HomeNewsGuidesReadsPodcastsTRANSFIN. EOD
  1. Reads
  2. Deep Dives

Facebook and Cambridge Analytica: Why and How Tech Firms Need A Lesson in Regulation?

Apr 6, 2018 1:36 PM 7 min read

The technology industry is indeed an eventful place. News of Artificial Intelligence, Machine Learning or Blockchain disruptions, a new startup entering the billion-dollar unicorn club or the drama of a Facebook acquiring WhatsApp one day and an Instagram on another swarms our screens regularly. As the industry grows by leaps and bounds and gains much from the fabled ‘network effect’, the rest of the world is struggling to catch up. The recent upheaval around Facebook’s alleged involvement with Cambridge Analytica, (the ad-data firm behind Trump’s 2016 election campaign which accessed sensitive information of millions of users without their consent), has once again brought the sector under severe scrutiny.

Facebook and Cambridge Analytica: Why and How Tech Firms Need A Lesson in Regulation? 

The Tech industry is underway rapid transformation with varied and numerous “technology and services” companies primarily focused on development of software and hardware gradually evolving to fewer pure play “technology ecosystem-building” companies which create, apply and optimize digital technology to control massive consumer and business markets such as Google, Amazon and Facebook, giving them leverage over both producers and consumers.


This rapid integration results in the creation of a Digital Oligarchy of sorts, where companies no longer compete to be the best hardware, software or service provider, but push to leverage the technology they own across markets and functions, like entertainment, education, retail et al. This is explicit in our daily lives wherein companies like Google and Facebook own most of what is on the internet and Amazon dominates much of the retail sector. These handful of companies, not surprisingly most of them American, dominate large parts of global markets and economy.


Criticized for their pervasive and often intrusive presence, there has time and again been clarion calls to rein in these giants. With the exception of a few naysayers, most agree that there is a need to regulate the sector, laying down guidelines around pricing, data and privacy.

Facebook and Cambridge Analytica: Why and How Tech Firms Need A Lesson in Regulation?

Technology titans have recurrently come under the microscope for inappropriate use of customer information, breach of privacy or circulation of objectionable data. Of course, these companies enforce rigorous internal policies when a violation is reported. However, in most cases they adopt a passive approach instead of proactively anticipating contingencies. It is only after the recent uproar that Facebook is reviewing the nature, scale, and usage of information exchanged with third party applications and advertisers on its users. In a recent interview with CNN, Facebook CEO, Mark Zuckerberg lamented that upon learning of the issues, the company had asked Cambridge Analytica to certify that “they had none of the data from anyone from the Facebook community, that they deleted it if they had it, and that they weren’t using it”. The fact that the world’s largest social network took Cambridge Analytica’s assurance on face value indicates the chronic difference towards data misuse.


Another major concern is that of tax-evasion. Most technology-based platforms, especially the ones built on a ‘sharing-economy’ model (one in which the owner rents out goods or services to be monetized on a peer-to-peer services platform), such as, Uber or Airbnb, bypass tax liabilities by claiming to be a plain tech-based “facilitator”. This becomes problematic when a ride-hailing company such as Uber gets away without facing any significant tax obligation, while black and yellow taxi services, much smaller in scale, are bogged down by similar considerations.


In addition to this, since these companies are currently not bound by any regulations, the overhead compliance cost is reduced considerably, rendering them to be profitable ventures despite offering their services at lower prices. Once again, the traditional services industry, unable to compete, stands to lose.

Facebook and Cambridge Analytica: Why and How Tech Firms Need A Lesson in Regulation?

Google and Facebook have to a great extent monopolized digital advertising revenues. These bottomless platforms are designed to maximize the amount of time spent on these websites or applications. Facebook, for instance has replaced media websites and newspapers as a preferred source of news and information. Without any fact-checking mechanism in place, the platform is often used to propagate malicious or spiteful information.


However, lately with governments across the world realizing the threat these giants pose to the functioning of a democratic and free global market, new measures are being taken to curtail their authority. The European Union, for instance, is set to put in effect the General Data Protection Regulation (GDPR), which shall mandate all EU members to adhere to a baseline set of standards to better safeguard the processing and movement of its citizens’ personal data. This would ensure that the users have more control over their  personal data that is processed automatically. Once set in place, GDPR would require the consent of users for data processing, providing them with data breach notifications, and granting users access to closely monitor transfer of data across borders. Under the Right to Erasure Act, the user may even direct a controller to erase their personal data under certain circumstances.


