The seemingly unstoppable expansion of Apple Inc., Alphabet Inc., Amazon.com Inc., and Facebook Inc. in the smartphone ecosystem, digital advertising, e-commerce, and social media could decelerate as the tech giants face scrutiny from the U.S. Congress, Department of Justice (DoJ), and Federal Trade Commission (FTC)--and that's naming only the domestic regulators.

The DoJ and FTC have favored self-regulation to avoid hindering innovation. And they haven't established a framework to regulate and provide ongoing monitoring of the rapidly changing technology industry. However, as the complaints from competitors and consumers have become more frequent, and as regulators themselves--as consumers--recognize the scale and power of these companies, they have mobilized. Regulators now have the difficult task of determining whether the rising concentration of market power in a handful of large tech participants acts in ways that are harmful to consumers and competitors, or, as large tech companies have asserted, promotes rapid innovation and job creation.

Meanwhile, two other topics are getting much discussion among politicians and regulators: data privacy and the safe harbor provision related to Section 230 of the Communications Decency Act of 1996. Some argue lax privacy rules have allowed tech companies to collect and store consumer data without consent and, worse, benefit economically from it. Facebook and Alphabet have also faced accusations that they have not removed harmful from their platforms fast enough.

In this report, S&P Global Ratings examines how these concerns could affect Apple, Alphabet, and Amazon and what ratings impact, if any, they could have.

Breakups And Undoings

The flywheel effect established by the large tech companies enabled innovation and capitalization; their significant installed user and developer bases allowed lower costs and improved services to customers, and kept barriers to entry high. It also sparked a rapid increase in their market capitalizations, on an absolute and relative basis, and aggravated concerns about monopolistic practices.

Significant big-tech antitrust cases have been happening for decades. Microsoft, in 2000, was ordered to break into two separate units. The case was appealed and ultimately settled in 2001, requiring Microsoft to share its application programming interface with third-party companies--a relatively minor punishment compared to a breakup of the company. The real harm done, in our view, was not from the terms of the settlement but from the change in public perception of Microsoft's business behavior.

The Microsoft lawsuit provides insights to the issues facing Apple, Amazon, and Alphabet, which all use platforms to enhance their already strong market positions. The antitrust concerns about Facebook, on the other hand, consist of whether it violated anticompetitive rules from its acquisition strategy. In our view, a strong antitrust case requires consumer harm or exclusionary behavior. Also, it is likely to be a long and winding road to a conclusion, during which time the companies may adapt their products and practices to strengthen their defense against an antitrust action.

We believe it is difficult to prove Apple's App Store fees and Amazon's first-party sales have caused consumer harm. Apple's App Store fees are paid by developers, not by consumers, and Amazon's first-party/private-label sales typically have lower pricing than similar products in their Marketplace. Alphabet and Facebook's search and social media platforms are also free to consumers. Therefore, the main concern is less on pricing and more on strategies to suppress or eliminate competitors.

Apple

Apple's smartphones are preloaded with its App Store and Apple charges a 30% fee in the first year and 15% in the years after on all app sales and subscription payments. Companies such as Netflix, Spotify, and Epic Games, have argued that the charge is onerous and prevents them from lowering their prices to consumers. Additionally, with Apple's smartphone preinstalled with its own apps--e.g., Apple Music and Apple podcasts--it could be unfairly disadvantaging competing app developers, and maintaining a monopoly in iOS app distribution and in-app payment processing. Apple argues that it is fairly compensated for enforcing standards and providing a good user experience and a secure payment system. In our view, it will be difficult for regulators to prove Apple's App Store exhibits exclusionary behavior, given the precedent of companies such as Netflix who have successfully moved off of Apple's payment system and bypassed the app fees paid to Apple. Arguments can be made over whether the fees charged are excessive, but we do not believe any modifications to pricing or how Apple monetizes access to its App Store will endanger its business model or credit quality.

Amazon

Amazon's first-party/private-label sales have always drawn fire from competitors and regulators; they are hard to compete with if you're a third-party seller on Amazon's marketplace. Amazon is also privy to sellers' product-related data, which could unfairly benefit its own private-label pricing and brand strategies. During the congressional hearing in July, CEO Jeff Bezos highlighted that the company's policy bans such practice and will investigate whether any violations have taken place. On the other hand, use of aggregate data is allowed under Amazon's policies. Still, data shows that third-party sales has grown more rapidly than first-party sales on Amazon and now represents a higher percentage of the total retail sales. The sale of physical merchandise on Amazon by third parties grew to about 60% in 2019, from 3% in 1999. This trend continued in the second quarter of 2020, with third-party sales growing 52% year-over-year during the quarter, outpacing first-party sales, which increased 48%. We believe the outsized growth is partially attributable to the Fulfillment By Amazon program, which allows merchants to use Amazon's vast network of warehouses, services, and delivery channels to sell their products. As such, Amazon's Third-Party Seller Services business, which grew tremendously during the same period, now contributes about 19% of the total revenue. Amazon has kept a razor-sharp focus on expanding logistics and delivery capability, which has only accelerated in the face of pandemic driven by customer demand. We believe this would further propel third-party sales on Amazon as well as grow its Third-Party Seller Services business.

