By: Ian Tang, tech, media, and telecommunications analyst
October 2, 2022 – The average internet user today assumes, recognizes, and grudgingly resigns themselves to the fact that their activity is tracked across the web. However, Apple and Google are ushering in a new era where advocates, lawmakers, and regulators alike reframe how consumers think about “behavioral advertising” by rebranding those practices as much more ominous “commercial surveillance.” The shift has wide-ranging implications for companies and investors alike.
That trend is why, as important as the speculation on whether Congress can manage to establish rules of the road for privacy as one way to regulate Big Tech companies, Capstone is also paying close attention to how those consumer technology firms themselves will oversee the rest of the sector. While Congress tries year after year to adopt comprehensive privacy legislation—most recently with the American Data Privacy and Protection Act (ADPPA)— the decade-long impasse, a fight over a private right of action mechanism and state pre-emption, has persisted despite bipartisan support. In lieu of legislation, and in part creating more appetite for it, private actors have arguably made the biggest and most efficient moves in curtailing business practices that are falling out of favor, such as cross-app/website tracking, sometimes for their own gain. Their policies regarding consumer data are poised to change the concept of the open internet while simultaneously catalyzing a shift in strategy for stakeholders pushing for privacy reform.
Apple first assumed the role of de facto regulator by blocking third-party cookies in its Safari browser by default and instituting an opt-in authorization framework known as App Tracking Transparency (ATT) in iOS 14 (see “Tech and Telecom Weekly: Impact from SolarWinds Breach, Facebook and Apple Feud, Highly Competitive Spectrum Auction for 5G,” December 19, 2020). While Google is facing technical challenges implementing its own initiative to replace third-party cookies, the Privacy Sandbox, the direction of travel on the other major web browser and mobile platform are just as clear. Capstone has covered those developments in the “cookie wars” early on (see “Google’s ‘Privacy Sandbox’ Raises Specter of Post-Cookie World, a Looming Threat for High-Flying Adtechs LiveRamp, The Trade Desk, September 16, 2019).
We are experiencing the fruits of Apple and Google’s push into privacy “regulation.” Some estimates attribute $10 billion in economic losses in late 2021 for the largest social media platforms from Apple’s program alone. However, the implications are even broader as the attention to these tracking practices becomes mainstream.
Rather than blanket statements about the importance of privacy, advocates instead are painting a picture for consumers of the most problematic portion of that entire universe, one that is portrayed as abusive and pervasive. As a result, that phrase has resonated with internet users and regulators more strongly than the ridiculed cookie pop-ups on every website, or even the decades-long fight to codify so-called “consumer rights” that are seen in the European Union’s General Data Privacy Regulation (GDPR) and California’s Consumer Privacy Act (CCPA).
The confluence of awareness and understanding of this conduct is accelerating the threat to the ad-supported business models, as well as the fundamental way the internet works. And policymakers have taken notice. For example, based on that ongoing debate, the US Federal Trade Commission identified “commercial surveillance” and adopted the term as the primary area of interest in its initial rulemaking guidance this summer. The policies have also opened new vectors and logic for legal complaints. Consumers have filed class-action lawsuits against these practices, including claims that Meta Platform Inc.’s (META) Facebook violated Apple’s ATT and other legal complaints that re-frame the consumer harm as illegal “wiretapping.” The articulation of “commercial surveillance” is also giving rise to standards like the Global Privacy Control, which DuckDuckGo, Mozilla, and regulators in California are beginning to recognize as a valid method for consumers to exercise their opt-out rights.
Unlike Microsoft in the late 1990s and current criticisms against Apple’s App Store developer agreements, competition-related arguments against the new data-sharing restrictions, are trickier for politicians to quickly endorse. While the FTC does pose a question on whether initiatives like ATT that withhold identifiers are anti-competitive, policymakers are carefully treading in how they talk about these features even as Apple’s own advertising business experiences strong tailwinds at the expense of Facebook and Snap Inc. (SNAP). The concerns are beginning to percolate, fueled in large part by Facebook itself, but are often met with limited sympathy. Regardless of whether Congress’ effort to legislate a privacy framework will succeed or not, companies and investors alike should note the underappreciated risk to widely used behavioral targeting from the incremental victory advocates are achieving in centering the conversation on “commercial surveillance.”