Reasonable tax rates, access to data, and the ability to raise capital are all necessary conditions for the creation and growth of small companies in the app economy. These companies, in turn, provide both the foundations for and novel adaptations of the artificial intelligence (AI)-driven tools of the future. What policymakers should know is how the costs of their proposals add up for small companies, increasing barriers to entry and siphoning resources away from product development and toward compliance.
Emblematic of the tendency for officials to look past small business perspectives are the Federal Trade Commission’s (FTC’s) recent actions to squeeze out and potentially eliminate mergers and acquisitions (M&A). In seeking to address uncommon scenarios where acquisitions create antitrust concerns, the FTC’s campaign has made acquisition a much less feasible path for small companies, especially in markets rooted in advanced technologies. We went into more detail about why it’s so important not to eliminate acquisitionsas a potential exit option for small companies in the app economy in earlier posts. Now, viewing these proposals and updates in the context of all the other regulatory burdens startups are required to take on today, they look even less appealing.
Most notable among the instances of red tape wrapping itself around the app economy are the myriad new state-level privacy laws, which conflict and overlap in unintended and expensive ways. Small businesses, in particular, face a challenging landscape where 18 states have enacted distinct comprehensive privacy laws, and more than 250 new state privacy proposals are under consideration this year alone. To comply with such regulations, companies have had to invest significant resources, collectively spending billions. During our annual conference a couple of weeks ago, several member companies told policymakers that investors seriously consider how and whether brand-new companies are able to comply with the current and growing patchwork of state privacy laws. The prospect of 5 or 10 additional, comprehensive state laws is a direct barrier to investment and, therefore, entry for innovators.
Even though policymakers should avoid creating undue barriers to data access, policies and legal regimes that protect both privacy and data access are not mutually exclusive. The challenge in the United States lies in finding the policy mix that produces benefits for consumers and avoids creating conflicting, overlapping, costly compliance regimes with no commensurate consumer benefit. Congress is considering the American Privacy Rights Act (APRA), which aims to protect individuals nationwide and potentially supersede most state-level data privacy laws. However, until Congress passes a federal bill with a strong preemption provision, which APRA does not contain, businesses must comply with a patchwork of state laws.
Piling onto the privacy patchwork and limits on potential acquisitions is a budding effort to tax digital advertising at the state level. A recent example is California’s Digital Advertising Services Tax bill. This proposal is similar to Maryland’s Digital Advertising Gross Revenues Tax, currently under litigation. Ironically, although the recrimination over privacy fouls gave policymakers the political leverage to move these proposals forward, the bills themselves create concerning privacy risks. For example, an aspect of the California bill is its sourcing regime, which mandates that businesses capture and retain “personally identifiable information” about users to determine revenue attribution, opening a new set of privacy issues beyond those posed by digital advertising itself.
We appreciate that it is difficult for policymakers to fully quantify the costs and benefits of potential intervention. Unfortunately, in the deliberative policymaking process, the full measure of the costs—even conceptually, let alone quantifiably—small businesses would bear as a result of proposed regulation is often poorly understood. For now, we urge that officials at all levels of government develop a better understanding of how additional intervention adds to existing compliance costs and that these costs are already exceptionally high. Perhaps the most prohibitive—and resistant to quantification—of these is uncertainty, as startups in particular rely on high-risk investment. For this reason, a federal, preemptive privacy law is a necessary component of a more certain legal landscape, along with a far more restrained approach to M&A and taxes.