Finding Equilibrium in an Era of Heightened Regulation Download Big Tech’s “big” problem How big is Big Tech? There is little doubt that the big five technology companies (i.e., Apple, Microsoft, Google, Amazon and Facebook) are operating in a completely different stratosphere. As one recent New York Times blog described it, “America’s tech titans have formed a separate universe in which they are the sun, and everyone else — billions of humans, other companies, entire countries and governments — are mere planets that revolve around them.” Download Topics Risk Management and Regulatory Compliance Industries Technology, Media & Telecommunications To put this into context, the combined current stock market value of the five tech titans ($9.3 trillion as of June 2021) is more than the value of the next 27 most valuable U.S. companies put together, including corporate giants like Tesla, Walmart and JPMorgan Chase, according to data from S&P Global Market Intelligence. In the first quarter of 2021 alone, the Big Tech companies reported combined profits of $74 billion, more than double what they earned in the same period a year ago. Over the last 18 months, their growth has been fueled by major trends produced and accelerated by the COVID-19 pandemic. Strong demand for digital services (e.g., contactless payments and online shopping), the proliferation of workflow collaboration tools and the mass migration to a remote-working labor model are just a few of the many ways technology has helped organisations and individuals adapt during the pandemic. While these changes have brought technology companies (not just Big Tech) enormous profits and power, they have also provoked long-held concerns over a broad array of issues, including possible anti-competitive behavior, the concentration of market power, internet security and safety, governance and privacy protection of users’ data, and content censorship. On these issues, legislators, regulators and consumer groups alike appear to want increased accountability from the tech industry. Earlier this year, in a rare sign of bipartisan agreement, a Gallup poll showed majorities of Americans across party lines now think the government should increase its regulation of the big technology companies. According to the poll, 66% of Democrats, 58% of independents and 53% of Republicans support more oversight. Are technology companies getting too big to fail? Will the long-simmering techlash explode in the post-pandemic period? Has the effort to rein in the technology industry reached a tipping point? Do you think the government should increase, decrease or not change its regulation of technology companies such as Amazon, Facebook and Google? Intensifying regulatory landscape Before coming to power, President Joe Biden made it clear he will pursue increased regulation and oversight of the technology industry, with heated rhetoric from his campaign team claiming that tech giants have “not only abused their power, but misled the American people, damaged our democracy and evaded any form of responsibility.” In a sign that he plans to make good on this promise, President Biden in July signed a sweeping executive order that includes directives, which, if implemented, would lead to the most robust antitrust enforcement in decades and reshape aspects of the U.S. economy. The executive order encourages the Federal Trade Commission and the Justice Department to vigorously enforce current antitrust laws, revisit anticompetitive mergers that went unchallenged by prior administrations and toughen the agencies’ scrutiny of future mergers. Also, it is worth noting that some of the most vocal critics of the tech industry are leading the agencies that are tasked with implementing the executive order. Additionally, aligned with the administration, the Democrats controlling the House and the Senate (with rare bipartisan support from many Republicans) are introducing legislation to tackle a host of tech-related issues, including the impact of emerging technologies on national security, hacking of U.S. networks by foreign adversaries, disinformation and extremism in the media, and the future of telehealth, to name a few. Congressional hearings have been scheduled on many issues critical to technology firms, although some may be delayed as the mid-term election nears and depending on how quickly the administration can work through its long list of top priorities. Here are some of the key issues currently on the legislative agenda: Antitrust Legislation — High on the legislative agenda are potential changes to antitrust law that could make it easier to block mergers or force technology companies to modify how they do business. This is one of the rare issues in Congress that has bridged partisan divides and has the full support of the Biden administration. Senator Amy Klobuchar, the new chair of the Senate Judiciary Committee’s Antitrust Subcommittee and a vocal proponent of tech reform, has introduced a bill that would bolster the authority of the FTC and strengthen prohibitions on anticompetitive conduct and mergers, including update the legal standard for permissible mergers and shift the burden of proof from the government to the companies in some antitrust cases. The bill would also establish a new, independent FTC division to conduct market studies and merger retrospectives. Additional antitrust proposals could include steps to bolster the FTC’s authority to collect data from companies to assess their market power. Privacy legislation — At both the federal and state levels, there is an aggressive push for changes that would bring U.S. privacy rules closer to the standards that have been adopted in Europe and California. Proponents want consumers to have the right to know how their personal information is collected and used. There is also significant debate over whether consumers should be allowed to sue companies for privacy violations. Many expect the Biden administration to push for a federal privacy law and also work to smooth the path to negotiations with the European Commission over a new version of the EU-U.S. Privacy Shield. Meanwhile, states like California, Virginia and more recently Colorado continue to up the ante on the enforcement of data privacy laws. Content moderation — Tech companies should expect to come under increased pressure to more closely moderate content on their sites. The January 6 violence in Washington forced social media giants like Twitter and Facebook to crackdown on violent rhetoric and conspiracy theory peddling. In other examples of content moderation, Amazon stopped hosting Parler and Apple removed the social networking service from its app store. These measures have come under fierce criticism because opponents believe they are a form of censorship by big tech and violates free speech and expression. In response, some lawmakers are looking to make potential changes to Section 230 of the 1996 Communications Decency