From Ohio to DC and from London to Paris, regulators and consumer privacy advocates are sharpening their pencils and their knives.
If you don’t have time to keep track of all the actions underway, the biggest takeaway is not to expect a quiet summer.
Regulators are increasingly convinced that scaled data collection can harm competition. And the collaboration between data protection authorities (DPA) and competition bureaus, as we’re seeing in the UK and France, will only continue.
Here’s a rundown of the most significant moves in the past few weeks.
Out for RTB
On Wednesday, the Irish Council for Civil Liberties (ICCL) filed a lawsuit against IAB Tech Lab in Hamburg accusing it of sharing large amounts of consumer data without consent via real-time bidding in alleged contravention of the General Data Protection Regulation.
The suit was brought by former ad tech executive and current ad tech foe Johnny Ryan, who left his post as chief policy and industry relations officer at privacy-focused browser Brave in August of last year for a job as a senior fellow with the ICCL.
Specifically, the suit alleges that the IAB Tech Lab’s audience taxonomy segments people into sensitive targeting categories without permission, such as sexual orientation, health status and religious beliefs.
“We are boldly going where enforcers have failed to go,” Johnny Ryan told The Irish Times.
Going after Google
Early last week, Google agreed to pay a $268 million fine and make changes to its advertising business to settle an anticompetition case in France. Google was accused of promoting its own technology and services in the online advertising market.
Just a few days after the French settlement was announced, Google reached a compromise with regulators in the UK.
Following an investigation by the UK’s Competition and Market Authority (CMA) probing Google’s plans to remove third-party cookies from Chrome and the Privacy Sandbox, Google agreed to consult the CMA before pulling the plug on cookies or launching any alternative technologies in the Privacy Sandbox.
Google’s proposed commitments are now open for public comment and consultation until July 8. If the commitments, which include a pledge on Google’s part not to self-preference its own technology and services, are accepted by the CMA and its data protection counterpart in the UK, the Information Commissioner’s Office, they’ll be legally binding and apply globally.
The CMA is reserving the right to reopen its investigation if Google deviates from the plan.
Pursuing the platforms
The CMA has also kicked off a market study into Google and Apple’s effective dominance of the mobile ecosystem – see: iOS and Android, the Play Store and App Store, Chrome and Safari – which, it argues, stifles competition and consumer choice in digital markets.
“Apple and Google control the major gateways through which people download apps or browse the web on their mobiles – whether they want to shop, play games, stream music or watch TV,” said Andrea Coscelli, chief executive of the CMA in a statement. “We’re looking into whether this could be creating problems for consumers and the businesses that want to reach people through their phones.”
Not to be left out, Facebook and Amazon are also attracting unwanted attention in Europe.
Facebook is being targeted with two antitrust inquiries in the EU, one by the European Commission and the other by the very busy CMA, both of which are looking into whether Facebook’s access to “vast troves of data,” including data gathered from its advertising business, gives Facebook Marketplace an unfair advantage.
And in Luxembourg, Amazon faces a $425 million fine imposed by the country’s data protection commission for collecting and using data in violation of GDPR, although the particulars of the case have not been publicly disclosed.
On top of that, there was a ruling from the European Union’s Court of Justice on Tuesday that opens the door to allow a data protection authority other than the lead regulator assigned to a company to pursue privacy violations under certain circumstances, such as when the matter is urgent and the lead regulator declines to investigate.
Aka, expect more investigations, probes and lawsuits coming from DPAs across Europe.
But US lawmakers and regulators are also poking around.
Last week, a bipartisan group of House reps introduced a package of five antitrust bills with the goal of reining in Big Tech.
One bill calls for interoperability among platforms, another would effectively ban platforms (cough, Amazon) from selling their own products through their own marketplace, and a third that would force Big Tech platforms to break themselves up.
There’s a long way to go before any of these bills are passed, if they go that far, but their existence is clear evidence that lawmakers are serious about taking antitrust action against the big guys.
Also last week, Ohio’s attorney general, Dave Yost, filed a lawsuit arguing that Google’s search infrastructure should be considered a public utility, just like a gas, electric or phone company.
That would mean common carrier rules apply and Google would have a legal duty not to prioritize its own products and services, and to provide everyone, including competitors, with equal access to its search technology.
“We’re asking a judge to tell Google you’ve gotten to a point where you are so big, you are so dominant in the marketplace, that you are not allowed to prefer your own businesses,” Yost said.
Although the idea to treat Google as a public utility has been floated before, Yost told an ABC affiliate in Cleveland that this is the first time a state has actually filed a lawsuit to make it so.