Protocol | Policy

In a push for privacy, tech giants are seen cracking down on competition

A lawsuit involving Facebook highlights how two top goals of tech policy can collide.

As onlookers take photos on their phones, Facebook CEO Mark Zuckerberg speaks before a screen that says, "The future is private."

A small ad analytics company claims Facebook acted anticompetitively by wielding its privacy commitments.

Photo: Facebook

Alon Leibovich says Facebook sued BrandTotal, his ad analytics firm, right after the company raised $12 million.

Leibovich started his business in 2016 hoping to give advertisers insight into how ad campaigns, including competitors', perform on social media. By September of last year, it had raised $20 million across three funding rounds and had built up a client list including well-known companies such as L'Oreal.

According to an email that later emerged in a lawsuit, a Facebook employee even suggested a partnership with Leibovich's company. Instead of launching a partnership, however, Facebook filed a lawsuit against BrandTotal for violating its terms of service by using "unauthorized automation for the purpose of extracting data" — part of a broad campaign against scrapers in the wake of the Cambridge Analytica scandal and the resulting $5 billion fine it paid to U.S. enforcers for years of privacy violations.

"For me as an entrepreneur, it feels like getting punched in the gut having such a big behemoth going after you," Leibovich said. He eventually countersued, arguing the real problem was that Facebook used privacy as a pretext to shut out BrandTotal as competition for ad analytics. Although his claims were temporarily dismissed citing Facebook's commitments to enforcers, Leibovich's still hoping a federal judge will stop the company's blocking of BrandTotal after a hearing on Friday.

The tech policy world has wondered if efforts on privacy and competition sometimes work at cross-purposes — the former requiring careful protection of data and limited sharing, while the latter often requires freer access to the consumer information that drives digital markets, especially for ads. Cases like Leibovich's appear to highlight a tension.

"Facebook is trying to protect its ad revenue," he said, citing Facebook's own problems with reporting ad performance. "Right now, the fox is guarding the henhouse."

For a time, there was little that lawmakers and the public considered more abhorrent about social media than the presence of third-party scrapers. Thanks to the Cambridge Analytica scandal, public opinion associates third parties with stealth attempts to change people's fundamental preferences and meddle in elections. The ad business is hardly more popular. (Leibovich insists the scandals have nothing to do with his operation, which he says obtains users' consent to collect their data.)

Yet, with Cambridge Analytica in the rearview mirror, competition appears to be tech enforcers' chief concern, at least with Facebook. Federal Trade Commission and attorneys general for 48 states and territories have sued to break up the company, alleging it uses its reach to starve or co-opt would-be rivals.

Frequent collision

Concern that this shift in emphasis is, at the margins, a counterproductive about-face has even made its way to Congress. Rep. Ken Buck, the top Republican on the House subcommittee in charge of competition law, has urged the FTC, which has a mandate to regulate both consumer protection and competition, to consider revisiting its consent decree with Facebook over the BrandTotal case, among others.

"I am concerned the FTC's privacy order is being used by Facebook as a sword to eliminate competitive threats in advertising analytics," Buck wrote earlier in May. "It would indeed be ironic were an order [from] an agency charged with ensuring competition used to justify anticompetitive behavior."

Similar conflicts have popped up repeatedly. When Europe put new privacy rules into force in 2018, for instance, research suggested that Facebook and Google actually got a boost because they could leverage their direct relationship with millions of consumers to get permission for data processing and could tout their resources for compliance.

Google has similarly touted privacy concerns as a driver behind its plan to stop supporting third-party tracking cookies in Chrome, one of the world's most popular browsers. Critics, however, have pointed out that the move still allows Google to collect massive amounts of consumer data, but blocks out smaller competitors in the digital advertising space.

Apple, meanwhile, argues that its limits on the App Store — which Epic Games has alleged are anticompetitive — protect consumers' privacy and security. In another case in 2017, the HR data company hiQ successfully sued LinkedIn, which had tried to shut down the former's scraping, by saying the limits threatened its business.

Power to first parties

Clashes appear to be happening more frequently. Facebook, for example, has even wielded its privacy commitments as a tool against NYU researchers, who, while not competing with Facebook, were delving into the very questions of political influence at the heart of Cambridge Analytica. Some saw Facebook's supposedly pro-privacy moves as a way to squash unflattering findings.

"I'm sure Facebook has both motivations in doing this," Alec Stapp, director of technology policy at the Progressive Policy Institute, said of the suit against BrandTotal. "It's basically impossible to tease out from the outside which dominates."

Facebook, he suggested, needs to please policy-makers who want it to protect privacy more carefully, but the company is also probably fine with using privacy as a tool to disadvantage would-be rivals. That position, Stapp said, would fit the larger trend toward companies that have direct relationships with consumers, as opposed to third parties that rely on data that others collected, whether in online ads or other digital marketplaces.

"Whenever you think about increasing user privacy protection, whether it's a private company making that decision like Google or Facebook or it's the government doing that through regulation, oftentimes that has the effect of making life harder for third-party data brokers, data analytics companies, small ad tech vendors, etc.," said Stapp, whose group counts Facebook and other tech companies among its donors.

When discussing trade-offs between competition and privacy, some scholars have cited the long-running tensions between competition and intellectual property rights, which often limit who can benefit from a particular work or invention. The conflict is several decades old, but experts continue to disagree over whether a particular issue gives too much weight to one side over the other.


