EU Tries to Regulate Social Media
Brussels has gotten ahead of Washington in regulating mostly American-based Internet companies.
FT (“EU approves groundbreaking rules to police Big Tech platforms“):
In the early hours of Saturday morning, after nearly 16 hours of negotiations, legislators in Brussels endorsed measures preventing companies such as Facebook and Google from targeting minors with online advertising, while manipulative techniques that force people to click on content will be banned.
Leading tech groups will be forced to disclose to EU regulators how they are tackling disinformation and war propaganda in order to curb the spread of fake information — an effort that has gained fresh momentum since the Russian invasion of Ukraine.
The Digital Services Act, agreed in Brussels between member states, the European Commission and the European Parliament, is part of a push in Brussels to lead the way on how the internet should be regulated. Earlier this year the EU approved a separate piece of legislation, the Digital Markets Act, which aims to tackle the market power of Silicon Valley firms.
The suite of legislative measures, against which the world’s biggest technology companies lobbied bitterly, represents the most significant overhaul of the laws governing their operation in more than two decades.
Countries such as the US, Canada and Singapore are expected to follow with similar rules in the coming months.
While I’m more sympathetic than hard-core libertarians to the notion that these platforms, while privately owned, have effectively become something akin to a town square, I’m incredibly skeptical of governmental regulation of content moderation policies. And I’m especially leery of multiple government entities across the globe issuing conflicting regulations. Are companies seriously supposed to tailor which tweets and posts can be seen in each of 195 countries?
WaPo‘s Cat Zakrzewski (“Europe to slap new regulations on Big Tech, beating U.S. to the punch“) contrasts the EU’s aggression with the slowness of US regulation:
Washington lawmakers have failed to pass comprehensive tech legislation despite years of promises of a crackdown on the industry as Apple, Facebook, Google and Amazon amassed power and influence for decades with minimal regulation.
That’s not been the case in the European Union, whose laws now are expected to influence the regulatory debate in the United States. Europe passed its first landmark privacy law half a decade ago.
Despite the lack of action, there has been bipartisan support building around antitrust regulation, particularly a bill to prevent tech companies from giving their own products and services advantages on their platforms over smaller rivals. Lawmakers have also introduced bipartisan bills to address children’s safety and force greater transparency of tech companies’ algorithms.
“This will basically set the gold standard for regulating online platforms for any regulator in the world,” said Mathias Vermeulen, a co-founder and policy director at the data rights agency AWO, who worked on the legislation.
Still, the consensus among Republicans and Democrats in Congress on social media content moderation is limited. Republicans largely say tech companies should take a more hands-off approach to content moderation, while Democrats have called for the companies to be more aggressive in removing hate speech, health misinformation and falsehoods about the election. There are also First Amendment limitations to regulating the companies’ content moderation practices in the United States.
Leaders from both parties have raised concerns about Europe taking the lead on regulating some of the most significant companies in the American economy.
“As the world’s leading democracy, we have to set a better example,” former president Barack Obama said in a speech on Thursday at Stanford University, where he warned about the damaging effects of misinformation on democracies. “We should be able to lead on these discussions internationally, not [be] in the rear.”
The Verge‘s James Vincent (“Google, Meta, and others will have to explain their algorithms under new EU legislation“) suggests that the EU’s regulation will effectively become global:
Although the legislation only applies to EU citizens, the effect of these laws will certainly be felt in other parts of the world, too. Global tech companies may decide it is more cost-effective to implement a single strategy to police content and take the EU’s comparatively stringent regulations as their benchmark. While lawmakers in the US keen to rein in Big Tech with their own regulations have already begun looking to the EU’s rules for inspiration.
Adam Satariano, writing for the NYT (“E.U. Takes Aim at Social Media’s Harms With Landmark New Law“) notes that regulating the Internet is harder than it looks.
Yet even as the European authorities gain newfound legal powers to rein in the tech behemoths, critics wondered how effective they will be. Writing laws can be easier than enforcing them, and while the European Union has a reputation as the world’s toughest regulator of the tech industry, its actions have sometimes appeared tougher on paper than in practice.
An estimated 230 new workers will be hired to enforce the new laws, a figure that critics said was insufficient when compared with the resources available to Meta, Google and others.
The staffing figures “are totally inadequate to face gigantic firms and new gigantic tasks,” said Tommaso Valletti, a former top economist for the European Commission, who worked on antitrust cases against Google and other tech platforms.
Without robust enforcement, he said, the new laws will amount to an unfulfilled promise. Mr. Valletti said that even as Europe had levied multibillion-dollar antitrust rulings against Google in recent years, those actions had done little to restore competition because regulators did not force the company to make major structural changes.
Lack of enforcement of the European Union’s data privacy law, the General Data Protection Regulation, or G.D.P.R., has also cast a shadow over the new laws.
Like the Digital Services Act and Digital Markets Act, G.D.P.R. was hailed as landmark legislation. But since it took effect in 2018, there has been little action against Facebook, Google and others over their data-collection practices. Many have sidestepped the rules by bombarding users with consent windows on their websites.
“They haven’t shown themselves capable of using powerful tools that already exist to rein in Big Tech,” said Johnny Ryan, a privacy-rights campaigner and senior fellow at the Irish Council for Civil Liberties, who has pushed for tougher enforcement. “I don’t anticipate them showing themselves suddenly to be any different with a new set of tools.”
