Data privacy is currently a hot topic in the legal community. What few seem to be talking about, however, is the effect that the rapid consolidation among large companies in the big data industry has on consumer privacy. A coalition of four privacy advocates—the Center for Digital Democracy (CDD), U.S. PIRG, Consumer Watchdog, and Public Citizens—seeks to shift the focus of the public debate, as they recently outlined in a letter to FTC Chairwoman Edith Ramirez.

According to the coalition, the problem is that, in addition to competition concerns, mergers in the field of big data analytics are driven by “companies massing vast holdings of the key element that drives much of online commerce”—that is, detailed information regarding consumer behavior. This data includes, among other things, information on consumers’ finances, race, locations, retail sales, automobile purchases, and grocery-buying habits. The CDD’s executive director, Jeff Chester, attributes the proliferation of mergers to a “digital data arms race underway where companies are amassing powerful and detailed sets of information to track and target a consumer anywhere, anytime.”

The coalitions’ letter urges the FTC to impose more stringent review procedures for proposed mergers in this space, in light of the handling of the recent merger between Oracle and Datalogix. This transaction, according to Oracle, provided it with “the world’s most valuable data cloud” capable of detecting “consumer’s various identities across all devices, screens and channels” in an effort to “create a comprehensive consumer profile” consisting of each individual’s behavioral, social, and purchase data. Despite the massive consumer privacy concerns the merger posed, it was approved after just a three-week review by the Department of Justice. Thus, the groups contend the FTC, along with the newly-created Bureau of Consumer Financial Protection (CFPB), should intervene in future mergers between companies possessing vast troves of sensitive consumer data.

The FTC has previously taken notice of the push in big data analytics to predict consumers’ future behavior, particularly its impact on low-income consumers. Additionally, they have exhibited willingness to clarify and enforce companies’ obligations to protect the privacy of their users, as they did in the run up to Facebook’s acquisition of WhatsApp last year. Further, in 2011 they settled deception charges against Facebook by requiring them to acquire consumers’ affirmative consent prior to any change in their privacy settings moving forward. Still, it is unclear the exact extent of the FTC’s power to frustrate merger attempts on the basis of consumer privacy concerns. Though it possesses a broad mandate to investigate and prosecute cases of “unfair or deceptive acts or practices in or affecting commerce,” its authority to regulate business combinations that threaten consumer privacy is largely untested.

This is just one piece of the larger data privacy puzzle to keep your eye on in the months and years to follow. Regulators have little precedent on which to base policy that addresses these novel questions of law, thus we can expect regulatory efforts to proceed slowly. One thing is certain, society is quickly approaching an age where companies can know where we go, what we do, whom we see, what we want, what we think and what we say. As the president of Public Citizen, Rob Weissman, observed, “[t]here’s no reason for us to be racing toward a dystopian future of total surveillance.”

 

Kevin Saunders


 

Comments are closed.