Chart 3

Chart 4

Alphabet

Antitrust concerns regarding Alphabet stem from its dominant market share in search, its vertical integration in digital advertising, and its sprawling product portfolio that creates opportunities to leverage one product to enhance another. Google has eight products with over one billion monthly active users (Android, Chrome, Gmail, Google Drive, Google Maps, Google Play, Search, and YouTube) and has more than 90% share of the global search market according to Statcounter. Google could conceivably use its position in search to advantage its other products, such as favoring YouTube in searches for video or favoring its own shopping results over competitors'. Another concern is that Google controls Display & Video 360 or DV360, a system that advertisers use to buy ad space on Google's network of partner websites, another system those websites owners use to sell that space, formerly known as DoubleClick for Publishers, and the exchange on which transactions between buyers and sellers occurs, formerly known as DoubleClick Ad Exchange or AdX. In all three of these spaces, Google's tools have leading market share, which it could use to generate outsized profits. In Europe, the EC has issued fines totaling €8.2 billion in three cases in which it found that the company infringed on European competition law related to AdSense for Search, Android distribution agreements, and display and ranking of shopping search results; the company is appealing the decisions and fines. The EU is investigating the company's agreement to acquire Fitbit over concerns that it could use data from Fitbit devices for targeted advertising, which could increase its advantage over online advertising rivals.

Facebook (unrated)

The most significant antitrust concern for Facebook has been its acquisitions. Facebook acquired Instagram in 2012 for cash and stock worth approximately $1 billion at the time of the agreement, and it acquired WhatsApp for $19 million in 2014. While both companies were relatively small, Instagram only had 13 employees and WhatsApp had 55, but Instagram was making significant inroads as a competing social media platform and WhatsApp was growing globally as a messaging platform. Ongoing separate antitrust examinations by the U.S. Justice Department, the FTC, and by Attornies General of several U.S. states are assessing whether the company's actions caused consumer harm, including whether they were anti-competitive thereby limiting consumer choice.

Liability Protection Concerns Are Bipartisan

Section 230 of the Communications Decency Act of 1996 contains "the 26 words that created the internet," according to cybersecurity law expert Jeff Kosseff: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."

The law intentionally provides platforms such as Facebook and YouTube protection against liability for content created by its users. These protections remain critical--without them, the cost to protect platforms against liability from their users' content could be prohibitive. At the time the law was passed, the internet was in its infancy and the companies were much smaller and less powerful. Both political parties agreed to a hands-off approach to regulation to allow the industry to flourish.

Attitudes are changing as platform companies have entrenched their positions, beaten back competitors, and occupied a central role in people's lives. We expect some reform to be enacted given bipartisan concern that Section 230 provides too much protection to big tech companies. These reforms could cover removal of harmful content, content moderation bias, and free speech.

We think Facebook is the most exposed since the largest portion of its business is supported by third-party content. Alphabet has meaningful exposure too because of its ownership YouTube as well as some features within its other products, such as Google Maps, but less overall than Facebook because of its diversity of businesses.

Politicians of both parties have expressed misgivings about Section 230, although their concerns are different. House Speaker Nancy Pelosi (D) has called the protections a gift and a privilege that requires a greater sense of responsibility by the platforms, while Senator Josh Hawley (R) has put forward multiple legislative proposals. Democrats want platforms to censor more, with stricter standards around hate speech and disinformation, while Republicans are concerned that they censor too much and are biased against politically conservative views.

The range of possible outcomes extends from maintaining the status quo, to full repeal of Section 230, for which presidential candidate Joe Biden has expressed support. Sen. Josh Hawley has proposed conditioning immunity on FTC certification of political neutrality and revoking immunity of platforms that serve ads based on a user's traits, personal information, or online behavior. Rep. Paul Gosar (R) proposed only allowing the removal of unlawful content in order to qualify for liability protection. And Beto O'Rourke (D) proposed a plan for platforms to lose immunity if they do not ban content that incites or engages in violence, intimidation, threats, or defamation against others based on demographics like race, religion, immigration status, and gender identity. More moderate bipartisan proposals include the EARN IT Act, which would condition immunity on complying with best practices set by a new commission for the removal of child sexual exploitation content; and the PACT Act, which would require content moderation policies and transparency reports, and implement a notice-and-takedown framework for unlawful content.

