Is the GDPR changing Big Techs business model?
07 March 2019
GDPR is beginning to bite. Maybe not with fines but EU regulators are using the GDPR to disrupt the business models of tech giants like Google & Facebook.
Two good examples of this are the CNIL finding against Google and the recent comments on the Irish Data Protection Commission (DPC) on Facebook.
Facebook need permission from the DPC
Facebook is looking to let people send messages between Facebook, WhatsApp and Instagram but have not received permission from the DPC to do this.
According to Mark Zuckerberg:
“We plan to start by making it possible for you to send messages to your contacts using any of our services, and then to extend that interoperability to SMS too,”
However, this has been paused by the DPC as Helen Dixon confirmed in a recent interview:
“Whatsapp’s pause on sharing data with Facebook remains in place,” she said. ”We actually have a specific statutory inquiry open, looking at the transparency that Whatsapp delivers to users… Whatsapp’s pause on sharing data with Facebook for the purposes of friends, suggestions, and ad serving and product enhancements is still in place.”
This is would appear significant. It highlights 2 key points:
- It would seem that Facebook is not getting their privacy challenges resolved before they release a product.
- A regulator has the power to prevent/delay new features being released.
See the Irish Independent recent interview of the DPC commissioner, Helen Dixon:
CNIL aim at Google’s business model
The French data protection regulator (CNIL) issued a €50m fine to Google. This was the first significant fine issued by any of the EU regulators. It is a large fine but of little consequences to a cash-rich company like Google, but the challenge to their business model could be significant.
CNIL found that people are largely unaware of the data they are agreeing to share or how Google uses this information. In fact, Google hides how its services “can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.”
Johnny Ryan, the chief policy and industry relations officer at Brave - “But CNIL’s decision is very significant because it means that Google must stop building advertising profiles about people until it has properly told them what it is doing and received their consent.”
This is very difficult for Google, if not impossible. The variety and complexity of how they use personal data are probably impossible to explain to data subjects in a manner that is “freely given, specific, informed and unambiguous”.