While the Facebook Cambridge Analytica scandal has certainly created its share of problems for Facebook and CEO Mark Zuckerberg, it’s clear that the scale and scope of the scandal extends to every corner of Silicon Valley. After all, it’s not just the social network Facebook that has been collecting truly staggering amounts of data on every user – Google, Amazon and Netflix are among the most prominent tech giants that are now facing intense scrutiny regarding their sometimes convoluted and obfuscating privacy policies. It almost seems like a matter of time before legislators call for comprehensive new privacy regulations that will apply to all of these companies, not just Facebook.
Google and the fallout from Facebook Cambridge Analytica
If there is one company that potentially stands to lose the most as a result of fallout over the Facebook Cambridge Analytica scandal, it’s Google. Quite simply, Google offers such a wide array of services – not just Search and Gmail, but also YouTube, Chrome, AdWords and Google Maps – that it’s impossible to use the web these days without touching one of Google’s many offerings. Watch a single YouTube video, and Google can start to augment what it already knows about you from your search history to show you even more personalized ads all across the Internet.
It’s easy to see, in fact, how a similar type of Cambridge Analytica consumer privacy scandal might be lurking in the shadows at Google. One big concern, of course, has been the company’s use of Gmail as an important way to scrape personal information about your contacts and insights about what’s in your messages. Already, lawyers in California are threatening class action lawsuits that would seek to penalize Google for collecting information about non-Gmail users who inadvertently got swept up in the company’s massive data collection program.
And further business risk to Google exists via the company’s excessive reliance on advertising revenue. The problem, at least from Google’s perspective, is that many consumers are starting to use ad blockers within the browser to avoid advertisers trying to track them as they visit different sites around the Internet. There’s not a lot that Google can do about people who aren’t using its browser product, but there is a lot that Google can do when it comes to Chrome users. Thus, it’s perhaps no surprise that Google is trying to get out in front of the “ad blocker” movement by introducing changes to Chrome and by creating new rules for advertisers. Google’s intention is to rid the Internet of all the ads that are causing people to turn to ad blockers, but not getting rid of ads entirely (at least, not the ones that are Google-friendly).
New privacy regulations on the horizon
Ahead of the launch of the European General Data Protection Regulation (GDPR), a privacy regulation set to go into effect at the end of May, Google has taken only a few, limited proactive steps. For example, on the official Google Blog, the company released a statement noting it would be updating its EU Consent Policy as soon as the European law goes into effect. At the same time, it would be devising a solution for “non-personalized ads” that advertisers can use instead of “personalized ads” to meet the terms of the new privacy regulations. But there was absolutely no mention of changes coming down the pike for U.S. users, only European users.
Amazon and the fallout from the Cambridge Analytica scandal
Another company at risk from the Cambridge Analytica personal data scandal is Amazon. The company also collects an impressive array of data about each individual user – including name, address, credit card numbers, email address, addresses where you send packages, and a search history of all items on the Amazon.com website.
With all of this information, Amazon.com says that it can “customize” your online journey and show you the types of promotions that are most likely to appeal to you. There is a fine line, though, between a website that recognizes who you are when you first arrive on the site, and one that subtly influences you to buy items based on all the hidden data that it has collected on you.
And one place where Amazon could be particularly vulnerable in terms of new privacy regulations is all the partner deals that it has in place. Amazon has partnered with some of the biggest brands and retailers in the nation – including Starbucks, Office Max, Verizon Wireless, Sprint, AT&T and T-Mobile – to sell you, well, more stuff. And while Amazon.com is very careful to say that it doesn’t “sell” your information to these companies, it is noticeably coy about whether or not it “shares” your information with these companies. Thus, if you one day receive a special promotion in the mail from Office Max to buy more office supplies, there is always the chance that Amazon might have “tipped off” the company that you were in the market for new office supplies.
From a legal perspective, the tech giant Amazon is also at risk from misuse of digital home assistants like the Amazon Echo. Already, Amazon customers have complained about Alexa (the AI-powered assistant) essentially eavesdropping on their conversations. In one high-profile criminal case, in fact, it turned out that Internet of Things devices like the Amazon Echo might be usable by prosecutors as part of a criminal case. In other words, all the digital devices you keep around your home might one day rat you out to the authorities! Imagine trying to win a divorce case and Amazon Echo knowing what really went on in the bedroom.
Will American tech giants follow the European lead with new privacy regulations?
The general assumption is that the U.S. will eventually end up following the European lead provided by the General Data Protection Regulation (GDPR), which requires tech companies to change how they use data. While these privacy regulations are European in nature, the terms are so sweeping that they could be used to cover any company doing business either in Europe itself or with European Union citizens. That includes, you guessed it, companies like Google, Amazon and Netflix that are based in the United States.
As a result, these big tech companies should be working on a new, overarching approach to data collection. They need to be coming up with an easy-to-understand way to control their own data that doesn’t require users to be rocket scientists. Some users have complained, for example, that companies like Facebook and Google make it exhausting and frustrating to turn off all the data collection. And much of the “legalese” language that these companies use almost seems specifically designed to obfuscate what’s really going on.
But the GDPR could be really big for Silicon Valley tech giants because it fundamentally changes the conversation about “consent” and the privacy rules currently in effect. Up until now, all companies had to do was have users check a single terms of service box when they sign up for a service, and they were pretty much covered by consent. But now companies will need to go one step further because consent can no longer be assumed.
The prospect of a comprehensive new privacy law ending up on Capitol Hill before the end of the year is remote, but it is likely that some form of legislation describing exactly how data can be used could be coming within the next 24 months. That gives the big Silicon Valley tech giants enough lead time to start fixing what they can now before they are forced to do so by regulators.