After the Facebook Cambridge Analytica Scandal, Will Privacy Protections Improve?

Editor's Note: This article originally appeared on and was reposted to ProgrammableWeb with the author's permission.

Revelations that the now-defunct Cambridge Analytica collected data from as many as 87 million Facebook users’ focused congressional and public scrutiny on two main issues: privacy and competition. Most Americans seems to agree that we need progress on both fronts. Users’ data needs to be handled with more consent and transparency. And the Internet would benefit from a Facebook that faces heightened competition.

But achieving both is a nuanced process — indeed, progress on one front might lead to regression on the other. At F8, Facebook’s annual developer conference, Mark Zuckerberg had to walk a fine line between maintaining openness and incentives for developers while also protecting users’ control over their data.

Facebook has taken several affirmative steps to address its policies related to application programming interfaces, known as APIs. Many of these changes are long overdue safeguards. But for others that could impact competition, it is critical that the Department of Justice (DOJ) and Federal Trade Commission (FTC) take a close look to make sure they are not the wolf of anticompetitive behavior — used to shut out potential competitors — hiding under the sheep’s clothing of privacy and data security.

APIs, in lay terms, are the way that programs and applications efficiently talk to each other and share data (for more about APIs see the API Evangelist, ProgrammableWeb, and this Medium post by Michael Bock). APIs play an essential role in facilitating the competition and innovation that yields new and useful services for consumers.

For example, the Google Maps API allows any website creator to easily integrate a Google Map into his or her website. The U.K. is implementing a new Open Banking directive where the largest banks, through APIs, must allow consumers to seamlessly take their information to a different banks to take advantage of competing products and services. APIs got a bad rap because they are how researcher Alexandr Kogan got access to Facebook data and passed it onto Cambridge Analytica. But APIs are key to so many of our online interactions and, when used responsibly, with proper user authorization, clear notice, and monitoring, they will continue to fuel revolutionary innovations.

In fact, much of Facebook’s success was based on its openness in creating a platform for developers to build interesting apps that drew more users to Facebook. But now that Facebook has become the dominant force in social networking, its incentive to be so open to this type of development from potential competitors may be changing. Now it might be more advantageous to selectively lock down the Platform and erect barriers to competition that keep users from using new applications or services that may draw them away from Facebook.

In the wake of the Cambridge Analytica saga Facebook has made significant changes to its API policies. Many are welcome user protections that should have been in place years ago. For example, Facebook will investigate and audit apps to ensure they are complying with data protection policies. Those who decline the audit will be banned from Facebook and so will those who misused “personally identifiable information.” In addition, it will require developers to “not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.”

However, other changes seem as if they could be used to curb competition. Facebook has restricted access to certain APIs to only those apps providing “useful services to our community.” While the intention may be well-meaning, what standards will Facebook use in determining what is “useful”? Who will be making these decisions? Will there be an appeal process? Could these API changes be used to entrench the dominance of Facebook so that new and innovative services cannot ever challenge it? Might these incentives outweigh the incentives to be as open as it has been?

There are allegations that Facebook has already used its APIs to choke off competitive threats. Indeed, Facebook is able to identify competitive threats from popularity of apps through its acquisition of Onavo. Already It has used this ability to acquire or copy popular apps. Given calls for antitrust enforcers to be more skeptical of acquisitions of potential competition, API restrictions on certain apps may be a more convenient and lower profile way to choke off competition. Such action could amount a violation of the antitrust laws, including the FTC Act’s prohibition on unfair methods of competition and the DOJ and FTC need to examine it.

In fact, Assistant Attorney General Makan Delrahim recently said, “If there is clear evidence of harm to competition in digital platforms, enforcers must take vigorous action and seek remedies that protects American consumers, so that free markets or consumers they don’t instead bear the risk of failure.” He also emphasized, rightly, an evidence-based approach to enforcement. But it is incumbent on the DOJ, when and if it sees potential competition issues, to use its investigative authority doggedly uncover evidence and find out what is really going on.

While either the DOJ or FTC could take the lead in examining competitive conduct and policy related to APIs, the now-full strength FTC may be particularly well-suited because of the agency’s dual portfolio of consumer protection and competition and because the justifications for such conduct may be based on consumer privacy and security. In addition, the FTC has in-house expertise in its Office of Technology Research and Investigation, currently housed in the Bureau of Consumer Protection. This office should be strengthened and oriented so that it can more effectively serve as a Resource for the enforcers in the Bureau of Competition.

Policymakers and law enforcers need to take a holistic approach to make sure that Facebook cannot exercise its incentive and ability to stop new competition and innovation by hiding behind calls for greater privacy and data security. This may involve challenging conversations about trade-offs between competition and data privacy.

But let’s not give Facebook a free pass to co-opt our privacy concerns. Instead, let’s talk about how giving people more control over their data can empower them to decide what technology will succeed in the market. All of these conversations will put us on our way to a healthier and more competitive internet ecosystem, even if an immediate competitor to Facebook doesn’t emerge.

Be sure to read the next Security article: Android P Will Prevent Apps From Background Network Monitoring