Take a fresh look at your lifestyle.

- Advertisement -

Analysis | Meta gives regulators a new reason to bite


Despite all the difficulties Meta Platforms Inc. going through declining ad revenues, higher costs associated with its risky investment in the metaverse, and its first major restructuring, the company has been relatively lucky with privacy regulators.

It has avoided some of the most damaging fines under Europe’s most important privacy law, known as the General Data Protection Regulation, or GDPR, despite making billions of dollars from being one of the world’s largest processors of personal data. But that luck may run out. Meta appears to be struggling to comply with the forthcoming European Union antitrust law, which prohibits combining and reusing data.

In a recent lawsuit related to Facebook’s Cambridge Analytica scandal(1), parent company Meta failed to comply with a request from a court-appointed special master to provide information on 149 of its internal data systems. In particular, the special master wanted details about the functions of those systems and how they were used by other business units in the company. Meta effectively replied that it could not provide that information to the court. In other words, its own engineers seemed unaware of the full extent of user data it held in what appeared to be a Byzantine network of various systems.

If that is still the case two years from now, Meta could be in serious trouble with European regulators. With the forthcoming Digital Markets Act (DMA), the EU will ban major internet platforms such as Facebook from combining and reusing data, or from using data from one part of their business to strengthen another. The goal is to lower barriers to entry for other companies struggling to compete with companies that have accumulated mountains of user data to create dominant advertising companies.

The DMA, which entered into force on November 1 and whose rules apply from May 2, 2023(2), could essentially bolster the EU’s relatively unsuccessful privacy efforts against Big Tech.

Meta spokesperson Andy Stone said the company has made “significant investments to comply with our privacy commitments and obligations, including extensive data controls.” He added that Meta would work with European regulators to comply with the new rules.

Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, conducted the original investigation into the court documents, which he says provide a rare insight into what Facebook knows about its own data processing. The documents now form the basis of a warning letter he is sending to EU antitrust chief Margrethe Vestager, whose office is responsible for enforcing the upcoming DMA. “Meta data is free for everyone and compliant [DMA] impossible for the tech giant,” Ryan said.

Of course, the company still has time to put things in order. Companies that fail to comply with the 22 rules of conduct of the DMA(3) face severe financial penalties, including fines of up to 10% of their global turnover in the event of a one-time breach. Repeated violations can lead to fines of up to 20%.

Perhaps unsurprisingly, a company of Meta’s size might not know the full extent of the user information it has. The documents released on discovery during the lawsuit contain a word salad of various data systems that Meta presides over, including names such as Hive, TAO (which stands for The Associated Objects), FBLearner, and F3 (which stands for Facebook Feature Framework). According to the documents and Ryan’s analysis, they seem to have a complex set of roles, not just as databases but also as so-called “layers of abstraction.” Their interaction is so complex that an engineer cited in the court documents said the data may not be understandable by humans.(4)

Meta spokesperson Stone said that “no company engineer can answer every question about where every piece of user information is stored.”

But Anne Witt, an antitrust scholar at EDHEC Business School, said Ryan’s complaint would carry weight if Meta failed to improve its visibility across its own myriad data systems. She pointed out that his approach was similar to that of Germany’s antitrust regulators, who in 2019 used competition law to prevent Facebook from imposing excessive data collection conditions on consumers. It was a controversial case, but new in its approach and successful so far, and was upheld by the German Federal Court of Justice following an appeal by Facebook. The European Court of Justice seems likely to confirm it as well.

However, there is one big caveat: major online platforms such as Facebook and Google are widely expected to push back the EU’s labeling of itself as “gatekeepers” in appeals that could further delay the rollout of the DMA. If Facebook loses a significant share of the advertising market to TikTok and others over the next two years, and sees its sales drop further from Apple’s privacy update for iPhones, that could help argue that it’s not as dominant as the EU says it is. is. This creates a (small) chance that it will be able to deal with these more robust regulations later on.

Avoiding all that new regulatory oversight would be a silver lining. But given how long Meta has been in the crosshairs of the EU so far, it probably won’t get off that easily.

More from Bloomberg’s opinion:

• FTX hammers more nails into Crypto’s coffin: Lionel Laurent

• Musk’s latest move on Twitter can only lead to lower ad revenue: Parmy Olson

• Apple’s move to US chips is as much about marketing as it is about technology: Tim Culpan

(1) The original complaint alleges that Facebook broke the law when it allowed third parties, such as the consulting firm Cambridge Analytica, to access users’ personal content and information without their consent.

(2) While the rules of the DMA will technically apply from May 2023, they probably won’t have their full impact on tech giants until around 2024 or even 2025. “gatekeepers”, and thus subject to the Digital Markets Act. They will almost certainly lose these cases, but it will give them the advantage of kicking the can down the road.

(3) The 22 Rules of Conduct are contained in Articles 5-7 of the DMA.

(4) Page 575 of one of the court documents.

This column does not necessarily reflect the views of the editors or Bloomberg LP and its owners.

Parmy Olson is a Bloomberg Opinion columnist on technology. She is a former reporter for the Wall Street Journal and Forbes and author of “We Are Anonymous.”

More stories like this are available at bloomberg.com/opinion

Leave A Reply

Your email address will not be published.