Another Report Shows The GDPR Benefited Google And Facebook, And Hurt Everyone Else
from the it's-not-like-we-didn't-warn-you dept
We warned folks that these big attempts to "regulate" the internet as a way to "punish" Google and Facebook would only help those companies. Last fall, about six months into the GDPR, we noted that there appeared to be one big winner from the law: Google. And now, the Wall Street Journal notes that it's increasingly looking like Facebook and Google have grown thanks to the GDPR, while the competition has been wiped out.
“GDPR has tended to hand power to the big platforms because they have the ability to collect and process the data,” says Mark Read, CEO of advertising giant WPP PLC. It has “entrenched the interests of the incumbent, and made it harder for smaller ad-tech companies, who ironically tend to be European.”
So, great work, EU. In your hatred for the big US internet companies, you handed them the market, while destroying the local European companies.
In 2018, both appeared to have outgrown the digital advertising market in the region, according to a comparison of company filings with regional estimates, suggesting they continued to gain share. Facebook’s revenue from ads shown in Europe rose 40% in 2018. Google’s revenue in Europe, the Middle East and Africa—the vast majority of which comes from advertising—rose 20% last year.
By comparison, Europe’s digital advertising market grew by only 14% over the same period, according to estimates from IAB Europe, an online-ad trade group.
As the article itself notes, for advertisers, the GDPR has driven them directly into the hands of the biggest internet players, because they know that those companies can handle the compliance costs, while no one else can:
L’Oréal SA’s chief digital officer, Lubomira Rochet, says the cosmetics company has decided to focus its ad spending on Google, Facebook and Amazon.com Inc. because “those guys have the capabilities to really treat the data in the way that it should be treated.”
Now, most people might find it laughable to claim that Facebook and Google are treating data "the way it should be treated," but from an advertiser's standpoint, you can totally see where they're coming from.
Of course, when we suggested this is how things would play out, people yelled at us that if this were true, why were those companies pushing back on the regulations, and the answer to that is pretty straightforward. The compliance costs are still massive, and it has been costly to deal with the GDPR. But, it's been costlier for the smaller players who can't take it. So we end up reducing competition, and making it that much more difficult for competitive entrants and upstarts to take on these giants. That doesn't seem like a good trade-off.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: advertising, competition, dominance, eu, gdpr, privacy
Companies: facebook, google
Reader Comments
Subscribe: RSS
View by: Time | Thread
This again, Mike.
Here's what I wrote last time you insisted on this BS, and I still stand behind it 100%:
[ link to this | view in thread ]
Re:
You're assuming that the GDRP actually achieves its stated aim. This is yet to be seen.
Are you happy with handing everything over to Google without getting the promised privacy? Because this might be what you're demanding.
[ link to this | view in thread ]
So This is what will happen when article 13 comes into force,
small companys will probably block most users uploads of videos,
and audio .
Only big tech companys will have the money to build complex filters
to block all video and audio that might be infringing.
Google does not hand over their user data to private companys like facebook ,google has not been hacked and lost private user data
to basic hacks .
Google use,s user data to display ads that may be relevant
or simply puts ads on videos on youtube.
Google has the expertise and staff to protect the privacy of users
and it has put a lot of effort into making the chrome browser
secure .
theres a large gap between facebook and google in terms of
security respect for user privacy .
[ link to this | view in thread ]
I would cynically say that Google and Facebook have the financial means to stretch GDPR compliance lawsuits long enough to make a profit of their non-compliance that is bigger than the levied fine and legal costs.
[ link to this | view in thread ]
Re: Re:
That's bullshit and you know it. By that reasoning, we should just cancel every single law and regulation, as each of them has some risk of not working as intended.
You also ignore that this is already a second stab at that goal, replacing the Data Protection Directive. If it fails, we don't reach the "game over" screen -- we can try again. (And so far it seems to be working relatively well, so that may not be needed.)
And I have yet to see any actual proof for the "it was all a dastardly plan to exploit and crush Google, but it backfired" theory. You'd think the enforcement would be focused on the "real" targets, no?
[ link to this | view in thread ]
Re: Re: Re:
You either need to calm down or work out your severe reading comprehension problem on this issue.
You said you were happy to pay a heavy price for privacy. My only point was - what if you don't get the promised privacy? Is it still worth the price?