Buried toward the end of Kim Mackrael’s WSJ report (“European Lawmakers Reach New Deal on Social Media Regulations“) is this:
As proposed, the DSA also contains obligations that would affect a range of other companies that aren’t considered online platforms, such as internet service providers and web hosting services. The obligations for those companies would be much more limited, compared with those meant to apply to online platforms.
That means hundreds of thousands of companies could fall under the scope of the new legislation, said Daphne Keller, who teaches internet law at Stanford University. She said many smaller companies likely aren’t aware of the new obligations.
Companies that do any kind of content moderation “probably need to spend the next six months hiring and building new processes,” she said. “This is going to be a heavy lift.”
It strikes me as absurd that an ISP in Peoria should be subject to regulation from Brussels just because the Internet also reaches there.
It’s a brave new world, James. It’s bound to get messy.
The EU’s position is that they are protecting their users, making where the server is locate irrelevant. Also, given the distributed nature of the networks of social media companies for any given interaction the ‘handling’ server could be anywhere.
I’d like to agree with you that a more laissez-faire oversight of social media would be nice, but those companies and in particular Facebook, have shown that chasing clicks and engagement is more important than the safety and well being of the user community.
As far as the US Congress, LoL. Nothing will happen there, as you point out, though both parties want to take action against the internet giants, each sees a different problem and are advocating different solutions. So good for the EU, given the market power of Europe, some benefit can spill over to the rest of the world.
The converse is also true.
Facebook claims to have what, two billion users? There’s simply no way to monitor the posts and comments of two billion users. The AI isn’t good enough and no one can afford the size of the human staff that would be required.
Right now, the safety and growth of Zuckerberg’s wealth ranks down in the priority list near the bottom, maybe a bit higher than where Elon Musk will spend the night tomorrow.
These days almost all of the social media are implemented, in practice, as a very large pile of JavaScript executing in the browser, or as a sizeable native app on mobile devices. So, billions of ops per second per user. It is not inconceivable that a modest rules-based engine can run on the subscribers’ machines and generate the 195-bit mask indicating where the post/comment is unacceptable. Or at least do a bunch of heavy preprocessing before dumping the question up to a cloud-based engine to generate the mask. Let each country that wants to restrict content provide their rules suitable for the engine. I wouldn’t want to be the one having to implement it, but Facebook and the rest are all spending a fortune on AI research.
ETA: Wrt my previous comment, a foolish consistency is the hobgoblin of little minds :^)
@Michael Cain:
The amount of data actually makes it easier to train the machine learning models. And there are countless ways to encourage community moderation to validate it (people love being judgmental, but you need to track the moderators as well to ensure minimal bias)
The machine data methods have difficulty distinguishing sarcasm — there will be false positives on people jokingly saying that they got the vaccine and the microchips improved their cell phone reception. Posts debunking conspiracy theories can also get flagged, but not as frequently.
You can minimize those false positives by not taking each comment in isolation, but by looking at the history of the commenter — building a reputation system. One input to reputation would end up being thumbs up from other people with good reputation.
Even that has problems, as good actors can become bad actors overnight, but will eventually correct itself.
There can also be bubbles where cliques boost each other’s content. This was a problem at a company that I was working at that was using techniques like this to choose the best product reviews, but in the case of social media, either this clique will be isolated (in which case, no one cares, they have shadow-banned themselves) or there will be negative feedback as the clique interacts with the outside world.
This is all solvable, for certain degrees of solvable.
There is simply no interest in doing so. It’s mildly expensive to implement, but the real problem is that Facebook’s business model profits from the stickiness of hateful comments.
The age of consent in my state is 16. Am I seriously supposed to know the age of consent in every state and country I visit and follow it?
@Gustopher: It’s just not a useful analogy. There is simply no way for me to know the laws in all 50 states, much less the entire world—let alone resolve the conflicts between them—when posting something to the Internet. Nor should I be subject to those laws when I’m operating in Virginia. It would be madness and essentially shut down the whole enterprise.
@James Joyner: You don’t have serve traffic to 195 countries. Not serving locations where you don’t know the laws is a perfectly reasonable choice.
If you want the benefits of doing business in those locales, you have to put in the work to comply with their laws. If the local laws are too burdensome, then the locale will be underserved.
There is no inherent right or requirement to be a transnational corporate entity.
(I think OTB will slip under the radar)
@James Joyner:
This misses the point.
These regulations aren’t about “you” as a consumer, but rather about providers of commercial services.
The basic assumption in EU law is that commercial activities (including speech) can be regulated far more stringently than individual actions (including speech).
Put differently, “Corporations are people, too” doesn’t fly to the same extent as it does in the US. (Even though it’s still somewhat true.)
This means that the “ISP in Peoria” that makes money by selling EU market access to its US customers can indeed be regulated by EU authorities.
If it doesn’t want this, there’s always geoblocking.
While this approach has downsides, it’s definitely not madness
@drj:
A bit late to this, but geoblocking is already quite common for (smaller) US media operations re. the EU and UK.
I assume they’ve decided it’s not worth the cost and hassle for them to comply with European data protection regulations.