In February, Facebook, rebranded as Meta, stated that its revenue in 2022 is anticipated to reduce by $10 billion due to steps undertaken by Apple to enhance user privacy on its mobile operating system. More specifically, Meta attributed this loss to a new AppTrackingTransparency feature that requires apps to request permission from users before tracking them across other apps and websites or sharing their information with and from third parties. Through this change, Apple effectively shut the door on “permissionless” internet tracking and has given consumers more control over how their data is used. Meta alleged that this would hurt small businesses benefiting from access to targeted advertising services and charged Apple with abusing its market power by using its app store to disadvantage competitors under the garb of enhancing user privacy. However, privacy experts have welcomed this move because it is predicted to enhance awareness and nudge other actors to move towards more privacy-preserving options, leading to a market for “Privacy Enhancing Technologies”. Google’s Privacy Sandbox project is a case in point, though it remains to be seen whether it will be truly privacy-preserving.
Competition, or should one say, frenzy, among the few in the Big Tech space has been the subject of immense polemic on the one hand, and serious research on the other. One standout feature has been the increasing, perhaps exclusive, focus on non-price factors such as quality of service (QoS) in general and privacy and acquisitions in particular. For example, acquisitions by Big Tech are regular and eat up big bucks, not always to promote efficiency but to eliminate potential competition, described evocatively as “kill zone” by specialists. According to a report released by the Federal Trade Commission, between 2010 and 2019, Big Tech made 616 acquisitions.
In the absence of a modern framework, competition law continues to rely on Bork’s theory of consumer welfare which postulated that the sole normative objective of antitrust should be to maximise consumer welfare, best pursued through promoting economic efficiency. Market structure thus became irrelevant and conduct became the sole criterion for judgement. With retail price losing gloss on digital platforms where one side of the market is ostensibly “free”, conduct now predominantly revolves around QoS which, like much else surrounding digital platforms, is pushing competition authorities to fortify their existing regulatory toolkits.
We ask two questions in this article. The first, largely rhetorical, is whether privacy can be viewed as a method of non-price competition or, in other words, as a QoS issue. The second is whether a market-based approach to regulating privacy has any serious merit. The fact that privacy is being assertively brandished as a differentiator by certain digital platforms should settle the response to the first question. For example, companies such as Apple and DuckDuckGo (with its slogan “the search engine that doesn’t track you”) are employing enhanced user privacy as a competitive metric. Interestingly, this is not as recent a phenomenon as Facebook would have us believe. When Facebook entered, it presented itself as a privacy-centred alternative to MySpace, which was the first to market by committing to user privacy through a policy that stated — “We do not and will not use cookies to collect private information from any user”. This was in 2004.
Although it seems like ages ago, Facebook initially gave users the ability to opt out of having their information shared with third parties, including advertisers and marketers, and did not collect information about users from third parties. Between 2004 and 2012, Facebook showed remarkable commitment to its promise of user privacy. Its behaviour as a monopolist, after competitors such as Orkut had exited, was quite different. In 2014 it did a volte-face, exploiting its market power to degrade privacy to dubious levels.
It has been shown that “websites which do not face strong competition are significantly more likely to ask for more personal information than other services provided for free”. In 2018, OECD accepted that privacy is a relevant dimension of quality despite the low quality that may be prevalent due to lack of market development. That brings us to the second and perhaps more critical question, whether a reasonably well-functioning market for privacy can be created. We are in no doubt that such a market will be subject to severe market and government failure, but that’s not the point. Almost all markets are subject to failure. Regulators across the globe are recognising privacy as a serious metric of quality. For instance, the Competition Commission of India (CCI) in 2021 took suo moto cognisance of changes to WhatsApp’s “take-it” or “leave-it” privacy policy that made it mandatory for every user to share data with Facebook. In its prima facie order, the CCI inter alia observed that this amounts to degradation of privacy and therefore quality.
We can no longer afford to undermine the role data plays in modern markets. Privacy and competition have overlapping boundaries. On the one hand, if privacy becomes a competitive constraint, then companies will have the incentive to create privacy-preserving and enhancing technologies. On the other hand, care must be taken so that Big Tech, aka the gatekeepers in the EU’s Digital Markets Act, do not misuse privacy to create barriers for newer entrants. To provide context, restricting third-party tracking is not novel and other browsers such as Mozilla Firefox and Microsoft’s Edge have already done so. But Google, which owns 65 per cent of the global browser market, is different. By disabling third parties from tracking but continuing to use that data in its own ad tech stack, Google harms competition. Accordingly, in 2021, the UK’s competition authority (CMA) investigated Google’s Privacy Sandbox project over concerns that it would make online advertising more concentrated. Thereafter, Google consented to legally binding principles that forbid self-preferencing. It also pledged to apply these principles globally.
The use of privacy as a tool for market development, therefore, has to tread this tightrope between enabling and stifling competition. It will be hard. But, at the least, regulators would need to eschew a compartmentalised approach to market development. An approach that balances user autonomy, consumer protection, innovation, and market competition in digital markets is a real win-win and worth investing in.
Kathuria is Dean, School of Humanities and Social Sciences at Shiv Nadar University, and Suri is Senior Researcher at The Centre for Internet & Society (CIS). Views are personal