It’s time the internet gets new rules
Technology is a significant part of our lives, and companies such as Facebook have immense responsibilities. Every day, we make decisions about what speech is harmful, what constitutes political advertising, and how to prevent sophisticated cyberattacks.
These are important for keeping our community safe. But if we were starting from scratch, we wouldn’t ask companies to make these judgments alone.
We need a more active role for governments and regulators.
By updating the rules for the internet, we can preserve what’s best about it — the freedom for people to express themselves and for entrepreneurs to build new things — while also protecting society from broader harms.
From what I’ve learnt, we need new regulation in four areas: harmful content, election integrity, privacy and data portability.
First, harmful content. Facebook gives everyone a way to use their voice, and that creates real benefits — from sharing experiences to growing movements.
As part of this, we have a responsibility to keep people safe on our services. That means deciding what counts as terrorist propaganda, hate speech and more.
We continually review our policies with experts, but at our scale we will always make mistakes and decisions that people disagree with.
Lawmakers often tell me we have too much power over speech, and frankly I agree. I have come to believe that we shouldn’t make so many important decisions about speech on our own.
So we are creating an independent body so people can appeal our decisions. We are also working with governments, including French officials, on ensuring the effectiveness of content review systems.
Internet companies should be accountable for enforcing standards on harmful content.
It is impossible to remove all harmful content from the internet, but when people use dozens of different sharing services — all with their own policies and processes — we need a more standardised approach.
One idea is for third-party bodies to set standards governing the distribution of harmful content and to measure companies against those standards. Regulation could set baselines for what is prohibited and require companies to build systems for keeping harmful content to a bare minimum.
Facebook already publishes transparency reports on how effectively we are removing harmful content.
Every leading internet service should do this quarterly because it’s just as important as financial reporting. Once we understand the prevalence of harmful content, we can see which companies are improving and where we should set the baselines.
Second, legislation is important for protecting elections. Facebook has already made significant changes around political advertisements: advertisers in many countries must verify their identities before purchasing political adverts.
We built a searchable archive that shows who pays for ads, what other ads they ran and what audiences saw the ads.
However, deciding whether an ad is political is not always straightforward.
Our systems would be more effective if regulation created common standards for verifying political actors.
Online political advertising laws primarily focus on candidates and elections, rather than divisive political issues where we have seen more attempted interference.
Some laws apply only during elections, although information campaigns are non-stop. And there are also important questions about how political campaigns use data and targeting. Legislation should be updated to reflect the reality of the threats and set standards for the whole industry.
Third, effective privacy and data protection needs a globally harmonised framework.
People around the world have called for comprehensive privacy regulation in line with the European Union’s General Data Protection Regulation, and I agree.
It would be good for the internet if more countries adopted regulation such as GDPR as a common framework.
New privacy regulation in the United States and around the world should build on the protections GDPR provides.
It should protect your right to choose how your information is used, while enabling companies to use information for safety purposes and to provide services.
It should not require data to be stored locally, which would make it more vulnerable to unwarranted access. And it should establish a way to hold companies such as Facebook accountable by imposing sanctions when we make mistakes.
Also, a common global framework, rather than regulation that varies significantly by country and state, would ensure that the internet does not get fractured, entrepreneurs can build products that serve everyone and everyone gets the same protections.
As lawmakers adopt new privacy regulations, I hope they can help to answer some of the questions GDPR leaves open.
We need clear rules on when information can be used to serve the public interest and how it should apply to new technologies such as artificial intelligence.
Finally, regulation should guarantee the principle of data portability. If you share data with one service, you should be able to move it to another. This gives people choice and enables developers to innovate and compete.
This is important for the internet — and for creating services people want.
It is why we built our development platform.
True data portability should look more like the way people use our platform to sign into an app than the existing ways you can download an archive of your information.
But this requires clear rules about who is responsible for protecting information when it moves between services.
This also needs common standards, which is why we support a standard data transfer format and the open source Data Transfer Project.
Facebook has a responsibility to help to address these issues, and I am looking forward to discussing them with lawmakers around the world.
We have built advanced systems for finding harmful content, stopping election interference and making ads more transparent.
But people should not have to rely on individual companies addressing these issues by themselves.
We should have a broader debate about what we want as a society and how regulation can help. These four areas are important, but, of course, there’s more to discuss.
The rules governing the internet allowed a generation of entrepreneurs to build services that changed the world and created a lot of value in people’s lives.
It is time to update these rules to define clear responsibilities for people, companies and governments going forward.
• Mark Zuckerberg is founder and chief executive of Facebook