Act, which shields internet companies from lawsuits over content posted by users on their sites. Congressional hearings have been scheduled on many issues critical to technology firms, although some may be delayed as the mid-term election nears and depending on how quickly the administration can work through its long list of top priorities. Net neutrality and broadband access — The FCC’s menu may also take a stance on net neutrality, an Obama-era reform that sought to prevent internet service providers from favoring certain internet traffic over others. In a net-neutral environment, users and businesses can’t pay for a “fast lane” or to slow down another website’s traffic. In February 2020, a federal judge cleared the way for California to enforce its net neutrality law, a move that is expected to be replicated by other states (Washington, Vermont and Oregon have enacted laws) in the absence of a federal rule. Also, the FCC may expand regulation of programmes that provide broadband access, which has become even more important during remote work and distance learning due to the pandemic, especially in the more rural areas. Other tech-related issues that may prompt legislative or regulatory actions in the medium to long term include how gig workers are classified under federal law (an issue that will affect companies like Uber, Lyft, DoorDash and Instacart), perceived discriminatory algorithms and biased facial recognition technology, digital political ads, and access to high-skilled immigration, including the H-1B visa programme that both tech giants and companies sectors use to recruit technical talent from overseas. Emerging policy and regulatory changes The tech industry has been incredibly successful at responding quickly to consumers’ changing demands and expectations, especially in the COVID-era. Going forward, its continued success in areas such as product innovation and revenue growth, will also depend on how well it responds and adapts to emerging policy and regulatory changes. In a number of key technology areas, regulation will need to be developed to enable tech companies to grow. Take, as an example, the drone industry, where in most jurisdictions regulation prevents their use in populated areas, thereby stifling its growth. The autonomous vehicle industry is another example. While a number of states are encouraging development, other state legislatures have rejected regulation that will enable testing for driverless cars. The future growth of emerging technologies like machine learning and artificial intelligence, which are fueled by massive amounts of data, and cloud computing, will also be shaped by new and changing data privacy regulation. App developers and advertisers in the iOS ecosystem got a taste of the dramatic effects of privacy policies when Apple introduced its controversial app tracking transparency feature earlier this year. Apple’s move forces developers that want to track users and their data across different apps and websites to ask permission first using a standardised prompt. According to opponents, the new feature makes it harder and more expensive for ad networks to easily target customers, which in turn hurts small businesses that rely on highly targeted ad campaigns. New regulations to counter the growing cybersecurity threat will also have massive implications for the industry, especially software and hardware developers. The Biden administration currently is looking to establish baseline security standards for development of software sold to the federal government, including requiring developers to maintain greater visibility into their software and making security data publicly available. Over the course of the next 12 months, the U.S. secretary of commerce, in coordination with the director of NIST, will develop and publish new criteria and guidelines for software security. Once these are developed, the federal government will compel hardware and software companies to comply with them. What should tech companies do now? How can technology companies achieve the right balance between the push for innovation and growth and the pull of regulation? What does a responsible technology firm look like in this environment? It begins with a strong understanding of the changing expectations of today’s consumers, governments and other key stakeholders. In this environment, tech companies cannot afford to be tone deaf or unprepared for this paradigm shift. While it may be daunting, tech companies should invest in expertise that will enhance their ability to analyse, monitor and devise strategies for regulatory readiness. The ability to adapt and reinforce all aspects of their compliance programme on an ongoing basis is critical. For instance, tech companies should aim to develop and continuously improve a sound compliance programme capable of not only preventing possible violations but detecting them as early as possible when they do occur. This effort should include: Reevaluating policies, processes and controls related to compliance with regulations. Ensuring compliance standards are clearly established and consistently enforced. Eliminating gaps in processes, controls, monitoring, resources, training and communication. Too often, companies, including some that believe their compliance functions are strong, discover significant gaps when faced with scrutiny from regulators. Assigning overall responsibility to oversee compliance to a high-level executive. Staying abreast of regulatory activity to ensure the organisation is prepared for actions that may impact products, services and markets. Regarding security compliance, companies should anticipate and prepare for potential reporting requirements related to baseline security standards by documenting current security procedures in preparation for potential review. Cyber resilience should be a boardlevel priority if it isn’t already. On the privacy front, and as detailed in this recent whitepaper, key steps for tech companies should include: Conducting a data privacy risk assessment to identify weaknesses. Establishing a baseline to capture the totality of the organisation’s privacy commitments, especially to customers. Managing change to ensure that data privacy is a strategic priority for the business and embedded in the culture. Maintaining clearly verifiable and readily accessible documentation of data privacy plans and processes. Finally, there will be no shortage of politically charged issues in the post-pandemic period, and in many cases, a quick resolution may be difficult to find. For prudent tech companies, the best way to prepare for the increase or change in regulations that will impact their business is to focus on developing and managing their compliance functions with the same level of intensity and ingenuity with which management often approach improvements to core operating processes — actions that have created the incredible wealth, power and success they enjoy today.