Beware the Era of Financial Regulation and its Spillover onto Tech Companies

by on November 25, 2008 · 7 comments

Remember being in grade school when a classmate’s rabble rousing would ruin it for everybody, and the teacher would hold back the class from going to recess? The other students would moan and groan and justifiably feel that punishing the entire class for one person’s misdeeds was unfair. This is what I fear for the tech industry, due to the trouble-making of the financial crisis.

If politicians turn their gaze from the financial sector to tech in 2009, they will likely focus on the issue of personally identifiable information (PII) and privacy. And here’s why.

Now is a tenuous time for all markets.  Our politicians are looking to reassure Americans by regulating areas of the economy where there’s minimal regulation and a perceived lack of transparency. Rightly or wrongly, there’s a perceived lack of transparency in the collection and use of a user’s online data. And the following overarching trends and recent events could combine to further a pro-regulatory privacy agenda in 2009:

  • Criminal Abuse: The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Increasingly, identity thieves use online phishing scams to deceive consumers. Phishers and other online criminals exist because more and more of us are in the pond—we store and access our personal and sensitive data online.
  • Private Abuse: The lack of transparency surrounding the failed experiment with NebuAd’s deep packet inspection behavioral tracking by some ISPs.
  • Private Use: The collection of user information is at the center of the web-delivered content and social media that helps define the Web2.0 economy. According to the Interactive Advertising Bureau, Internet advertising revenues for the first six months of 2008 were $11.5 billion, a 15.2 percent increase over the first half of 2007. Search histories and stored cookie profiles help create a user dossier that ad companies use to display specific ads, and to help generate the more than $120 billion in online retail sales expected this year.
  • Market Power: The DOJ investigation of the Google and Yahoo deal based on the market power of Google creates a big brother stigma on all online data collection practices.

There’s already one organization that’s been recently formed to promote privacy regulation. It’s the Future of Privacy Forum, and its main goal is to advocate for “opt-in” mandates for the collection of user information.

For the IT and online industries to prevent regulatory spillover, Internet companies will need to continue to demonstrate a strong commitment to protecting the interests of our users. High-profile companies will need to take leadership roles.

Google is perhaps the most aggressive online company to capture and store user data. And despite its announcement that it will anonymize IP addresses on its server log after nine months instead of eighteen, Google has been reticent in disclosing how it shares and processes its user data. Only after threatened regulatory action in California did Google even give prominence to its privacy policy by placing a link to it on its home page.

This does not make Google evil (as Jim Harper recently debated), but regulators will first judge online companies by the practices of its champions, and I fear that Google will not give policymakers the confidence they need. Over the next year, you better believe that Congress, state legislatures, and federal and state attorneys generals will be emboldened by the financial industry’s crisis.  And what’s bad for Google is bad for the gander—given today’s economic climate, the regulatory hammer could fall hard on Google, Yahoo, Microsoft and ripple throughout the Internet and IT industry.

Previous post:

Next post: