The UK House of Lords Communications Committee has laid out a framework to regulate digital services. Published today, Regulating in a Digital World outlines 10 principles to shape and frame regulation of the Internet. It also proposes a new Digital Authority to oversee the regulation.
The report highlights the dominance of the Internet by a small number of companies who enjoy substantial privileges. That privilege gives those companies a substantial advantage over others including: “..an unprecedented knowledge of users and other businesses.”
Part of the current problem is dealing with the current, fragmented regulatory landscape. It points out that: “Over a dozen regulators have a remit covering the digital world. But there is no overall regulator.” It specifically takes aim at the Internet where there is no specific content regulator. It sees the solution as consisting of 10 principles and a new Digital Authority to take control of regulation.
According to Iain Brown, Head of Data Science, SAS UK & Ireland: “The Lords Committee is absolutely right that there needs to be a single framework governing the way consumer data is treated. An ethical approach to technology is definitely possible – the question is whether the tech giants want to work that way, and to what extent governments can require it of them.
“As our lives move increasingly online, companies should treat our data (and decisions using that data) like any other personal possession – with care and respect.”
Why do we need new controls over digital services?
The committee says that it started the inquiry by asking: “..whether further internet regulation was possible or desirable.” It’s a good question. With over a dozen different regulators already in place, Internet companies would say that they are already properly regulated. What the report lays out are a series of examples of how that regulation has been ineffective, misguided and requires a new approach.
Among these issues are the disconnect between the laws that apply to the physical world and the digital world. It claims that the Internet is subject to laws such as copyright, defamation, data protection and other elements of criminal law. This has not prevented numerous cases of:
- The misuse of personal data
- Fake news
- Profiling of individuals for political, criminal and commercial gain
- Individuals and groups using online platforms to target individuals and groups with hate speech
Rather than deploy new laws which the report believes would not work, it is looking at alternatives. It highlights how the GDPR is a principles led approach that companies must comply with. This approach is believed to me more flexible and easier to adapt to changes in technology.
What are the 10 principles to guide online regulation?
This led the committee to set out 10 principles to guide regulation online. These are wide reaching and each addresses different challenges although there is some overlap. This should prevent future regulation from having the same gaps that exists today.
The 10 principles are:
- Parity: the same level of protection must be provided online as offline
- Accountability: processes must be in place to ensure individuals and organisations are held to account for their actions and policies
- Transparency: powerful businesses and organisations operating in the digital world must be open to scrutiny
- Openness: the internet must remain open to innovation and competition
- Privacy: to protect the privacy of individuals
- Ethical design: services must act in the interests of users and society
- Recognition of childhood: to protect the most vulnerable users of the internet
- Respect for human rights and equality: to safeguard the freedoms of expression and information online
- Education and awareness-raising: to enable people to navigate the digital world safely
- Democratic accountability, proportionality and evidence-based approach.
There is an acceptance that there needs to be a coherent approach to applying these principles to the digital world. To achieve that the committee has recommend a new framework for regulatory action. This will come under the control of a new body called the Digital Authority.
What will the Digital Authority do?
The Digital Authority will act as a super regulator. It will work with existing regulators to coordinate what they already do. It will also look at any proposed changes to regulation to ensure that it adheres to the principles above. A more important role will be recommending new powers to fill those gaps in existing regulation.
To accommodate the speed with which the online world changes, the committee has also recommended that the Digital Authority reports to a joint committee of both Houses of Parliament. This should ensure a cohesive and faster approach to legislative change.
The report sets out 10 functions for the Digital Authority:
- to continually assess regulation in the digital world and make recommendations on where additional powers are necessary to fill gaps;
- to establish an internal centre of expertise on digital trends which helps to scan the horizon for emerging risks and gaps in regulation;
- to help regulators to implement the law effectively and in the public interest, in line with the 10 principles set out in this report;
- to inform Parliament, the Government and public bodies of technological developments;
- to provide a pool of expert investigators to be consulted by regulators for specific investigations;
- to survey the public to identify how their attitudes to technology change over time, and to ensure that the concerns of the public are taken into account by regulators and policy-makers;
- to raise awareness of issues connected to the digital world among the public;
- to engage with the tech sector;
- to ensure that human rights and children’s rights are upheld in the digital world;
- to liaise with European and international bodies responsible for internet regulation.
A failure of self-regulation and improving competition law
One area that the report addresses is the self-regulation of online platforms. Despite claims that they are doing “all they can” to moderate and remove hate speech, child pornography and support for extremism, the reports makes it clear that they have failed. It calls for a new duty of care to be managed and directed by Ofcom.
The report states: “The duty of care should ensure that providers take account of safety in designing their services to prevent harm. This should include providing appropriate moderation processes to handle complaints about content.”
There is also significant concern over ability of companies to eliminate competition in the market. They do this by buying companies before they can become big enough to threaten their market position. This distorts the market and ensures the ongoing dominance of the very large companies.
Part of the problem, states the report, is that: “Responses based on competition law struggle to keep pace with digital markets and often take place only once irreversible damage is done. We recommend that the consumer welfare test needs to be broadened and a public interest test should be applied to data-driven mergers.
“There are other consequences of market concentration. A small number of companies have great power in society and act as gatekeepers to the internet. Greater use of data portability might help, but this will require more interoperability.”
Enterprise Times: What does this mean
Government committees like to issue reports. It is evidence that they have actually done something. In many cases the reports are of little interest to those outside the government, the civil service and a small number of organisations.
This report is markedly different. This is not just about trying to assuage public opinion that the Internet is out of control. It is about a better way to deliver regulation that does not damage or destroy the good that the Internet has delivered. It is also not seeking to regulate the Internet in the way that China or, more recently, Russia is doing. Similarly, it accepts that the free-for-all needs managing.
The development of 10 principles that adopts the approach of the GDPR in guiding regulations is a good move. It is flexible and more applicable to something as fluid as the Internet. It shouldn’t stop the emergence and development of new technologies. What it will do is seek to ensure that those technologies, such as AI, are built and deployed responsibly.
As the UK seemingly moves inexorably towards Brexit, this report will also have more significance. It shows that the UK is prepared to take on technology and strengthen, not weaken, its laws to protect individuals and companies.
The report closes with a warning to the big tech companies that currently rule the digital world saying: “Public opinion is growing increasingly intolerant of the abuses which big tech companies have failed to eliminate. We hope that the industry will welcome our 10 principles and their potential to help restore trust in the services they provide. It is in the industry’s own long-term interest to work constructively with policy-makers. If they fail to do so, they run the risk of further action being taken.”