The Do’s and Don’ts of Tech Regulation

11 May 2019

The Al Jazeera segment from yesterday. Source (Warning: The video is embedded here without trackers. If you watch it on Al Jazeera you will be tracked, including by Facebook).

Yesterday, I was interviewed on Al Jazeera news about the Macron-Zuckerberg meeting (Warning: the linked page on Al Jazeera includes privacy-eroding trackers, including Facebook.)¹ in which they apparently decided on a framework of “co-regulation.”

This is not what I mean when I talk about the need to regulate surveillance capitalists.

Co-regulation is bullshit

Co-regulation is basically saying “hey, Big Corp, come, sit at the table and let’s decide together how to regulate you”. Alongside lobbying, revolving doors, and public-private partnerships, it is part and parcel of institutional corruption.

It is not the job of democratically-elected governments to elevate unelected corporate bodies to their own level to help write the rules of their own regulation. It is the job of such governments, in line with their democratic mandate, to regulate corporations in the public interest to reduce their harms.

But what else do we expect of Macron exactly? He is a neoliberal who is on the record for wanting to make France “a start-up nation.”

Furthermore, we exist within a climate where our democratic governments are so clueless, corrupt, or powerless (or all of the above) that instead of protecting the interests of their citizens, they are sending ambassadors to Silicon Valley corporations.

Piece Of The Pie Regulation

When governments do manage to find the will to regulate it is usually for one of two reasons:

Government surveillance and censorship
Business concerns (antitrust and competition)

In other words, for almost entirely² the wrong reasons.

From now on, I’m going to call this type of regulation Piece of The Pie Regulation because it essentially boils down to either governments or the greater business community wanting a piece of the pie while ignoring the human rights concerns at the heart of surveillance capitalism and the business model of people farming.

Government surveillance and censorship

“The NSA didn’t wake up one morning and say let’s spy on everybody. They woke up one morning and said all these companies are spying on everybody, let’s get ourselves a copy.”

Bruce Schneier

The first form of Piece of the Pie Regulation is where governments regulate tech companies because they want access to their data, algorithms, and platforms for their own surveillance, policing, and censorship desires.

We can see this aspect feature in yesterday’s Macron-Zuckerberg deal that sees the government of France gain unspecified insider access to Facebook’s data and platform.

While ideally Big Tech would love to have zero government interference in its affairs (this is a power struggle, after all), it is not fundamentally opposed to this sort of regulation. As Mark Zuckerberg said after yesterday’s meeting: “I’m encouraged and optimistic about the regulatory framework that will be put in place.” If a tech CEO is enthusiastic about a piece of government regulation, the one thing you can be sure of is that that regulation is not in your interests as an individual.

“I wake up every morning and I fight regulation, it’s what I do, it’s my job.” — Eric Schmidt, then-CEO of Google

The last thing we want are regulations that make corporations like Facebook better censors, better filters of our reality, and the authority on what is and isn’t acceptable and who is and isn’t a terrorist. And the only thing worse than a corporation with that sort of power is a government with access to it when it has a police force and and army attached.

We live in a world where autocrats like Turkish president Erdoğan maintain a stranglehold on the media and imprison people who criticise them as terrorists. How long do you think it will take for the Turkish government to knock on Facebook’s door demanding the same sort of access that the government of France now has?

Antitrust and competition

In monetary terms, antitrust regulation has netted surveillance capitalists the largest losses. Especially in Europe, regulators like Margrethe Vestager have levied fines ranging from millions to billions of euros on companies like Google and Facebook.

This is good. Yes, fine them. Yes, tax the shit out of them³. Yes, break them up.

But we must not limit our regulatory frame to antitrust and competition law. Because there is also a darker desire by regulators that approach the issue solely from this angle: they want all businesses – especially new startups – to have a piece of the tasty data pie held by companies like Google and Facebook.

