Data has been termed as “the oil of the digital era” by the Economist, fueling the digital economy and driving growth in the information age. Voluminous social, machine and transactional data sets are being generated at an exponential rate every day as big data emerges as a valuable economic resource. The avenue of analysis and subsequent insights it offers aids research as well as optimizes business operations. It is the key to cracking competition in the age of the internet and more and more enterprises have come to realize the same. Data science and analysis jobs are the hottest jobs in the market and the demand for coding and technical skills is on the rise. It is evident that the data economy is nurturing but is its growth equitable? 

GAFAM: The Feared Five

Google, Apple, Facebook, Amazon, Microsoft(GAFAM) controls a massive share of the tech industry and has a combined market capitalization of approximately USD 7.2 trillion. The EU countries have a combined nominal GDP of USD 17.4 trillion which is only 2.5 times that of the big five’s worth. The economic power and political influence of these companies in the 21st century have become an increasingly worrisome issue. Due to their immense customer base and subsequent data control, these companies have emerged as a threat to fair competition.

These firms have been found guilty of breaching antitrust practices. Google has been fined for an overall sum of $9.4 billion by the EU in three antitrust cases between 2017-2019. It abused its dominance in search to advantage its own product over competitors, favored its services in Android and in online advertising. Besides these, it is also currently facing three government lawsuits in the US itself, filed in the last quarter of 2020 accusing it of engaging in anti-competitive behavior to maintain its search and search advertising monopolies. Microsoft has faced a similar lawsuit against the US government in 1998 for maintaining a monopoly in the personal computer market.  Apple was fined $1.2 billion by the French antitrust authorities for the creation of cartels within its distribution network and abusing the economic dependence of its outside resellers. 

Besides antitrust, given the lack of property rights in the data domain, there have also been multiple instances of privacy violations by the tech giants. The Facebook–Cambridge Analytica data scandal was an instance that called for privacy protection when Cambridge Analytica- a British political consulting firm used Facebook user data to influence the 2016 US presidential elections as well as Brexit. The tech giants generate enormous amounts of data via their products and services. The access and control over this big data allow them to use algorithms to optimize services provided and innovate as well, thereby stifling competition and reiterating their dominant position in the market.

Privacy Puzzle: How to regulate?

Given the privacy concerns and market violations in the data space, the governments have now started to draft laws and legislations to regulate the data economy. This exercise however is not easy as data is intangible and it is, therefore, hard to track any misuse. Furthermore, data is collected and moved freely across borders and so its regulation is not constrained to the resident country but also involves several other countries where the product/service is provided. 

The EU in its attempt to digitally protect its citizens rolled out what it claims to be the toughest privacy and security law in the world –  General Data Protection Regulation (GDPR). Effective May 25, 2018, GDPR aims to regulate the processing of personal data of individuals located in the European Economic Area. It provides greater control of their own data to the individuals and also incorporates heavy penalties in case of non-compliance.  Other countries have followed suit.  California Consumer Privacy Act(CCPA) is a statewide law that came into effect in January 2020, providing California citizens more control over the personal information that businesses collect about them. It has many provisions similar to GDPR. Brazil’s Lei Geral de Proteção de Dados (or LGPD), which took effect in September 2020 provides a comprehensive framework regulating the use and processing of personal data within the country. While GDPR and LGPD agree on similar basics, the fines for non-compliance are less severe under LGPD. A growing number of countries are also drafting the necessary legislation for the protection of their citizens against the possible threats of the data economy. Besides data protection laws, governments are also employing other tools such as taxes to keep tech giants in check. In 2019, France imposed a GAFA tax which imposes a 3 percent tax on digital advertising and other revenues of tech firms with worldwide revenues of more than 750 million euros. Termed as the “tax of the 21 century” by the French Finance minister, it brought in 400 million euros in 2019 to the French budget. 

The Indian Network

Data privacy protection legislation in India is still in the infancy stage. India recognizes the right to privacy and also amended the right to compensation for improper disclosure of personal information in the Information Technology Act (2000). India does not have a regulatory body dedicated to data protection as of now, however, the Ministry of Electronics and Information Technology is responsible for monitoring the IT Act. Given the population and increasing internet penetration in the country, India can be viewed as a top destination for data generation. What is needed is that the digital growth of India is accompanied by laws that protect the privacy of vulnerable citizens. For this purpose, the Government of India constituted a committee to propose a draft statute on data protection which served as the basis for Personal Data Protection Bill 2019 (PDPB) proposed in Parliament in December 2019. PDPB is currently under consideration by a Joint Parliamentary Committee (JPC). Besides proposing the setting up of the Data Protection Authority of India, the bill is set to apply to people in India but also to foreign businesses involved in the offering of goods or services to individuals in India or the profiling of individuals in India. There are certain concerns regarding the bill as it has heavy involvement and scope of discretion on the part of the central government and it, therefore, grants a blanket exemption to agencies of the central government. Hence, the bill needs to be revised in this regard before passing to avoid misuse of citizen data by the government itself.

Conclusion

While the digital age opens new avenues of growth and innovation, it is accompanied by its own threats. A balanced and accountable system of regulation is required to aid the growth of the data economy. Data literacy of citizens needs to be encouraged and it must be ensured that companies are supported in the transition of their operations to comply with privacy-friendly policies. 

Shalu is a second-year Master’s student at Ashoka University.