ABSTRACT
In 2018, major social media companies became the focus of a ‘techlash’ in America. The business practices of Facebook, Google, Amazon, and Twitter came under intensive media and U.S. government scrutiny on a range of troubling issues, including wielding monopoly power, facilitating fake news, violating consumer privacy, and involvement in Russian disinformation campaigns during the 2016 U.S. Presidential election. An alternative private ordering approach to incorporating responsible innovation is proposed in lieu of public regulation: the self-regulating organization (SRO). A recent HarrisX poll found that only 31% of U.S. adults believe that the federal government is capable of regulating large technology companies; this provides an opportunity for the tech industry to develop an effective SRO. Yet, to be successful it will require a high degree of organizational transparency and accountability, and trade-offs made among the competing values of various industry stakeholders, including consumers, government representatives, small tech companies, civil society organizations and advocacy groups.
Introduction
In his January 2018 ‘State of American Business Address’, Thomas Donohue, president and CEO of the U.S. Chamber of Commerce, warned that ‘a backlash against major tech companies is gaining strength – both at home and abroad, and among consumers and governments alike’ (Neidig Citation2018). Like others in the tech industry, Donahue is concerned that ‘“techlash” doesn't result in broad regulatory overreach that stifles innovation’ that is ‘improving people's everyday lives’ (Neidig Citation2018). Arguably, 2018 went on to become the year of ‘techlash’ in America and elsewhere. The business practices of Facebook, Google, Amazon, and Twitter have come under intensive media and U.S. government scrutiny on a range of troubling issues, including accusations of wielding monopoly power, facilitating fake news, violating consumer privacy, and their involvement in the Russian disinformation campaigns during the 2016 U.S. Presidential election campaign.
The prospects for U.S. federal regulation of internet and communication technology firms should not be underestimated. The 115th Congress scheduled hearings in late October and early November 2017 with executives of Facebook, Google and Twitter concerning the tech industry's involvement in the 2016 Presidential election. All three companies subsequently announced new policies to improve transparency over who is buying political ads on their social media platforms and what messages they are promoting. Further, in April 2018, Facebook CEO Mark Zuckerberg appeared before Congress over the manipulation of his company's consumer user data by malicious third parties, including by Cambridge Data Analytics during the 2016 U.S. Presidential election cycle.
During the Senate hearing, Zuckerberg indicated that he would support federal regulation of his company, and Senator Amy Klobuchar (D-Minn.) and Senator John Kennedy (R-La.) have taken Zuckerberg up on his support for further regulation, jointly introducing S. 2728, the Social Media Privacy Protection and Consumer Rights Act of 2018. Bill S. 2728 is intended to ‘protect consumers’ online privacy and data by improving transparency, strengthening consumers’ recourse options when a data breach occurs, and ensuring companies are compliant with privacy policies that protect consumers’ (Kennedy Citation2018; Klobuchar Citation2018).Footnote1
However, an alternative to public regulation of the tech industry that emerged earlier in 2018 should also be given a hearing, whether as a compliment to, a substitute for, or a hybrid form of public regulation.
The Case for Responsible Innovation
‘The time has come to seriously consider a responsible approach to innovation [in the tech industry]’, says Shelly Palmer, CEO of the Palmer Group, a well-known strategic marketing advisory firm to the technology and media industry (Palmer Citation2018b). Along with contributors David Sapin, principal U.S. advisory risk and regulatory leader at PwC, and Rob Morrow, principal at PwC Connected Solutions, Palmer presented their formal proposal, ‘The Case for Responsible Innovation’, at the 2018 Consumers Electronics Show in Las Vegas (Palmer Citation2018b). Noting, ‘the tech industry has come under pressure as concerns mount about potential negative impacts of innovation’, Palmer (Citation2018b) questions the political and practical basis for ‘new government regulation’ as a response to this pressure.
Palmer (Citation2018b) propose three basic approaches to regulating technological innovation:
Government Regulation. The traditional approach is to have government policy makers and regulators step in and implement a regulatory regime that addresses policy concerns of privacy, public safety and national security.
Self-Regulation. This approach asks individual companies to consider the societal impact of their technologies before those technologies emerge in the marketplace. This approach often falls under the category of ‘corporate social responsibility’, and it can cover anything from environmental protection to addressing sexual harassment in the workplace.
