Google and Facebook Will Just Get Stronger if Regulators Get Their Way, Europe’s Experience Shows

This article appeared at the Foundation for Economic Education on August 27th, 2019

In March, Facebook creator and CEO Mark Zuckerberg wrote in The Washington Post: “I believe we need a more active role for governments and regulators.” What prompted this? Is he being a good, civic-minded, corporate citizen? Is he a poacher voting for more gamekeepers? New research suggests he may be neither.

Big firms can bear the costs of complying with regulations more easily than small firms. If a set of regulations takes one person full time to keep on top of, this will fall as a share of employment the more people the company employs; their salary will be a smaller share of a big company’s revenues than a small one’s. This makes regulations a source of competitive advantage for the big firms lobbying for them, such as Facebook.

We’ve seen this in action recently. In April 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. Ostensibly, its aim is to protect personal data within the EU. But it does so via a breeze block of text comprising 99 articles, setting out the rights of individuals and obligations placed on businesses that are subject to the regulation. As Andrew Rossow explained for Forbes:

GDPR’s provisions also require that any personal data exported outside the EU is protected and regulated. In other words, if any European citizen’s data is touched, you better be compliant with the GDPR. For example, a U.S. airline is selling services to someone out in the UK, although the airline is located in the U.S., they are still required to comply with GDPR because of the European data being involved.

It is a very high standard to meet, requiring that companies invest large sums of money to ensure they are in compliance. 

And bigger businesses are better able to afford these “large sums of money.” As Mike Masnick of Techdirt explains:

Some of us keep pointing out to the EU that if these laws are designed to go after Google and Facebook, they’re going to miss their target quite a bit, because they’ll mostly serve to lock in those companies as the dominant providers. That’s because they’re big enough to manage the regulatory burden, whereas startups and smaller competitors will not be able to and will suffer.

This seems to be exactly what has happened in the case of GDPR. In October, research carried out by the joint data privacy team of the anti-tracking browser Cliqz and the tracker blocker tool Ghostery concluded:

One thing is certain: Google benefits indirectly from the effects of the GDPR, which led the online advertising market in Europe to become more concentrated, as the majority of advertisers lose market share. Google seems to have successfully taken advantage of the uncertainty around GDPR to further solidify its leading market position. On the other hand, many smaller competitors have been steadily losing market share since the GDPR came into effect.

The power of governments to regulate creates a source of uncertainty. Will they? How will they be enforced if they do? This uncertainty raises the cost of regulations, which, again, offers big firms a competitive advantage over small ones.

In June, The Wall Street Journal reported that “GDPR…has pushed marketers to spend more of their ad dollars with the biggest players.” It explained:

One year on, how different countries will enforce the regulation is still being determined, and experts say that a uniform standard for the use of data in digital advertising is unlikely to materialize for a number of years. That’s pushing some firms to concentrate their digital ad budgets with fewer tech giants, whom they trust not to run afoul of the rules. Violators of GDPR face fines of up to €20 million (about $23 million), or 4% of their global revenue, whichever is higher.

“GDPR has tended to hand power to the big platforms because they have the ability to collect and process the data,” says Mark Read, CEO of advertising giant WPP PLC. It has “entrenched the interests of the incumbent, and made it harder for smaller ad-tech companies, who ironically tend to be European.”

If there is regulation, it pays for the regulated to get in the good books of the regulators. This is easier for big firms to do and gives them the chance to shape regulation and enforcement in a way that, again, gives them a competitive advantage over small firms.

This is known as “regulatory capture.” In April, Politico wrote that GDPR

is vulnerable because of the one provision on which the tech companies prevailed: That the lead regulator be in the country in which the tech firms have their “data controller” – in most cases, Ireland.


Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build glittering new headquarters.

As a result, perhaps, Ireland “has yet to bring an enforcement action against a big tech firm.”

These regulations are usually offered as the way to tame powerful and even monopolistic firms. That seems to have been the intent behind GDPR. The outcome has, in fact, been the opposite. But would we be even worse off without these regulations?

In February 2007, The Guardian asked: “Will MySpace ever lose its monopoly?” It was exactly the sort of company that Elizabeth Warren—in an unholy alliance with conservatives worried about alleged bias—might want to be broken up, just as she now wants supposed monopolies likeAmazon, Google, Apple, and Facebook broken up. But the market did it for her. In April 2008, Facebook overtook Myspace in the Alexa rankings, and in 2009 Myspace lost half of its user base. If individuals and businesses are allowed to innovate in a free market, they will.

For all the talk about “network effects,” “economies of scale,” or whatever else, MySpace’s vaunted “monopoly” was destroyed in a year by such innovation. In contrast, government regulations, like GDPR, have helped entrench big tech companies like Google and Facebook. The choice is not between government regulation and no regulation but between government regulation and market regulation.

Your economics textbooks will contain chapters on “market failures.” The real world will be compared to some perfect model, and the inevitable shortcomings will be labeled “market failures” with government action the proposed remedy. Those textbooks, sadly, generally contain fewer, if any, chapters on “government failure.” But the alternative to “imperfect markets” isn’t “perfect government” but “imperfect government.” That is the correct comparison. As the example of GDPR shows, when government steps in to sort things out, it is plenty capable of making them worse.

John Phelan is an economist at the Center of the American Experiment.