Although many see privacy and competition in conflict with one another, there is an argument to be made that the two can actually bolster each other. Aggressive antitrust enforcement, strong competition rules, and an ability for users to move more easily to competing sites could come together with explicit privacy laws to both challenge tech giants' dominance and allow privacy-protective rivals to rise in their place, say economists and competition scholars who increasingly see digital platforms' power as deriving from their exclusive data.

That kind of arrangement "would hopefully curb some of the more problematic privacy practices that are prevalent in the market right now," said Eric Null, U.S. policy manager at the international digital rights group Access Now, who has urged Congress to adopt a bill making it easier for users to port their data to other services.

After all, many privacy advocates argue, customers routinely say they're concerned about privacy and data collection. If competitors that offer more data protection were able to gain traction against large incumbents, users might move in greater numbers to them than they have before. That's the pitch behind Google rival DuckDuckGo, for instance. Consumers might be more likely to switch services, the theory goes, if they could bring over the connections to friends and family, or the search expertise, that drew them to a platform in the first place — and the ad industry will follow eyeballs wherever they go.

Data portability has worked before: Congress was famously able to boost competition in the telecom sector by allowing users to port their phone numbers from service to service, and antitrust scholars have suggested portability could be particularly effective in fostering competition among digital platforms.

Portability would theoretically allow small rival companies to compete against incumbent platforms such as Facebook, which have had more than a decade to learn what many users like and who they know, by bringing all that data over to the upstarts. Right now, Facebook and Instagram are the main social networks that know most users' family, friends and interests; only Google has insight into users from nearly a quarter century of searches. Few people tend to migrate to a new site that doesn't have much of the networks they're already looking for, and successful new apps such as TikTok and Snapchat have leveraged users' Facebook friends lists or phone contacts to make themselves viable social experiences.

"Digital platforms compete for consumers by offering an ever-improving set of products and features," Facebook's global privacy policy manager, Bijan Madhani, wrote in an April opinion piece. "Making it easier for people to shift between and among services will increase the competitive pressure on these companies."

But, Madhani added, before consumers could really reap the benefits of an idea that could challenge Facebook's position, lawmakers and regulators would have to say how such transfers should protect privacy. Should users have a right to bring over their friends' data, too? What about inferences the company has made about them, perhaps through proprietary algorithms? Madhani called for regulators to take action on such questions right away, and both Europe's privacy rules and California's data law have portability measures. But in Washington, tech policy is notoriously slow, and the federal government is still way behind on technical topics.

Until such time as new regulation is developed, critics say that Facebook and other massive digital platforms will mostly be in position to decide how to balance privacy and competition for themselves, even if they have to deal with the occasional lawsuit from companies like BrandTotal.

"The privacy space in the United States has been company-driven, commerce-driven for 25 years," said Access Now's Null. "That's the main driver — the good graces of the companies that hold all the data."


How the creators of Spligate built gaming’s newest unicorn

1047 Games is now valued at $1.5 billion after three rounds of funding since May.

1047 Games' Splitgate amassed 13 million downloads when its beta launched in July.

Image: 1047 Games

The creators of Splitgate had a problem. Their new free-to-play video game, a take on the legendary arena shooter Halo with a teleportation twist borrowed from Valve's Portal, was gaining steam during its open beta period in July. But it was happening too quickly.

Splitgate was growing so fast and unexpectedly that the entire game was starting to break, as the servers supporting the game began to, figuratively speaking, melt down. The game went from fewer than 1,000 people playing it at any given moment in time to suddenly having tens of thousands of concurrent players. Then it grew to hundreds of thousands of players, all trying to log in and play at once across PlayStation, Xbox and PC.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,

Antoine Nougue is Head of Europe at He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Why Twitch’s 'hate raid' lawsuit isn’t just about Twitch

When is it OK for tech companies to unmask their anonymous users? And when should a violation of terms of service get someone sued?

The case Twitch is bringing against two hate raiders is hardly black and white.

Photo: Caspar Camille Rubin/Unsplash

It isn't hard to figure out who the bad guys are in Twitch's latest lawsuit against two of its users. On one side are two anonymous "hate raiders" who have been allegedly bombarding the gaming platform with abhorrent attacks on Black and LGBTQ+ users, using armies of bots to do it. On the other side is Twitch, a company that, for all the lumps it's taken for ignoring harassment on its platform, is finally standing up to protect its users against persistent violators whom it's been unable to stop any other way.

But the case Twitch is bringing against these hate raiders is hardly black and white. For starters, the plaintiff here isn't an aggrieved user suing another user for defamation on the platform. The plaintiff is the platform itself. Complicating matters more is the fact that, according to a spokesperson, at least part of Twitch's goal in the case is to "shed light on the identity of the individuals behind these attacks," raising complicated questions about when tech companies should be able to use the courts to unmask their own anonymous users and, just as critically, when they should be able to actually sue them for violating their speech policies.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at
Protocol | Fintech

When COVID rocked the insurance market, this startup saw opportunity

Ethos has outraised and outmarketed the competition in selling life insurance directly online — but there's still an $887 billion industry to transform.

Life insurance has been slow to change.

Image: courtneyk/Getty Images

Peter Colis cited a striking statistic that he said led him to launch a life insurance startup: One in twenty children will lose a parent before they turn 15.

"No one ever thinks that will happen to them, but that's the statistics," the co-CEO and co-founder of Ethos told Protocol. "If it's a breadwinning parent, the majority of those families will go bankrupt immediately, within three months. Life insurance elegantly solves this problem."

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at or via Signal at (510)731-8429.

Latest Stories