consumer welfare, can best be achieved through regulation of their collection and use of data.
The technological advancements of the 21st century revolutionized the workings of a modern world. However, with the revolution, came race to the top and only the ones with enough fuel could reach it. Few emerged victorious in this endeavor and have since dominated the world of Big Tech. Unlike the traditional market, this was a new and uncharted territory in terms of regulation as the fuel they used to reach the top was digital asset i.e. data instead of the convention tangible assets, which could be traced and tracked. Covered under the façade of self-regulation, these tech platforms dodged governmental scrutiny under conventional anti-trust laws for the longest period. In 2006, only one of the world’s six most valuable public companies was a technology company but today five of them are Tech Giants[1]. This shift slowly exposed the fact that so-called “free” platforms have data that is translated into dollars. This rendered the price-based conventional competition and anti-trust regulatory measures redundant and called for a new set of measures to ensure that these companies don’t violate their dominant position and create an un-checked monopoly in the marketplace.
Tech platforms maintain monopoly due to data amassed from hundreds and thousands of users through network effects. Directing the focus of regulations at the very source of their power can create a fairer environment in which competition can flourish and innovation can be encouraged while at the same time creating consumer welfare by addressing privacy concerns and limiting the use of consumer bias and dark patterns. One such way is to prohibit and prevent companies to track and collect data from different sources and services owned by the same parent company. The recent example of this is seen in a case where German regulators prohibited Facebook from automatically collecting and combining data of Facebook users with their data on other Facebook-owned services like Instagram and WhatsApp[2]. These tech companies and platforms, by gathering data through multiple sources, can use such data in ways a consumer might not be able to envisage. They get user consent for using such data from two different sources and combine it to create a new form of inferred data through artificial intelligence to which a consumer might not have given consent. Therefore, disallowing such practice provides users a real choice of consent through which they can keep track of the usage of their data. It strengthens the privacy of their data and saves consumers from information a symmetry. On the other hand, Techno-optimists argue that such practices make products and services more efficient and more sensitive to cater to the needs of consumers. However, such optimized services can still be availed by consumers who consent to combine their data but collecting data without the knowledge of consumers, that too as a default action, is when such practice becomes problematic and violative of their privacy.
Secondly, the greater the amount of user data a platform can amass, the better customization of its service can be created, and this type of feedback effect can help only a few platforms to dominate. However, as this type of separation-regulatory regime will hinder the ability of a single company to collect large amounts of data from various sources, it will also hamper their ability to indulge in manipulative strategies such as using data sets to predict consumer biases for targeted advertising. Moreover, the unreliability of such incomplete data sets and lack of excessive information on consumers will adversely affect the efficiency of targeted advertisements and consequently decrease the market power and weaken the monopoly of such platforms. Furthermore, such regulation will also de-incentivize Tech platforms to pursue mergers solely with the motive to obtain additional data sets to strengthen their monopoly. And even when such tech mergers happen, it will not exponentially increase their power by allowing the merger of data. Hence, such de-incentivization of mergers and acquisitions will create a situation where more competition can thrive in the marketplace rather than just strengthening the power of Tech Giants.
Lastly, apart from social networking platforms, such prohibition in platforms that serve not only as a marketplace but also a product/service provider can also solve the problem of conflict of interest. These platforms gather data and have all sorts of information regarding products that are sold and liked in the market and which are disliked by customers. At the same time, they also control the placement of such products on their platform. Hence, they not only manipulate the placement of products that are competing with their products but can also replicate products based on the information they gather through their platform. In 2007, Google was fined $2.7 billion by European Union on the same type of preferential treatment of its products over its competitors[3]. Therefore, by prohibiting the mixing of information and data sharing between the two, the production company won’t be able to have an unfair advantage and manipulate the data from its platform in its favor. Hence it will drastically weaken the monopoly of these tech platforms and strengthen the competition in the market.
Another way to regulate technology platforms is by the imposition of regulatory requirements to allow data portability between different platforms. Allowing consumers to “port” all their data from one platform to another rival platform would drastically impact the network effects of such a platform. As consumers will have the option to replace their platform in a much easier way, it will incentivize these tech platforms not only to provide better services to their consumers but will also force them to provide greater protection in face of privacy concerns. Similarly, it would make these platforms less likely to misuse user data with exploitative behavior and consumer biases not in the fear of hefty fines, as these platforms already have enough budget for such legal sanctions, instead of fear concerning the loss of their network effects and consequently their market power. Moreover, people will engage in making a better and advanced version of these platforms and services when they know they can succeed in competing with these existing tech giants for the same users and their network effects. The acquisition of such competing startups will also become harder for these dominant players. Hence such regulation will not only encourage innovation but at the same will create more competition in the market consequently eroding the monopoly of these dominant platforms.
On the contrary, every data-based regulation can’t be implemented as productively as the above-mentioned strategies to regulate the technology platforms. One example of such regulation is advocated by scholars including Mayer-Schönberger, who is the co-author of Book Reinventing Capitalism in the Age of Big Data. He suggests using a “progressive data-sharing mandate”[4] through which large companies will be forced to share some percentage of their data to smaller companies. He rightly argues the advantages of such approach as it re-introduces competition and innovation in the market by providing smaller companies enough data to begin competing with big companies[5]. However, as appealing as this solution may sound, it has some fundamental flaws which can harm consumer welfare. Firstly, this model not only fails to protect consumer privacy and data in the case of larger companies but works on the premise of expanding and dispersing it further without the consent of users. Secondly, these small companies can still exploit the data and use consumer biases in the same way as big corporations have been doing for years. Hence it will only result in even greater privacy concerns. Lastly, it won’t have any serious effect on the market of big companies as they will always have more data including the data they share with smaller companies unlike the case with data portability, which can create a substitute market and diminish network effects of existing dominant actors. Therefore, these kinds of data-based regulations can become tricky and problematic and should be properly scrutinized before any serious consideration regarding their adoption.
