INSUBCONTINENT EXCLUSIVE:
The third meeting of the International Grand Committee on Disinformation and ‘Fake News&, a multi-nation body comprised of global
legislators with concerns about the societal impacts of social media giants, has been taking place in Dublin this week — once again
without any senior Facebook management in attendance.
The committee was formed last year after Facebook CEO Mark Zuckerberg repeatedly
refused to give evidence to a wide-ranging UK parliamentary enquiry into online disinformation and the use of social media tools for
That snub encouraged joint working by international parliamentarians over a shared concern that also a cross-border regulatory and
accountability challenge.
But while Zuckerberg still, seemingly, does not feel personally accountable to international parliaments — even
as his latest stand-in at today committee hearing, policy chief Monika Bickert, proudly trumpeted the fact that 87 per cent of Facebook
users are people outside the US — global legislators have been growth hacking a collective understanding of nation-state-scale platforms
and the deleterious impacts their data-gobbling algorithmic content hierarchies and microtargeted ads are having on societies and
democracies around the world.
Incisive questions from the committee today included sceptical scrutiny of Facebook claims and aims for a
self-styled ‘Content Oversight Board& it has said will launch next year — with one Irish legislator querying how the mechanism could
possibly be independent of Facebook , as well as wondering how a retrospective appeals body could preventcontent-driven harms
(On that Facebook seemed to claim that most complaints it gets from users are about content takedowns.)
Another question was whether the
company planned Libra digital currency might not at least partially be an attempt to resolve a reputational risk for Facebook, of accepting
political ads in foreign currency, by creating a single global digital currency that scrubs away that layer of auditability
Bickert denied the suggestion, saying the Libra project is unrelated to the disinformation issue and &is about access to financial
services&.
Twitter recently announced total ban on political issue ads also faced some critical questioning by the committee, with the
company being asked whether it will be banning environmental groups from running ads about climate change yet continuing to take money from
oil giants that wish to run promoted tweets on the topic
Karen White, director of public policy, said they were aware of the concern and are still working through the policy detail for a fuller
release due later this month.
But it was Facebook that came in for the bulk of criticism during the session, with Bickert fielding the vast
majority of legislators& questions — almost all of which were sceptically framed and some, including from the only US legislator in the
room asking questions, outright hostile.
Google rep, meanwhile, had a very quiet hour and a half, with barely any questions fired his way
While Twitter won itself plenty of praise from legislators and witnesses for taking a proactive stance and banning political microtargeting
altogether.
The question legislators kept returning to during many of today sessions, most of which didn&t involve the reps from the tech
giants, is how can governments effectively regulate US-based Internet platforms whose profits are fuelled by the amplification of
disinformation as a mechanism for driving engage with their service and ads?
Suggestions varied from breaking up tech giants to breaking
down business models that were roundly accused of incentivizing the spread of outrageous nonsense for a pure-play profit motive, including
by weaponizing people data to dart them with ‘relevant& propaganda.
The committee also heard specific calls for European regulators to
hurry up and enforce existing data protection law — specifically the EU General Data Protection Regulation (GDPR) — as a possible
short-cut route to shrinking the harms legislators appeared to agree are linked to platforms& data-reliant tracking for individual
microtargeting.
A number of witnesses warned that liberal democracies remain drastically unprepared for the ongoing onslaught of malicious,
hypertargeted fakes; that adtech giants& business models are engineered for outrage and social division as an intentional choice and scheme
to monopolize attention; and that even if we&ve now passed &peak vulnerability&, in terms of societal susceptibility to Internet-based
disinformation campaigns (purely as a consequence of how many eyes have been opened to the risks since 2016), the activity itself hasn&t yet
peaked and huge challenges for democratic nation states remain.
The latter point was made by disinformation researcher Ben Nimmo, director
of investigations at Graphika.
Multiple witnesses called for Facebook to be prohibited from running political advertising as a matter of
urgency, with plenty of barbed questions attacking its recent policy decision not to fact-check political ads.
