Group items tagged

If it’s the latter, then we have to move away from self-regulation. We can’t continue defending self-regulation and fake outrage when what we already knew becomes public.

Some will shift all the blame to Facebook, but we are at least as responsible as they are. EU decision-makers let this happen with self-regulation and soft policy.

he democratic right for non-Americans to determine the rules under which we should live is not even considered. Instead, attempts by democratic governments to impose legitimate democratic regulation on these companies, many of which have assumed the status of essential infrastructure, is derided as creeping authoritarianism or as a threat to the free and open internet.

At the very least, thinking of internet governance in these terms should make us more sympathetic to attempts by the Australian, Canadian, German and United Kingdom governments to legislate in this area, rather than be dismissive of the legitimacy of (democratic) governance on its face. If we value democratic oversight, state regulation is almost the only game in town, an approach that can be complemented with international treaty-making among democratic states so as to create agreed-upon minimum standards for regulating cross-border platform activities.

o address the first question, in a sense, the global American platforms are free riders on the notion that the internet as a network should be global in reach. Here, a useful analogy is the global financial system. Although we have a global financial system, it is characterized by domestic regulation and, in many countries

many of the social harms perpetuated by platforms are the likely result of their business models, which incentivize extremist speech and pervasive surveillance

Speech regulation without addressing these root causes is unlikely to be successful. If tools such as internet search functions truly have become essential to knowledge discovery and exhibit natural monopoly characteristics, countries should have the ability to determine for themselves what form they should take. To be blunt, public ownership should be on the table, even if it isn’t, currently, in the United States.

Google’s threat (which mirrored Facebook’s) to cut off its search service to Australia was likely due as much, if not more, to Australia’s plan to exercise oversight over its proprietary algorithm than it was about Australia’s plan to force Google to give a cut of its revenues to various Australian media outlets. The harshness of this threat highlights exactly how hard it will be for non-US countries to exert any meaningful control over the services currently monopolized by these US companies.

Already, the United States, as the home of these companies, is working to solidify the market and social dominance of its platforms.

As already mentioned, the CUSMA contains provisions protecting free cross-border data flows that, while justified in terms of encouraging trade, serve to preserve the dominance of the US platforms in Canada and Mexico. To this, we can add its successful inclusion of CDA Section 230 language in the agreement, effectively pre-empting Canadian and Mexican debates over what values we wish to apply to platform governance.

he first step to coming up with a sound policy involves understanding the policy terrain. In internet governance, and particularly in platform governance, this involves understanding the extent to which the dominant debates and landscape reflect particular US interests and values

hese interests and values do not necessarily reflect those of people living in other countries. Both Canadians and Americans believe in free speech and market competition. However, our interpretations of the limits of each differ. This reality — the acknowledgement of legitimate differences and the necessity of democratic accountability — should be our starting point in discussions of internet governance, not the desire to preserve a global internet and platform ecosystem that is much less global, and much more American, than it appears.

he regulator, on the other hand, has a more detached role, when compared to older types of media regulation, in which they mainly assess whether mechanisms established by the provider comply with the law

This approach gives rise to concerns that we are just outsourcing regulation to private companies.

Indeed, the delegation of the exercise of regulatory powers to a private entity could be very damaging to freedom of speech and media.

So, I think the legal groundwork for protection but also the fair treatment of users is in the directive. Now it depends on the member states to implement it in such a way that this potential will be fulfilled (and the European Commission has a big role in this process).

intellectual property infringement.

The Google/Equustek case is not one of permissionless innovation, but is still an example of a large internet intermediary taking the position that it can do as it damned well pleases because, after all, it operates in multiple jurisdictions—in fact it operates in cyberspace, where, according to some, normal regulatory practices and laws shouldn’t apply or we will “stifle innovation”.

One innovation that Google has instituted is to tweak its geolocation system

The excuse of “it’s not my fault; blame the algorithm”, also won’t fly anymore. Google’s algorithms are the “secret sauce” that differentiates it from its competitors, and the dominance of Google is proof of the effectiveness of its search formulae.

