This generation of kids are growing up in a digital environment defined by privacy laws preventing usage of their personal data. This is an entirely new chapter for the internet.
For the majority of adults, the practice of exchanging personal data in exchange for free content or services is normal. However, laws such as COPPA and GDPR-K legally prevent data capture on children, triggering a seismic structural change.
TL;DR: This is going to cost social companies tens of billions of dollars in lost revenue as these kids grow up restricting the use of their personal data.
Originally focused on under-13s in the US (COPPA), these same digital privacy protections have been extended to children under 16 in Europe (GDPR-K). This ‘zero-data’ trend shows no sign of stopping; California has just passed new laws that will effectively drag the rest of the US to the same higher age standard.
There is momentum building. The prevalence of health warnings, snowballing legislation and lawsuits around kids digital privacy will inevitably have significant ramifications for surrounding industries. To understand the potential revenue impact this will have on profile-data driven internet companies, we looked at Facebook.
Summary: Facebook will suffer over $35B in lost revenue as kids data privacy laws remove under-13s from the social network’s addressable audience. For context, this represents almost 10% of their market capitalisation today.
The workings are in the table below, but here are the core assumptions:
- It will take around five years for digital privacy standards to be understood by kids as normal and important (helped by the kidtech sector). After this point we’ll see 75% of kids who are aging into FB (13+) choose not to sign up.
- This $35B estimate is only for the first ten years (it’s not discounted). This annual lost revenue obviously compounds, and by the end of this measurement period Facebook will be losing out on over $6.5B in annual revenue.
- ARPU for the US and EU users are taken from FB’s public financials. We’ve assumed a 5% growth in ARPU.
- We’ve taken a flat age of 13 across both the US and EU, even though GDPR-K is increasing this threshold to 16 across most of Europe, therefore likely underestimating the true revenue impact on Facebook.
For the first time in the history of the internet, there is global regulation of an audience type. It’s a point which continues to be overlooked. We simply haven’t seen this before.
Quite apart from the direct effects of legal measures are the likely effects on the behavior of the young audiences they protect.
The less kids share their personal data at a young age, the less likely they will be to do so as they get older. Rewriting the status quo of online behaviors will result in a generation of kids awake to the dangers of freely-shared personal information.
This generation of kids growing up in a privacy-focused environment will materially impact the leading consumer internet companies.