The Devils You Don’t Know ⇥ om.co
The companies we should be worried about are the many smaller and mid-sized companies that most of us have never heard about. Whether it is app developers surreptitiously selling information to third parties, data breaches at retailers (and their digital platforms), or data-brokers with security systems that have more holes than swiss cheese, these companies will continue to be the cause of most headaches in our digital lives. And they are the group more likely to take liberties with data and privacy.
[…]
And at the top of the list are companies that have always been hostile to their customers: telephone companies, electric utilities, insurance companies, for-profit hospital systems, big airlines, and other such organizations. They will only use “smart data” to amplify their past bad behavior.
There is good reason to focus on the biggest and most valuable companies, since they, by default, have the most influence. But setting the bar so high — the bills proposed in the United States only apply to companies with a market cap over $600 billion — neglects the many smaller companies and industries that are begging for better oversight.
This is something I have been concerned about for years because an overwhelming focus on the biggest tech firms means far less scrutiny of companies that are big enough to do real harm and anonymous enough to avoid consequences. Every company is a technology company now, to some extent or another: oil refineries rely on computer control and proprietary software; lumber mills use automated multi-axis saws; airplanes are computers with engines, seats, and wings, all of which have their own computers. All of these connected systems come with risks for the market and for consumers from the supply chain level up.
Malik cites a recent case of utilities in Texas changing customers’ smart thermostats as an example of a previously unthinkable concern. I would point to cellular carriers, ad tech companies, and data brokers as industries that exploit privacy vulnerabilities without consent for their own gain.
The high value bar of the legislation currently proposed in the U.S. means that many sectors with little competition remain unaddressed. I have been looking at hotel reservations for an upcoming trip, and I was reminded of the lack of competition in travel booking websites. Booking Holdings owns Booking.com — obviously — plus Priceline, Agoda, and Kayak, among several other brands. In addition to Expedia.com, Expedia Group owns many other companies such as Hotels.com, Hotwire, Orbitz, Travelocity, and Trivago. If you are from North America or Europe and you are booking a hotel room online, chances are that it will be through a service owned by one of these two companies which, combined, represent 92% of the U.S. market. But neither one is worth anywhere near $600 billion, so they would not be required to divest any of their brands should the current crop of U.S. tech company bills become law.