Others went further —
calling for more fundamental interventions to force reform of its business model and/or divest it of other social platforms it also owns
Given the company systematic failure to demonstrate it can be trusted with people data that enough reason to break it back up into separate
social products, runs the argument.
Former Blackberry co-CEO, Jim Ballsillie, espoused a view that tech giants& business models are
engineered to profit from manipulation, meaning they inherently pose a threat to liberal democracies
While investor and former Facebook mentor, Roger McNamee, who has written a critical book about the company business model, called for
personal data to be treated as a human right — so it cannot be stockpiled and turned into an asset to be exploited by
behavior-manipulating adtech giants.
Also giving evidence today, journalist Carole Cadwalladr, who has been instrumental in investigating
the Cambridge Analytica Facebook data misuse scandal, suggested no country should be trusting its election to Facebook
She also decried the fact that the UK is now headed to the polls, for a December general election, with no reforms to its electoral law and
with key individuals involved in breaches of electoral law during the 2016 Brexit referendum now in positions of greater power to manipulate
She too added her voice to calls for Facebook to be prohibited from running political ads.
In another compelling testimony, Marc
Rotenberg, president and executive director of the Electronic Privacy Information Center (Epic) in Washington DC, recounted the long and
forlornhistory of attempts by US privacy advocates to win changes to Facebook policies to respect user agency and privacy — initially from
the company itself, before petitioning regulators to try to get them to enforce promises Facebook had renaged on, yet still getting exactly
nowhere.
No more ‘speeding tickets&
&We have spent the last many years trying to get the FTC to act against Facebook and over this period
of time the complaints from many other consumer organizations and users have increased,& he told the committee
&Complaints about the use of personal data, complaints about the tracking of people who are not Facebook users
Complaints about the tracking of Facebook users who are no longer on the platform
In fact in a freedom of information request brought by Epic we uncovered 29,000 complaints now pending against the company.&
He described
the FTC judgement against Facebook, which resulted in a $5BN penalty for the company in June, as both a &historic fine& but also essentially
just a &speeding ticket& — because the regulator did not enforce any changes to its business model
So yet another regulatory lapse.
&The FTC left in place Facebook business practices and left at risk the users of the service,& he warned,
adding: &My message to you today is simple: You must act
You cannot wait ten years or even a year to take action against this company.&
He too urged legislators to ban the company from engaging in
political advertising — until &adequate legal safeguards are established&
&The terms of the GDPR must be enforced against Facebook and they should be enforced now,& Rotenberg added, calling also for Facebook to be
required to divest of WhatsApp — ¬ because of a great scheme to break up big tech but because the company violated its commitments to
protect the data of WhatsApp users as a condition of the acquisition&.
In another particularly awkward moment for the social media giant,
Keit Pentus-Rosimannus, a legislator from Estonia, asked Bickert directly why Facebook doesn&t stop taking money for political ads.
The
legislator pointed out that it has already claimed revenue related to such ads is incremental for its business, making the further point
that political speech can simply be freely posted to Facebook (as organic content); ergo, Facebook doesn&t need to take money from
politicians to run ads that lie — since they can just post their lies freely to Facebook.
Bickert had no good answer to this
&We think that there should be ways that politicians can interact with their public and part of that means sharing their views through ads,&
was her best shot at a response.
&I will say this is an area we&re here today to discuss collaboration, with a thought towards what we
should be doing together,& she added
&Election integrity is an area where we have proactively said we want regulation
Defining political ads and who should run them and who should be able to and when and where
Those are things that we would like to work on regulation with governments.&
&Yet Twitter has done it without new regulation
Why can&t you do it?& pressed Pentus-Rosimannus.
&We think that it is not appropriate for Facebook to be deciding for the world what is true
or false and we think that politicians should have an ability to interact with their audiences
So long as they&re following our ads policies,& Bickert responded
&But again we&re very open to how together we could come up with regulation that could define and tackle these issues.&
tl;dr Facebook could
be seen once again deploying a policy minion to push for a ‘business as usual& strategy that functions by seeking to fog the issues and
re-frame the notion of regulation as a set of self-serving (and very low friction) ‘guide-rails&, rather than as major business model
surgery.
