Whether big tech and little tech like it or not, 2019 will be a year of regulation. Virginia Senator Mark Warner’s 15-point framework is likely to be the basis for starting talks about policy for tech regulation. Based on his early proposal, we see three main regulatory introductions as most likely:
- A US-version of GDPR. Europe set the standard in consumer data protection with GDPR, and it would be surprising if the US didn’t follow suit if not innovate. At a minimum, we would expect the US to adopt the most important points of GDPR, which are:
- Consent — clear consent of what users are allowing service providers to do with their data.
- Right to be informed — know who is using your data, for what, for how long, and who it will be shared with.
- Right to erasure — users can request to have data permanently deleted.
- Right to access — users can request to have access to their personal data.
- Right to data portability — users can request a file of their personal data that can be transported to another service.
- Data protection by design and default — data must be anonymized, and only necessary data must be processed.
GDPR also comes with steep penalties — up to 4% of worldwide revenue for the prior year for breaching elements related to consent, individual rights, and data protection. A US version of GDPR seems the most likely policy to be enacted in 2019.
- Additional disclosure on political advertising. Russian tampering with the 2016 US Presidential election has been of great interest to the media and politicians, if not the public. Aside from the US-version of GDPR, additional disclosure around who is buying political ads is the other most likely regulatory outcome for 2019. As is so often the case with bad actors and those trying to stop them, the bad actors are likely to move on to another creative method of manipulation that we haven’t thought of yet. Therefore, to make this policy effective, regulators will have to be thoughtful about how they define political advertisements so that they can try to stay one step ahead of bad actors that will certainly keep innovating.
- Public interest and academic data access. Allowing public institutions and researchers access to anonymized datasets from tech’s biggest platforms would seem to be an obvious net positive outcome that big tech should embrace as a sign of good faith. There are likely countless studies that could be performed on multi-billion user datasets about human behavior, economic influence, criminal activity, health, and more. While Warner’s proposal suggests that qualified startups also have some level of access to big tech’s datasets, we would expect big tech to lobby hard against this given data is a powerful moat for these companies. We’d expect that language to miss the final cut.
Aside from the three elements above that we’re most confident would be in a data protection bill, Senator Warner’s proposal also includes suggestions around identifying fake accounts, determining the origin of posts/accounts, making platforms liable for content shared, and media literacy. While we don’t object to these ideas in concept, the problem is that many of them touch on free speech, even if ever so lightly, and delve into the realm of subjectivity. For example, an inauthentic account doesn’t necessarily mean it’s an evil account — it could very well be someone using a pseudonym that allows them greater comfort to discuss difficult topics in a constructive way; even “constructive” in that sense would be subjective. Given these sensitive issues, we don’t expect legislation around fake accounts and content to be a part of 2019 policy introduction.
One thing not included in Senator Warner’s proposal that we’d like to see considered is introduced is greater user controls around what content these platforms show them. We’ve previously outlined a suggestion for Facebook to allow users to block political content either from non-verified sources or altogether. Putting more control in the hands of users may avoid some of the pitfalls around free speech outlined in the prior section.
Using GDPR as a proxy, we don’t expect increased regulation as outlined above will have a meaningful negative long-term impact on the tech giants. One report even suggests Google has benefitted from GDPR, and we shouldn’t ignore that greater data management hurdles will impact how already resource-limited startups do business. However, the cloud of new regulation is likely to create near-term headline risk for Google and Facebook in particular.
While we’re interested in the impact on the tech world, these policies are really about protecting users. It became clear in 2018 that the tech giants could do a much better job with how they collect, manage, and monetize our data. Whatever the outcome for tech companies, the outcome for users should be good.
Disclaimer: We actively write about the themes in which we invest or may invest: virtual reality, augmented reality, artificial intelligence, and robotics. From time to time, we may write about companies that are in our portfolio. As managers of the portfolio, we may earn carried interest, management fees or other compensation from such portfolio. Content on this site including opinions on specific themes in technology, market estimates, and estimates and commentary regarding publicly traded or private companies is not intended for use in making any investment decisions and provided solely for informational purposes. We hold no obligation to update any of our projections and the content on this site should not be relied upon. We express no warranties about any estimates or opinions we make.