Is $170 million a big enough fine to stop Google privacy violations?

Another week has passed, and we have another story focusing on privacy violations at Google. This time it has cost the search giant $170 million, but is that anywhere near enough?

The Federal Trade Commission (FTC) has announced yet another fine for Google, this time the YouTube video platform has been caught breaking privacy rules. An investigation found YouTube had been collecting and processing personal data of children, without seeking permission from the individuals or parents.

“YouTube touted its popularity with children to prospective corporate clients,” said FTC Chairman Joe Simons. “Yet when it came to complying with COPPA [the Children’s Online Privacy Protection Act], the company refused to acknowledge that portions of its platform were clearly directed to kids. There’s no excuse for YouTube’s violations of the law.”

Once again, a prominent member of the Silicon Valley society has been caught flaunting privacy laws. The ‘act now, seek permission later’ attitude of the internet giants is on show and there doesn’t seem to be any evidence of these incredibly powerful and monstrously influential companies respecting laws or the privacy rights of users.

At some point, authorities are going to have to ask whether these companies will ever respect these rules on their own, or whether they have to be forced. If there is a carrot and stick approach, the stick has to be sharp, and we wonder whether it is anywhere near sharp enough. The question which we would like to pose here is whether $170 million is a large enough deterrent to ensure Google does something to respect the rules.

Privacy violations are nothing new when it comes to the internet. This is partly down to the fragrant attitude of those left in positions of responsibility, but also the inability for rule makers to keep pace with the eye-watering fast progress Silicon Valley is making.

In this example, rules have been introduced to hold Google accountable, however we do not believe the fine is anywhere near large enough to ensure action.

Taking 2018 revenues at Google, the $170 million fine represents 0.124% of the total revenues made across the year. Google made on average, $370 million per day, roughly $15 million per hour. It would take Google just over 11 hours and 20 minutes to pay off this fine.

Of course, what is worth taking into account is that these numbers are 12 months old. Looking at the most recent financial results, revenues increased 19% year-on-year for Q2 2019. Over the 91-day period ending June 30, Google made $38.9 billion, or $427 million a day, $17.8 million an hour. It would now take less than 10 hours to pay off the fine.

Fines are supposed to act as a deterrent, a call to action to avoid receiving another one. We question whether these numbers are relevant to Google and if the US should consider its own version of Europe’s General Data Protection Regulation (GDPR).

This is a course which would strike fear into the hearts of Silicon Valley’s leadership, as well as pretty much every other company which has any form of digital presence. It was hard work to become GDPR compliant, though it was necessary. Those who break the rules are now potentially exposed to a fine of €20 million or 3% of annual revenue. British Airways was recently fined £183 million for GDPR violations, a figure which represented 1.5% of total revenues due to co-operation from BA during the investigation and the fact it owned-up.

More importantly, European companies are now taking privacy, security and data protection very seriously, though the persistent presence of privacy violations in the US suggests a severe overhaul of the rules and punishments are required.

Of course, Google and YouTube have reacted to the news in the way you would imagine. The team has come, cap in hand, to explain the situation.

“We will also stop serving personalized ads on this content entirely, and some features will no longer be available on this type of content, like comments and notifications,” YouTube CEO Susan Wojcicki said in a statement following the fine.

“In order to identify content made for kids, creators will be required to tell us when their content falls in this category, and we’ll also use machine learning to find videos that clearly target young audiences, for example those that have an emphasis on kids characters, themes, toys, or games.”

The appropriate changes have been made to privacy policies and the way in which ads are served to children, though amazingly, the blog post does not feature the words ‘sorry’, ‘apology’, ‘wrong’ or ‘inappropriate’. There is no admission of fault, simply a statement that suggests they will be compliant with the rules.

We wonder how long it will be before Google will be caught breaking privacy rules again. Of course, Google is not alone here, if you cast the net wider to include everyone from Silicon Valley, we suspect there will be another incident, investigation or fine to report on next week.

Privacy rules are not acting as a deterrent nowadays. These companies have simply grown too large for the fines imposed by agencies to have a material impact. We suspect Google made much more than $170 million through the adverts served to children over this period. If the fine does not exceed the benefit, will the guilty party stop? Of course not, Google is designed to make money not serve the world.

FTC Chair kicks off race to tackle big tech before it’s too late

A race seems to be heating up in the US. On one side, government officials are looking to tackle the influence of big tech, and on the other, Silicon Valley is trying to make it as difficult as possible.

