Motivation: Mark Warren tech policy whitepaper
On July 2018, US Senator Mark Warren released a whitepaper titled Potential Policy Proposals for Regulation of Social Media and Technology Firms. It discusses 20 topics for potential legislation, listed below. In 2019, Warren and others introduced four technology regulation bills along the lines discussed in the whitepaper, which are briefly described in the next pages. Even if unlikely to pass, the scope of the bills is unprecedented, and they are likely to set the tone for future legislation.
- Duty to clearly and conspicuously label bots
- Duty to determine the origin of posts and/or accounts
- Duty to identify inauthentic accounts
- Make platforms liable for state-law torts (defamation, false light, public disclosure of private facts) for failure to take down deep fake or other manipulated audio/video content
- Public Interest Data Access Bill
- Require Interagency Task Force for Countering Asymmetric Threats to Democratic Institutions
- Disclosure Requirements for Online Political Advertisements
- Public Initiative for Media Literacy
- Increasing Deterrence Against Foreign Manipulation
- Information fiduciary
- Privacy rulemaking authority at FTC
- Comprehensive (GDPR-like) data protection legislation
- 1st Party Consent for Data Collection
- Statutory determination that so-called ‘dark patterns’ are unfair and deceptive trade practices
- Algorithmic auditability/fairness
- Data Transparency Bill
- Data Portability Bill
- Opening federal datasets to university researchers and qualified small businesses/startups
- Essential Facilities Determinations
S.1084 - DETOUR Act
Introduced 2019-04-09: To prohibit the usage of exploitative and deceptive practices by large online operators and to promote consumer welfare in the use of behavioral research by such providers.
The DETOUR act says that large online operators (defined as services with more than 100M monthly active users anywhere, not just in the US) may not use misleading interfaces or unclear wording to mislead the user. It also says that they can only conduct behavioral experiments (e.g. A/B testing) if they have an independent review board registered with the FTC and have informed consent from the users as well as routine disclosure to the public of experiments being done. Finally it says that online large operators may form professional standards bodies, and that those bodies should develop on a continuing basis guidances and bright line rules for developing their technology products in a way that does not impair user autonomy or induce compulsive behavior in children.
Thoughts: It is hardly possible to object to the clear outlawing of “dark patterns”, which is how the deceptive interfaces described on the bill are commonly referred to. The possibility of additional liability created by it is the only straightforward concern, but os greatly alleviated since it’s targeting only large platforms, which have the resources to comply. A point more likely to raise objections is the regulation of behavioral experiments, which was clearly written to include A/B testing, which companies do all the time. The compliance burdens are fairly light, but the main motivation is likely to be the public disclosure in itself, since that is certain to be grounds for bad media coverage.
S.1578 - Do Not Track Act
Introduced 2019-05-21: To protect the privacy of internet users through the establishment of a national Do Not Track system, and for other purposes.
The Do Not Track (DNT) Act says that the FTC must implement a DNT system that defines a standard for devices, websites and services to send and receive DNT requests. It says that the FTC must also develop a program/application that users can download to send DNT requests, and that others may also make programs to send DNT requests. If a service receives a DNT request they may only gather the data necessary to operate, and explicitly says that gathering data for targeted advertising is not allowed, and that they may not use current data for targeted advertising, nor share with other parties, nor discriminate users based on DNT preferences. It puts the FTC in charge of enforcement and lays rules for fines.
Thoughts: The bill seems to be written with a bit too much detail on the system implementation, which in its current form would make implementation and compliance more cumbersome. In addition, due to the fact that it applied to virtually anybody running anything online, it should gather considerable opposition. The relevant section is below.
FIRST-PARTY OPERATOR.—The term “first-party operator” means an operator of a website on the internet, an online service, an online application, or a mobile application with which a user intends to connect, but does not include an operator of an advertisement that appears on such a website, service, or application or a program used to log in to such a website, service, or application (if the operator of such advertisement or program is different from the operator of the website, service, or application).
S.1951 - DASHBOARD act
Introduced 2019-06-25: To require the Securities and Exchange Commission to promulgate regulations relating to the disclosure of certain commercial data, and for other purposes.
It applies to “commercial data operators”, defined as entities offering consumer online services or a data broker with over 100M monthly users in the United States for most months over the last year. It says that they must routinely provide each user with an estimate of how much they think that users data is worth for the operator, and clearly describe the data collected and how it is used, as well as allow users to delete their data. It also says that operators must disclose every quarter to the SEC the “material value” of the user data they hold, contracts they have for collection and use of data, and the value of anything else the SEC determines is necessary. It puts the SEC in charge of figuring out a valuation methodology for the data. It also says the SEC should amend the rules for disclosures from public companies that classify as data operators to include information on how data held by them: how it is protected, liabilities, sources, revenue generated, large contracts or acquisitions of data.
Thoughts: This one is odd because it puts the SEC in charge of some of the operators disclosures regardless of whether they are public or not. Are there other examples of SEC being responsible for private companies that are not going public? And for public companies, this will majorly upset their reportings and could have significant impacts on their market cap, which could be real (since more information will be available) or just a result of the new reporting rules affecting their listed assets.
S.2658 - ACCESS Act of 2019
A bill to promote competition and reduce consumer switching costs in the provision of online communications services.
The access bill would require communications platforms with 100M monthly active users in the US to make their services interoperable with other platforms.
For example, email is interoperable because it relies on an open protocol called SMTP, and websites can talk to each other because they use the Hypertext Transfer Protocol (HTTP). However, most messaging and social media platforms do not offer a way for other software to interact with it - users can only use them by logging into their websites or apps. The communication platforms affected by this bill, if not already using an open protocol (thus excluding email services for example) would be required to offer a way for other software to interact with them, via what is usually referred to as an “application programming interface”.
Thoughts: The text is written to only apply to communications platforms with 100M monthly active users in the United States. With this criteria, Facebook and it’s messenger platform is likely to be the only one affected, since no other platform seems to reach that threshold, as judged from publicly available statistics.