Zuck’s back, calling for “new rules” for the Internet, which will entrench Facebook’s power, but do nothing for privacy

Posted on Apr 12, 2019 by Glyn Moody

Last month, Privacy News Online looked at a 3000-word essay entitled “A Privacy-Focused Vision for Social Networking“, written by Mark Zuckerberg. It’s a measure of the political pressure that Facebook finds itself under that Zuckerberg has published another big “thought piece”, where he is obviously trying to steer public discussions to his company’s advantage. This time, in a move that has surprised some, he wants “new rules” for the Internet:

I believe we need a more active role for governments and regulators. By updating the rules for the Internet, we can preserve what’s best about it – the freedom for people to express themselves and for entrepreneurs to build new things – while also protecting society from broader harms.

More specifically, Zuckerberg is calling for new regulations in four areas: harmful content, election integrity, privacy and data portability. Privacy is explicitly named as one area, but two others there have major implications for personal data. For example, regarding election integrity, Zuckerberg writes:

Facebook has already made significant changes around political ads: Advertisers in many countries must verify their identities before purchasing political ads. We built a searchable archive that shows who pays for ads, what other ads they ran and what audiences saw the ads.

Although it is good to know who pays for what ads, and who sees them, the real problem lies at the point where Facebook helps advertisers to send micro-targeted political ads to people. That’s something Privacy News Online has explored before, along with its negative impact on privacy. Zuckerberg notes that there are “important questions about how political campaigns use data and targeting,” and calls for legislation in this area to be updated. What is needed is not some tweaking, but a fundamental shift in how ads are sold online.

We already have examples of how sites can thrive using other, privacy-respecting ways of selecting which advertisements are displayed to visitors. If Zuckerberg were really concerned about the corrosive effects of micro-targeted political ads on democracy, he would end the practice now. Instead, he is simply providing more information about advertisers on Facebook, while continuing to encourage them to use Facebook’s unparalleled profiling information to get their messages out.

Zuckerberg’s comments on privacy are interesting for their confirmation that the GDPR is setting the standard in this area:

People around the world have called for comprehensive privacy regulation in line with the European Union’s General Data Protection Regulation, and I agree. I believe it would be good for the Internet if more countries adopted regulation such as GDPR as a common framework.

As with micro-targeted ads, Zuckerberg’s actions belie his words. Back in April 2018, just before the GDPR came into force in the EU, Facebook moved 1.5 billion of its users outside its scope, by shifting responsibility for them from Ireland to the US. If Zuckerberg truly supported the GDPR, he could boost its reach overnight by returning those 1.5 billion user accounts to Ireland. No new “rules for the Internet” are required to do that – just a one-line memo from him saying “move them back”. On a more technical issue, he says:

regulation should guarantee the principle of data portability. If you share data with one service, you should be able to move it to another. This gives people choice and enables developers to innovate and compete.

Once more, that sounds good. People should indeed be able to move their data from one service to another. Once more, though, appearances are deceptive. Even if you could move all your data from Facebook to another online service, you would be leaving behind the most important thing: your social network. It is this network effect, not lack of data portability, that locks people into Facebook. However, as Zuckerberg well knows, data portability is a two-way street. As well as allowing Facebook users to move elsewhere – something few are likely to do – it also enables those who are not on Facebook to join more easily, which is highly convenient for Facebook.

Beyond these specific reasons why Zuckerberg is calling for more legislation, there are some general issues that help explain this sudden love of being regulated. At the moment, Facebook is forced to make many decisions about what should be allowed on its service. That’s undeniably a difficult undertaking, and inevitably leads to complaints on all sides from people who are unhappy with the outcome. Once laws are in place that lay down what the company it must do, its task is far simpler. It just has to follow those rules. If users or others dislike the results, Facebook can legitimately say “don’t blame us, we’re just implementing the law”. Although the company will be constrained in some ways that may be inconvenient, it will also be shielded from many of the worst legal risks it currently faces.

Finally, it’s important to remember that regulations by their very nature impose compliance costs on companies, both in terms of money and organizational challenges. As we’ve already seen with the GDPR, those best able to manage such costs are the big companies: they have deep pockets and departments full of clever lawyers. The same is true here. The more governments bring in regulations for the world of social media, the greater the barrier to entry for others less well-endowed with money and experienced staff.

Zuckerberg’s apparent humility in calling for governments around the world to increase their “control” over Facebook is in fact just another shrewd move to bolster the company’s already immense power. It will do very little to provide greater protection for the privacy of its users.

Featured image by Dun.can.