Bickert was doing this even as the committee was hearing from multiple voices making the equal and opposite point with acute
force.
Another of those critical voices was congressman David Cicilline — a US legislator making his first appearance at the Grand
He closely questioned Bickert on how a Facebook user seeing a political ad that contains false information would know they are being
targeted by false information, rejecting repeated attempts to misleading reframe his question as just about general targeting data.
&Again,
with respect to the veracity, they wouldn&t know they&re being targeted with false information; they would know why they&re being targeted
as to the demographics… but not as to the veracity or the falseness of the statement,& he pointed out.
Bickert responded by claiming that
political speech is &so heavily scrutinized there is a high likelihood that somebody would know if information is false& — which earned
her a withering rebuke.
&Mark Zuckerberg theory that sunlight is the best disinfectant only works if an advertisment is actually exposed to
But as hundreds of Facebook employees made clear in an open letter last week Facebook advanced targeting and behavioral tracking tools —
and I quote — &hard for people in the electorate to participate in the public scrutiny that we&re saying comes along with political
speech& — end quote — as they know — and I quote — &these ads are often so microtargeted that the conversations on Facebook
platforms are much more siloed than on the other platforms,& said Cicilline.
&So, Ms Bickert, it seems clear that microtargeting prevents
the very public scrutiny that would serve as an effective check on false advertisements
And doesn&t the entire justification for this policy completely fall apart given that Facebook allows politicians both to run fake ads and
to distribute those fake ads only to the people most vulnerable to believe in them? So this is a good theory about sunlight but in fact in
practice you policies permit someone to make false representations and to microtarget who gets them — and so this big public scrutiny that
serves as a justification just doesn&t exist.&
Facebook head of global policy management responded by claiming there &great transparency&
around political ads on its platform — as a result of what she dubbed its &unprecedented& political ad library.
&You can look up any ad in
this library and see what is the breakdown on the audience who has seen this ad,& she said, further claiming that &many [political ads] are
not microtargeted at all&.
&Isn&t the problem here that Facebook has too much power — and shouldn&t we be thinking about breaking up that
power rather than allowing Facebook decisions to continue to have such enormous consequences for our democracy?& rejoined Cicilline, not
waiting for an answer and instead laying down a critical statement
&The cruel irony is that your company is invoking the protections of free speech as a cloak to defend your conduct which is in fact
undermining and threatening the very institutions of democracy it cloaking itself in.&
The session was long on questions for Facebook and
short on answers with anything other than the most self-serving substance from Facebook.
Major GDPR enforcements coming in 2020
During a
later session without any of the tech giants present which was intended for legislators to query the state of play of regulation around
online platforms, Ireland data protection commissioner, Helen Dixon, signalled that no major enforcements will be coming against Facebook et
al this year — saying instead that decisions on a number of cross-border cases will be coming in 2020.
Ireland has a plate stacked high
with complaints against tech giants since the GDPR came into force in May 2018
Among the 21 &large scale& investigations into big tech companies that remain ongoing are probes around transparency and the lawfulness of
data processing by social media platform giants
The adtech industry use of personal data in the real-time bidding programmatic process is also under the regulatory microscope.
Dixon
and the Irish Data Protection Commission (DPC) take center stage as a regulator for US tech giants given how many of these companies have
chosen to site their international headquarters in Ireland — encouraged by business friendly corporate tax rates
But the DPC has a pivotal role on account of a one-stop-shop mechanism within GDPR that allows for a data protection agency with primary
jurisdiction over a data controller to take a lead on cross-border data processing cases, with other EU member states& data watchdogs
feeding but not leading such a complaint.
Some of the Irish DPC probes have already lasted as long as the 18 months since GDPR came into
Dixon argued today that this is still a reasonable timeframe for enforcing an updated data protection regime, despite signalling further
delay before any enforcements in these major cases
&It a mistake to say there been no enforcement… but there hasn&t been an outcome yet to the large scale investigations we have open,
underway into the big tech platforms around lawfulness, transparency, privacy by design and default and so on
Eighteen months is not a long time
Not all of the investigations have been open for 18 months,& she said.