Some aspects of technology platforms might remain unregulated even with the above-mentioned data-based regulation such as the issue of harmful content on social media or equal access to platforms. Here it is pertinent to mention that anti-trust and competition laws of most countries provide provisions which can somewhat be construed to cater to latter issue hence its further regulation can create Type 1 error of over-regulation as Lina khan calls it[6]. For example, in Pakistan, section 3(h) of Competition Act, 2010 provides for “refusing to deal” as abuse of dominant position. Similarly, specialized laws only dealing with this form of specific content harms might be needed to deal with the former issue hence leaving this area under-regulated. Therefore, the data-based regulations supported and suggested in this essay provides the best method of regulation that addresses a broader set of issues that are primarily necessary for consumer welfare and regulation of big tech without falling into pitfalls of neither over-regulation nor under-regulation.
At present, there is no data specific legislation in Pakistan. Although, a bill, namely Personal Data Protection Bill, 2020, has been proposed for the protection of personal data but is yet to be passed by the parliament. Personal Data Protection Bill, 2020 draws heavily from the European Union’s General Data Protection Regulation (GDPR) as it incorporates many similar protections and provisions. For example, it provides data subjects the right to access their data, the right to correct and rectify personal data and the right to erase personal data, etc. However, one major difference is that GDPR provides certain rights and protections that closely resemble the safeguards proposed in this article. Whereas, the extent of Personal Data Protection Bill, 2020 is much more limited in terms of incorporating provisions that can impact the collection and use of data by data controllers and tech-companies.
Firstly, GDPR provides data subjects with the right to be informed i.e. the individuals must be provided with certain information about the collection and use of their data. For example, Article 13 (1)(c) requires that data subjects must be provided with information regarding the purpose of processing their personal data. Similarly, Article 13 (3) requires providing information to data subjects if their data is intended to be used or processed for any other purpose than for which it was collected. Similarly, in case any automated decision-making or profiling is involved, Article 13 (2)(f) requires the data controller to provide information regarding the logic involved or “envisaged consequences of such processing for the data subject”. These provisions can be envisaged to protect against combining of data between multiple platforms to create a new form of inferred data without informing the data subject. In this way, it avoids information asymmetry associated with digital platforms and provides data subjects with a real choice to make informed decisions regarding whether they want to continue processing of data or withdraw their consent.
On the other hand, no provision or protection of the aforementioned nature exists under Personal Data Protection Bill, 2020. Under section 16 (1) of Personal Data Protection Bill, 2020, a data subject is only entitled to be informed “whether his personal data is being processed by or on behalf of the data controller” and does not require a data controller to provide information regarding how personal data is being collected.
Similarly, GDPR also provides data subjects with the right to data portability i.e. it allows individuals the right to obtain and re-use their data, that has been provided to the controller, for other purposes across different services. As argued previously, such provisions incentivizes data controllers to provide better service, avoid exploitative behavior by using consumer biases and protect consumer privacy which in-turn promotes consumer welfare and market competition. However, this is another safeguard that has been completely undermined while drafting the Personal Data Protection Bill, 2020 as it neither provides data subjects with the right to data portability nor incorporates any other related provision. European Union (EU) took the global lead on protecting user-privacy by passing the General Data Protection Regulation (GDPR). Even though, it primarily focuses on the measures ensuring data privacy. However, it also contains certain provisions that envisages the effective regulation of technology platforms. Pakistan and other countries should also incorporate some policies of the above-mentioned nature, regarding the collection and use of data by Tech companies, that results in broader implications extending beyond privacy issues and can help regulate technology platforms in a multitude of ways i.e. by weakening their monopoly, creating competition, encouraging innovation and promoting consumer welfare.
[1] Nandan Nilekani, ‘Data To The People’ (Foreign Affairs, 2018) <https://www.foreignaffairs.com/articles/asia/2018-08-13/data-people?fa_package=1122877> accessed 17 November 2019.
[2] Natasha Singer, ‘Germany Restricts Facebook’s Data Gathering’ (Nytimes.com, 2019) <https://www.nytimes.com/2019/02/07/technology/germany-facebook-data.html> accessed 16 November 2019.
[3] Ganesh Sitaraman, ‘How To Regulate Tech Platforms’ (The American Prospect, 2018) <https://prospect.org/power/regulate-tech-platforms/> accessed 17 November 2019.
[4] Angela Chen, ‘Making Big Tech Companies Share Data Could Do More Good Than Breaking Them Up’ (MIT Technology Review, 2019) <https://www.technologyreview.com/s/613629/making-big-tech-companies-share-data-could-do-more-good-than-breaking-them-up/> accessed 17 November 2019.
[5] Viktor Mayer-Schönberger and Thomas Ramge, ‘A Big Choice For Big Tech’ (Foreign Affairs, 2018) <https://www.foreignaffairs.com/articles/world/2018-08-13/big-choice-big-tech> accessed 17 November 2019.
[6] Lina Khan, ‘The Ideological Roots Of America’s Market Power Problem’ (Poseidon01.ssrn.com, 2018)