Big brains in Berlin

Consent, Internet governance, Privacy, Regulation, Self-regulation 6 Minutes

I attended an extremely interesting conference in Berlin last week.  It was hosted by the German Federal Ministry for Family Affairs, Senior Citizens, Women and Youth (BMFSFJ) and the Hans Bredow Institute in collaboration with the European Commission and Klicksafe.de  The event was peopled principally by academics. They were drawn from many different countries, both inside and outside the EU. There is no doubt that, overall, the quality of the discussions was somewhere between high and stratospheric.

Complexity

I particularly liked  Uwe Hasebrink’s analysis of the problems of complexity which the internet has thrown up – although in my view the fundamental point about that is if the incentives are strong enough market forces can generally be relied upon to find a way to address them. The internet is no stranger to complexity. How it pans out is generally a question of money. The internet is not a social service. True there are public interest spaces dotted around it but, ultimately, even these  will to some degree depend upon or float on top of  investments which have been made by private corporations.

A dose of realism needed

Having praised the overall quality of the debate in Berlin,  it  nevertheless has to be said there was also a slightly  unworldly dimension to some aspects of it, for example about data, the life-blood of researchers although the type of “unworldliness” I have in mind is by no means the sole property of academics.

Picture the scene: an internet company analyses  its data and spots some stuff which strongly suggests that all is not well for a particular class or type of user.

In Berlin a belief was expressed that a “confidential space” could somehow be created where companies would share this type of information ( in this case specifically with academics, presumably with  a special interest in or knowledge of the field). In more extreme versions of the fantasy, the “confidential space” might also contain other companies, some of  whom are very likely to be or could become competitors.  At the utterly deranged end of the spectrum even governments or regulators are invited into the metaphorical (or actual?) room, all joining in a good-natured  (and of course still confidential) pursuit of truth. It’s as if companies, academics and consumer and child protection advocates are assumed to share absolutely identical goals which are and always will be co-terminus.  No way Jose.

Even accepting that each of the different  constituencies’ interests can and do overlap the degree of overlap could be extremely narrow and I suspect often is.

Data on children and young people may not exist anyway

In respect of children and young people,  on one of the forays I made into this space I discovered that a  large (household name) company simply was not collecting any data that would allow them to determine how young users  of their services were faring. They were not targetting children although they of course knew they had hundreds of thousands if not millions of  young users. My guess is, with obvious exceptions, this will be the situation with many other online enterprises.

Adverse impact on share price or confidence

But for now let’s assume some companies do have data on young users. What they found reflected badly on the company or service or it was ambiguous.  If news of that seeped out  it might affect their share price or be commercially sensitive in any number of ways. It could undermine confidence in the company and its current management.

Thus a penny gets you a pound the company concerned will seek to restrict access to such information to the largest extent possible, even among their own direct employees and paid consultants. The idea that they would voluntarily  hand it  over to outsiders, never mind competitors or regulators,  is simply absurd.

Even if the outsiders were completely well-intentioned the company could never be certain where the knowledge or the data it is based on might end up, accidentally or intentionally.

I do not have a problem with any of this. It is precisely what one would expect and in no sense is it a criticism of anyone. Academics want to get their hands on data to improve their understanding of how the internet is reshaping our world. Companies exist to make a return for their investors. Yes they will want advice from external sources from time to time but they will normally be keen to ensure those sources are and remain closely tied to them, typically through a commercial consultancy contract.

I have little doubt the hypothetical company that did spot a problem that was affecting its younger users will try to sort it out or resolve the issue as quickly as possible but they will try to do so privately, in a way that did not potentially open them to bad media coverage with everything else that goes along with that.

Voluntarism has its place

Getting back to where there is an overlap of interests, there is no denying that, for example, within the framework of  EU based initiatives such as the CEO Coalition, the ICT Coalition and the Community of Practice certain types of knowledge and experience can be and have been usefully shared, especially to the advantage of maybe smaller enterprises or start-ups.  Changes might even have been made to policies, procedures or presentations by larger companies and in the end such may well be sufficient justification for continuing to support those types of initiatives but we ought not to kid ourselves about how far they can or will ever go if significant economic interests are at stake.

The role of self-regulation

This leads me neatly to the hairy old topic of “self-regulation”. This also cropped up in Berlin. If the starting point for any government or governmental agency  is that they will only ever go as far as they can persuade businesses to go, and no further, then we might as well all take an extended vacation and wait for bulletins from corporate HQs.

If “self-regulation” was the optimum way to proceed why is it virtually unheard of in lots of jurisdictions,  not noticeably to their detriment? In particular why did it never take hold in the USA where the FTC and FCC have a whole battery of powers?

I appreciate that Europe has different jurisprudential and political traditions but my point is if self-regulation  was truly a superior way of working it would be far more widely adopted than it is.  In particular the Americans would have taken to it. They didn’t and they won’t.

An idea whose time has passed

The idea of  self regulation keeps being trotted out, particularly by the EU, and it is not helpful. It confuses things. It sows illusions. It’s time we either disposed of it altogether or only allowed it to be mentioned when it was surrounded by heavy qualifications or caveats. It was fascinating to hear in Berlin that the system they follow in Germany is called (something like) “regulated  self-regulation”.  Hmm.

We got into  self-regulation as the declared default position in the UK and the EU because, at the time the notion began to take root – the mid 1990s –  too many governmental bodies felt they did not have sufficient expertise or knowledge  to challenge or even engage with the internet industry and perhaps they were conflicted to a degree anyway. They didn’t want to make life too  difficult for internet businesses because in truth they wanted their economies to benefit from the golden promise of cyberspace. They wanted the jobs and the new wealth.  There is still  more than a little bit of that hanging around.

In my view so-called self-regulation only works when the industry is truly convinced that if they fail to act  “voluntarily” legislation will swiftly follow. I doubt any company has ever felt that in respect of anything the EU has talked about in the past five years or more when it comes to online child protection issues. Contrast that with what has happened in the UK. Substantial things have been achieved but pretty much  in every case the possibility of legislation was very real and immediate. The companies knew this  so they took steps to obviate the need for it.

Closing question: in March, 2011, who suggested that elements within the European Commission  had previously passively acquiesced in self-regulation in the online child protection space only because they were

“not ambitious enough”?

The answer is Robert Madelin.

The challenge to the internet industry is to convince legislators around the world that they are “handling things”, that the public (voters) are broadly satisfied that they are doing everything they can to make the internet as good as it can be. If they cannot do that I’d say the EU and every major jurisdiction will sooner or later end up with something like the FTC and/or the FCC. Internet businesses will be scrutinised  just like every other major industry is scrutinised. In the public interest by publicly accountable institutions.

 

Published by John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), UNODC, the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com

Published