But scooping up every bit of information and interpreting what people want (or what Google thinks they want) through an algorithm has its downsides. A German court has found that Google cannot hide behind its algorithms when it comes to producing perverse search results

AI is great, until it isn’t, and there is no doubt that regulators will start to look at legal issues surrounding AI.

Companies like Google and Facebook will not be able to duck their responsibility just because results that are potentially illegal are produced by algorithms or AI

One area where human judgement is very much involved is in the placing of ads, although Youtube and others are quick to blame automated programs when legitimate ads appear alongside questionable or illegal content. Platforms have no obligation to accept ads as long as they don’t engage in non-competitive trade practices

Google has already learned its lesson on pharmaceutical products the hard way, having been fined $500 million in 2011 for running ads on its Adwords service from unlicenced Canadian online pharmacies illegally (according to US law) selling prescriptions to US consumers.

Google is a deep-pocketed corporation but it seems to have got the message when it comes to pharmaceuticals. What galls me is that if Google can remove Adwords placements promoting illegal drug products, why, when I google “watch pirated movies”, do I get an Adwords listing on page 1 of search that says “Watch HD Free Full Movies Online”.

At the end of the day whether it is Google, Facebook, Amazon, or any other major internet intermediary, the old wheeze that respect for privacy, respect for copyright and just plain old respect for the law in general gets in the way of innovation is being increasingly shown to be a threadbare argument.

What is interesting is that many cyber-libertarians who oppose any attempt to impose copyright obligations and publishing liability on internet platforms are suddenly starting to get nervous about misuse of data by these same platforms when it comes to privacy.

This is a remarkable revelation for someone who has not only advocated that Canada adopt in NAFTA the overly-broad US safe harbour provisions found in the Communications Decency Act, a provision that has been widely abused in the US by internet intermediaries as a way of ducking any responsibility for the content they make available, but who has consistently crusaded against any strengthening of copyright laws that might impose greater obligations on internet platforms.

proponents of reasonable internet regulation

As Phillips argues, “we’re not going to solve the climate crisis if people just stop drinking water out of water bottles. But we need to start minimizing the amount of pollution that’s even put into the landscape. It’s a place to start; it’s not the place to end.”

There may not be a one-size-fits-all analogy for platforms, but “horizontalizing” can help us to understand which solutions worked in other industries, which were under-ambitious and which had unintended consequences. Comparing horizontally also reminds us that the problems of how to regulate the online world are not unique, and will prove as difficult to resolve as those of other large industries.  

The key to vertical thinking is to figure out how not to lock in incumbents or to tilt the playing field even more toward them. We often forget that small rivals do exist, and our regulation should think about how to include them. This means fostering a market that has room for ponies and stable horses as well as unicorns.

Vertical thinking has started to spread in Washington, DC. In mid January, the antitrust subcommittee in Congress held a hearing with four smaller tech firms. All of them asked for regulatory intervention. The CEO of phone accessory maker PopSockets called Amazon’s behaviour “bullying with a smile.” Amazon purportedly ignored the selling of counterfeited PopSocket products on its platform and punished PopSocket for wanting to end its relationship with Amazon. Both Republicans and Democrats seemed sympathetic to smaller firms’ travails. The question is how to adequately address vertical concerns.

Without Improved Governance, Big Firms Will Weaponize Regulation

One is the question of intellectual property. Pa

Big companies can marshall an army of lawyers, which even medium-sized firms could never afford to do.

A second aspect to consider is sliding scales of regulation.

A third aspect is burden of proof. One option is to flip the present default and make big companies prove that they are not engaging in harmful behaviour

The EU head of antitrust, Margrethe Vestager, is considering whether to turn this on its head: in cases where the European Union suspects monopolistic behaviour, major digital platforms would have to prove that users benefit from their services.

Companies would have to prove gains, rather than Brussels having to prove damages. This change would relieve pressure on smaller companies to show harms. It would put obligations on companies such as Google, which Vestager sees as so dominant that she has called them “de facto regulators” in their markets. 

A final aspect to consider is possibly mandating larger firms to open up.

ansparency would have its own radical effect inside the tech giants

Here, the company has been proactive. Between January and March 2018, Facebook removed 1.9m messages encouraging terrorist propaganda, an increase of 800,000 comments compared to the previous three months. A total of 99.5% of these messages were located with the aid of advancing technology.

