How to Save Democracy from Facebook

All the fixes require either the enactment of a data-protection law, or the amendment of our existing competition law.

This can take many years. However, there is an opportunity for the government to act immediately if it wishes to, says Sunil Abraham.

---

Those who celebrate the big data and artificial intelligence moment claim that traditional approaches to data protection are no longer relevant and therefore must be abandoned. The Cambridge Analytica episode, if anything, demonstrates how wrong they are.

The principles of data protection need to be reinvented and weaponised, not discarded. In this article, I shall discuss the reinventing of three such data-protection principles. Apart from this I shall also briefly explore competition law solutions.

One, data minimisation is the principle that requires the data controller to collect data only if mandated to do so by regulation or because it is a prerequisite for providing a functionality.

For example, Facebook's Messenger app on Android harvests call records and meta-data, without any consumer-facing feature on the app that justifies such collection.

Therefore, this is a clear violation of the data minimisation principle. One of the ways to reinvent this principle is by borrowing from the best practices around warnings and labels on packaging introduced by the global anti-tobacco campaign.

A permanent bar could be required in all apps, stating 'Facebook holds W number of records across X databases over the time period Y, which totals Z GB'. Each of these alphabets could be a hyperlink, allowing the user to easily drill down to the individual data record.

Two, the principle of consent requires that the data controller secure explicit, informed and voluntary consent from the data subject unless there are exceptional circumstances.

Unfortunately, consent has been reduced to a mockery today through obfuscation by lawyers in verbose 'privacy notices' and 'terms of services'. To reinvent consent we need to bring 'Do Not Dial' registries into the era of big data.

A website maintained by a future Indian data protection regulator could allow individuals to check against their unique identifiers (email, phone number, Aadhaar). The website would provide a list of all data controllers that are holding personal information against a particular unique identifier.

The data subject should then be able to revoke consent with one-click. Once consent is revoked, the data controller would have to delete all personal information that they hold, unless retention of such information is required under law (for example, in banking law).

One-click revocation of consent will make data controllers such as Facebook treat data subjects with greater respect.

Three, the right to explanation, most commonly associated with the General Data Protection Directive from the European Union, is a principle that requires the data controller to make transparent the automated decision-making process when personal information is implicated.

So far it has been seen as a reactive measure for user empowerment. In other words, the explanation is provided only when there is a demand for it. The Facebook feeds that were used for manipulation through micro-targeting of content are an example of such automated decision making.

Regulation in India should require a user empowerment panel accessible through a prominent icon that appears repeatedly in the feed.

On clicking the icon, the user will be able to modify the objectives that the algorithm is maximising for. She can then choose to see content that targets a bisexual rather than a heterosexual, a Muslim rather than a Hindu, a conservative rather a liberal, etc.

At the moment, Facebook only allows the user to stop being targeted for advertisements based on certain categories. However, to be less susceptible to psychological manipulation, the user should be allowed to define these categories, for both content and advertisements.

From a competition perspective, Google and Facebook have destroyed the business model for real news, and replaced it with a business model for fake news, by monopolising digital advertising revenues. Their algorithms are designed to maximise the amount of time that users spend on their platforms, and therefore, don't have any incentive to distinguish between truth and falsehood.

This contemporary crisis requires three types of interventions: One, appropriate taxation and transparency to the public, so that the revenue streams for fake news factories can be ended; two, the construction of a common infrastructure that can be shared by all traditional and new media companies in order to recapture digital advertising revenues; and three, immediate action by the competition regulator to protect competition between advertising networks operating in India.

With Google, the situation is even worse, since it has dominance in both the ad network market and in the operating system market.

During the birth of competition law, policymakers and decision makers acted to protect competition per se. This is because they saw competition as an essential component of democracy, open society, innovation, and a functioning market.

When the economists from the Chicago School began to influence competition policy in the United States, they advocated for a singular focus on the maximisation of consumer interest.

The adoption of this ideology has resulted in competition regulators standing powerlessly by while internet giants wreck our economy and polity. We need to return to the foundational principles of competition law, which might even mean breaking Google into two companies.

The operating system should be divorced from other services and products to prevent them from taking advantage of vertical integration. We as a nation need to start discussing the possible end stages of such a break-up.

In conclusion, all the fixes that have been listed above require either the enactment of a data-protection law, or the amendment of our existing competition law.

This, as we all know, can take many years. However, there is an opportunity for the government to act immediately if it wishes to. By utilising procurement power, the central and state governments of India could support free and open source software alternatives to Google's products especially in the education sector.

The government could also stop using Facebook, Google and Twitter for e-governance, and thereby stop providing free advertising for these companies for print and broadcast media.

This will make it easier for emerging firms to dislodge hegemonic incumbents.

Sunil Abraham is executive director, Centre for Internet and Society. The centre is a recipient of grants from Facebook and Google.