Self-Regulatory Organization. A self-regulatory organization (SRO) for emerging technologies would consist of the leading organizations in the industry coming together to define responsible innovation principles that all members of the SRO would agree to abide by. The SRO would also oversee and regulate compliance with those principles, levy fines, and refer any violations to a federal regulatory agency, such as the Federal Trade Commission.
Palmer (Citation2018b) are critical of the ‘government regulation’ approach because it moves too slowly to stay abreast of technological innovations; they also caution that policy makers (and their staffs) often lack the technological understanding or efficient procedures to implement regulatory regimes in a timely manner. Likewise, ‘self-regulation’ is reactive in nature, as a company response occurs only after the problem arises and several missteps raises the stakes, bringing unwanted attention to the company. In addition, with this regulatory approach there is an inherent commercial conflict when an individual company agrees to self-regulate, e.g. as a company is in the business of making money for their shareholders, and in many highly competitive industries new technologies must rapidly enter the marketplace to assure long-term financial success for the firm (see also Brand and Blok Citation2019).
Instead, Palmer (Citation2018b) supports the ‘self-regulatory organization’ (SRO) governance solution to responsible innovation: ‘The collective industry, more so than any think tank, regulatory agency, or policy-making body, has the insight, technical knowledge, and incentive to create workable principles for responsible innovation’. While the authors acknowledge that there will be initial resistance from policy makers to the SRO approach, they believe that they will quickly grasp that ‘this is a far more thoughtful, efficient, and effective approach to ensuring responsible technological innovation’ (Palmer Citation2018b). The authors also recognize a role for some level of government oversight, which will allow policy makers ‘to influence the policy direction of the new innovation SRO and provide any necessary enforcement’ (Palmer Citation2018b).
Real world SRO examples
Unlike other concepts that are unlikely to receive a fair hearing in a business context (see Brand and Blok Citation2019), the concept of a tech industry SRO is a reasonable, market-based departure point to begin a discussion of ‘responsible innovation’ in the governance of the tech industry. In addition, there are arguably real world examples of such SROs operating in other industries. For instance, Palmer (Citation2018b) argue that this regulatory approach has worked in the financial services industry, where the private Financial Industry Regulatory Association (FINRA) regulates trading in equities, corporate bonds, securities futures, and options. All firms dealing in securities and not regulated by another SRO, such as by the Municipal Securities Rulemaking Board, are required to be member firms of FINRA (Johnson Citation2007). The formation of FINRA resulted from the tech industry consolidation of the regulation, enforcement and arbitration operations of the New York Stock Exchange, Inc., NYSE Regulation, Inc., and the National Association of Security Dealers (NASD) (Johnson Citation2007).
Wong (Citation2017) suggests that the tech industry emulate the Entertainment Software Rating Board (ESRB). The ESRB, established by the Entertainment Software Association in 1994, is the non-profit SRO that assigns ratings for video games and apps to help parents make informed choices for their children (Entertainment Software Rating Board Citation2018). Its rating system encompasses guidance about age appropriateness, content, and interactive elements of video games and apps (Entertainment Software Rating Board Citation2018). The ESRB also enforces industry-adopted advertising guidelines and helps ensure responsible online and mobile privacy practices among companies participating in its Privacy Certified program (Entertainment Software Rating Board Citation2018). The FTC approved ESRB in 2001 as a ‘safe harbor’ under the Children's Online Privacy Protection Rule (Federal Trade Commission Citation2001).
The FINRA example departs from Palmer's conception of an SRO, however. Burton (Citation2017) notes that FINRA is governed by a 23-member board, which consists of 12 public governors, ten board members who are financial service industry governors, and the organization's CEO. Given that by definition an SRO regulates itself, the fact that FINRA has only 10 of 23 governors who are industry representatives means that the financial services industry does not control FINRA, and is not an SRO (unlike the ESRB), but a quasi-private regulatory organization with minority (43%) industry representation.