But Facebook hasn’t released figures showing how prevalent terrorist propaganda is on its site. So we really don’t know how successful the software is in this respect.

on self-regulation,

Facebook has also used technology to aid the removal of graphic violence from its site.

But we also know that Facebook’s figures also show that up to 27 out of every 10,000 comments that made it past the detection technology contained graphic violence.

One estimate suggests that 510,000 comments are posted every minute. If accurate, that would mean 1,982,880 violent comments are posted every 24 hours.

Between the two three-month periods there was a 183% increase in the amount of posts removed that were labelled graphically violent. A total of 86% of these comments were flagged by a computer system.

This brings us to the other significant figure not included in the data released by Facebook: the total number of comments reported by users. As this is a fundamental mechanism in tackling online abuse, the amount of reports made to the company should be made publicly available

However, even Facebook still has a long way to go to get to total transparency. Ideally, all social networking sites would release annual reports on how they are tackling abuse online. This would enable regulators and the public to hold the firms more directly to account for failures to remove online abuse from their servers.

f it advocates crimes against humanity; incites or advocates terrorist acts; or incites hatred, violence, discrimination or insults against a person or a group of people on grounds of origin, alleged race, religion, ethnic background, nationality, gender, sexual orientation, gender identity or disability, whether real or alleged.

obligations be imposed on the largest content-sharing platform operators, that is, any natural or legal person offering, on a professional basis, whether for remuneration or not, an online content-sharing platform, wherever it is based, used by at least 20% of the population of the French-speaking region of Belgium or the bilingual Brussels-Capital region.

iged to remove or block content notified to them that is ‘clearly illegal’ within 24 hours. T

need to put in place reporting procedures as well as processes for contesting their decisions

appoint an official contact person

half-yearly report on compliance with their obligation

ystemic duty of care” is a legal standard for assessing a platform’s overall system for handling harmful online content. It is not intended to define liability for any particular piece of content, or the outcome of particular litigation disputes.

The basic idea is that platforms should improve their systems for reducing online harms. This could mean following generally applicable rules established in legislation, regulations, or formal guidelines; or it could mean working with the regulator to produce and implement a platform-specific plan.

In one sense I have a lot of sympathy for this approach

In another sense, I am quite leery of the duty of care idea.

he actions platforms might take to comply with a SDOC generally fall into two categories. The first encompasses improvements to existing notice-and-takedown systems.

he second SDOC category – which is in many ways more consequential – includes obligations for platforms to proactively detect and remove or demote such content.

Proactive Monitoring Measures

The eCommerce Directive and DMCA both permit certain injunctions, even against intermediaries that are otherwise immune from damages. Here again, the platform’s existing capabilities – its capacity to know about and control user content – matter. In the U.K. Mosley v. Google case, for example, the claimant successfully argued that because Google already used technical filters to block illegal child sexual abuse material, it could potentially be compelled to filter the additional images at image in his case.

However, the protection granted by the Directive is not absolute. Article 1(2)(b), bolstered by Recital 11, concedes that secrecy will take a back seat if the ‘Union or national rules require trade secret holders to disclose, for reasons of public interest, information, including trade secrets, to the public or to administrative or judicial authorities for the performance of the duties of those authorities’. 

With regard to trade secrets in general, in the Microsoft case, the CJEU held that a refusal by Microsoft to share interoperability information with a competitor constituted a breach of Article 102 TFEU.

Although trade secrets remained protected from the public and competitors, Google had to disclose Page Rank parameters to the Commission as the administrative authority for the performance of its investigative duties. It is possible that a similar examination will take place in the recently launched probe in Amazon’s treatment of third-party sellers. 

For instance, in February 2020, the District Court of the Hague held that the System Risk Indication algorithm that the Dutch government used to detect fraud in areas such as benefits, allowances, and taxes, violated the right to privacy (Article 8 ECHR), inter alia, because it was not transparent enough, i.e. the government has neither publicized the risk model and indicators that make up the risk model, nor submitted them to the Court (para 6 (49)).

