Senator Mark Warner of Virginia has released a white paper outlining policy proposals for regulating social media and technology companies. The paper has gained significance in recent weeks as pressure builds on Congress to pass federal data privacy legislation. In the wake of Europe’s GDPR and California’s Consumer Privacy Act, industry groups, tech companies, and privacy activists alike have urged Congress to act. The Senate Commerce Committee recently responded by holding a hearing with tech-industry representatives on September 26, 2018. A hearing with data privacy advocates is also scheduled for this Wednesday. As the Senate inches closer toward action, Senator Warner’s white paper is worth a close look.
The white paper directs legislators to three areas of focus, and then offers specific policies to address each:
First, Warner explains that communications technologies – such as social media – have the capacity to “promote disinformation that undermines trust in our institutions, democracy, free press, and markets.” While the threat posed by disinformation is not new, social media allows disinformation to spread on a scale and at a speed that was previously unimaginable. Warner’s prescription is for social media platforms to ferret out bad actors, by creating a “duty” for platforms to label bots, identify account holders’ geographic origins, and crack down on inauthentic accounts. He recommends holding platforms liable under state tort laws by revising Section 230 of the Communications Decency Act (“CDA”). Warner’s other proposals for combating disinformation include: (1) requiring tech companies to share data with public interest researchers; (2) creating a congressional task force to combat threats to democratic institutions; (3) increasing disclosure requirements for online political ads; (4) starting a public initiative to bolster media literacy; and (5) crafting a “deterrence doctrine” that establishes how the U.S. will respond to state-sponsored cyber-attacks.
Second, Warner examines problems posed by the “prevailing business model” of online platforms, in which the platforms offer “nominally free services” in exchange for consumers’ data. As Warner explains, platforms can then utilize that data for a number of purposes – some beneficial, and some potentially mischievous. He offers a number of legislative fixes, ranging from comprehensive legislation like GDPR to more tailored reforms, including:
(1) imposing “information fiduciary” responsibilities on certain types of online service providers to ensure that they protect user data;
(2) prohibiting deceptive interface designs (“dark patterns”) that trick consumers into consenting to sharing their data;
(3) auditing certain types of algorithms to ensure that they produce fair and transparent outcomes; and
(4) preventing third-parties from collecting user data without consent. Warner also favors endowing the FTC with rulemaking authority so regulators can respond to changes in technology and business practices.
Third, the white paper warns that market forces may lead to dangerous levels of industry concentration. As user data continues to drive economic value – for example, by creating highly targeted advertisements or by providing inputs to machine-learning algorithms – firms with large pre-existing data sets have significant competitive advantages over new market entrants. This advantage will become more pronounced, according to Warner, as machine-learning and AI technologies gain widespread application. He offers five solutions to improve competition, all of which involve providing users and third parties with increased access to platforms and data:
(1) requiring platforms to share information about the value of their users’ data, thus fostering competition by informing users about the true “cost” of using ostensibly free products, and by giving regulators the information necessary to assess whether a given practice or transaction is anticompetitive;
(2) Enacting a “data portability” law that would reduce platform-switching costs for consumers;
(3) opening federal government data sets to university researchers and select start-ups to decrease the competitive advantage that amassed data provides to market-dominant actors;
(4) imposing an interoperability requirement on dominant platforms; and
(5) designating certain critical platforms as “essential facilities” to require those platforms to provide services to third parties on fair, reasonable, and non-discriminatory terms. For example, if Google Maps were deemed an essential facility, it might have to provide equal and reasonable access to its platform to the millions of third-party apps that utilize its mapping technology.
Although there are some reasons for optimism that federal data privacy legislation will eventually come to fruition, significant barriers remain. Many of the barriers are political, but as Senator Warner’s white paper concedes, others are practical and technological. Increased shareability of data means more points of entry for unscrupulous hackers, oppressive regimes may utilize users’ personal information to undermine freedom of expression and privacy, and revising the CDA may stifle innovation and create unwarranted liabilities for platforms. Nonetheless, Congress will have to tackle these challenges eventually, and Senator Warner’s white paper provides it with a menu of policy options for doing so.