doteveryone

The UK needs a new independent technology regulator to scrutinise business models and metrics.

Many people who work in online marketing have been responding to the Cambridge Analytica story with a bit of a shrug. After all, to those in the know, microtargetting is just how the business works. Data harvesting is a feature, not a bug.

And to an extent they are right: it’s not new news. Until 2015, Facebook’s Open Graph was designed to create whole pictures of us and our friends; this isn’t even a discovery about what is happening now, but something that was closed down three years ago. Three years in technology years is like 20 or 30 in other fields.

As the ODI’s Ellen Broad points out, there are different categories of advertising. The consumer goods I buy or the holidays I take are different to the democratic decisions I make, or the financial products I use. These things are regulated offline in the UK — by the ASA and the Electoral Commission — and there are processes in place to do so, in real time, and mostly not three years after the fact.

The fact that Cambridge Analytica is only a scandal now shows how badly developed our instruments for technology accountability really are.

Doteveryone’s People, Power, Technology report, published last month, shows the importance of accountability, engagement and education. But these are nothing without responsibility. Culture Secretary Matt Hancock has spoken about the importance of companies operating in Britain complying with British legislation, but the complexity of the Data Protection Bill shows how difficult it is to push through legislative reform in a timely and reactive manner in a fast-changing digital landscape.

The UK needs a new, independent regulator that understands how the underlying systems behind technology work — a body that can scrutinise business models, metrics and algorithms in real time, and create compelling pictures of best practice.

There are already organisations with second-order responsibility for things that happen online — the Information Commissioner’s Office is responsible for data, OFCOM for connectivity — but none have the capability or resource to interrogate business models and metrics. While the ICO is painfully under-resourced, it is not simply more resources that are needed, but a whole new remit.

There need to be ethical checks around business models and tests for the unintended consequences of metrics — not just at release but ongoing, through the life of a product. New releases of algorithms and design patterns need to be bug-tested for human-rights failings, just as they are for other kinds of mistakes. Standards for terms and conditions and design patterns need to be set, tested against and enforced.

The government’s proposed Data and Ethics Commission could theoretically do some of this, but not as a government body, and not while its focus is dominated by AI and innovation. It needs to be based in the here and now, and be independent from government policy. Data is political, after all and health, immigration and taxation data should be subject to the same scrutiny as platform businesses.

The new regulator should be free to be staffed appropriately, with Internet expertise at the centre — not just software engineering or AI expertise, but online marketing, user research, and product development skills, so that the same scrutiny and attention to detail is brought to bear in regulation as it is in product releases.

The easier part of this will be the monitoring and delivery: technologies like machine learning can support expert investigators in monitoring service provision; best-practice guidelines for continuously managing consent can be created and established; distinctions in categories for advertising, profiling and targeting can be created and enforced.

Funding this shouldn’t be difficult — it is in the interest of the richest companies in the world to pay their debt to society through taxation. The European Commission has announced its plans for a “digital tax” on tech companies — and looking at the damage done to Facebook’s market valuation this week, an additional levy that made technology safer, more secure and better for all of us would simply make good business sense.

The difficult part is making it happen — how to catch up and keep up without endless bureaucracy killing innovation.

One approach could be starting with the big platforms and creating a positive certification that highlights where things are working and where they are still a work-in-progress. The resource and computing power of Facebook, Google and Amazon makes this achievable; the challenge is making public safety as important in their pipelines as income generation. This doesn’t get in the way of innovation — rather it’s a vital part of innovation, that will enable technology to continue to change the world in safe and respectful ways.