The great Supreme Court Justice Oliver Wendall Holmes once said, “Great cases like hard cases make bad law. For great cases are called great, not by reason of their real importance in shaping the law of the future, but because of some accident of immediate overwhelming interest which appeals to the feelings and distorts the judgment.”
Cambridge Analytica’s misuse of data has us thinking seriously about how privacy and security should work on the internet. It’s a hard case: The revelations come on the heels of big data breaches – including Equifax – and have consumers feeling understandably anxious about their online activities. In many circles, regulation in some form feels certain. But before we rush to regulate we must understand the interplay between regulation and competition in order to regulate smartly.
Regulation may unintentionally hurt competition. For example, incumbents are better situated than new entrants to comply with new regulations. At a congressional hearing, Facebook CEO Mark Zuckerberg acknowledged that “part of the challenge with regulation, in general, is that when you add more rules that companies need to follow, that’s something that a larger company like ours has the resources to do.” Studies confirm that this is a problem, and have shown that privacy regulations impose a much greater cost on smaller and newer companies. Harvard economist Josh Lerner found that European Union privacy regulation had a negative impact on venture capital funded startups and reduced traditional research and development investment by $750 million to $1 billion during the first 8.5 years after passage.
It is no accident that heavy regulation and industry consolidation often go hand-in-hand. The reason is simple: Well-heeled incumbents are in a much better position to comply with onerous regulations than new entrants. Professor Tim Wu cautioned in a recent op-ed that “if today’s privacy scandals lead us merely to install Facebook as a regulated monopolist, insulated from competition, we will have failed completely.” We’ve already seen this problem surface in attempts to solve online sex trafficking through regulation. A letter, signed by many small companies, warns that the Stop Enabling Sex Traffickers Act will have a negative impact on small companies and startups that “could both chill necessary innovation and cause companies to close down entirely.”
In addition, new regulations could actually curtail the ways that the tech industry promotes competition, as seen in some of the reactions to Facebook’s situation. Application programming interfaces are used by programmers to give outside programs limited access to work with a platform. Facebook’s APIs were the source of the data disclosure Cambridge Analytica used to improperly scoop up data. And while the knee-jerk reaction is to lock down all APIs, that could also prevent small companies from leveraging APIs to get the boost they need to become serious competitors in the tech industry. It’s an important point that has been raised by Mozilla Tech Policy Fellow Caroline Holland. Any regulation would need to balance securing APIs without discouraging competitively beneficial uses.
Finally, there is an even more pernicious problem with drafting bad fixes to important issues – we could unwittingly exacerbate the digital divide that many policymakers are trying to solve. Some have called on free internet services to transform into subscription-based services, but even seemingly small monthly payments could put these services out of the reach of low-income Americans. This is not simply a matter of giving consumers a choice on whether they value privacy, because consumers of different income levels have greatly different ability to pay new monthly fees. The “privacy paradox,” where consumers’ stated concerns about privacy differ from their behaviors, exacerbates this problem because wealthy people would consider paying for privacy to be much less effort than those with lower incomes.
The Cambridge Analytica misuse of data has us asking the right questions, but we shouldn’t let the unsettling nature of privacy issues become an excuse to write bad policy. Regulations are a tricky business that could solve one problem, yet create an even bigger competition problem. We’ve seen these problems before in other industries, where regulations are abused to defeat competition and entrench incumbents. We should not make the same mistakes in tech.
David Balto is a public interest antitrust attorney who previously served as policy director at the Federal Trade Commission, as an attorney in the Justice Department’s Antitrust Division, and as a senior fellow at the Center for American Progress and the New America Foundation, and who advises several companies in the tech industry including Google.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.