The Committee for Digital, Culture, Media, and Sport of the UK Parliament (DCMS Committee) has now completed its inquiry into Fake News, which lasted throughout 2018. The inquiry started as an investigation on the spread of disinformation and its role in influencing elections, and soon turned to the link between tech companies’ practices and the protection of citizens’ personal data. The final report makes strong recommendations to set up new regulators and laws around social media; however, it is unlikely that government and parliament will take immediate action to address the issues raised in the inquiry.
The report raises concerns about the market power of tech companies, and risks for democracy
The inquiry on Fake News kept the DCMS Committee busy for the best part of 2018. With 23 oral evidence sessions hearing evidence from 73 individuals, MPs thoroughly investigated the role of tech companies, and social media platforms in particular, in spreading disinformation and in turn influencing the outcome of recent elections and votes in the UK. In the early months of the inquiry, as the Cambridge Analytica scandal unfolded, the work of the Committee stopped being merely about disinformation, and acquired a strong focus on privacy and the treatment of citizens’ personal data.
As a result, the conclusions of the Committee are that electoral law is no longer fit for purpose in the digital age, given how easy it has been to expose recent votes to external influence; and that social media companies cannot hide behind the claim of being merely a ‘platform’ and refuse responsibility in regulating the content of their websites. The Committee found that the Cambridge Analytica scandal was facilitated by Facebook’s policies, and that Facebook ‘intentionally and knowingly’ violated data privacy and competition laws. More broadly, the report states that the dominance of ‘a handful of powerful tech companies’ has resulted in their behaving as if they were monopolies in their specific area, and that there are considerations around the data on which those services are based, and asks the Government to consider the impact of such monopolies on democracy.
The Committee calls for a new regulator to monitor social media
Unsurprisingly, the final report of the inquiry echoes some of the recommendations made in the interim report of July 2018; the most noteworthy recommendation is to establish ‘clear legal liabilities’ for tech companies to act against harmful or illegal content on their sites. In short, the report advocates for an end to the ‘mere conduit’ principle, stating that social media companies cannot hide behind their role of simple platforms and should take responsibility for the content they host. It is proposed to create a mandatory Code of Ethics, which would define what content is harmful. An independent regulator to monitor tech companies should be set up, with statutory powers to take legal action against firms in breach of the code; this would be funded by a levy on tech companies operating in the UK. The report does not specify the size of such levy; it notes that the UK Government plans to introduce a 2% tax on revenues of tech giants from April 2020, but voices concerns that the government does not have the intention to increase funding to the ICO as a result of the Digital Tax.
On top of legislative measures, the report also calls for existing regulators to take actions in the respective fields of competence: it recommends that the ICO carries out a detailed investigation into the practices carried out by Facebook in its use of users' and users' friends' data, and the use of ‘reciprocity’ of the sharing of data. Another proposal suggests that Competition and Markets Authority (CMA) conduct a comprehensive assessment of the advertising market on social media, and investigate whether Facebook’s behaviour has been anti-competitive.
Legislative measures are unlikely to be taken in the short run
With today’s report, the Committee has issued a number of recommendations, some of which echo the interim report issued in July 2018. Detailed as they may be, these recommendation have no practical consequence until they are followed through by means of legislative proposals. The UK Parliament is dealing with the urgent task to pass legislation to implement Brexit (largely to replace EU law, or to enshrine it in national law); it is estimated that hundreds of pieces of legislation are yet to be discussed and approved, as the deadline of 29 March 2019 looms on. For this reason, it is unlikely that any legislation to regulate social media and online platform would take priority in the coming months, providing that there were sufficient appetite among MPs to move forward with such initiatives. It is also worth noting that the Government failed to address several of the recommendations included in the interim report, to the disappointment of the Committee. On the other hand, the ICO and the CMA, which have been called on to start new investigations, could decide to act promptly off the back of the inquiry. The ICO has already carried out extensive scrutiny on Facebook and Cambridge Analytica during 2018, and issued the highest fines possible under the legal framework prior to GDPR; the CMA could follow in the footsteps of competition regulators elsewhere, such as the German Bundeskartellamt. As recently noted by Assembly, antitrust regulators are starting to take action against tech giants, often complementing the work of privacy regulators.
The Committee could look outside the UK to strengthen its case for prescriptive regulation. The DCMS Committee leads an International Grand Committee on disinformation, largely made up of Parliamentary committees of countries where Mark Zuckerberg refused to attend hearings in person to answer pressing questions about Facebook’s practices; the Grand Committee, which had only one meeting in November, has by no means stopped its work, and is now scheduled to meet up again in May. Coordinated legislative efforts across countries could help legislators keep the level of awareness high both inside and outside the UK, and achieve more consistent regulatory outcomes. In a passage of the conclusions, the report also notes the evidence gathered in the inquiry could be useful for the Irish Data Protection Commissioner, which is the lead authority for Facebook under the GDPR.