These tech oligarchs maintain dominance primarily by aggressive investment and acquisition strategies designed to control conceivable rivals. They deploy venture capital to provide seed stage funding for companies that eventually might challenge them. Monopoly is therefore sustained by the acquisition of potential competitor — Facebook buying Instagram and WhatsApp, Amazon buying Audible, Twitch, Zappos and Alexa.  

Facebook and Cambridge Analytica: Why and How Tech Firms Need A Lesson in Regulation?

In order to break this monopoly, the regulators must ensure that the basic platform is dissociated from the add-on services, preventing companies from taking advantage of a vertical integration. A classic example of this would be the IBM case where the company was sued by the Department of Justice in 1969 for trying to monopolize its computer business, specifically by abusing its control of disk drivers. In a more recent occurrence, the European Commission lodged a case against Google asserting that the company has abused its near-monopoly in both search and mobile operating systems to require gadget makers who license Android to install Google’s search bar as their default search mechanism on their devices. A disassociation of services and the platform will also open up the space to new players, and encourage competition.


In India, with no express legislation regulating data protection currently in place, (although a white paper on data security has been published by the Justice Srikrishna Committee for all the stakeholders to deliberate upon) creation of a robust cybersecurity and data protection legislation would be a good starting point. Sunil Abraham, Executive Director, Centre for Internet and Society notes that citizens in India can only approach the court of justice in case they have suffered a financial loss. Formulation of a stringent law would ensure that the citizen’s right to privacy is safeguarded in a rapidly evolving digital world. In this respect, the Government of India can learn much from the proposed GDPR Bill.


Localisation of data is another imperative. Countries are increasingly pressing for mandatory storage of data in local servers. For instance, under the Data Security legislation in China, consent is required for transfer of all critical data from e-banking data to medical information, online publications and cloud computing outside its border. Countries like France, Germany, Malaysia, South Korea follow similar mandate.

Facebook and Cambridge Analytica: Why and How Tech Firms Need A Lesson in Regulation?

Appropriate tax laws and transparency clauses can also go a long way in ensuring that the revenue generated by the sector is not cornered by a few big fishes. In addition to this, tech companies should be regulated as utility-providers – requiring them to license out patents for their technology or services akin to what American Telephone and Telegraph Company (AT&T) was required to do in 1956 for a nominal fee, for its search algorithms, advertisements and other vital innovations. AT&T was the primary phone company in the United States, maintaining monopoly on telephone service until anti-trust regulators split the company in 1982. Following a court ruling AT&T was required to allow third-party devices to be attached to its rented telephones. The final blow to the monopoly came in 1982 when the company agreed to divest its local exchange service operating companies, in return for a chance to go into the computer business.


Another relevant move to regulate large tech firms according to The Economist could be to deploy the concept of a regulated asset base (RAB). A model which emerged in the 1990s when Britain was privatising its water firms, the idea is to cap the profits that a monopoly would make such that it should not exceed the level that a competitive market would allow. Essentially ensuring that the monopoly’s earnings do not exceed that of a new entrant whilst replicating the incumbent’s assets.


While it is often argued that any kind of restriction on technology shall curb innovation, considering the current pace at which the tech industry is moving, it is likely to meet the same fate that Standard Oil did in the United States in the early 1900s. Standard Oil, the American oil producing, transporting, refining, and marketing company established in 1870 was as mighty as the tech giants of Silicon Valley today. The company had expanded from a single refinery in Cleveland in 1863 to produce 87% of all US refined oil output. However, in 1911, the Supreme Court ordered the breakdown of the company following a judgement that the oil giant was in breach of anti-trust legislation passed by the incumbent government.


While it remains to be seen what course the technology industry shall take, we can all agree upon the fact that India is in dire need for a Data Protection and Cyber Security legislation which shall set the guidelines for the regulation and use of personal and sensitive data. Moreover, since technology cannot be regulated within a particular territorial boundary, countries across the globe must come together to negotiate the terms of a universal legislation to monitor cross-border exchange of products, data and services.