Instead of calling for companies like Facebook to be broken up – like Elizabeth Warren in the US is doing – Vestager, for example, advocates that “we should get access to data from tech companies to push back and get into the market.” Which market? The surveillance capitalism market, where it is taken for granted that companies created centralised services that collect and monetise your data. No, this market is the problem.

Vestager’s call mirrors those of a recent government-commissioned report in the UK that suggests we “force the largest tech companies to open up to smaller firms by providing access to key data sets.” In other words, smaller firms should have a piece of the pie.

No.

The pie is toxic.

We need to bin the pie and bake a different, non-toxic pie.

Giving more people the ability to sell toxic pies does not solve the problem of toxic pies. If anything, it perpetuates the myth that there is no alternative to surveillance capitalism. Such a failure of imagination is what is currently starving ethical alternatives from the attention and investment they need to exist.

Regulation Do’s

So proper regulation is one half of tackling the problem of surveillance capitalism (the other half being investment in ethical alternatives). But what would proper regulation look like?

In order of effectiveness:

Algorithmic transparency: we should be calling for surveillance capitalists to open up their algorithms so we know exactly what they are doing with our data. Politicians like Marietje Schaake have recently started to flirt with the idea even if they’re not calling it by name yet.
Data minimisation: If we’re serious about regulating surveillance capitalists, this is the route we must take. See my proposal for a General Data Minimisation Regulation for an example that could kill surveillance capitalism tomorrow (good luck finding the political will, backbone, or imagination to implement that today).

That’s it.

We need regulation that limits the ability of surveillance capitalists to gather data, profile us, and grow. We must tax the shit out of them, break them up, and limit the data they can collect. What we must not do is open up their ill-begotten data to other companies and governments or implement wide-scale government surveillance and censorship alongside the existing corporate one.

We must go beyond Piece Of The Pie Regulation and beyond the “terrorists and pedophiles” (fear/security) and “business, business, business” frames to a human rights frame for regulation.

As long as we judge success based on what’s good for a “Digital Single Market”, we face an impossible challenge in getting policymakers to consider human rights, human welfare, and the health of our democracies as success criteria. Just as with the climate crisis, whether or not we can effectively regulate Big Tech depends on whether or not we can move beyond judging success based solely on economic indicators.

This is why I was happy to be part of the Reframing Digital Europe initiative alongside the Commons Network. Our work there has resulted in an alternative vision and policy frame for technology in the EU that we call Shared Digital Europe.

Surveillance capitalism cannot be reformed. No amount of regulation will magically transform a factory farm for human beings – which is what Facebook, Google, etc., are – into an animal sanctuary. What effective regulation can do is limit their harms and give ethical alternatives a chance to get off the ground.

So regulation is one half of the solution. The other half is incentivising the ethical alternatives.

Beyond regulation; beyond surveillance capitalism

An ethical alternative to surveillance capitalism in which we own and control our own data will not arise magically out of business as usual. It will not be funded by the same institutions that fund surveillance capitalism. It will not have the same success criteria. It will require investment from the commons in creating a peer web and Small Technology.

If you want to understand just what’s at stake (personhood and democracy), how things are at the moment (not good), what alternatives and stopgaps exist today (a few, even with zero funding), and the shape of the alternative ethical technological infrastructure we must invest in and build, watch this bootleg recording of my recent Bucerius Lab Lecture on Small Technology in Hamburg.

You can use a tracker blocker like our own Better Blocker or uBlock Origin to protect yourself. ↩︎
I have nothing against antitrust regulation as long as it is not the only frame by which we approach regulating surveillance capitalists. Breaking up monopolies is great. Let’s do that. Let’s fine them for anticompetitive behaviour, of course. But we must move beyond an competition frame to a human rights frame in order to effectively regulate surveillance capitalists. ↩︎
Given its de facto violation of human rights and toxic ramifications on our democracies, it’s time to start talking about taxing Big Data like Big Tobacco. ↩︎