The Guest Blog


Guest blog post by Stefano Quintarelli, Member of Parliament, Italy.

Two weeks after the Cambridge Analytica scandal, it’s time to draw some conclusions and try to advance the debate with some structural proposals.

Facts are clear: large-scale usage of a massive amount of user’s profiles collected from unaware and non-participating users, utilized to systematically influence the political sentiment in upcoming elections, by a company that, undercovered reporting has shown, had no moral problems in sidestepping ethical considerations. Justice will follow its course and punish any wrongdoings.
But we should ask ourselves what we should do in order to structurally minimize the probability of similar events happening again.

European General Data Protection Regulation can serve as a guide on some aspects. After six years of preparation and debate, it will start having its effects on May 25th, 2018, at which time non- compliant organizations can face heavy fines, up to 4% of their revenues. Had the GDPR already been in place, in order to avoid such fines, Facebook should have notified the data leak to the authorities as soon as they became aware of it, well in advance of last US elections.
One basic consideration is that concentration is a risk per se, as it attracts attacks and fuels wrongdoings. The digital ecosystem is, in this respect, no different from other ecosystems. Biodiversity is a richness than protects resilience and ensures long-term sustainability. In the online dimension, biodiversity ensures consumer choice and protects freedom of speech and freedom of choice from undue influences.

Effective competition is a powerful tool to increase and defend biodiversity in the digital space.
The GDPR introduces the concept of profile portability, whereby a user can move her profile from one service provider to another like we do when porting our telephone profile – the mobile phone number – from an operator to another. Introducing this form of ownership of one’s own profile data is important, but is certainly not enough. Portability must be complemented by interconnection: the operator to which we port our profile should be interconnected with the source operator so that we don’t lose contact with our online friends, like the operator to which we port our telephone number is interconnected and interoperates with the source operator. There is no technical reason why Whatsapp or Facebook should operate like closed silos compared to SMS or email that work seamlessly across a multitude of service providers.

This provision, when introduced for dominant intermediaries, would spur competition and mitigate the data concentration problem. Fragmenting user data inhibits the creation of the extent of big data that can be exploited for questionable political purposes.

Online services have become a core part of our daily lives and every person should have the right to use them, even privacy-concerned citizens who don’t want their profiles being analyzed and exploited. Privacy-concerned users should be granted the right to pay for the service they obtain, compensating the operator for the loss in advertising revenues. Users would be more aware of the value of the service they obtain, fueling competition and increasing consumer choice. Furthermore, this service price can be the basis for interconnection tariffs for interoperating service providers.
In the past, when we had telephone monopolies, advancements in technology-enabled profile portability for telephone services. Electronic switches enabled politics to decide that the time had come for increased competition in telephony.

Today we have technologies like IPFS and SOLID, the latest effort by the web creator Tim Berners Lee, that allow for profile portability in online applications.
Politics can learn useful lessons from the European data protection rules and can decide that the time has come to leverage on market forces to structurally increase online biodiversity, mitigating the risk of systemic failures like those of Cambridge Analytica.

Author :