Tuesday 17 September 2019 5:32 am

Digital battlegrounds: The war between big tech and regulators

Rafi Azim-Khan is partner and head of data privacy at Pillsbury Law

We now live in the age of the internet of things, where voice-sniffing devices abound, and consumers have the convenience of tailored search suggestions. Perhaps it is Amazon’s Alexa – revealed earlier this year to be forever listening to its users’ conversations – that provides the emblem of the age. 

However, while such devices can certainly make our lives easier in some respects, their development has caused understandable concern on the part of many consumers and regulators that we are sliding – almost inexorably – into a surveillance society.

The creation of the European Union’s General Data Protection Regulation (GDPR) was a reaction to the rapid development of always-on tech and the drive to turn big data into big bucks. 

But almost 18 months on from the birth of GDPR, the battle between businesses and regulators still rages, throwing up some important questions. Are regulations doomed to failure against the seemingly-unstoppable development of technology? And just how safe is your data in the hands of big tech?

Scouting the battlefield

So who are the participants in this battle? Apart from the tech giants themselves, we have the regulators, whose teeth have been set on edge by the perceived domination of the market by a handful of companies – which have access to vast oceans of data – combined with the rapid development of always-on technology. 

And it’s not just regulators – politicians are worried as well. US senator Elizabeth Warren has made breaking up big tech a centrepiece of her big for the Democratic nomination in the 2020 presidential race, placing a billboard in Silicon Valley threatening just this. 

Indeed, Texas attorney general Ken Paxton stated last week that “Google’s enormous economic power, fuelled by advertising, gives it unprecedented influence over Americans’ lives”, as 50 US states announced antitrust investigations into the big tech giants. 

Amazon, meanwhile, was thrust into a battle with its shareholders over the development of facial recognition technology – which presents “unique privacy considerations, but also clear security benefits”, according to a Congressional hearing in July. Amazon won that battle, but the war continues.

Online warfare

This war is being fuelled by rising consumer awareness that their data is increasingly being used in “creepy” ways. This is evident from the 160 per cent rise in consumer complaints to the Information Commissioner’s Office following the introduction of the GDPR. 

EU regulators and policymakers have picked up on these concerns, particularly around always-on technology – marketed as being something that consumers should quickly adopt – as it arguably represents an encroachment into EU-protected human rights, not least the basic right to privacy and respect for family life.

Against such a backdrop, regulators have said that they are prepared to flex their new data law muscles, and we have seen the first wave of larger fines: for example, Google was fined €50m in January, while British Airways and the Marriott hotel chain were handed fines totalling almost £300m in July. Under GDPR, businesses can potentially be fined up to €20m or four per cent of global revenue or turnover per breach. 

Importantly, GDPR has been carefully drafted to have extraterritorial reach in order to catch companies even if they are not based in the EU. It also empowers consumers with a quiver of new rights, including the right of erasure, to see how data is used, and to instruct data to be moved. 

As people become more aware of their rights, we will doubtless see an increase in complaints to the regulators. Businesses which do not prepare now to properly respond to this will be those most likely to be fined, and also risk brand and reputation damage as a result.

Future weapons

It is worth noting that 2019 and 2020 will not only see a greater number of enforcement rulings and significant fines, but will likely see regulators offered further new powers.

One such weapon coming down the tracks is the ePrivacy Regulation, which has passed largely unnoticed to date, but will have just as heavy-hitting fines, and arguably impact more day-to-day aspects of doing business, such as marketing, selling, customer profiling, and website tracking. 

Businesses are aware that the tide is turning. And they are starting to respond. Sundar Pichai, Google’s chief executive, has been keen to talk publicly about his company’s respect for its users’ data, while the head of Microsoft went further by saying that GDPR should serve as the new global standard. 

Whatever one’s views on whether the tech companies are getting it right or wrong – or whether these are just Google and Microsoft’s reactions to antitrust and competition law fines which have been imposed so far – what is clear is that status quo practices will no longer be acceptable. Businesses – and not just those in tech – need to act now to update and change how they operate. 

Regulators and consumers have been handed powerful new weapons, and will no doubt look to use them as the battle for the age of the internet of things rages on.

Main image credit: Oli Scarff/Getty Images

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.