The vast volume of unfinished tech-policy business that 2017 bequeathed in net neutrality, broadband competition privacy, security, and more won’t all get wrapped up in 2018, either.
But the combination of a U.S. election and a dramatic expansion of privacy rules overseas might open up room for a few wins for customers on those fronts.
Between candidates having to take a stand on net neutrality, privacy-abusive companies brought to heel with a foreign government’s fine, and more social-network CEOs pressed to act against trolling, you might see incremental but still-welcome progress. Or we could be left only with a deeper realization of the work remaining to be done.
The most likely outcome: Things won’t change significantly until there’s a different cast of characters in Washington and a more humble mindset in Silicon Valley.
The “now what?” phrase of net neutrality
The Federal Communications Commission’s vote to wipe out its existing net-neutrality rules leaves internet providers wide open to blocking or slowing sites—in theory. In practice, with the FCC’s move facing an array of lawsuits once it officially goes into effect, internet providers have little incentive to try anything funny until those court challenges wrap up.
So nightmare scenarios of Big Telecom censoring sites may look a little silly by spring. Those forecasts of doom also risk distracting people from the more subtle harm that happens when investors decide it’s too risky to back a startup developing an innovative but data-intensive app. Why place that bet when internet providers can now push those startups to pay more for priority delivery of their data?
Note that one of those Big Telecom firms, Verizon (VZ), owns Yahoo Finance.
Any lawsuits challenging FCC chair Ajit Pai’s move will almost certainly still be working their way through the courts as the 2018 elections near. Expect this to become something that candidates have to answer.
The net-neutrality debate might not be so vitriolic if more of us had more than two residential broadband providers. For that to change, we have to streamline rules and norms that slow down building out new broadband networks—the kind of burdensome regulations that founders of new high-speed services actually complain about.
The FCC’s Pai has said many of the right things on that issue, but he, like earlier FCC chairs, needs help from a Congress that has spent the last few years declining to advance any sweeping broadband-infrastructure legislation.
There’s always the chance that the infrastructure plan that Trump said would be among his top priorities will include a broadband component. The prospect of that even had some telecom-policy types cautiously optimistic in January. But almost a year into Trump’s administration, that infrastructure plan has yet to emerge. It’s starting to look as top-secret as Trump’s tax returns.
“GDPR”: a transatlantic privacy hammer
For a great many U.S. companies, the most important government rule of 2018 won’t come out of any U.S. capital. Instead, it will come from Brussels, in the form of the European Union’s General Data Protection Regulation. This sweeping set of privacy rules goes into effect in May and covers any firm with customers residing in the EU.
The GDPR will require those companies to give customers far more control over their data—and will punish violations with fines that can hit 4% of their total worldwide revenue. That could make the $2.7 billion fine a European court imposed on Google (GOOG, GOOGL) in June look like an appetizer course.
Some U.S. firms’ GDPR compliance efforts should benefit U.S. users directly as they elect to offer the same new privacy options (for instance, the right to download your data from a social network and move it to a competing service) on each side of the Atlantic.
Others, however, will be surprised by its dictates—then stricken with a steep bill. Their American customers may not get anything more than some bitter laughter.
Fear of Facebook and Google
The increasing domination of the ad market by Google and Facebook (FB) has driven unease on both sides of the Atlantic. And while the GDPR may force those two to curtail their tracking of users in the EU—a December finding by a German competition authority that Facebook abused its power should be read as a road map—U.S. users shouldn’t expect any comparable new laws from their own government.
The way Facebook, Google, Twitter (TWTR) and others have struggled to deal with trolls, harassers, and other merchants of hate will only make that argument easier to advance—especially if the onset of the campaign season brings fresh evidence that big social networks are getting exploited by Russian operatives.
More insecurity over security
This is an easy bet to place. Of course companies will continue to misplace our data. Sometimes that will happen through something as dumb as leaving a giant database open on the web, something that happened yet again Dec. 20 when the research firm UpGuard found that a California marketing company named Apteryx left marketing data for 123 million American households exposed.
Why? U.S. laws still impose few consequences for that sort of sloppiness. And repeated bouts of data breaches have yet to push a Congress led by a Republican majority with a distinctly anti-regulatory mindset to act, much less impose breach-disclosure requirements as strict as the GDPR’s 72-hour timeframe.
It seems equally inevitable that security flaws will result in many more apps, computers or gadgets getting remotely commandeered to stage ransomware or identity-theft attacks.
It would help if all this fretting over privacy and security yielded not just more existential dread (and sometimes conspiracy-theory fear-mongering) but a commitment to be choosier about who gets our data and our business. But that resolve may have to wait for 2019… or 2020… or never.
More from Rob: