Subscriber OnlyBig Tech

Toxic data-grabbing environment inhibits real tech innovation

Third-party tracking remains ‘a significant and ubiquitous privacy threat’

The list of silly things the General Data Protection Regulation gets blamed for expanded melodramatically this week with a paper that blames it for constricting “innovation” based on – facepalm – a drop in the number of apps available on the Google Play Store since the GDPR’s 2018 implementation.

Yes, the Google Play Store, long-recognised as a problematical malware and privacy-compromising Android app haven, provided by the company that itself leads all others in offering data-harvesting mobile apps under its massive Alphabet-parent umbrella. Many of those then sell your data to third parties.

This huge problem of third-party data tracking and selling is being legally challenged by the Irish Council for Civil Liberties' Johnny Ryan as a fundamental violation of the GDPR, because users generally have zero awareness that their data is being sold off to bidders. Ryan argues people have not even been asked for their consent in any reasonable way, a requirement within the GDPR.

Oxford University researchers last year pointed out that GDPR brought about only "limited change" in the presence of those opaque third-party tracking apps.


But that’s just another angle on the data-grabbing abuse that the GDPR is supposed to curtail, and which too many companies and app creators evade.

There’s “innovation” for you, of the type exploited most memorably by Cambridge Analytica, a data misuse case that introduced the global general public to the fact that we really don’t know what happens with the personal data that so many apps collect.

This week's paper has the mournful title GDPR and the Lost Generation of Innovative Apps (what next? Indiana Jones and the Temple of Third-Party Tracker Doom?). The summary is this: the researchers looked at data on 4.1 million apps on the Google Play Store between 2016 and 2019. They state that "GDPR induced the exit of about a third of available apps" and that half as many new apps were offered in the quarters after it came into effect.

The conclusion: “Whatever the privacy benefits of GDPR, they come at substantial costs in forgone innovation.”

Where to even begin.

First, we need to accept that Android apps, on the Google Play Store during a period in which it has been (and continues to be) repeatedly criticised for offering junky and malicious apps, constitutes an example of, and a proxy for, tech “innovation” generally.

Just, no. For an initial ironic laugh, there's a fresh Irish study from Trinity College's Prof Doug Leith which revealed (just two months ago) that two of Google's widely used Android apps, Messages and Dialer, have serious privacy problems, sending personally identifying data to Google with no opt-out option.

Abusive apps

Google says it plans “to make multiple changes” to the apps now, according to the study.

Next, you have to accept that the huge decline in apps was due to the GDPR, and that the departing apps were valuable and “innovative”.

Might the departures not be due to the ongoing pressure on Google to clean up its Play Store? Because in the period covered by the study, Google Play doubled down on winnowing out abusive apps. In a 2019 official blog post Google Play said its successful crackdown was the result of improving its bad app/bad developer detection technologies and better human review, resulting in a 55 per cent increase in new app rejection, and a 66 per cent increase in malicious app 2018, the year of GDPR, but nothing to do with GDPR.

On the other hand, an equally pertinent point is that the GDPR, as well as Google Play’s improved app scrutiny process, represents a big app-cleaning broom for sweeping out malicious and privacy-compromising apps and preventing their introduction to the Play Store.

This may represent “forgone innovation” for some, but others might see it as a badly needed spring clean and a most basic app examination process that still needs considerable improvement. Notably, several studies indicate many apps continue to have only questionable compliance with the GDPR.


But the main problem is that the study ludicrously ties “innovation” to apps built on more data gathering and less personal privacy, thus endorsing the very surveillance capitalism construct that, in provable ways, inhibits real innovation and keeps the app and tech market in the tight grip of a few “gatekeeper” tech giants.

As the 2021 Oxford study shows, third-party tracking – easily the most invasive and pervasive – remains "a significant and ubiquitous privacy threat in mobile apps" with a "concentration of tracking capabilities among a few large gatekeeper companies". Namely, and in order of dominance: Alphabet/Google, Facebook, Microsoft, Twitter, Amazon and Verizon.

If such widespread data harvesting, auctioning and brokering were properly halted by the GDPR, and an end brought to the toxic environment in which data – and thus, personal surveillance – are a business norm, the grip of the powerful few would be significantly loosened. Then new market opportunities could truly open up and real innovation could flourish.