Political cartoonist Serge Chapleau summed it up neatly. His April 27 cartoon in Montréal’s La Presse showed Facebook founder Mark Zuckerberg wearing a T-shirt with a thumb representing Facebook’s “like” button transformed into a middle-finger salute.
Facebook’s cavalier attitude is palpable in the report that Daniel Therrien, Canada’s privacy commissioner, released two days earlier. “We asked Facebook to provide us with information,” wrote Therrien. “We are disappointed to note that many of our questions have remained unanswered or have not been satisfactorily answered.”
The commissioner was investigating the impact of the so-called Cambridge Analytica scandal on Canadians. His conclusion? Facebook “has waived its responsibility for the personal information under its control.”
An impotent system
What is also clear in this report is the impotence of the Office of the Privacy Commissioner. Of course, Canada has the Personal Information Protection and Electronic Documents Act, but even if Therrien demonstrated that Facebook had violated the act, he doesn’t have the power to sanction the company. And Facebook knows that very well.
Personal data protection laws are no longer sufficient. Artificial intelligence, fuelled by considerable volumes of data (popularly known as Big Data), raises new, complex, constantly and rapidly evolving ethical, economic and political issues.
I’m not the only one who thinks so. So does the British government, in a report published in late April. The Online Harms White Paper is a particularly remarkable document. It highlights the Trudeau government’s prodigious indolence in addressing these issues. It also describes various types of harm caused by online activities in general, and digital social platforms in particular. These range from mismanagement of personal data to crimes such as child abuse, fraud and misinformation (which is my area of interest).
Taking the digital bull by the horns
The report is remarkable because of the solutions it proposes — solutions that Canadian legislators must urgently consider. Digital technology is everywhere in today’s society, and regulating it is a crucial mission that requires the creation of a new independent body with legislative reach. I have identified four powers that are mentioned in the British report.
1. Accountability through fines and prosecutions
The European Union’s General Data Protection Regulation, adopted in 2016, already provides for fines of up to 20 million euros (CDN$30 million), or four per cent of a company’s worldwide annual profit. In the case of Facebook, this would represent more than CDN$3 billion.
The Online Harms report goes further by saying that business leaders should also be accountable in court if their company is liable for damage to British society. This is subject to future consultation, but mentioning it is revolutionary.
2. Disrupt the activities of delinquent companies
I rubbed my eyes in amazement when I read the recommendation: “Disruption of business activities” in the British report. The United Kingdom government is considering reserving the right to interfere with the activities of online businesses that do not comply with the regulations. What form might these disruptions take? Block internet traffic to problematic services? This extreme measure would only be taken in the most serious cases where the safety of citizens is clearly at stake.
3. Monitor algorithms
As Therrien pointed out in his report, his British counterpart already has investigative powers under the Data Protection Act of 2018. In the UK, a warrant can be used to show what happens to collected data. The act gives the British Information Commissioner investigative powers that are very similar to those available to police officers.
Although these powers are already light years away from what is possible in Canada, the Online Harms report goes even further by proposing upstream monitoring of algorithms. It wants to require companies that use collected data to publish annual transparency reports. The regulator will need to be able to comprehend what is being done with citizens’ data and understand how the algorithms of the web giants work. Companies that refuse will be subject to penalties.
4. Collaborate with researchers
Finally, the British report welcomes the opening of some platforms to collaboration with the academic research community. However, in my point of view, it is not demanding enough in this crucial respect.
It is precisely one of the roles of research to study societal phenomena. As more and more of these phenomena occur in private online platforms, the law must require companies to open their windows for researchers to observe what’s happening inside.
Most platforms, like Google, Twitter or Facebook, have application programming interfaces or APIs. Researchers have been using them to study, for example, the polarization of political discourse or the spread of misinformation.
But not all platforms have APIs. Twitter has a fairly open and data-rich API. But Instagram and WhatsApp, both of which belong to Facebook, have none that can be used by researchers. Not being able to understand how information flows through these platforms is a concern, and it’s in the public interest to understand the flow of information on digital social media.
In April 2018, the Association of Internet Researchers (AoIR) asked online platforms to give researchers access to their data through APIs specifically dedicated to scientific research. For the most part, the web giants have remained deaf to this petition. Here again, it is up to legislators to force their hands in the public interest.
I have a wish for 2020: that the Trudeau government enters the 21st century, that it stops cowering in front of the big tech companies like Google, Amazon, Facebook and Apple, and that it adopts laws that will finally allow Canadians to know and understand what these companies really do with their data.
This should be a top issue in the upcoming federal election campaign.