Data. It’s all around us. It drives business decisions, it’s many companies’ largest asset and the subject of massive controversy. It’s been called out as the dirty little secret in political campaigns and it’s the primary reason why the US Federal Trade Commission recently reached a $5 billion settlement with Facebook.
Since the inception of the European Union’s new data protection regime – the General Data Protection Regulation – introduced 25 May last year, companies all over the world have started to fear the repercussions of improperly collecting, retaining and using data.
Of course, they should have been considering this anyway. Data protection is a fundamental right in the EU and the union has had a bloc-wide law on data protection in place since 1995 – before many of the big tech companies were even founded.
But the GDPR does a few things that really scares companies. The big fines that can be levied get most of the headlines – the regime allows for a maximum €20 million penalty or up to 4% of global turnover, though, in reality, the vast majority of fines are much lower than this. It also has an extraterritorial reach, meaning that the laws apply to any data controller — that means an organisation that decides what to do with a person’s data — so long as they deal with the data of an EU citizen.
But really, the thing that companies are truly concerned with, or at least should be, is the orders that data protection authorities can make. These regulators, thanks to the GDPR, have the power to force companies to change their practices.
That usually means a requirement to beef up information security — both technologically and in terms of processes — but there is also the option for a “stop-processing” order, which could force a company to stop processing a certain type of data, in a certain way.
What that would entail for many big companies, and especially some of the household tech names, is a stake to the heart of their business model. Google’s business model is not its search engine, or its browser, or its email client. It’s the data it gets from these products.
The thirst for more
What Google has found in its relentless quest for data is that, unlike the old saying, more is indeed more. It’s gained a lot of money and an extremely dominant position in the market (so much so that it has felt the wrath of European competition regulators on more than one occasion) through the acquisition of lots, and lots (and lots) of data.
The data that it gathers is not only plentiful, it’s granular too. Google knows so much about so many people on such a precise and detailed level that it can provide companies with extremely accurate insights about customers and potential customers. And by doing that, it can sell advertising space. That’s the core of its business.
Now, that’s hardly an unknown. But like so many companies, Google must keep growing to be seen to be successful. It’s expanded its business — remember, it’s all about data — in many ways throughout the years, both by creating new products and acquiring many others.
Google & Fitbit
The latest to join that list is Fitbit, the makers of health tracking watches. Google bought the company for $2.1 billion and many commentators have noted that a large driver behind the sale is undoubtedly the data that it will acquire with the transaction.
Getting transactions – particularly those involving data, like this one – past the regulators is a complicated and tricky affair. Data will no doubt have been considered before now and will be considered later, too, as regulators look more closely into it.
It’s already led to a fair amount of hand-wringing, with The Verge going to press with an article telling readers how to delete their Fitbit data before Google gets its hands on it. And Wired led with the headline “What is Google going to do with your Fitbit data? Anything it likes”.
That, unfortunately, might be true. There are regulators and regulations in place to deal with abuse of data, of course, but they haven’t always proven equal to the might of massive corporations like Google. The only thing that is clear is that transactions such as these, with data at their heart, are only going to increase.