A bipartisan data-privacy law could backfire on small businesses − 2 marketing professors explain why

Graphic representing mobile phone conversation

by John Lynch, University of Colorado Boulder and Jean-Pierre Dubé, University of Chicago, [This article first appeared in The Conversation, republished with permission]

Orion Brown started Black Travel Box to serve Black female travelers who find hotel lotions and shampoos inadequate. Randel Bennett co-founded the insurance startup Sigo Seguros for underserved Spanish-speaking drivers. Bill Shufelt and John Walker founded Athletic Brewing Company so athletes and nondrinkers in social situations could drink tasty nonalcoholic beer.

What do these three successful businesses have in common? In each case, the entrepreneurs built their businesses on personalized digital advertising platforms such as Facebook and Instagram. They didn’t have the budgets for TV advertising campaigns to compete with bigger businesses. And all served markets that had previously been ignored.

A privacy bill that’s being eyed by Congress could unintentionally make it harder for similar ventures to take off in the future. We are professors of marketing who are experts in academic research on effects of public policy on marketing. We are concerned that the bipartisan bill – the American Privacy Rights Act – could undermine small entrepreneurs like these who rely on targeted digital advertising.

While Americans increasingly favor government taking a more interventionist approach to data privacy, a growing body of rigorous research shows that privacy regulations can have unintended consequences.

Privacy rights and wrongs

The American Privacy Rights Act – introduced by lawmakers in both the House and Senate in April 2024 – would, in the words of a Senate summary, create “national consumer data privacy rights and set standards for data security.”

The bill would create a national standard for data collection and data use. A national standard would have the benefit of unifying a patchwork of state regulations. In a supportive editorial, The Washington Post described the bill “as tough as, if not tougher than, what states have mustered so far.” Tougher must be better, right?

Not necessarily.

The state bills at issue are generally modeled on the European General Data Protection Regulation, or GDPR. The European Union touts the GDPR as “the strongest privacy and security law in the world.”

But a growing body of academic literature shows that privacy regulations such as the GDPR can have unintended consequences. In May, the nonprofit Marketing Science Institute released our report summarizing that work. In short, data privacy doesn’t come free – it requires trade-offs.

The price of privacy

For starters, there’s a trade-off between privacy and usefulness of information exchanges for firms and consumers. The 2006 book “The Long Tail” described how digital marketing changed our economy from a market focused on selling hit products to a market serving many smaller niches of consumers with diverse needs and tastes. Digital marketing makes it possible for small entrepreneurs and consumers with nonmainstream needs to find each other.

There’s also a trade-off between privacy and fairness. Just as consumers differ in their needs for products, they differ in whether, when and why they are willing to share data. Research shows that those most keen to minimize data-sharing are richer, more educated and older than those who are less keen. The goal of privacy regulation, we argue, should be to give consumers control of their data rather than to slow the flow of data for all.

Coarser personalization can exclude marginalized consumer segments. Some lower-income consumers and certain minority groups live in digital data deserts. The problem isn’t that companies know too much about them. Instead, they are so invisible that they are unwittingly excluded from the digital economy.

Privacy can be, in some sense, a problem of the privileged. We know of no rigorous study showing that toughened digital marketing privacy policies produced tangible economic benefits for anyone, let alone lower-income consumers.

There’s also a trade-off between privacy and freedom from discrimination, particularly against marginalized groups. Algorithms have been known to inadvertently discriminate. For example, one study showed that women were less likely than men to be served ads for job opportunities in STEM careers. That seems unfair.

Regulators, including the framers of the American Privacy Rights Act, have prescribed that firms should limit the data they collect only to what is reasonable and necessary, minimizing information about race, gender or other protected class attributes. But without that information, how will regulators and firms audit data-based marketing algorithms for unintended discrimination?

Finally, there’s a trade-off between privacy and innovation by sellers in the marketplace. Many small brands exist because digital marketing allows them to create sustainable businesses at a small scale without giant media budgets. Digital advertising costs a fraction of what’s needed for traditional television campaigns, saving small U.S. entrepreneurs US$163 billion annually. Small brands benefit more from accurate targeting than the big brands with broader appeal.

A growing number of studies show that privacy regulations may slow innovation and reduce the competitiveness of markets. This is especially harmful to those same small businesses and entrepreneurs that benefit most from being able to accurately target diverse consumers.

Recently, privacy advocates started attaching the label “corporatists” to those who argue for benefits of personalized marketing. Ironically, it’s small businesses that benefit most from personalized marketing, as our report for the Marketing Science Institute shows.

Giants like Unilever and Nike gain competitive advantage from privacy regulation and changes to platform privacy policies that dramatically raise small businesses’ costs of acquiring new customers, and giants like Amazon and Walmart gain new appeal as ad platforms. Similarly, studies show that GDPR boosted Google’s and Facebook’s market dominance in Europe and disproportionately increased privacy compliance costs for smaller firms.

To be sure, we believe there’s value in the bill being crafted in Congress to protect consumers’ right to privacy. The May markup included carve-outs for small businesses, for example, but without considering how they rely on others’ data for customer acquisition. In June, divisions between Republicans and Democrats led to canceling a markup session.

In our view, Congress would be wise to use the current impasse to carefully consider how the proposed law would affect smaller sellers and disadvantaged consumer groups.

John Lynch, University of Colorado Distinguished Professor, University of Colorado Boulder and Jean-Pierre Dubé, James M. Kilts Distinguished Service Professor of Marketing, University of Chicago

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Be the first to comment on "A bipartisan data-privacy law could backfire on small businesses − 2 marketing professors explain why"

Leave a comment

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.