Prospects for a tech industry SRO
The development of an effective SRO will be a challenge for the tech industry, but if the threat of intrusive public regulation in the U.S. and elsewhere emerges as a valid concern, it is more likely to evolve as a viable alternative. The ESRB, for example, was a response to the Video Games Rating Act of 1994 to avoid federal regulations imposed on the industry (Wong Citation2017). However, at the time there was a strong public consensus that the video gaming industry needed further regulation of its product content. In contrast, the results of recent surveys of American consumers on their impressions of social media companies offers a slightly declining but overall generally positive image of the industry (Springboard Citation2018).
For example, a Pew Research Center (Citation2018) poll from a January 2018 survey of online U.S. adults finds that 88% of respondents believe that the internet has ‘mostly been a good thing’ personally, while 70% find the internet has been ‘mostly a good thing’ for society. Likewise, a HarrisX (Citation2018) poll of U.S. adults, released in April 2018, finds that 70% of U.S. adults believe that tech companies have a positive impact on their daily lives, while 68% believe they have a positive impact on society. An April 2018 Wall Street Journal/NBC News poll (Hook Citation2018) of U.S. adults finds that 51% of respondents believe that social media platforms are either regulated sufficiently (37%) or are regulated too much (14%) – with 37% believing they are regulated too little (Wall Street Journal 2018). While these survey results appear to indicate strong for the tech industry, there are specific issues that do concern U.S. consumers.
Thus, in the HarrisX (Citation2018) poll 64% of respondents believe that technology companies should be legally responsible for the content they carry on their system, while 83% believe there should be tougher regulations and penalties for breaches of data privacy. Importantly, while 53% believe the federal government should regulate large technology companies as they do big banks, only 31% believe that the federal government is capable of regulating them. Lastly, 62% of survey respondents thought the federal government would take steps to regulate the tech industry this year or within the next few years.
Yet tech companies will not have to wait for additional U.S. government regulation. California Governor Jerry Brown signed the California Consumer Privacy Act of 2018 into law on 28 June 2018. In addition, on a much greater scale, the European Union enacted the General Data Protection Regulation (GDPR), effective as of 25 May 2018 (Palmer Citation2018a). Companies who collect and manage this data are responsible for protecting it from misuse and exploitation, and respect the rights of data owners or face financial penalties for violations. The GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU that offer goods or services to customers or businesses in the EU. U.S. tech companies now face a new public regulatory environment, as the GDPR becomes a de facto global regulation for these firms.
Whether as a complement to, or a substitute for, new U.S. regulation of the tech industry that could be enacted over the next few years, the establishment of an SRO would require developing an industry-wide consensus on acceptable RI principles and compliance mechanisms. Given the American public's doubts of the federal government's capability of providing effective regulation, the tech industry has an opportunity to develop a convincing SRO proposal. At the same time, given the growing debate over the Trump administration's active push for deregulation, the likelihood of significant regulation of the tech industry in the short term is highly uncertain – thus possibly affording the tech industry time to develop an effective SRO that could demonstrate responsiveness to consumer and regulator concerns. Two important conditions concerning SRO effectiveness arise from the very different contexts of the market, on the one hand, and civil society, on the other.
One important consideration is a thesis argued by Macey and Novogrod (Citation2012): the success of industry self-regulation critically depends on the market power of the firms in the SRO. Thus, if the firms (making up the SRO) have market power, and as long as the industry generates profits for members, self-regulation can work. Nevertheless, if either profitability or market power decline, self-regulation can be an effective governance mechanism. Clearly, Google and Facebook remain viable in this respect, having captured 91% of online search market share, with Amazon having some 70% of the e-book sales (Verbruggen Citation2017). As long as the major players (such as Google, Facebook, and Amazon) remain profitable, maintain market power (without violating antitrust statutes pertaining to anti-competitive practices,) and are active members of a proposed tech industry SRO, Macey and Novogrod’s (Citation2012) thesis for an effective SRO is met.
Another important aspect of developing an effective SRO is to include civil society organizations, advocacy groups, and public citizens, representing additional stakeholders affected by tech companies’ products and services.Footnote2 This tracks a responsible innovation concept that ‘denotes an orientation towards anticipation, inclusiveness, responsiveness, and reflexivity concerning science and technology and innovation processes more broadly’ and encourages ‘a democratic governance of innovation’ (van Oudheusden Citation2014, 68). The independent voice of such ‘extended peer review’ – which goes beyond a ‘pallid consensus’ of industry insiders that encourages echo chambers, filter bubbles, blind spots, and market failures – will arguably improve the long-term sustainability of the tech industry and the broader American society.Footnote3 As Sarewitz (Citation2011, 7) notes: ‘a vigorous disagreement between experts would provide decision-makers with well-reasoned alternatives that inform and enrich discussions as a controversy evolves, keeping ideas in play and options open’.
