• by Wendy Davis  @wendyndavis, March 20, 2019

Laws like Europe's General Data Protection Regulation, which require companies to obtain consumers' opt-in consent before using their data for targeted ads, could benefit large, consumer-facing businesses while harming smaller ad-tech companies, Federal Trade Commission Chairman Joseph Simons suggested Wednesday.

Speaking at an Association of National Advertisers conference, Simons said the agency had told Congress it was “conceivable” that tougher privacy laws governing targeted advertising would result in less competition. Congress is currently considering whether to pass federal privacy legislation that could have an impact on marketers' ability to use data about people's digital activity -- including the websites they visit -- for ad targeting.

Simons added that the agency views Europe's GDPR -- which went into effect last May -- as a “natural experiment” the FTC could learn from.

“We're starting to see research and empirical economics analysis that suggests that, at least on a transitory basis, GDPR is having some impact.”

Last October, German browser developer Cliqz reported that the GDPR appeared to have resulted in an increase in Google's reach, but a drop in the reach of small ad trackers and Facebook. But that report came within a few months of the GDPR's enactment, and it's not yet clear how the new law will affect companies in the long run.

In January, privacy regulators in France fined Google $57 million for allegedly failing to obtain people's unambiguous consent before using their data to target ads.

Simons' remarks, in response to a question from the audience, come as lawmakers and advocates are increasingly calling for increased scrutiny of tech companies over their privacy practices, as well as whether they have engaged in anti-competitive conduct.

The FTC has already said it is investigating Facebook over revelations that the political consultancy Cambridge Analytica harvested data from up to 87 million consumers. Those data transfers may have violated a 2012 consent decree that prohibits Facebook from misrepresenting its privacy practices, and from misrepresenting the extent to which it makes users' information available to third parties. The agency reportedly is considering imposing a multi-billion dollar fine against the company.

When asked how the FTC determines fines, Simons said one factor is vindicating the agency's authority.

“If we have an order out there, we want it to be complied with,” he said.