&We must follow due process or we won&t secure the outcome in the end
These companies they&ve market power but they also have the resources to litigate forever
And so we have to ensure we follow due process, we allow them a right to be heard, we conclude the legal analysis carefully by applying what
our principles in the GDPR to the scenarios at issue and then we can hope to deliver the outcomes that the GDPR promises.
&So that work is
We couldn&t be working more diligently at it
And we will have the first sets of decisions that will start rolling out in the very near term.&
Asked by the committee about the level of
cooperation the DPC is getting from the tech giants under investigation she said they are &engaging and cooperating& — but also that
they&re &challenging at every turn&.
She also expressed a view that it not yet clear whether GDPR enforcement will be able to have a
near-term impact on reining in any behaviors found to be infringing the law, given further potential legal push back from platforms after
decisions are issued.
&The regulated entities are obliged under the GDPR to cooperate with investigations conducted by the data protection
authority, and to date of the 21 large-scale investigations were have opened into big tech organizations they are engaging and cooperating
With equal measure they&re challenging at every turn as well and seeking constant clarifications around due process but they are cooperating
and engaging,& she told the committee.
&What remains to be seen is how the investigations we currently have open will conclude
And whether there will ultimately be compliance with the outcomes of those investigations or whether they will be subject to lengthy
So I think the big question of whether we&re going to be able to near-term drive the kind of outcomes we want is still an open question
And it awaiting us as a data protection authority to put down the first final decisions in a number of cases.&
She also expressed doubt
about whether the GDPR data protection framework will, ultimately, sum to a tool that can regulate underlying business models that are based
on collecting data for the purpose of behavioral advertising.
&The GDPR isn&t set up to tackle business models, per se,& she said
&It set up to apply principles to data processing operations
And so there a complexity when we come to look at something like adtech or online behavioral advertising in that we have to target multiple
actors.
&For that reason we&re looking at publishers at the front end, that start the data collection from users — it when we first click
on a website that the tracking technologies, the pixels, the cookies, the social plug-ins — start the data collection that ultimately ends
up categorizing us for the purposes of sponsored stories or ad serving
So we&re looking at that ad exchanges, we&re looking at the real-time bidding system
We&re looking at the front end publishers
And we&re looking at the ad brokers who play an important part in all of this in combining online and offline sources of data
So we&ll apply the principles against those data processing operations, we&ll apply them rigorously
We&ll conclude and then we&ll have to see does that add up to a changing of the underlying business model? And I think the jury is out on
that until we conclude.&
Epic Rotenberg argued to the contrary on this when asked by the committee for the most appropriate model to use for
regulating data-driven platforms — saying that &all roads lead to the GDPR&.
&It a set of rights and responsibilities associated with the
collection and use of personal data and when companies choose to collect personal data they should be held to account,& he said, suggesting
an interpretation of the law that does not require other European data protection agencies to wait for Ireland decision on key cross-border
cases.
&The Schrems decision of 2015 makes clear that while co-ordinated enforcement anticipated under the GDPR is important, individual
DPAs have their own authority to enforce the provisions of the charter — which means that individual DPAs do not need to wait for a
coordinated response to bring an enforcement action.&
A case remains pending before Europe top courtthat looks set to lay down a firm rule
on exactly that point.
&As a matter of law the GDPR contains the authority within its text to enforce the other laws of the European Union
— this is largely about the misuse and the collection and use of personal data for microtargeting,& Rotenberg also argued
&That problem can be addressed through the GDPR but it going to take an urgent response
Not a long term game plan.&
When GDPR enforcement decisions do come Dixon suggested they could have a wider impact than only applying to the
direct subject, saying there an appetite from data processors generally for more guidance on compliance with the law — meaning that both
the clarity and deterrence factor derived from large scale platform enforcement decisions could help steer the industry down a reforming
path.