We think the ultimate outcome is somewhere in the middle of the extremes given that legislation would likely require bipartisan cooperation. We believe the full repeal of Section 230 protection is unlikely given the benefits and value creation the platforms provide, including broader access to speech. Something like the PACT Act would be manageable and would not put the third-party content platform business model at risk.

Stricter Privacy Regulation Would Advantage The Larger Players Over Smaller Ones

We think the general public has to some degree reconsidered how much data it shares with digital advertising platforms, and the scrutiny from regulators around privacy has recently taken a back seat to antitrust concerns. The EU's General Data Protection Regulation (GDPR) has been in force since May 2018, and has given EU residents more control over their personal data. Key protections include a requirement to collect the minimum amount of data necessary to fulfill a platform's purpose, the right of users to request their data, the right to erase data in certain circumstances, the right to stop direct marketing based on data, and the ability to port data into a common format. Violations could carry fines up to 4% of global annual turnover for the preceding financial year for the most serious infringements.

We believe GDPR represents a high water mark on privacy regulation, and that it is unlikely that the U.S. would implement a more restrictive law. The law has been in place for more than two years and has not had a meaningful impact on revenue growth or profit margins for the big tech companies. So far, fines under the law have been modest--the largest has been a €50 million fine by France against Google for a lack of transparency and consent in advertising personalization. In fact, the law could benefit the larger players relative to the smaller ones because their vast resources, expertise, and operating flexibility put them in a better position to cope with the complex rules. A partial offset might be portability requirements that would allow users to switch platforms more easily, but so far we haven't seen any impact.

The California Consumer Privacy Act (CCPA), which contains many concepts similar to those in GDPR, became effective in Jan. 2020 and, similarly, we do not expect to see a material impact on financial performance.

There is a risk that an increase in transnational, national, state, and local privacy regulations would increase the cost and complexity of managing consumer data businesses, but again, the largest players are better positioned to address the complexity relative to their smaller counterparts.

Of the big tech firms, we see Facebook and Alphabet as the most exposed, followed by Amazon given their use of data across products for marketing purposes; Apple has lots of sensitive user data but it doesn't monetize the data through advertising, preferring to base its business on products and subscription services, so it is less exposed.

Welcoming Tighter Rules And Slowing The Ascent

In our view, the probability that today's controversial topics and investigations will have a serious impact on the big tech companies is low. However, the risk is higher now than in the past because of these companies' ever-expanding footprint in our global society and the bipartisan support to regulate them. The risks are captured in our ratings of Apple, Alphabet, and Amazon, but materially adverse outcomes are not in our base cases. So far, investigations from the EU have been the most aggressive, resulting in formal charges against Google related to Google Shopping (favoring their own products in search results over competitors'), Adsense (exclusionary behavior), and the Android operating system (products tying distribution agreements with mobile device makers) and fines of over €8 billion. The EU has also launched antitrust probes into Apple, Amazon, and Facebook over the past couple years.

Any undoing of acquisitions previously approved or business breakup, while possible, would be unlikely. Policy frameworks to regulate tech are not designed to assess antitrust, data privacy, artificial intelligence, and safe harbor rules. Even if a breakup or an M&A undoing were contemplated by regulators, any material enforcement actions will likely be drawn out by lengthy legal challenges.

Rather, over the near term, large tech companies will likely tweak some their business practices without significantly altering their growth or business strategies. We also expect large tech companies to avoid sizable M&A, which will draw even more attention to their market prowess. We anticipate the regulators' continued pressure on large tech companies to lower barriers to entry and make it more attractive for starts-ups and smaller existing tech companies, all with the goal of providing a healthier tech ecosystem. The technology industry has enabled growth and increased productivity in many aspects of global society, and we expect it will continue to attract investments from venture capital, and private equity firms as well as strategic investors.

Over the longer term, we believe companies such as Apple, Alphabet, Amazon, and Facebook will accept more regulations and rules on the tech industry and its participants, as it will provide a clear operating framework.

From a ratings perspective, we believe the threat of antitrust actions by regulators could extract changes to how large tech companies operate, but any actions, enforced or self-selected, would be manageable. Near-term rating impact is limited, in our view, as we expect any regulatory actions against the large tech companies will not involve a breakup or cause material disruptions to their businesses. Despite our expectations for significantly higher hurdles to large scale M&As, we do not expect these companies to stop investing, especially in areas like public cloud infrastructure services, in which Amazon, Microsoft, and Google have strong market positions largely thanks to organic investments and partnerships.

Legal penalties and fines by regulatory bodies could be significant, as they are typically assessed based on companies' revenues or profit. However, given the strong financial positions of big tech companies, we do not expect fines and legal fees--if any--to have an immediate rating impact.