Predictable Externalities Department
It wasn’t supposed to be that way.
(Cross posted from Searchblog)
It’s only fitting that today, May 25, marks my return to writing here on Searchblog, after a long absence largely driven by the launch of Shift NewCo as a publication on Medium over two years ago. Since then, Medium has depreciated its support for posts (and ditched its original advertising model), and I’ve soured even more sour than usual on “platforms”, be they well-intentioned (as I think). than Medium is) or indifferent and fundamentally bad. for posting (as I think Facebook is).
So when I finally sat down to write something today, a deep-rooted but rusty habit reappeared. For the past couple of years, I opened a clean blank page in Medium to write an essay, but today I find myself coding sentences again in the backend of my WordPress site.
Searchblog has been active for 15 years, almost always in the Internet age. It looks tired and crisp and overgrown, but it still stands, and soon it will be completely rebuilt, thanks to the folks at WordPress. I will also move Shift NewCo to a WordPress site – we will maintain our presence on Medium primarily as a distribution point, which in my opinion is good for all “platforms” when it comes to publishers.
So why is today a good day to return to the open web as the primary medium for writing? Well, May 25 is the day the European Union’s General Data Protection Regulation (GDPR) comes into effect. It’s more likely than not that one of my readers already knows all about GDPR, but for those who don’t, it’s the most important new data regulatory framework in recent history. Not only do all businesses that deal with an EU citizen have to comply with the GDPR, but most of the big internet companies (like Google, Facebook, etc.) have already announced their intention to export the “spirit” of the GDPR to all of their customers, regardless of their physical location. Since most governments still don’t know how to view data as a social or legal asset, GDPR is arguably the most important new social contract between consumers, businesses, and government in internet history. And so as not to bury the lead here, I think it stinks for almost every internet company except the biggest.
It’s a pretty general statement, and I’m not ready to defend it fully today, but I want to explain why I came to this conclusion. Before doing so, however, it’s worth laying out the basics of GDPR.
First and foremost, the legislation is a response to what many call “surveillance capitalism,” a business model driven largely (but not entirely) by the rise of digital marketing. The grievance is familiar: Businesses and governments collect too much data on consumers and citizens, often without our express consent. Our privacy and our “right to be left alone” are at risk. While we’ve been collectively wringing our hands on this for years (I started thinking about “the database of intentions” in 2001, and proposed a “Data Bill of Rights” in 2007) It was Europe, with its particular history and sensitivities, that ultimately took meaningful and definitive action.
While surveillance capitalism is best understood as a living system – an ecosystem made up of many different actors – there are essentially three main actors when it comes to collecting and exploiting personal data. First there are the Internet giants, companies like Amazon, Google, Netflix and Facebook. These companies are loved by most consumers and are almost entirely driven by their ability to turn their customers’ actions into data that they leverage at scale to fuel their business models. These companies are best understood as “Large-scale First parts”- they have a direct relationship with their customers, and because we depend on their services, they can easily obtain our consent to use our data. Ben Thompson calls these actors “aggregators” – they have aggregated powerful first-party relationships with hundreds of millions, if not billions of consumers.
The second group is made up of thousands of adtech players, notably visualized in the various Lumascapes. These are companies that have grown out of the tangled and mostly open mess of the World Wide Web, primarily serving the digital advertising industry. They collect data on consumer behaviors on the internet and sell that data to marketers in surprisingly varied and complex ways. Most of these companies do not have a “first party” relationship with consumers, instead they are “”third”- they collect their data by securing relationships with first subscale parts like publishers and app creators. This whole ecosystem lives in a difficult and increasingly weak position compared to early large-scale parties like Google and Facebook, which have unquestionably consolidated their power in the digital advertising market.
Now, some say that companies like Netflix, Amazon and Apple are not driven by an advertising model, and are therefore exempt from the negative externalities incumbent on players like Facebook and Google. To that point, I kindly remind the reader: All large-scale “first party” businesses leverage personal data to run their businesses, whether or not they have “advertising” as their primary source of revenue. And there are a lot of externalities, whether positive or negative, that arise when businesses use data, processing power, and algorithms to figure out what you might or might not experience with their services.
The third major player in all of this, of course, are the Governments. Governments collect a ton of data on their citizens, but despite our fantasies about the U.S. intelligence apparatus, they aren’t as good at mining that data as private and third-party companies. In fact, most governments rely heavily on businesses to make sense of the data they control. This interaction is a story in itself, and I’m sure I’ll come back to it later. Suffice to say that governments, especially democratic governments, operate in a highly regulated environment when it comes to how they can use their citizens’ data.
Everything has changed with the GDPR, which came into effect today. There are seven principles stated by the regulatory body responsible for enforcement, covering fairness, use, storage, accuracy, liability, etc. This is all important, but I won’t go into detail in this article (it’s getting long already, after all). What really matters is this: the intention of the GDPR is to protect the privacy and rights of consumers against surveillance capitalism. But the reality of GDPR, as with almost all radical regulations, is that it favors large-scale first parties, who can easily obtain the “consent” of the billions of consumers who use their services, and this significantly threatens the sub- first scale and third ecosystem, which have tenuous or ephemeral relationships with the consumers they serve indirectly.
In other words: you are very likely to click “I agree” or “Yes” when a GDPR form is placed between you and your next Facebook dopamine shot. It’s highly unlikely that you’ll do the same when a small publisher asks for your consent through what looks like spam email.
A prime example of this power imbalance in action: Facebook kicked third-party data providers from its platform in the wake of the Cambridge Analytica scandal, conveniently using GDPR as an excuse to consolidate its power as a first party on a large scale. (I wrote about this at length here). In short: Because they have the scale, resources, and first-party relationships in place, large-scale first-party businesses can leverage GDPR to increase their power and further protect their businesses from more competitive competitors. small. The innovation ecosystem is losing and the technological oligarchy is getting stronger.
I have long argued that walled garden aggregators are terrible for innovation. They starve the open web of the currencies most critical to growth: data, attention, and revenue. In fact, almost all of the “innovators” on the open web are under the sway of Amazon, Facebook, Apple, and / or Google in one way or another – they depend on it for advertising services, for advertising. electronic commerce, for data processing, for distribution, and / or for actual income.
In another round of posts, I intend to dig into what we could do about this. But now that the first feedback has arrived, it’s clear that the GDPR, while well-intentioned, has already generated a massive and unexpected externality: instead of limiting the reach of the most powerful players operating in the data world, it has in fact achieves the opposite effect.