Consumer Data in the Wake of COVID-19

“Contact Tracing” is a term used by the Centers for Disease Control (“CDC”) that means tracking the spread of COVID-19 in order to interrupt the virus’s transmission. (CDC, Contact Tracing – CDC’s Role and Approach). The upside of allowing big tech firms; Apple, Google, Microsoft, and Facebook, to track our location data is clear: when a person tests positive for COVID-19, those who have been in recent proximity to that person can be notified that they, too, should get tested. Such tracking would thus allow for swifter tracking of COVID-19 as it spreads person-to-person and disrupt its transmission. But it may also be important for consumers to wonder whether they can trust big tech to handle their location data with care.

In the 2009 CNBC documentary Inside the Mind of Google, then-CEO Eric Schmidt was asked whether consumers should trust Google with their most personal secrets. Schmidt replied, "if you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." The answer is not exactly reassuring for the company whose Android OS was starting to hit the mainstream on mobile phones. The answer is especially concerning when taking into account just how valuable consumer data can be to those with access.

For example, in January 2011, the World Economic Forum published a report on how personal data has become a new asset class. Meglena Kuneva, the then-Consumer Commissioner of the World Economic Forum, dubbed personal data “the new oil” and “new currency” of the digital world. (World Economic Forum, Personal Data: The Emergence of a New Asset Class). With unfettered access to this “new oil” in consumer data, a question that must be answered is what antitrust implications there might be to those firms earmarked to strike gold.

Unfortunately, consumer privacy is one area of antitrust law that has yet to take a foothold, as antitrust in the United States involves consumer’s relationships to prices and costs rather than consumer data and privacy. Rebel Oil Co., Inc. v. Atlantic Richfield Co., 51 F.3d 1421, 1433 (9th Cir. 1995). For example, in 2009, the Federal Trade Commission (“FTC”) spent eight months investigating antitrust concerns over Google’s acquisition of DoubleClick, a provider of logistical and information services for online advertising. (FTC, Statement). In its final letter explaining its cause for no-action, the FTC noted that while it did take “non-price attributes of competition” into account, including consumer privacy, it lacked authority to block the acquisition due to consumer privacy. Id. The FTC further concluded that consumer privacy concerns cannot provide the basis for intervening in a merger or acquisition. Id. The statement represents an example of how small a part consumer privacy plays in FTC inquiries, and why the non-factor should be given higher status.

However, the mishandling of consumer data has brought about consequences from another American regulator. The Federal Communications Commission (“FCC”) was responsible for assessing substantial fines on America’s four largest telecommunications firms (AT&T, Verizon, Sprint, and T-Mobile) for failing to protect consumers’ location data and subsequently selling that data to third parties. (FCC, Statement). So while consumer location data may have some protections from telecom firms, the tech firms outside the purview of the FCC do not have to adhere to the same precedent. And if consumer privacy concerns stay nothing more than a passing thought in an FTC investigation, those tech firms may never have to worry about protecting consumer data at all.

But consumer privacy concerns may have reached a new step in Germany’s equivalent of the FTC. In 2019, German competition regulator, Bundeskartellamt, blocked Facebook from combining user data from different sources, including WhatsApp and Instagram. (Bundeskartellamt, Statement). In its announcement, Bundeskartellamt stated that Facebook’s conduct constituted exploitative abuse on consumers, and that such abuses impede competition from those companies who may not have access to the same amount of user data Facebook does. Id.

The German regulator’s response invokes a precedent that consumer data does have anticompetitive implications, and allows consumer data to play a stronger role in anticompetitive inquiries. But the privacy and protection of consumer data in the United States has yet to have the same weight it’s given in Germany, and its why the FTC should consider redefining consumer data’s role in antitrust concerns. For now, consumers have little more than big tech’s word that their data will not be handled inappropriately. And unfortunately, turning down the prospect of money, despite its legal or moral implications, has not been common practice for big tech.

For example, in 2017, a leaked document demonstrated that Facebook, perhaps unbeknownst to the users its practices were targeted at, was preparing to sell data for micro-targeted advertisements aimed at psychologically vulnerable teen girls who used captions in social media posts such as “worthless,” “insecure,” “defeated,” and “anxious.” (Natasha Tiku, Wired).

As another example of big tech’s hubris, in 2002, Google had been disregarding copyright laws by scanning every book they could. (Rana Foroohar, Don’t Be Evil, 97, 98). The feat, if successful, would result in more online traffic for Google, and thus, more revenue. Id. Three years later, a team of publishers filed suit that ultimately ended in a settlement with Google agreeing to show only limited samples of books under copyright protection, but in exchange, Google became the exclusive seller of all digital copies of out-of-print books for the publishing houses. Id. While not an example of selling consumer data, the act by Google exemplifies a core tenant of tech giants: it is easier to ask for forgiveness than permission.

So, unless the FTC can propose and adopt new rules that truly protect consumer privacy and data, allowing big tech firms to access our location data remains an uncomfortable prospect, and appears even more uncomfortable in a post-COVID world. For the time being, consumer data hardly plays a part at all in FTC investigations, and without change, consumer data will be given the same weight given to it in the Google-DoubleClick FTC inquiry. Hypothetically, if big tech firms are allowed to access consumer location data for tracking COVID-19, and it is revealed years later that these firms improperly sold such data, what multi-billion-dollar fine will be sufficient to ease our anger? Whatever that fine may be, it likely will not be enough to discourage those firms from engaging in the same behavior once the waters have cooled.