The 2021 Ideas Network 2030 Summer University
Technology – Who regulates Cyberspace?
2 September 2021
Moderator: Frank Nigriello
Panellists: Karen Massin & Damian Collins MP
Rapporteur: Matt McGrath
• Growth of the technology industry has outpaced regulation in recent years, and so regulation is now having to catch up.
• General appreciation for the power of digital technology to help us continuing working and living more normally through Covid-19, as well as general benefits to education and productivity
• The grand bargain between technology companies and consumers is that (i) consumers gain free access to services, while (ii) tech companies can use consumer data for revenue generation, including via advertising.
• UK and global policymakers most concerned with (i) data gathering and usage and (ii) content moderation at the moment.
• Particularly with respect to content moderation, companies face simultaneous criticisms of doing both not enough and too much, so may see new rules as needed and helpful.
• Achieving the right balance in new legislation, both in the UK’s Online Safety Bill and beyond, will need to consider factors including:
o Protection versus innovation
o Cross-border harmonization
o Informed consent to collection and use of personal data
o Scope of data gathering by tech firms outside the use of their own platform
o User accountability versus right of anonymity
o Role of infrastructure owners and operators, versus role of service providers
o Who bears liability for consumer harm?
o Differences in standards between business customers and individual users
• There is a need for the EU, UK and US – as regions sharing the same values – to come together to create new global standards and converge regulation as much as possible.
• Sense in the technology business community that (i) government needs to help set standards, so that companies know how to regulate their platforms and what compliance looks like, and (ii) the best legislation will include best thinking from across the public, private and social sectors.
• Informed consent: What is informed consent when a platform such as Facebook insists on gathering user data outside of use of Facebook apps, elsewhere on a user’s Apple device?
• Content moderation: If content is recommended to a user based on the user’s profile, then who gets to decide what the user’s profile is?
• Cyber security: Cyber security can be supported at three levels – (i) infrastructure, (ii) software, and (iii) skills development. Companies should uphold standards of cyber security practice as they do other areas of enterprise risk (e.g., workplace accidents).
• A new UK regulatory body: The UK will need a regulatory and enforcement body that can investigate, audit and enforce online breaches, to cover loopholes that do not exist in other forms of media.
• Advertising of harmful products: Should informed consent allow marketing of products that could be harmful to consumers (e.g., gambling)?
• Online scams: Tech platforms are not currently obligated to act under consumer protection rules, and do not bear liability for scams run on their platforms. However, it is in the tech firm’s interest (e.g., Google’s) to not have “bad ads” because they are not good for business.
• Denying market access: When de-platforming users (e.g., Donald Trump) or websites (e.g., Parler), what obligations exist for fair access and fair interventions? Should there be different obligations for both service providers and infrastructure providers? Here again, tech firms may find it useful to have legislation that helps to guide decision-making.
• Anonymity versus Accountability: Should tech platforms give the power of publication to users who are not traceable and therefore not accountable for the content they disseminate? Should platforms maintain identifying information on users, even if that information is not shared publicly? Should there be differences in standards for business versus individual users? The usual concerns on oppressive regimes mis-using identifying information were also raised.
• Child exploitation and abuse: Hugely important topic, where identifying, eliminating and prosecuting child abuse will rely on image matching and encryption to pattern-match images while also protecting privacy.
Written summaries of other Summer University Ideas sessions