The tech industry SRO concept proposed by Palmer et al., in spite of FINRA's inclusion of non-industry members as governance partners, may indeed have the ‘insight, technical knowledge, and incentive to create workable principles for responsible innovation’ (Palmer Citation2018b). Yet, whether a proposed tech industry SRO will continue to operate in the so-called ‘public interest’, rather than the interests of the established tech industry, will require an intense level of organizational transparency and accountability – specifically, as it pertains to the broader inclusion of the civil society. Furthermore, this process involves tradeoffs among competing values (and costs and benefits) for a variety of industry stakeholders, including consumers, government representatives, and small tech companies, to ensure its effectiveness as both a substitute for, and complement to, new legislation (whether domestically or internationally) and ensuing public regulation.
Disclosure statement
No potential conflict of interest was reported by the author.
Notes on contributor
Thomas A. Hemphill, a professor of strategy, innovation and public policy, School of Management, University of Michigan-Flint, received his Ph.D. in Business Administration with a primary field in Strategic Management and Public Policy and secondary field in Technology and Innovation Policy from The George Washington University. His technology and innovation management publications can be found in the Bulletin of Science, Technology & Society; Innovation: Management, Policy & Practice; International Journal of Innovation Management; International Journal of Innovation and Technology Management, Journal of Responsible Innovation, Knowledge, Technology & Policy; Research-Technology Management; Science and Public Policy; Technology Analysis & Strategic Management; and Technology In Society.
Notes
1 There is reportedly a strong movement by both Democrat and Republican Congressional leadership to pursue privacy legislation in the 116th Congress (Kerry Citation2019). Furthermore, a broad representation of stakeholder interests – including organizations like Access Now, the Business Roundtable, BSA/The Software Alliance, the Electronic Privacy Information Center, Google, the Internet Association, the Information Technology Industry Council, and the U.S. Chamber of Commerce – have issued recent white papers or statements concerning proposed privacy principles or frameworks on what proposed legislation should address (Kerry Citation2019).
2 Vogel (Citation2010, 69) describes voluntary civil regulations, an integral part of an effective SRO, as follows:
A defining feature of civil regulations is that their legitimacy, governance and implementation is not rooted in public authority. Typically operating beside or around the state rather than through it, civil regulations are based on ‘soft law’ [emphasis added] or private law rather than legally enforceable standards.
3 The author wishes to thank the anonymous referee for the insightful comments and suggestions provided to improve the quality of the overall article.
References
- Abbott, K. W. 2013. “Introduction: The Challenges of Oversight for Emerging Technologies.” In Innovative Governance Models for Emerging Technologies, edited by G. E. Marchand, K. W. Abbott, and B. Allenby, 1–16. Northampton, MA: Edward Elgar, Inc.
- Brand, T., and V. Blok. 2019. “Responsible Innovation in Business: A Critical Reflection on Deliberative Engagement as a Central Governance Mechanism.” Journal of Responsible Innovation 6 (1): 4–24. doi: 10.1080/23299460.2019.1575681
- Burton, D. R. 2017. “Reforming FINRA.” The Heritage Foundation, Backgrounder, No. 3181, Washington, DC.
- Entertainment Software Rating Board. 2018. “About the ESRB.” Accessed May 17, 2018. http://www.esrb.org/ratings/faq.aspx#1.
- Federal Trade Commission. 2001. “First ‘Safe Harbor’ Approved for Children's Online Privacy Act.” February 1, 2001, Press Release from the Federal Trade Commission. Accessed May 15, 2018. https://www.ftc.gov/news-events/press-releases/2001/02/first-safe-harbor-approved-childrens-online-privacy-protection.
- Franklin, D. L. 2010. “Legislative Rules, Nonlegislative Rules, and the Perils of the Shortcut.” Yale Law Journal 120 (2): 276–326.
