Mark Zuckerberg: 'Yes, we need regulation - but we can’t do it on our own'
Governments and regulators need to be more active to create common standards for the internet, writes Facebook founder Mark Zuckerberg
TECHNOLOGY is a major part of our lives, and companies like Facebook have immense responsibilities. Every day we make decisions about what speech is harmful, what constitutes political advertising and how to prevent sophisticated cyber-attacks.
These are important for keeping our community safe. But if we were starting from scratch, we wouldn’t ask companies to make these judgments alone.
I believe we need a more active role for governments and regulators. After focusing on these issues for the past two years, I think it’s important to define what roles we want companies and governments to play. By updating the rules for the internet, we can preserve what’s best about it — the freedom for people to express themselves and entrepreneurs to build new things — while also protecting society from broader harms.
From what I’ve learnt, I believe we need new regulation in four areas: harmful content, election integrity, privacy and data portability.
First, harmful content. Facebook gives everyone a way to use their voice, and that creates real benefits — from sharing experiences to growing movements. As part of this, we have a responsibility to keep people safe on our services. That means deciding what counts as terrorist propaganda, hate speech and more. We continually review our policies with experts, but at our scale we’ll always make mistakes and decisions people disagree with.
Lawmakers often tell me we have too much power over speech and, frankly, I agree. I’ve come to believe that we shouldn’t make so many important decisions about speech on our own. So we’re creating an independent body so people can appeal our decisions. We’re also working with governments on ensuring the effectiveness of content review systems.
Internet companies should be accountable for enforcing standards on harmful content. It’s impossible to remove all harmful content from the internet, but when people use dozens of different sharing services — all with their own policies and processes — we need a more standardised approach.
One idea is for third-party bodies to set standards governing the distribution of harmful content and measure companies against those standards.
Regulation could set baselines for what is prohibited and require companies to build systems for keeping harmful content to a bare minimum.
Facebook already publishes transparency reports on how effectively we are removing harmful content. I believe every major internet service should do this quarterly, because it is just as important as financial reporting. Once we understand the prevalence of harmful content, we can see which companies are improving and where we should set the baselines.
Second, legislation is important for protecting elections. Facebook has already made significant changes around political ads: advertisers in many countries must verify their identities before purchasing political ads. We built a searchable archive which shows who pays for ads, what other ads they ran and what audiences saw the ads. However, deciding whether an ad is political isn’t always straightforward. Our systems would be more effective if regulation created common standards for verifying political actors.
Online political advertising laws primarily focus on candidates and elections, rather than divisive political issues where we have seen more attempted interference. Some laws only apply during elections, although information campaigns are non-stop. And there are also important questions about how political campaigns use data and targeting. We believe legislation should be updated to reflect the reality of the threats and set standards for the whole industry.
Governments can also use their power to prevent interference. We can ban bad actors, but only governments can create real-world penalties that change the incentives to interfere.
Third, effective privacy and data protection needs a globally harmonised framework. People around the world have called for comprehensive privacy regulation in line with GDPR (General Data Protection Regulation), and I agree. I believe it would be good for the internet if more countries adopted regulation like GDPR as a common framework.
New privacy regulation in the US and around the world should build on the protections GDPR provides. It should protect your right to choose how your information is used — while enabling companies to use information for safety purposes and to provide services. It shouldn’t require data to be stored locally, which would make it more vulnerable to unwarranted access. And it should establish a way to hold companies like us accountable by imposing sanctions when we make mistakes.
I also believe a common global framework — rather than regulation that varies significantly by country and state — will ensure the internet does not get fractured, entrepreneurs can build products which serve everyone and everyone gets the same protections. (Different rules in different regions would break one of the most important qualities of the internet: it is one platform, that everyone can access and build for.)
As lawmakers adopt new privacy regulations, I hope they can help answer some of the questions GDPR leaves open. We need clear rules on when information can be used to serve the public interest and how it should apply to new technologies such as artificial intelligence and differential privacy.
Finally, regulation should guarantee the principle of data portability. If you share data with one service, you should be able to move it to another. This gives people choice and enables developers to innovate and compete.
This is important for the internet — and for creating services people want. It’s why we built our development platform. True data portability should look more like the way people use our platform to sign into an app than the existing ways you can download an archive of your information. But this requires clear rules about who is responsible for protecting information when it moves between services.
This also needs common standards, which is why we support a standard data transfer format and the open source Data Transfer Project. I hope lawmakers define regulation that encourages data portability and makes it easier.
I believe Facebook has a responsibility to help address these issues and I am looking forward to discussing them with lawmakers around the world. Over the past couple of years, we have built some of the most advanced systems for finding harmful content, stopping election interference and making ads more transparent.
But people shouldn’t have to rely on individual companies addressing these issues by themselves. We should have a broader debate about what we want as a society, and how regulation can help. These four areas are important, but of course there is more to discuss.
The rules governing the internet allowed a generation of entrepreneurs to build services that changed the world and created a lot of value in people’s lives. It is time to update these rules to define clear responsibilities for people, companies and governments going forward.
We can ban bad actors, but only governments can create real-world penalties.