[ad_1]
The company appears not to know the full extent of what its systems do with users’ data. That could be a problem.
For all the difficulties that Meta Platforms Inc. is going through with declining ad revenues, higher costs related to its risky investment in the metaverse and its first major restructuring, the company has been relatively lucky with privacy regulators.
It has avoided the most detrimental fines under Europe’s main privacy law, known as the General Data Protection Regulation or GDPR, despite making billions of dollars from being one of the world’s biggest processors of personal data. But that luck may be about to run out. Meta looks like it could struggle to comply with the European Union’s upcoming antitrust law, which prohibits data combination and reuse.
In a recent court case related to Facebook’s Cambridge Analytica scandal(1), parent company Meta was unable to satisfy a request by a court-appointed special master to produce information about 149 of its internal data systems. Specifically, the special master wanted details on the functions of those systems, and how they were used by other business units in the company. Meta effectively replied it couldn’t provide that information to the court. In other words, its own engineers appeared unaware of the full extent of user data that it held in what appeared to be a Byzantine network of different systems.
If that’s still the case two years from now, Meta could be in serious trouble with European regulators. With its upcoming Digital Markets Act (DMA), the EU will ban large internet platforms like Facebook from combining and reusing data, or using data from one part of their business to bolster another. The goal is to lower barriers to entry for other companies that struggle to compete with firms that have amassed mountains of user data to create dominant advertising businesses.
The DMA, which went into force on Nov. 1 and whose rules will apply from May 2, 2023(2), could essentially bolster the EU’s relatively unsuccessful privacy efforts against Big Tech.
Meta spokesman Andy Stone said the company was making “significant investments to meet our privacy commitments and obligations, including extensive data controls.” He added that Meta would be working with European regulators to comply with the new rules.
Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, conducted the original research on the court documents, which he says offer a rare insight into what Facebook knows about its own data processing. The documents are now the basis of a letter of warning he is sending to EU antitrust chief Margrethe Vestager, whose office is responsible for enforcing the upcoming DMA. “Meta’s data free-for-all makes compliance with the [DMA] impossible for the tech giant,” Ryan said.
Of course, the company still has time to get its house in order. Companies that fail to comply with the DMA’s 22 conduct rules(3) face major financial penalties, including fines of up to 10% of their global revenue in the case of a one-off infringement. Repeat offenses will see fines go up to 20%.
It’s perhaps unsurprising that a company of Meta’s size might not know the full extent of what user information it has. The documents released in discovery during the court case listed a word salad of different data systems that Meta presides over, with names like Hive, TAO (which stands for The Associated Objects), FBLearner and F3 (which stands for Facebook Feature Framework). They seem to have a complex array of roles, according to the documents and Ryan’s analysis, not only as databases but also as so-called “abstraction layers.” So complex is their interaction that one engineer cited in the court documents said the data might not be possible for humans to understand.(4)
Meta spokesman Stone said that “no single company engineer can answer every question about where each piece of user information is stored.”
But Anne Witt, an antitrust scholar with EDHEC Business School, said Ryan’s complaint held weight if Meta failed to improve its visibility into its own myriad data systems. She pointed out that his approach was similar to that of Germany’s antitrust regulators, who in 2019 used competition law to stop Facebook from imposing excessive data collection terms on consumers. It was a controversial case but novel in its approach and has been so far successful, being upheld by Germany’s Federal Court of Justice after an appeal by Facebook. The European Court of Justice looks likely to uphold it too.
There is one big caveat, though: Large online platforms like Facebook and Google are widely expected to push back on the EU’s labelling of themselves as “gatekeepers,” in appeals that could delay the DMA’s rollout further. If Facebook loses a significant share of the ad market to TikTok and others over the next two years, and sees its sales further eroded by Apple’s privacy update for iPhones, that could help it argue that it isn’t as dominant as the EU says it is. That creates a (small) chance that it can avoid dealing with these more robust regulations down the line.
Avoiding all that new regulatory scrutiny would be a silver lining. Still, given how long Meta has been in the EU’s crosshairs till now, it probably won’t get off that easy.
(1) The original complaint alleges that Facebook broke the law when it enabled third parties, like the consulting firm Cambridge Analytica, to access users personal content and information without their permission.
(2) Although the DMA’s rules will technically apply from May 2023, they likely won’t have their full impact on tech giants until around 2024 or even 2025. This is because they are expected to argue in court against the EU’s labelling of them as ‘gatekeepers,’ and thus subject to the Digital Markets Act. They will almost certainly lose these cases, but it will allow them the benefit of kicking the can down the road.
(3) The 22 conduct rules are in Articles 5-7 of the DMA.
(4) Page 575 of one of the court filings.
[ad_2]
Source link