Article 22 still remains one of the most unenforceable provisions of the GDPR. Some scholars (see, e.g. Wachter) question the existence of such a right to explanation altogether claiming that if the right does not withstand the balancing against trade secrets, it is of little value.

In 2019, to ensure competition in the platform economy, the European Parliament and the Council adopted Platform-to-Business (P2B) Regulation. To create a level playing field between businesses, the Regulation for the first time mandates the platforms to disclose to the businesses the main parameters of the ranking systems they employ, i.e. ‘algorithmic sequencing, rating or review mechanisms, visual highlights, or other saliency tools’ while recognising the protection of algorithms by the Trade Secrets Directive (Article 1(5)).

The recent Guidelines on ranking transparency by the European Commission interpret the ‘main parameters’ to mean ‘what drove the design of the algorithm in the first place’ (para 41).

The German Interstate Media Law that entered into force in October 2020, transposes the revised Audio-Visual Services Directive, but also goes well beyond the Directive in tackling automated decision-making that leads to prioritization and recommendation of content.

This obligation to ‘explain the algorithm’ makes it the first national law that, in ensuring fairness for all journalistic and editorial offers, also aims more generally at diversity of opinion and information in the digital space – a distinct human rights dimension. If the provision proves enforceable, it might serve as an example for other Member States to emulate. 

Lastly, the draft DSA grants the newly introduced Digital Service Coordinators, the Commission, as well as vetted researchers (under conditions to be specified) the powers of data access to ensure compliance with the DSA. The core of this right, however, is undermined in Article 31(6), which effectively allows the platforms to refuse such access based on trade secrecy concerns. 

This shows that although addressing algorithms in a horizontal instrument is a move in the right direction, to make it enforceable, the final DSA, as well as any ensuing guidelines, should differentiate between three tiers of disclosure: 1) full disclosure – granting supervisory bodies the right of access, which may not be refused by the IP owners, to all confidential information; 2) limited disclosure – granting vetted researchers the right of access limited in time and scope, with legal guarantees for protection of trade secrecy; and 3) explanation of main parameters – granting individuals information in accessible language without prejudice to trade secrets. 

In other cases, human moderators have had their decisions overturned. The Oversight Board also upheld Facebook’s decision to remove a dehumanizing ethnic slur against Azerbaijanis in the context of an active conflict over the Nagorno-Karabakh disputed region.

But Facebook and other social media companies do not have to engage in a transparent, publicly accountable process to make their decisions. However, Facebook claims that in its decision-making, it upholds the human right of freedom of expression. However, freedom of expression does not mean the same thing to everyone

rivate organizations are currently the only consistent governors of data and social media.

However, the Oversight Board deals with only a small fraction of possible cases.

Facebook’s dominance in social media, however, is notable not because it’s a private company. Mass communication has been privatized, at least in the U.S., for a long time. Rather, Facebook’s insertion into the regulation of freedom of expression and its claim to support human rights is notable because these have traditionally been the territory of governments. While far from perfect, democracies provide citizens and other groups influence over the enforcement of human rights.

Facebook and other social media companies, however, have no such accountability to the public. Ensuring human rights needs to go beyond volunteerism by private companies. Perhaps with the Australia versus Facebook showdown, governments finally have an impetus to pay attention to the effects of technology companies on fundamental human rights.

corporate responsibility

Since the mid-1990s, internet companies have been absolved from liability – by Section 230 of the 1996 US Telecommunications Act and to some extent by the EU’s e-commerce directive – for the damage that their platforms do.

Sooner or later, democracies will have to bring these outfits under control and the only question is how best to do it. The white paper suggests one possible way forward.

essentially a responsibility for unintended consequences of the way you have set up and run your business.

The white paper says that the government will establish a new statutory duty of care on relevant companies “to take reasonable steps to keep their users safe and tackle illegal and harmful activity on their services”.

for example assessing and responding to the risk associated with emerging harms or technology

Stirring stuff, eh? It has certainly taken much of the tech industry aback, especially those for whom the idea of government regulation has always been anathema and who regard this fancy new “duty of care’ as a legal fantasy dreamed up in an undergraduate seminar.

To which the best riposte is perhaps the old Chinese proverb that the longest journey begins with a single step. This white paper is it.