In the first of three blogs for the Media Policy Project, Brussels-based policy analyst Pascal Crowe reports from the European Parliament on the first of three scheduled hearings about the Facebook/Cambridge Analytica case.
2018 has been an annus horribilis for tech in general, and Facebook in particular. The scandal surrounding Cambridge Analytica, Facebook and the UK referendum about whether or not to remain in the European Union, has resulted in a tsunami of political fallout on both sides of the Atlantic. So far, Mark Zuckerberg or one of his representatives have appeared before the US Congress, the US Senate, and the UK House of Commons Digital, Culture, Media and Sport Select Committee. Domestically, there are three separate investigations swirling around the issue: the Digital, Culture, Media and Sport Select Committee inquiry into fake news; the Electoral Commission inquiry into campaign financing; and the Information Commissioner’s Office (ICO) investigation into data analytics for political purposes.
Not wishing to be outdone, the European Parliament has scheduled its own three-part hearing into alleged collaboration between Facebook and Cambridge Analytica. The first of these sessions took place on 4 June 2018 in front of the Committee on Civil Liberties, Justice and Home Affairs (LIBE). In attendance were Chris Wylie, former Cambridge Analytica employee turned whistleblower, Carole Cadwalladr, the Guardian and Observer journalist who broke the story, and Elizabeth Denham, the UK Information Commissioner. Also present on the panel were David Carroll (an academic who is suing Facebook for misusing his personal data), and Sandy Parakilas from the Center for Humane Technology.
Although there was a lot of discussion that mirrored contributions that the panelists had given to Congress and Parliament, there were also some new revelations. For example, Sandy Parakilas suggested that the risks posed by personal data flows and programmatic adverts could be mitigated by the development of a cyber insurance economy (in which individuals would contract insurance plans with providers to mitigate risk to their online profiles). This could encourage the development of effective online safeguards in the same way that auto insurers encouraged the uptake of seatbelts in cars: insurers would want to minimize the risk of successful claims by encouraging social media companies to strictly follow data protection best practices. However, apps and related online business are difficult to audit, not just because of the inscrutability of the algorithms that they use, but also because of the inscrutability of their business practices.
The Information Commissioner tried to offer some reasons to be cheerful, noting that the ICO’s investigation was the largest of its kind, and that the public should expect its outcome to permanently change the behaviour of the actors involved. It will also prove a landmark moment in the future application and interpretation of the General Data Protection Regulation (GDPR) and its domestic counterpart the new British Data Protection Act (BDPA) 2018, she said, even though the subject of the investigation precedes both. As a result, the ICO is working closely with the European Data Protection Board (EDPB) on this investigation. There was general consensus amongst the panellists that the scandal had permanently shifted the debate around privacy rights, with David Carroll suggesting that data privacy constituted a new civil right. Facebook’s contribution to this debate was conspicuous by its absence.
There were, however, some important areas of disagreement. Most notably, Carole Cadwalladr called for reforms to campaign finance law. However, the leveraging of vast data sets of personal data for campaigning purposes has attracted at least as much press and regulatory attention as any alleged spending breach. A mounting body of evidence suggests that merely regulating the money spent by a political campaign may not be enough to combat electoral abuses in a maturing digital democracy.
I think that it would be more effective (and is more likely) that additional powers be given to the ICO, than for there to be a significant renegotiation of campaign finance regulation.
Here are three reasons why:
1. The electoral value of data centric online assets isn’t strongly tied to their financial value
Though neither campaign followed the regulations to the letter, Vote Leave clearly enjoyed a vast advantage in its access to both data sets and professional expertise. The DCMS Select Committee awaits clarification on questions of Russian Facebook spending during the EU Referendum (Facebook having previously estimated it at 73p); Twitter offered a more substantial estimate of around £750 being spent on its own platform. Even this apparently more realistic figure is hardly a princely sum. Online, the marginal costs of production and distribution for new campaigning resources are minimal: a meme, advert, or tweet costs almost nothing relative to its potential exposure if it goes viral. The possibility of automated networks of trolls, who can amplify messages whilst operating beyond the capacity of national regulators, muddies the waters further. Although the services of digital marketeers do cost money, and it’s difficult to measure if their efforts actually translate into votes, a system that uses cost as the only metric of campaigning power is not going to be effective at regulating online campaigning.
2. Using data is a cost-cutting exercise anyway
Although claims of the usefulness of ‘psychographic’ information about voters contain more than a dash of snake oil, evidence suggests it can help campaigns understand which individuals are more or less sympathetic to their cause. This means a campaign can avoid spending money trying to convince those who are unlikely to be persuaded, a practice known; as ‘redlining’. Regardless of how exclusionary this tactic is, it suggests tightening campaign spend would be an ineffective way of regulating campaign innovation, which is itself used to cutting costs.
3. The Electoral Commission has become a political hot potato
However unfairly, both the Leave campaign and elements of the press have portrayed the Electoral Commission as an institution staffed by Blairites with an agenda. Giving it additional powers due to a Brexit related issue would be a politically risky move. It would allow Brexiteers to cry foul and cause more trouble for an already weak government. By contrast, both the ICO’s public profile and the acuteness of the general public’s data privacy concerns have risen in the wake of recent scandals. In addition, Elizabeth Denham is gaining a reputation as an ‘activist’ Information Commissioner; her public dissatisfaction with the length of time it took to get a court order to raid Cambridge Analytica’s offices sounded like an appeal for greater autonomy. The Cambridge Analytica scandal has provided significant exposure for an organisation previously best known for slapping fines on cold calling organisations.
Taking a step back, it’s difficult to know where this saga will conclude. Certainly at the domestic level, the inability of the authorities to twist any corporate arms, over a year after the initial allegations came to light, has raised a few eyebrows. Many of those involved in the case hopes that due to its legislative (and economic) clout, the European Union will be able to bring social media companies to heel. Personally, I have my doubts. The EU, torn between a greying liberal orthodoxy and an angry populist insurgency, is currently undergoing an existential crisis that extends to its institutions. From the public seating at the back of the chamber, the well intentioned but meandering questions from MEPs were largely inaudible. Just before the hearing’s conclusion, however, a loud heckle made me sit up in my seat, alarmed by its aggression and clarity: “Down with Soros”.
This article gives the views of the author and does not represent the position of the LSE Media Policy Project blog, nor of the London School of Economics and Political Science.