Speaking to the Financial Times, Chairman of the FTC Joseph Simons has stated he believes efforts from Facebook CEO Mark Zuckerberg to more intrinsically integrate the different platforms could seriously complicate his own investigation. Back in July, it was unveiled the FTC was conducting a probe to understand whether competition has been negatively impacted by the social media giant.

However, Facebook has gone on the offensive and Simons is clearly not thrilled about it.

“If they’re maintaining separate business structures and infrastructure, it’s much easier to have a divestiture in that circumstance than in where they’re completely enmeshed, and all the eggs are scrambled,” said Simons.

This is the issue which the FTC is facing; Facebook is more closely integrating the separate brands. From a commercial perspective, this will allow the social media giant to cross-pollinate the platforms, potentially increasing revenues and enhancing the data-analytics machine, though it will also make divestments much more difficult to enforce.

Looking across the big names in Silicon Valley, this is a common business practice. The commercial benefits are of course very obvious, but it could be viewed as a defensive strategy in preparation for any snooping from government agencies.

At Google, with the benefit of hindsight, some regulators and politicians might have wanted to have block the acquisitions of Android, YouTube or artificial intelligence firm DeepMind. These acquisitions have led Google to become one of the most influential companies on the planet, though it does appear regulators at the time did not have the vision to understand the long-term impact. Now the services are so deeply embedded and inter-twined it is perhaps unfeasible to consider divestments.

Amazon is another company some of these politicians would love to tackle, but how do you go about breaking-up such a complex business, where the moving parts are becoming increasingly reliant on each-other?

Going back almost two decades, this is not the first-time regulators have attempted to tackle an overly influential player. Thanks to dominance in the PC arena, Microsoft was deemed to be negatively influencing competition when it came to software and applications. Despite Microsoft being forced to settle the case with the Department of Justice in 2001, the concessions stopped far short of a company break-up.

As part of the settlement, Microsoft agreed to make it easier competitors to get their software more closely integrated with the Windows OS, by breaking the company into two separate units, one to produce the operating system, and one to produce other software components. This was a tough pill for Microsoft to swallow, but it was a favourable outcome for the internet giant.

One view on this outcome is that Microsoft managed to structure its business in such a way it became almost impossible to split-up. If the technology giants of today can learn some lessons from Microsoft, they might well be able to circumnavigate any aggression from the US government.

Although the FTC is stealing the headlines here, it is not the only party looking to tackle the influence of Silicon Valley.

The House Judiciary Committee’s subcommittee that deals with antitrust has already summoned Apple, Amazon, Facebook and Google to testify. This investigation is also looking at the potential negative impact these monstrously large companies are having on competition. A couple of weeks later, the Department of Justice also opened its own probe.

Of course, there are also posturing politicians who are aiming to plug for PR points by slamming Silicon Valley. This is a very popular strategy, with the likes of Virginia Senator Mark Warner and Presidential hopeful Elizabeth Warren taking a firm stance. President Trump has rarely been a friend of Silicon Valley either.

Another interest element to consider are the lawyers. Reports have emerged this morning to suggest as many as 20 State Attorney Generals will also be launching their own investigation. The threat of legal action could be very worrying for Silicon Valley, with a number of the lawyers already suggesting they do not like the way the digital economy is evolving, with the concentration of power one of the biggest problems.

The US has generally tolerated monopolies or an unreasonable concentration of power in economic verticals to a point, generally until infrastructure has been sorted, though the pain threshold might be getting to close. This has been seen with a break-up of Standard Oil’s monopoly, as well as splitting the Bell System, a corporation which was a monopoly in some regions for more than a century, into the Baby Bells across North America in the 1980s.

The internet giants will never publicly state they are participating in strategies which in-effect act as a hindrance to government agencies, but it must be a pleasant by-product. First and foremost, the internet giants will want to integrate different products and services for commercial reasons, operational efficiencies or increased revenues for example, however one eye will be cast on these investigations.

It does appear there is an arms race emerging. Government agencies and ambitious politicians are collecting ammunition for an assault on Silicon Valley, and the internet giants are shoring up defences to ensure a continuation of the status quo. This is a battle for power, and its one the US Government could very feasibly lose.

FTC hits Facebook with $5bn privacy fine

The Federal Trade Commission (FTC) has hit Facebook with a fine of $5 billion relating to numerous privacy violations over the last few years.

The fine itself, which is the largest ever imposed on any company for violating consumers’ privacy, will be accompanied by broad changes to its consumer privacy practices. The decision will also force Facebook to add in more decision-making capability on its privacy policies.

“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC Chairman Joe Simons.

