Why APIs Should Be Regulated
Data audits may be helpful in maintaining balance between data-rich and data-poor companies.
Competing With Data & Analytics
Alphabet, Apple, Facebook, Amazon, Alibaba, Tencent, and Baidu are today’s digital titans: Their services accelerate innovation and enable new business models, but also create expansive data empires that allow them to control and shape the digital world. Given their rapid growth and dominance, concerned citizens and regulators in Western markets are asking: How should these digital titans be regulated?
The need for regulation is clear: among Western companies, at least 79% of the American public uses Facebook. Similarly, Google accounts for 90% of search traffic. With access to large volumes of user data, these companies are able to create fine-grained, multidimensional views — what we call digital replicas — of consumers that pose several challenges to society’s stakeholders:
- For consumers, use of these digital replicas by the digital titans and third parties compromises individual privacy.
- For regulators, these digital replicas are impossible to monitor and track.
- For service providers, titans control access to consumers and act as a “competitive bottleneck” to their ability to reach millions of customers.
- For competitors, digital replicas create unfair hurdles that tilt the playing field toward companies with the most data and limit competitors’ access to data.
To address these issues, regulators need to focus not only on market dominance, but also on data dominance — specifically, how these companies integrate the vast quantities of data to which they have access and how they share their data or insights with third parties. Given the broad consequences of digital titans’ unbridled behavior, we need sweeping regulatory reforms.
Models already exist for the kind of regulatory schemes we need. The EU’s General Data Protection Regulation (GDPR), which aims to protect EU citizens from privacy and data breaches, regulates all organizations collecting data on EU consumers, issuing guidelines and rules on how these companies should protect privacy. Other models include the current U.S. system for monitoring the use of medical records (HIPAA), and the central bank’s system for tracking regional banks. Reforms of this magnitude — that are practically feasible — need corresponding infrastructures and investments to implement policies and regulations.
We argue that data audits are one of the best tools available to regulators for reining in the influence of these companies, improving transparency, and leveling the playing field for other companies.