10 April 2018 (from the IJF in Perugia, Italy) – Later today and tomorrow, in front of live television audiences, Mark Zuckerberg takes the witness stand before two U.S. Congressional committees. Expect two things:
- Some Congressional Republicans (oh, and Democrats, too) are likely to put on a show for the audience
- Republicans are going to be looking for reasons not to have to regulate the tech companies
Because two mega-stories in media are hitting Washington at the same time, as well as tectonic shifts in the media landscape. Republicans are split. At the heart of the tension is:
- whether government should regulate tech companies (like Facebook), or
- deregulate legacy media companies (like Sinclair Broadcasting Group) to allow them to compete with tech companies
And the reason it matters is because passing any meaningful regulation of the tech companies usually takes consensus, and a split Republican Party would make consensus difficult. Bottom line: the Republicans are torn between their traditional philosophies of deregulation vs. the pressure to take tech regulation seriously in light of recent events.
So get the popcorn our and expect a show. Said my media buddy Jimmy Thule of AdAge who covers government regulation of the media space:
It’s a bit amusing. You have these Republican Senators like John Thune and John Kennedy screaming we need industry regulation because of what happened over the Cambridge Analytica scandal.
But they are not totally past the traditional conservative aversion to regulation – let alone convincing their colleagues on Capitol Hill and at the FCC.
And then you have Republican FCC Commissioner Michael O’Rielly who told executives at the National Association of Broadcasters annual meeting in Las Vegas that more new platforms means regulators “need to get out of the way” so everyone can “survive, thrive and compete in today’s and tomorrow’s competitive media marketplace.”
These are the issues, and ones we’ll be discussing at length here in Perugia. As I have written in previous posts, regulators are making moves that underscore just how fast the media industry is changing, putting pressure on Washington to make sure laws keep up.
But they are conflicted. The internet has generally been seen as a democratizing force for the flow of information by giving diverse voices more ways to reach Americans. But new technologies, like high-speed broadband and automation, have changed the way information reaches people on the internet. And while media businesses scramble to respond, Washington is split on what to do.
The key things to look for in the coming months (and we’ll have more detail after IJF):
1. The end result of the U.S. Justice Department suit to block AT&T’s takeover of Time Warner
2. The effects of the rollout of the FCC plan to repeal existing net neutrality rules
3. A major shift: legacy media is collapsing to tech. Traditional TV networks are suddenly competing for viewership with tech companies like Netflix, Amazon, Google and Facebook, that people only need an internet connection to access for a fraction of the cost. This makes must-have content that will attract audiences even more valuable.
4. A major shift: the pipes are merging with content. Internet service providers don’t want to be “dumb pipes” that just deliver the bits that power the internet.
5. Fear of discrimination. These media mergers are mostly taking place to get ahead of consumers’ migration to digital TV. But some worry that mergers could give deep-pocketed media conglomerates an unfair advantage over upstarts. If large companies own the content and the pipes to distribute it, they’ll have an incentive to speed up the delivery of their own digital streaming content at the expense of their rivals’.
And the GDPR? It’s all about “consent”, baby!
As I have noted in previous posts, based on attending several EU Data Protection Officer (DPO) summits, and the GDPR “think tanks” sponsored by IAPP, InfoSecurity Belgium and PrivacyInternational:
- Nobody really knows what’s going to happen when the clock strikes midnight on May 25th and the new EU General Data Protection Regulation (GDPR) comes into full effect
- DPOs have freely admitted they are understaffed to enforce this and it’s going to take a long while for regulatory authorities to conduct their investigations
- Expect regulators to target “symbolic cases” … and expect calls that such enforcement is arbitrary and unfair, and ripe for litigation
Up to now, the problem with GDPR is that most publishers (well, most companies in general) have seen this as an IT/administrative burden. They think the only thing they need to do is set up some databases and do some other “IT things” … and then redesign their privacy page. I was not seeing any real change to the way publishers used data, the business models they have that relied on data, or any consideration as to what impact this will have on their editorial strategies.
And let’s face it. Companies like Google and Facebook are perhaps those who have benefited the most from being able to collect data from multiple sources, so obviously they are doing everything they can to try to use every loophole GDPR has to offer. But the posture in the media industry has changed and many believe the “Holy Grail” will be consent. So I am starting to see very different outcomes. And if you look at the basic principles of GDPR (very, very simplified) #1 blares out:
- Everything must be consent based.
- You can only collect what is adequate, necessary, and not excessive in relation to the specific service you offer.
- People have the right to transparency.
- People have the right to be forgotten.
- IP addresses are also considered to be personal information.
Obviously, there are a lot of exceptions here, and different ways of defining things, especially the definition of consent which is not necessarily a “direct consent”.
But “consent” is the biggie. And that is where the actions of Google and Facebook come into play. Google is obviously one of the companies the EU will watch the most, so when Google looked at GDPR they basically came to the conclusion that there was no way around it without resulting in lengthy and likely very expensive legal fights. Fights that they would be attacked within the press, and that would also cause a drop in trust from their users.
So, Google has come to the same conclusion that I have, which is that they can’t do anything until they get “consent” and they are structuring that consent to be compliant with GDPR.
Yes, yes, yes. “Consent” is a mind-boggling term in this context. But this is a short post. And I am very aware every single media site you visit is still loading tons of 3rd party trackers. And most are still not asking people for consent, and in fact most companies seem to think they already have people’s consent. And when questioned about trackers, they just say: “We use 3rd party services, and we refer to their privacy statements.”
But those of us who have done the deep dive we know this doesn’t work under GDPR, because, as a publisher you are a data-controller, whereas all the 3rd party tools you use are the data-processors. And it’s the data-controller who is responsible for obtaining consent, for providing transparency, for giving people access to their data, and to make sure that all the data, regardless of where it is stored, is under your control.
So, there is a whole new reality, and I will have much, much more after the Festival on this use and implementation of “consent”.
Get out the popcorn out. Mark is on TV.