Privacy Without Monopoly: Data Protection and Interoperability
Update, June 11, 2021: Today, we updated this paper with a new appendix, "The GDPR, Privacy and Monopoly," which analyzes the legal benefits of interoperability under the GDPR, where a regional privacy law creates a sturdy privacy backstop for interoperability remedies. This appendix is also available as a standalone article.
Executive Summary I. Introduction II. Background III. Policy Tools to Promote Interoperability IV. Interoperability: Risks and Mitigations V. Conclusion
The problems of corporate concentration and privacy on the Internet are inextricably linked. A new regime of interoperability can revitalize competition in the space, encourage innovation, and give users more agency over their data; it may also create new risks to user privacy and data security. This paper considers those risks and argues that they are outweighed by the benefits. New interoperability, done correctly, will not just foster competition, it can be a net benefit for user privacy rights.
In section 2 we provide background. First, we outline how the competition crisis in tech intersects with EFF issues and explain how interoperability can help alleviate it. In “The Status Quo,” we describe how monopoly power has woven the surveillance business model into the fabric of the Internet, undermining the institutions that are supposed to protect users. Finally we introduce the “privacy paradox”—the apparent tension between new interoperability and user privacy—that frames this paper.
