Platform companies decide what internet users see. But the formulas for matching data and advertisements remain largely a mystery. The algorithms running the online lives of billions are considered trade secrets. They are protected from public scrutiny and accountability in order to preserve their competitive advantage.
We know that algorithms are changed constantly using new settings and machine learning. Platforms collect data in order to sell precisely targeted advertising. But there is no systematic oversight to assess whether equality, free speech, and fair competition – freedoms protected by law – are reflected in computer code and its outcomes. Even the American Department of Housing has taken Facebook to court, alleging that the platform ran discriminatory ads allowing homeowners to sell to some people but not others.
In short, the technologies that promised to democratize have put democracy under pressure. Instead of disrupting monopolies, they have formed monopolies of their own. The new gatekeepers – the tech oligarchs, if you will – process massive amounts of information without any form of regulation. As soon as anti-trust investigations were announced in the United States, tech companies hired more lobbyists to campaign in Congress, spending tens of millions of dollars every year. Seventy-five percent of those lobbyists had previously worked in congressional offices on issues relevant to the cases they were now lobbying against. Talking of revolving doors, the former Chairman of the US Federal Trade Commission now works for Amazon. Platforms also fund numerous think tanks that work on tech policy as well as many academic programs.
Because democratic governments have been reluctant to develop a rules-based order for the digital sector, authoritarian regimes and private companies set the standards. The question, therefore, is not whether we will see regulation, but who is in charge of it and what principles it is based on. In his prophetic book Code and Other Laws of Cyberspace (1999), Lawrence Lessig foresaw how technology would become the new form of governance. In an interview with Harvard magazine in the year 2000, he said:
‘Ours is the age of cyberspace. It, too, has a regulator. This regulator, too, threatens liberty. But so obsessed are we with the idea that liberty means “freedom from government” that we don’t even see the regulation in this new space. We therefore don’t see the threat to liberty that this regulation presents. This regulator is code – the software and hardware that make cyberspace as it is.’
Fast forward twenty years and we increasingly see companies, both large and small, taking governing types of decisions, if not actually stepping into the role of governments themselves. This profoundly changes the role of the state. For example, critical infrastructure and services, such as tax collection, census-taking, healthcare, and energy provision are digitized. Infrastructures and services are not only built but also protected by private companies. Another example: online identity. This is usually verified by a credit card company or a social media company but hardly ever by a publicly issued identity card for the online world. Or cryptocurrency – for example Libra, the new currency proposed by Facebook. And with surveillance companies now developing attack capabilities, the monopoly of violence is slipping out of governmental hands. The growing influence of the private sector has barely been dealt with in regulatory frameworks.
All the implications of new technologies for democracy and the public interest are exacerbated by artificial intelligence. AI is not the future; it is the present. An AI application will soon become widely available that creates conversational language indistinguishable from human speech. ‘Deepfakes’ – the video equivalent of this technology – allow anyone to be made to say anything. If we thought disinformation was a problem, imagine what we are about to get into.
Europe as regulatory leader
We tend to see the abuse of tech, but we also need to look at its intended use. When I talk to computer engineers, what excites them most is the idea that artificial intelligence will produce unexpected outcomes. This means we need a public debate about how much risk we find acceptable, and not only focus on the ‘race’ for AI dominance. Take the example of the gene-edited cow in the US. It was presented a couple of years ago as a resounding success of the new technologies. Now, it turns out that the DNA included bacteria that were antibiotic-resistant. Perhaps this will encourage Americans and others to appreciate what, in European debates on genetic engineering, is called the ‘precautionary principle.’ This has often been ridiculed and labeled as unscientific, especially in the US, but in this case the evidence came two years later.
These days it is fashionable to answer any problem to do with artificial intelligence by pointing to ‘ethics.’ In Europe today, there are over a hundred and twenty ethics guidelines for AI. Many tech companies have hired ‘chief ethics officers.’ But what do we really mean when we talk about ethics? Can we agree on norms and, even more importantly, what happens when they are violated? More than philosophical discussions, we need to focus on preventing the worst imaginable outcomes and on the principles that must be safeguarded by law. This discussion will have to include questions of meaningful access to information, oversight, and research in the public interest. Here, the European Union has made steps in the right direction. We have the General Data Protection Regulation but also net neutrality, competition policy, and a cyber-security bill that places the public interest, the open internet, at the heart of what needs to be defended. The Charter of Fundamental Rights of the EU applies to all regulations, including those on tech, and upholds, for example, the right to privacy.
The EU has started to show that technologies, even if built in jurisdictions on the other side of the world, can be made to respect rules that protect people and their rights. The fact that Microsoft has adopted the GDPR as a global standard shows how companies make trade-offs when one significant jurisdiction – in this case the EU – pushes them to comply with standards. It may be easier for a company to have just one standard globally rather than different ones in each area where they work.
But while Europe has made steps in the right direction, we still see a lot of piecemeal approaches and clear fragmentation of regulatory initiatives. There is too little joined-up thinking between, let’s say, directives on copyright, data protection, and AI. Proposals to regulate online content also demonstrate this. Currently, the big online platforms enjoy exemptions to liability for content shared on their platforms. But the pressure to change this is growing fast. In Germany, online platforms must remove disinformation and content violating existing laws or face fines. In the UK, there is a new proposal that companies must take down what are called ‘online harms’ – covering everything from child abuse to disinformation. In France, there are plans for the oversight of algorithms, which would give media regulators more authority.
But in countries where trust in government is low, such proposals would be seen as attempts at censorship. Some fear that the proposals in Germany, the UK, and France lack independent oversight and outsource too much responsibility for self-regulation to the companies concerned. High fines and other sanctions may cause them to over-censor, without the possibility of redress.
All these initiatives focus on the urgent question of how to apply existing laws online. The notion that laws should apply online as they do offline is underscored by the United Nations; and it applies to any imaginable law. It is a good starting point for European efforts. But the principle won’t be realized if we get twenty-eight different interpretations. Instead, we need to work towards agreement on broader principles and then to empower regulators to assess whether those principles have been violated. This will also make for more sustainable laws since technologies change fast. We cannot regulate technology by technology, but we can focus on principles and on how to uphold them.
Europe needs to act with more speed and political ambition. The new start of a new legislature offers a real opportunity to develop a more integrated vision of value-based technology governance, to connect the different policy areas and, crucially, to start acting as a global player. We must ensure that development and human rights policies focus on the impacts of technology and that programs strengthen rule of law principles in the digital sphere. That means pushing for norms that prevent the escalation of cyber conflict and developing trade rules for data flows. It means a more ambitious, integrated artificial intelligence strategy that allows for public interest research, talent generation, and an ecosystem that’s friendlier to business.
The world is not waiting for us to get our act together. The Chinese tech giant Alibaba has proposed an e-commerce or eWTO mechanism to facilitate digital trade. The trade wars between China and the US are affecting everything from software to technology supply chains. While challenging, this momentum gives the EU the space to lead in showing what a values-based model for comprehensive tech governance might look like. For decades, the EU has demonstrated how values-based rule-making across borders is done. Not only does it have the practical experience and institutions for getting this done, but it also enjoys credibility among non-EU countries.