Though, again, what exactly those platform enforcements may be remains pending until 2020.
&Probably the first large-scale
investigation we&re going to conclude under GDPR is one into the principle of transparency and involving one of the larger platforms,& Dixon
also told the committee, responding to a legislator question asking if she believes consumers are clear about exactly what they&re giving up
when they agree to their information being processed to access a digital service.
&We will shortly be making a decision spelling out in
detail how compliance with the transparency obligations under Articles 12 to 14 of the GDPR should look in that context
But it is very clear that users are typically unaware
For example some of the large platforms do have capabilities for users to completely opt out of personalized ad serving but most users
There are also patterns in operation that nudge users in certain directions
So one of the things that [we&re doing] — aside from the hard enforcement cases that we&re going to take — we&ve also published guidance
recently for example on that issue of how users are being nudged to make choices that are perhaps more privacy invasive than they might
otherwise if they had an awareness.
&So I think there a role for us as a regulatory authority, as well as regulating the platforms to also
drive awareness amongst users
But it an uphill battle, given the scale of what users are facing.&
Asked by the committee about the effectiveness of financial penalties as
a tool for platform regulation, Dixon pointed to research that suggests fines alone make no difference — but she highlighted the fact that
GDPR affords Europe regulators with a far more potent power in their toolbox: The power to order changes to data processing or even ban it
altogether.
&It our view that we will be obliged to impose fines where we find infringements and so that what will happen but we expect that
it the corrective powers that we apply — the bans on processing, the requirements to bring processing operations into compliance that
going to have the more significant effects,& she said, suggesting that under her watch the DPC will not shy away from using corrective
powers if or when an infringement demands it.
The case for special measures
Also speaking today in a different public forum, Europe
competition chief, Margrethe Vestager, made a similar point to Dixon about the uphill challenge for EU citizens to enforce their rights.
&We
have you could call it digital citizens& rights — the GDPR — but that doesn&t solve the question of how much data can be collected about
you,& she said during an on stage interview at the Web Summit conference in Lisbon, where she was asked whether platforms should have a
fiduciary duty towards users to ensure they are accountable for what they&re distributing
The antitrust commissioner is set for an expanded digital strategy role in the incoming European Commission.
&We also need better protection
and better tools to protect ourselves from leaving a trace everywhere we go,& she suggested
&Maybe we would like to be more able to choose what kind of trace we would leave behind
And that side of the equation will have to be part of the discussion as well
How can we be better protected from leaving that trace of data that allows companies to know so much more about any one of us than we might
even realize ourselves?&
&I myself am very happy that I have digital rights
My problem is that I find it very difficult to enforce them,& Vestager added
&The only real result of me reading terms and conditions is that I get myself distracted from wanting to read the article that wanted me to
So we need that to be understandable so that we know what we&re dealing with
And we need software and services that will enable us not to leave the same kind of trace as we would otherwise do… I really hope that the
market will also help us here
Because it not just for politicians to deal with this — it is also in an interaction with the market that we can find solutions
Because one of the main challenges in dealing with AI is of course that there is a risk that we will regulate for yesterday
And then it worth nothing.&
Asked at what point she would herself advocate for big tech companies to be broken up, Vestager said there would
need to be a competition case that involves damage that extreme enough to justify it
&We don&t have that kind of case right now,& she argued
&I will never exclude that that could happen but so far we don&t have a problem that big that breaking up a company would be the
solution.&
She also warned against the risk of potentially creating more problems by framing the problem of platform giants as a size issue
— and therefore the solution as breaking the giants up.
&The people advocating it don&t have a model as to have to do this
And if you know this story about an antique creature when you chopped out one head two or seven came up — so there is a risk you do not
solve the problem you just have many more problems,& she said
&And you don&t have a way of at least trying to control it
So I am much more in the line of thinking that you should say that when you become that big you get a special responsibility — because you
are de facto the rule setter in the market that you own
And we could be much more precise about what that then entails
Because otherwise there a risk that the many, many interesting companies they have no chance of competing.&
