In our book, Ethical Data and Information Management, Katherine O’Keefe and I look at the relationship between the Ethic of Society, which today finds expression this morning, in a report from a UK Parliamentary Committee setting out their findings against Facebook and Cambridge Analytica. It is a pretty grim reading.
The report concludes that:
“Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalized ‘dark adverts’ from unidentifiable sources, delivered through the major social media platforms we use every day.”
It also finds that “big tech companies are failing in the duty of care they owe their users to act against harmful content, and to respect their data privacy rights”.
The Call to Action
The call to action from this report includes a requirement for a compulsory code of ethics for tech companies “similar to the Broadcasting code,” which would be enforced by an independent regulator. It also includes calls for electoral law reform and a requirement for social media platforms to take down known sources of disinformation.
All of this is to be expected.
Facebook have responded saying they welcome the report, share concerns around fake news, and are open to meaningful regulation.
The Ethics Issue
In our book, Ethical Data and Information Management, we look at the relationship between the Ethic of Society, which today finds expression through this Parliamentary Committee Report, and the Ethic of the Organization, which finds expression in Facebook’s responses. One of the questions we examine in the book is the relationship between Ethics, Legislation, and Lobbying as Society seeks to influence the Organization and vice versa.
In the context of today’s call for a compulsory Code of Ethics, one has to ask what is meant by this. A compulsory code for ethical behavior that is sanctioned by an independent Regulator sounds very much like a body of law. If the call is for more laws, then the question needs to be asked as to how well the laws were enforced in the past and how well the laws might be enforced in the future.
Governance, Principles, and Policies – an Outcomes Focused Model
from Chapter 9 Ethical Data & Information Management
In the chapter on Data Governance and Ethics in our book, we set out a model for Data Governance in the context of Information Ethics. In light of today’s call for a compulsory Code of Ethics, we need to consider at what level of Governance this code would be set in the model – would it address Principles (in which case how does one legislate for a principle without having to define what a contravention of that principle looks like)? Would it be at a Policy level? Or at a Procedures level?
In data protection law and practice (e.g. GDPR), quite a bit of the “doing” is the actual implementation of an unspecified body of policies, procedures, processes, and controls to give effect to some fundamental principles. However, Facebook has shown itself to struggle with the basic concepts at times. Indeed, it was the breach of basic data protection principles that allowed for the seeding of Cambridge Analytica and others. So, the question is: how would any compulsory code of ethics overseen by an independent Regulator differ from a mandatory code of law overseen by an independent regulator?
The Root of the Issue in Ethics and Law
The root of the issue, whether we are looking at this from an ethical or legal perspective, is ultimately the business model and motivators of the organization. Facebook has clearly shown itself through the years to be a “Shareholder Value” driven organization rather than a “Stakeholder Value” driven organization. The revenue streams that feed the machine are, ultimately, derived from advertising and their ability to capture and control the eyeballs of their users.
Facebook have made a big deal of their “significant contribution to [the] investigation over the past 18 months”. Turning up when a Parliamentary Committee asks you to should be entry level expectations for organizations who can have such a large influence on society. And the Committee is of the view that Facebook “has often deliberately sought to frustrate” their work.
The issue is the Ethic of the Organization. That Ethic is expressed in the business model, and in the approach to dealing with Regulators and their approach to ‘self-regulation’ internally. As Jane Addams, “the only measure of ethics is action”. The fact that Facebook’s fact checkers have quit in recent weeks doesn’t bode well for their credibility in this case.
This report is a wakeup call and a very definitive statement of many of the things that are wrong in the modern data economy. It will probably be welcomed and unwelcome in equal parts by the Irish Data Protection Commission.
However, the call for “compulsory codes of ethics” will not solve the problem. Codes for ethical behavior that are made compulsory and are enforceable have many of the characteristics of laws, to the point of being law in many cases. What is needed are effective situational modifiers to change the behavior of individuals in organizations so as to deliver more ethically acceptable outcomes, and to support those internally in organizations who seek to influence, or effect change but are often frozen out.
A starting point would be effective and robust enforcement of data protection laws. Facebook’s ecosystem evolved as it did as there were no consequences for treating people as a means to an end rather than an end in and of themselves.