Power and privacy in software ecosystems: a study on data breach impact on tech giants

Abstract

Concerns about data privacy and protection in companies from various fields and sizes are not only a reality, but a requirement at this day and age. The need to comply with governmental laws and other rules became a driving force in handling personal data. For major IT companies, especially those in charge of a software ecosystem, such concerns grow tenfold and extend over to their platforms, software solutions (internal or external products/services - i.e. from third parties) and respective partnerships. When a case of privacy breach is identified, the relationship between the company and users becomes another concerning factor, with consequences abound — financial, technical, business or social aspects. This research investigates privacy and data breach cases in GAFA (Google, Amazon, Facebook, Apple) ecosystems using the perspective of power relationships. By considering the five main forms of power (coercive, expert, legitimate, referent and reward power), we aim to describe how actors in a software ecosystem exercise power in the occurrence of a data protection issue. Moreover, we analyse the impact of the manifested power in the overall health of the ecosystem. The results of our research show that these companies are able to exercise types of power that are enabled by elements such as reputation and technical orchestration, evoking a sense of trust and convenience. Additionally, we discuss the role of media outlets and data protection rules as threats against the exercise of power from these ecosystems.