One of the observations made by us free-market types is that regulation never, but never, quite turns out the way the people doing the regulating hope it will. So it is with the new General Data Protection Regulation (GDPR).
Yes, of course, there was a frenzy as days 728 and 729 arrived, two years apparently not being sufficient warning before the law came into effect on 25 May 2018. But more than that, the justification for the new system is flawed, with people not quite grasping what it is that is actually being done with their data. Further, the net effect is going to be – already is, in fact – to strengthen the position of the major incumbents. Really not quite what was intended, is it?
To the justification first. The outcry is that they’re selling our data – all that information we give to them for free. As we’ve discussed before, the value is actually being created by the processing, not the raw data. But even leaving that aside, it’s not data that is being sold. This formulation creates mental images of people running off with the fact that we like cat pictures, thrash videos and ample redheads – which is not what is being sold at all. Instead, it is the ability to know what to advertise to people by slicing and dicing the population according to their likes and thus their assumed desires.
If you approach Computer Weekly, as with any other media outlet, with a view to advertising in it, you’ll be shown a media pack. This tells the demographics of the known audience. Here, it’s about people who know what’s what in computing. Thrash video aficionados are likely to be found elsewhere.
What Google and Facebook and their ilk do with all that data they’ve processed into information is allow their audiences to be finely sorted. And that’s all. You don’t, in fact, get access to the “data”, you get access to the audiences you desire to advertise to, something possible in more fine-grained manner than that traditional media pack.
“This is how regulation generally works, in favour of market incumbents and against smaller ones and new entrants”
The data’s not being sold, it’s being used to refine advertising – a very different thing. And such a difference that we might have rather less outcry if it were more generally known.
That justification for more regulation being, hmm, somewhat weak, leads us on to the effects of the regulation itself. The most obvious of which so far is that it is entrenching the larger companies in their market dominance. The Wall Street Journal reports that: “[Google] is gathering individuals’ consent for targeted advertising at far higher rates than many competing online ad services.”
This is how regulation generally works, in favour of market incumbents and against smaller ones and new entrants. There’s an overhead to having to obey any regulation, from the weight of simply having to understand it to the people and systems required to enact it. The larger the company the less that overhead weighs on any one transaction being undertaken.
Here, Google has been able to put in place better systems to ask people if they are desirous of continuing to share their data. And it’s better at getting them to say yes. This should be obvious enough – as one of the best known brands in the online world it’s bound to gain greater acceptance of any new demand.
Regulate or deregulate?
Yes, obviously, there really are things that need regulating. But it’s still true that even those things which must be regulated seem to end up benefiting the large companies already in the space.
There was much worry about lead in paint arriving on toys from China a few years back, for example, with a number of such products being imported by Mattel or its subsidiary, Fisher-Price. This led to an insistence that all toys be tested by an accredited lab before they could be sold. Seems fair enough – it’s just that Mattel was able to create its own internal lab and do such testing at a very much lower cost than smaller competitors which had to use outside labs.
Or take that other bugbear of today’s tech world, Uber. The complaint is that it tramples on extant taxi regulation. Which it does of course – but then it’s equally obvious that extant taxi regulation was expressly designed to keep upstart competitors out of the market. As our basic theory of the effects of regulation insists it will be used.
It’s also possible to run our explanation the other way around. What happens when we deregulate a market? We gain new entrants to that market. The most obvious example being the airlines, starting with Jimmy Carter (yes, he started this) in the 1970s.
The US has had innumerable startups, most of which obviously failed. But airfares are hugely cheaper in real terms than they were then. European deregulation, largely driven by the EU, has led to the previously dominant national airlines largely going bust and made room for the eruption of low-cost rivals such as Ryanair, Whizz and EasyJet.
Think on it a moment, if deregulation means lower fares and new airlines, then regulation must have been protecting the old ones and the high fares. Which is rather how economists think of market regulation.
Yes, certainly, some things really do need regulation. But the trick is to manage this without granting that market privilege to the extant or larger players while still preventing the harmful behaviour we wish to regulate.
It’s a difficult trick to manage, and one that often isn’t. Which is the problem we’ve got with the incessant calls that there “oughta be a law abaht it”. All too often, said law makes our problem worse in the long term as it produces that privileged position for the already dominant players, they being the people who can afford to obey it and thus gain from its existence.
GDPR isn’t disabusing economists of this contention, which is one of the things wrong with it. That, plus the manner in which the justification itself doesn’t seem to be true – they’re not actually selling our data.