- HarrisX. 2018. “Inaugural Tech Media Telecom Pulse Survey 2018.” April 13. Accessed May 12, 2018. http://harrisx.com/wp-content/uploads/2018/04/Inaugural-TMT-Pulse-Survey_-20-Apr-Final.pdf.
- Hook, J. 2018. “No Overwhelming Support for More Online Regulation, Poll Finds.” April 16. Accessed May 12, 2018. https://www.wsj.com/articles/no-overwhelming-support-for-more-online-regulation-poll-finds-1523913323.
- Johnson, C. 2007. “SEC Approves One Watchdog for Brokers Big and Small.” The Washington Post, July 27: D02.
- Kennedy, J. 2018. “Sens. Kennedy and Klobuchar Introduce Legislation to Protect Privacy of Consumers’ Online Data.” April 24, Press Release from the Office of Senator John Kennedy, U. S. Senate, Washington, DC.
- Kerry, C. F. 2019. “Will This New Congress Be the One to Pass Data Privacy Legislation?” January 7, Brookings Institution. Accessed February 2, 2018. https://www.brookings.edu/blog/techtank/2019/01/07/will-this-new-congress-be-the-one-to-pass-data-privacy-legislation /.
- Klobuchar, A. 2018. “Klobuchar, Kennedy to Introduce Bipartisan Legislation to Protect Privacy Consumers Online Data.” April 12, Press Release from the Office of Senator Amy Klobuchar, U.S. Senate, Washington, DC.
- Macey, J., and C. Novogrod. 2012. “Enforcing Self-Regulatory Organization’s Penalties and the Nature of Self-Regulation.” Faculty Scholarship Series, Yale Law School, Paper 4675. Accessed May 15, 2018. http://digitalcommons.lawyale.edu/fss_papers/4675.
- Marchant, G. E., and B. Allenby. 2017. “Soft Law: New Tools for Governing Emerging Technologies.” Bulletin of the Atomic Scientists 73 (2): 108–114. doi: 10.1080/00963402.2017.1288447
- Neidig, H. 2018. “Chamber of Commerce President Warns against Growing ‘Techlash.’” The Hill, January 10. Accessed May 20, 2018. http://thehill.com/policy/technology/368331-chamber-of-commerce-president-warns-against-growing-techlash.
- Palmer, D. 2018a. “What Is GDPR? Everything You Need to Know about the New General Data Protection Regulations.” ZDNet, May 23. Accessed May 25, 2018. https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/.
- Palmer, S. 2018b. “The Case for Responsible Innovation.” Ad Age, January 3. Accessed January 7, 2018. http://adage.com/article/digitalnext/case-responsible-innovation/311799/.
- Pew Research Center. 2018. “Declining Majority of Online Adults Say the Internet Has Been Good for Society.” Internet & Technology, April 30. Accessed May 12, 2018. http://www.pewinternet.org/2018/04/30/declining-majority-of-online-adults-say-the-internet-has-been-good-for-society/.
- Sarewitz, D. 2011. “The Voice of Science: Let’s Agree to Disagree.” Nature 478 (7367): 7. doi: 10.1038/478007a
- Springboard. 2018. “ICYMI: Yet Another Poll Shows Americans Believe Internet Has Been Good for Them Personally & for Society.” April 30. Accessed May 12, 2018. https://springboardccia.com/2018/05/03/icymi-yet-another-poll-shows-americans-believe-internet-good-personally-society/.
- van Oudheusden, M. 2014. “Where Are the Politics in Responsible Innovation? European Governance, Technology Assessments, and Beyond.” Journal of Responsible Innovation 1 (1): 67–86. doi: 10.1080/23299460.2014.882097
- Verbruggen, R. 2017. “Our Digital Overlords.” National Review, December 18. Accessed May 26, 2018. https://www.nationalreview.com/magazine/2017/12/18/big-tech-companies-becoming-problem/.
- Vogel, D. 2010. “The Private Regulation of Global Corporate Conduct: Achievements and Limitations.” Business & Society 49 (1): 68–87. doi: 10.1177/0007650309343407
- Wong, W. 2017. “Tech Companies Must Self-Regulate Responsibly.” November 8. Accessed May 15, 2018. http://www.cavalierdaily.com/article/2017/11/wong-tech-companies-must-self-regulate-responsibly.