More than a year after GDPR went into effect, digital privacy and security remain high on the list of governmental concerns around the globe. Although the U.S. tends to have a more business-friendly approach than the EU, worries about the market influence, power and reach of Amazon, Apple, Google, Facebook and Microsoft are growing.
Anyone with a vested interest in a properly functioning commercial internet should welcome enhanced notice provisions, consumer access and transparency around information collected about our online actions and control over what happens to the resulting data. Ideally, people should be able to selectively delete information they don’t want to be shared with brands, ad-tech and mar-tech firms and other businesses in the data space.
But there are real concerns around implementation. When laws are crafted without close attention to the way they impact the digital playing field, politicians are inadvertently concentrating power in the hands of the current big players. Facebook and Google may be easy targets and logical examples of bad actors that need regulation, but paradoxically, the legislation will end up benefitting them most.
Looking at this issue from a larger standpoint: The “plumbing” behind digital identity is important. It includes publishers, marketers and platforms and how they collect and share data. They all want to align their business practices to the spirit and letter of privacy and security laws. Yet the big players that operate enormous walled gardens have inherent advantages over other firms who do business in the free and independent internet.
Mega-platform users must create accounts to authenticate their identity with usernames, passwords, mobile phone numbers, email address and even postal addresses. The big tech companies therefore have a wide array of touchpoints from which to collect and tether consumer data. The ID plumbing allows them to engage with their audiences directly, surfacing privacy controls and offering users visibility into the data collected about them. This gives them an important leg up on compliance with privacy and security regulations.
Contrast this with firms operating outside of the walled gardens: publishers, marketers and platforms. They’re forced to use an array of proprietary IDs stored in web browsers through first- and third-party cookies and exchanged and synced via pixels in webpage loads. In mobile app environments, there’s yet another step in the form of mobile ad IDs provided by Apple and Google through their mobile app developer tools. This is a digital ID patchwork that is highly diffused, inefficient and all too often ineffective.
Some might think that this diffused ID infrastructure outside the walled gardens is good for consumers because it weakens the ties between IDs and digital behavior, but ironically, these main companies’ ID infrastructures are essential for consumers to manage their privacy settings. How can one say “Don’t track me” or “Show me my data” or “Only use my info for this purpose” if there aren’t consistent IDs connecting a person to the information?
Apple, Google and Facebook (through its app) are using their market dominance to prevent other players from building that same strong and stable ID infrastructure. Meanwhile, these big five players continue to build fortified walled garden ID environments, compelling marketers to work with them as the only scalable choice for targeted advertising, functioning attribution and privacy regulation compliance. This is the anti-competitive irony of the current ID infrastructure.
As governments look at hitting them for anti-competitive practices, it might be better to think beyond breaking up the walled gardens. It would be far more productive to focus on what can be done to help every online player organize data management and governance practices around shared digital ID plumbing that is safe, secure, regulated and effective.
It is only with the help of digital plumbers that politicians will be able to level the playing field for commerce while also protecting consumer choice and privacy.