[ link to this | view in thread ]
Re: Re: Re:
It is becoming clearer and more probable that World War 4 will be fought against these mega-corporations by the winners of World War 3.
[ link to this | view in thread ]
Re: Re: Re: Re:
All the pushing and provicating aimed against them presently seems to only be making them stronger.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Provoking a fight to break these giants up into smaller giants is only a smokescreen.. not going to happen unless these giants become like living cells self-replicating themselves with equal power and control of their former size.
[ link to this | view in thread ]
Re:
You think the EU gives two f*?$$ for european privacy? Haha good luck with that. They just don't want google and these global corporations to be the only entities with that data and controlling its use.
[ link to this | view in thread ]
Again with this untruth. Can you cite any real studies that lay out who paid what to become GDPR-compliant?
I am a software developer and wrote the code for my employer's products to support GDPR. These products are deployed into large corporations and even governments around the world. All have been happy with the changes, new features they didn't have to pay anything extra for, that allowed them to be GDPR-compliant. The effort to develop those features was roughly 2 person-months, i.e. around 300 hours to design, develop, test, QA and document. That's not even close to "massive" and it didn't cost our existing customers anything (while earning us some new ones).
What do you really have against the GDPR? Because you're way off base with regard to the cost aspect.
[ link to this | view in thread ]
Re: Re: Re:
Reductio ad absurdum cuts both ways.
It's just as accurate to say that by your reasoning, we should just pass every single bill and proposed regulation, as all of them claim they'll have a positive result, and we can't know for sure whether they'll achieve their stated aims until we try them out for a few years.
[ link to this | view in thread ]
Re: Re: Re: Re:
Smooth.
Yes.
Risk vs reward. I like my chances with this one. Besides, the price ain't all that heavy.
[ link to this | view in thread ]
It is rather humorous to watch as silly folk attempt to regulate the internet, as if something like that were actually possible. Just look at their meager attempts to secure the internet, lol as that worked out exactly as planned I suppose. Based upon past experience, why would anyone then trust these idiots to regulate anything?
[ link to this | view in thread ]
Re:
Because fully unregulated is proven by history to be worse than badly regulated.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
"Besides, the price ain't all that heavy."
The price of potentially handing foreign-run corporations control of everything while making it more difficult for local companies to compete isn't a heavy price? Or, was there another price you were thinking of?
It's not all doom and gloom, but it's pretty clear that this is another situation where we stand to lose more than we gain - and those costs were well warned about to anyone who was actually listening. As an EU resident and (currently) citizen, I hope you're right but I fear that anyone not at least mildly concerned about this hasn't been paying attention.
[ link to this | view in thread ]
Question
PaulT - what were the options? You state it yourself, fully unregulated is worse than badly regulated. Google, for example, now has "rules" to follow, or consequences, granted not significant to their whole, but still consequences. The essence of this article is not GDPR but that EU companies cannot compete with Google/others on scale. I know my company, in the EU does not rely on Google but on other EU companies. Seems as if the author just doesn't like big companies.
I also agree with AC's comments, my company expenses about 3 weeks of dev time to tweak a few things for compliance. Other items were procedural in nature.
Lot's of whining by Mr. Masnick
[ link to this | view in thread ]
Oh look who's suddenly against foreigners and mega-corporations!
After hating on persons who advance US national interests and are against globalism, PaulT now reveals that he too is for local control.
[ link to this | view in thread ]
honestly, any surprises here?
[ link to this | view in thread ]
Re:
Yes, I know, you write that every time and it continues to be off base. Part of the reason why the privacy concerns are totally legitimate is because we don't have options and we don't have competition. So, making the big companies bigger and hoping that a bunch of weak, confusing, unworkable regulations "protects" an amorphous concept of "data protection" is a huge own goal.
It puts more power in the hands of the very companies no one trusts. It also enables them to then better shame future laws. And wipes out competition and innovation that might actually protect our privacy.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
"Risk vs reward. I like my chances with this one. Besides, the price ain't all that heavy."
Sounds like the excuse of a scoundrel. The price may not be too heavy for you, but what about others? What's that ... you don't give a shit about others? Why am I not surprised.