“The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”

The accusations directed towards Facebook will sound very familiar. Whether it is using deceptive disclosures or secretive settings to disguise features and undermine privacy principles, or violation of previous commitments made to privacy in a 2012 FTC Order and dubious data-sharing relationships with third-parties, Facebook is facing a massive disruption to the way it manages data and approaches user privacy.

Looking at the changes Facebook will have to make, CEO Mark Zuckerberg is no-longer allowed to be the single decision maker for privacy policies, a position which was ridiculous in the first place. Facebook will also be forced to appoint an ‘independent privacy committee’ to ensure a position which is consistent with society’s expectations.

Privacy policies will filter down through the organization, theoretically, through the appointment of Compliance Officers. Another condition set upon Facebook is granting more powers to independent third-party assessors, who will conduct privacy orders every other year.

There are numerous other orders placed on Facebook as part of the negotiation between the FTC and the social media giant, including:

  • Facebook must exercise greater oversight over third-party apps
  • Phone numbers obtained to enable a security feature cannot be used in advertising mechanisms
  • Facebook must provide clear and conspicuous notice of its use of facial recognition technology
  • Facebook must encrypt user passwords and regularly audit security systems

While many of these demands from the FTC might be considered as business practise in today’s privacy conscious world, they are likely to cause a disruption for Facebook internally.

“After months of negotiations, we’ve reached an agreement with the Federal Trade Commission that provides a comprehensive new framework for protecting people’s privacy and the information they give us,” said Facebook General Counsel Colin Stretch.

“The agreement will require a fundamental shift in the way we approach our work and it will place additional responsibility on people building our products at every level of the company. It will mark a sharper turn toward privacy, on a different scale than anything we’ve done in the past.”

Although it is an incredibly steep fine for Facebook to stomach, we suspect it won’t bother the bean counters than much. Facebook is a money-making machine, and this will soon enough be nothing more than a minor blip. The disruption to its finely-tuned advertising machine will be more of an issue, but it could work in Facebook’s favour.

Facebook is being forced to be more transparent and treat privacy principles with respect. Left to its own fate, the social media giant probably wouldn’t have taken such drastic measures to disrupt itself. However, being forced into these changes could earn Facebook trust and credibility points in the eyes of the consumer.

If Facebook owns this punishment, while shouting and screaming about the changes it is making to become compliant with the order, it could swing public favour back onto its side. Facebook needs to present itself as a privacy conscious organization and this is a perfect opportunity to do so.

FTC launches investigation for privacy practices in US

The Federal Trade Commission (FTC) has issued orders to seven US broadband providers seeking non-public information to assess privacy practises.

Although this investigation is relatively broad, this might be another attempt from the US Government to get a handle on the privacy practices of the fast-evolving digital economy. Several scandals over the last 18 months have demonstrated current rules are not fit for purpose, containing too many loopholes and inadequately governing an industry which has progressed beyond the reach of bureaucracy.

The FTC has been under pressure in recent months to get a better handle on the data machines which power the digital economy, bringing in billions for the likes of Amazon and Google, but increasingly the telcos. While many fingers have been pointed at the residents of Silicon Valley, the telcos have been making money through the transfer of personal information also.

This investigation is an important step forward in creating a better understanding of the data and sharing economy, a foundation to create resilient and future-proof regulations. Some might suggest this sort of investigation should have happened years ago, but hindsight is always 20/20; who would have predicted the scale of scandals we have witnessed recently.

AT&T, AT&T Mobility, Comcast Cable Communications, Google Fiber, T-Mobile US, Verizon, and Cellco Partnership are the firms which have received the demands.

As part of the investigation, the FTC is requesting:

  • The categories of personal information collected about consumers or their devices
  • Purpose of collecting data for each of the categories
  • Methods of collecting the data
  • Policies for employees to access this data
  • Retention policies
  • What information is transferred to third-parties
  • How the data is the information is aggregated, anonymized or deidentified
  • Disclosures to customers about data collection and transfer to third-parties
  • What choices are offered to the customer
  • How accessible personal data is to the customer

As you can see, this is an incredibly broad and in-depth request, with a lot of the information being non-public. Many of the telcos who have been sent the orders will be uncomfortable releasing this information, though they’ll have no choice.

Although this is a good first step for the FTC, we would hope the investigation is broadened further in the future. More information and insight needs to be collected from the OTTs, the masters of manipulating the data-sharing economy. The telcos are small fish in this expedition, but it is progress.

All eyes from the data-sharing community will be keenly directed towards the FTC over the next couple of months. While this investigation is nothing more than a virtual pebble dropped into the digital pond for the moment, there is the potential for those ripples to grow into waves. This could be the first step towards major regulatory reform, an overdue revolution to gain a better handle on the wild-west internet economy.