How regulating big tech can hurt small tech…a brief review of unintended consequences and why being told to “nerd harder” isn’t the answer

As members of ACT | The App Association, CAVU and Sigao team members joined others from throughout the country for Global AppCon22 – Competition and Privacy, a conference designed to bring legislative staff and small tech companies together to advocate and educate on the effects legislation can have on small tech businesses. 

It is important to both small and big tech businesses to have a single set of federal rules on privacy compliance. The current privacy law status in the US includes a small handful of state privacy laws. These laws are generally similar, but each has enough compliance differences that it will become a nightmare for small tech businesses to create something that is acceptable. Now imagine there are 50 of those, plus the international regulations. Eventually, small tech businesses won’t be able to compete on a national level, much less the global stage. 

Data privacy and data security are some of the most important issues that need to be tackled when it comes to consumers and businesses – and it’s not just the tech ecosystem. From point-of-sale systems to employee communication and collaboration, tech is in every 21^st century business. This is why it is important for everyone to understand some of the more nuanced aspects of the recently proposed legislation currently being discussed in Congress. 

The two pieces of proposed legislation discussed this week are: the American Innovation and Choice Online Act (AICOA) and the Open App Markets Act (OAMA). Both of these bills are focused on antitrust issues in the marketplace. These laws would require companies to open software and device access in an effort to ease what is seen as “big tech” trying to restrict the marketplace by controlling the apps offered in their app stores. Unfortunately, these Acts would have a number of consequences on smaller tech-based companies as well as consumers. 

One of the scarier things that could happen is the automatic sideloading of apps consumers and businesses. What is sideloading? Sideloading is when another piece of software is bundled with the software you want and not only downloads automatically, but it is often difficult to remove and you may not even know it has been downloaded onto your system or even what kinds of data you are letting it access. Currently, as part of the self-regulation we as consumers trust in an app store, the major app stores restrict this kind of behavior. These laws remove the ability for app stores to restrict this kind of behavior, which opens everyone up to getting caught up in malware, ransomware, and other detrimental security breaches consumers expect to be protected from by their app store of choice. 

Once you give these “bad actors” unlimited access to device and software data and remove the restrictions, it begins to give the smaller, more innovative companies an unearned bad reputation as consumer trust erodes.  

What can we do?

Reach out to legislators and ask them to: 

1. Support a single set of federal privacy rules and enforcement of data security 

2. Pass federal privacy rules BEFORE attempting to address antitrust issues 

3. Tailor Private Right of Action clauses to avoid being an invitation for abusive lawsuits 

4. Stop allowing large companies to use legislation instead of the courts to gain competitive edge 

5. Support a cultivated marketplace instead of an open internet to raise the value of all distribution methods 

One of the underlying notes from this conference was the realization of how much we as consumers and developers rely on a base layer of self-regulation and trust accessed by working with big tech companies. Most people do not disagree with the need to ensure companies are charged fair rates and are given a fair marketplace. However, when the platforms become more expensive and less regulated, there is a reduction in investment in innovation. Plus, companies rely on and trust cloud services like AWS – in fact, 92% of the companies using AWS are small businesses. We need to be able to trust these platforms in order to innovate and create new products. 

This is not an issue limited to the US.  The EU is working towards creating a new and extensive digital framework with their Digital Market Act (DMA). They have been looking at antitrust issues, unfair market advantages, and trying to unify and standardize the digital market. The EU is trying to designate the level of “gatekeeper” companies, i.e. big tech (also the same ones we think of as big tech in the US). With GDPR (the EU’s General Data Protection Regulation), the EU focused on data protection. However, the DMA as currently written could open access to devices and data in a way that could let companies sideload additional software without the user’s knowledge as well as ensuring smaller players in the tech space would have no restrictions put on them by the larger gatekeepers (think app stores as an example). 

Unfortunately, approval of the EU’s DMA will have ripple affects globally. From other countries adopting a “cut and paste” of the DMA for their own laws to fundamentally changing the way developers build products, the consequences of not carefully considering what open access can be detrimental at best and catastrophic at worst.   

All of this proposed legislation and regulation targeted at “big tech” will have ripple effects throughout the tech ecosystem as well as for any business or consumer using technology to learn, do business, manage finances, or simply play games. Both the US Congress and the EU need to do more due diligence to realize what could result from these well-intentioned legislative acts before they have to start cleaning up the messes they will cause.