What do you think is privacy anyway and how will this four letter acronym give you the privacy that you desire? They will still track yer ass.
[ link to this | view in thread ]
Re:
"The effort to develop those features was roughly 2 person-months, i.e. around 300 hours to design, develop, test, QA and document."
What was it, a little script? Even a little script would take more time than that in order to not be a POS. I guess you were using agile.
[ link to this | view in thread ]
Re: Re:
shame = shape?
[ link to this | view in thread ]
Re: Re:
I'm not so sure about that, guess it depends upon the particular situation. The internet was pretty much unregulated for some time and it was not the end of the world as we know it - and I'm not feeling fine.
[ link to this | view in thread ]
Re: Question
"Lot's of whining by Mr. Masnick"
Is it whining when you don't like it? What exactly constitutes whining? There is no indication of tonal inflection in his typing, what are you basing your opinion upon ... the fact that you don't agree" Well why not tell us about it?
[ link to this | view in thread ]
Re: Question
Where I work the implementation to become "mostly" GDPR compliant cost us millions of Euro. The legal department still come up with things that have been overlooked or have taken time to legally nail down. We even had to scrap a new system which we had invested almost €600,000 into since the legal department said the core functionality of it wasn't compatible with the GDPR, it was just easier to keep doing the work manually even though it negatively impacted our customers.
It should be said that we have millions of customers in our system which contains a wide variety of sensitive information about them.
People saying they put in a couple of weeks of dev time to become GDPR compliant are most likely not GDPR compliant or they run a 'very' small shop.
[ link to this | view in thread ]
Re: Re: Re:
Yes, though "shame future laws" is an interesting idea... :)
[ link to this | view in thread ]
Re:
Interesting retort.
But you also have seen what "Being the only Store in a small town" ideal is common for corps..
Yea, Im the only one..
Yea, I can do anything I want..
Yea, no one can do anything without ME!!..
Who will the gov goto now? if they wish any info??
Google/amazon.FB have it..
[ link to this | view in thread ]
Let them have the DATA,
POST it everywhere..
Let Everyone see our SS#, our CC#, and all pertinent DATA..
After that..
How is a corp going to tell, WHO is who? If the person on the other side is WHO they are, and all this Other great ideas..
Personal ID>>
Picture ID..
(whats the problem here??)
How about a CHIP ID?? In a CARD?>>
(still dont stop much, as it can be captured and Stolen)
Lets see...
FACIAL ID? Into a computerized system, using DMV DATA??
Almost there..
A CHIP? in the hand/arm?? And Facial ID...
Sounds great..
Can we Add tracking data and GPS??
WHY NOT,..
[ link to this | view in thread ]
Re: Re: Re: Re:
Sadly laws, much like most politicians, are incapable of feeling shame.
[ link to this | view in thread ]
It's not all bad.
Consider that out_of_the_blue supported GDPR. GDPR benefited Google. Therefore we can now say out_of_the_blue supports Google.
That sound you hear is the aneurysm caused by the resident Malibu Media fanboy's own goal...
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
The non-GDPR alternative is not domination by European corporations, it's domination by foreign corporations with us having no recourse if they screw us over (in the particular ways covered by the GDPR).
So the price we may have to pay is not "handing control over", it's "slightly increasing the stranglehold they already had", only this time we have some rules to make it a slightly less unpleasant stranglehold.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Oh fuck off. Unlike with the Article 13/17, which was pushed against the will of the citizens, my impression is that in Europe the GDPR is generally viewed as a positive (the majority of the opposition is from Americans).
Or can you point me to the mass protests against it? We Europeans aren't exactly shy about protesting.
[ link to this | view in thread ]
Re: Re: Re: Re:
That's not what I said or implied. Laws and regulations do have unintended (or intended but hidden) consequences, and I'm saying they have to be weighted against the positives, including the risk of the positives not appearing, to see if it would be worth it. In many cases, it wouldn't. In this case, I believe the potential and actual consequences are an acceptable cost.
Without taking a few calculated risks here and there, no progress can be made at all.
[ link to this | view in thread ]
Re: Re:
Thank you for responding.
