Privacy

Should You Be Able To Leave Facebook With All of Your Connections?

When online privacy faces off against portability

|

For all the apparent consensus about the need for action, the most striking feature of the "techlash" is how little agreement there is on the nature of the problem. Consider some of the complaints about just one company: that Facebook is a monopoly, that Facebook and Facebook-owned Instagram are addictive, that Facebook is making us miserable, that Facebook cannot be trusted with our data, that Facebook is unjustly profiting off our data, that Facebook has a left-wing bias, that Facebook has a right-wing bias, and that Facebook explains the election of Donald Trump.

Muddling matters further, the advocates of decisive action—say, breaking up Facebook—often invoke problems that their preferred solution would do nothing to address. Worse still: In many cases, trying to solve one problem will make another worse.

Consider the choice between prioritising privacy protection and allowing competition and innovation on the other. Internet companies' misuse of personal data is often bundled together with complaints about monopoly power —privacy looms large in Facebook co-founder Chris Hughes's case for breaking up the social media company, for example — but the two aren't as connected as you might think. It's possible to imagine an internet where strict rules closely guard data about our lives. It's also possible to imagine an internet that is more open, more dynamic, and therefore a more hostile place for monopolists keen to limit competition and erect barriers to entry. But it is difficult to imagine an internet that is both. 

This tension is most apparent when it comes to data portability, the subject of a recent Facebook White Paper. For some of the most prominent voices calling for action on big tech, it's essential to make it easier for people to move their data from one platform to another. More generally, the logic of the popular refrain that it is your data is that you should be able to do what you want with that data. But almost by definition, more portable data means less security. The E.U.'s extensive General Data Protection Regulation (GDPR) rules, which came into effect last year, include a "right to data portability." Exactly what that right entails, and who it can be claimed against, remains unclear.

Professor Luigi Zingales, an economist at the University of Chicago, has argued for something more extensive: a right not just to your data, but to your "social graph"—a record of all your social connections online. That would make it easy for Facebook users to move to a new social network, boosting competition and counteracting the network effects that help put the tech giant in such a position of strength. Here's how Zingales and his colleague Guy Rolnik explain it: "If we owned our own social graph, we could sign into a Facebook competitor—call it MyBook—and, through that network, instantly reroute all our Facebook friends' messages to MyBook, as we reroute a phone call. If I can reach my Facebook friends through a different social network and vice versa, I am more likely to try new social networks. Knowing they can attract existing Facebook customers, new social networks will emerge, restoring the benefit of competition."

Yet it was a more limited form of this openness, albeit for developers and at the discretion of Facebook, that led to the biggest scandal in the firm's history—or at least its biggest fine. Access to users' social graph was what made the Cambridge Analytica breach possible, and it set in motion a series of events that ended with a $5 billion penalty for the tech giant. Keen to be seen to have responded decisively to the Cambridge Analytica scandal, Facebook has since tightened access. Leading researchers have complained that the move has hampered research into social networks, reduced Facebook's accountability for its actions, and—most importantly for this discussion—secured the firm's market position. "Contrary to popular belief," writes Axel Bruns, the president of the Association of Internet Researchers, "these changes are as much about strengthening Facebook's business model of data control as they are about actually improving data privacy for users." 

If you are a citizen of an E.U. member state and you want the right to export your social graph, don't hold your breath. GDPR may give you a right to data portability, but anything more extensive would likely be in breach of your online acquaintances' newly strengthened privacy rights. Whether or not it is the solution Zingales argues it is, European regulators have decided that privacy is more important.

Indeed, it has been more than a year since GDPR came into effect and the impact on online openness and innovation in Europe has been stark. One study found that the law caused the venture capital invested in E.U. startups to fall by as much as 50 percent. The reach of Google's third-party ad and data tracking services has actually increased, and Facebook's has declined only slightly; the smallest companies have taken a hit of more than 30 percent. In one survey, 55 percent of respondents said they had worked on deals that fell apart because of concerns about a target company's compliance with GDPR. 

Far from being a decisive blow against big tech, the legislation so far appears to have cemented the tech giants' dominant market positions. Some techlash.