The thing is, we've tried competition and innovation for a couple of decades, and it's only gotten worse. So much worse. As a tech-savvy user with 20 years of experience tinkering with computers, I'm (mostly) doing fine, but it takes a VPN and a zillion browser plugins -- and my efforts break half the web for me. It's the half I usually don't need, so I'm fine with that, but many people wouldn't be, and couldn't work around the breakage if they needed to.
And, unfortunately, I don't believe we'll ever get them without additional regulation. I don't want it, but I think we need it. And I don't know how a regulation could promote competition of privacy-focused services without a regulation mandating the privacy baseline you mustn't go under.
Isn't that the whole point behind GDPR? Replacing a bunch of weak, confusing, unworkable regulations of an amorphous concept with a strong, clear (as regulations go), unified regulation of a well-defined concept, with relatively clear enforcement mechanism, massive potential penalties, and very few loopholes? How successful it was in doing that is certainly debatable (and I'm pretty sure I know where you'd stand in that debate), but I think it's a massive improvement over the ineffectual mess we had before.
[ link to this | view in thread ]
Re: Because they never go after others.
EU always focuses on Google 1st, Amazon 2nd, apple 3rd, then everyone else.
They have cash. EU fines them. To get cash. To harm them to make them pay.
Then they enact stupid techno-phobic laws that hand the business to American companies. Typical EU, tragic levels stupidity and refusal to listen to reason.
Why? Same old reason, American corps got cash. No other reason needed.
[ link to this | view in thread ]
Re: Re: Re:
And, unfortunately, I don't believe we'll ever get them without additional regulation. I don't want it, but I think we need it. And I don't know how a regulation could promote competition of privacy-focused services without a regulation mandating the privacy baseline you mustn't go under.
The problem then is that the data would seem to indicate the exact opposite, in that 'more regulation'(the GDPR in this case) reduced competition, locking in the biggest players and giving them even more power. Far from encouraging more competition it reduced it, so if your goal is more companies in the field then the GDPR would seem to have been rather counter-productive.
Add even more regulations on top of that and you're likely to just see the likes of Google and Facebook get even more power, as the bar to enter and stay in the industry rises even higher, knocking out more of those at the bottom.
Getting companies to care about customer privacy is a good goal, but the how is the tricky part, and a method that just empowers the top companies and entrenches their positions even more probably isn't going to accomplish the goal very well.
[ link to this | view in thread ]
Re:
As a developer myself, I totally agree. Also, I would have thought that for newcomers it would be even cheaper as it's generally quicker to architect this functionality into the code at the beginning rather than bolting code onto already existing code.
[ link to this | view in thread ]
Re: Question
"PaulT - what were the options?"
Competent regulation, or at least something that's better laid out. The level of confusion everywhere shows that there were problems, with communication at minimum, if not the law itself. Time will tell how many unintended consequences result, and whether they were worse than keeping the old system while fashioning a better law.
"I know my company, in the EU does not rely on Google but on other EU companies"
I bet it also does rely on American companies, and others around the law. I tend to find that anyone who claims they solely rely on EU companies are deliberately ignoring many things to make that statement.
"my company expenses about 3 weeks of dev time"
That's nice for you. Not everyone was so lucky.
"Lot's of whining by Mr. Masnick"
Lots of people say this without going into any specifics. I assume there's a reason for that.
[ link to this | view in thread ]
Re: Re: Question
"Where I work the implementation to become "mostly" GDPR compliant cost us millions of Euro"
Yep, I've seen some horror stories too, and plenty of places are still not 100% compliant for various reasons that are hard for companies to overcome. The people saying "that was easy" always seem to be sub-100 employee companies that have been in business for less than 5 years. Older, larger companies have fundamental design issues that take years to overcome in order to implement this stuff.
You can argue they should have been doing this stuff from the beginning, but you're a fool if you think this is trivial for everyone.
[ link to this | view in thread ]
Re: Oh look who's suddenly against foreigners and mega-corporati
After failing to understand the words in front of him, the local moron reveals that he's happy to take a victory that only exists in his head, free for the weight of facts and logic.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
"only this time we have some rules to make it a slightly less unpleasant stranglehold."
Once again, you're assuming the rules will have exactly the intended effect and no other. Why you insist on rejecting the words I'm saying and double down on the mistake I'm pointing out is a mystery.
[ link to this | view in thread ]
Reddit doesn't like this opinion piece
[ link to this | view in thread ]