In our book, Ethical Data and Information Management, Katherine O’Keefe and I look at the relationship between the Ethic of Society, which today finds expression this morning, in a report from a UK Parliamentary Committee setting out their findings against Facebook and Cambridge Analytica. It is pretty grim reading.

The report concludes that:


“Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalised ‘dark adverts’ from unidentifiable sources, delivered through the major social media platforms we use every day “

It also finds that the “big tech companies are failing in the duty of care they owe their users to act against harmful content, and to respect their data privacy rights”.

The Call to Action

The call to action from this report includes a requirement for a compulsory code of ethics for tech companies “similar to the Broadcasting code” which would be enforced by an independent regulator. It also includes calls for electoral law reform and a requirement for social media platforms to take down known sources of disinformation.

All of this is to be expected.

Facebook have responded saying they welcome the report, share concerns around fake news, and are open to meaningful regulation.

The Ethics Issue

In our book, Ethical Data and Information Management, we look at the relationship between the Ethic of Society, which today finds expression through this Parliamentary Committee Report, and the Ethic of the Organisation, which finds expression in Facebook’s responses. One of the questions we examine in the book is the relationship between Ethics, Legislation, and Lobbying as Society seeks to influence the Organisation and vice versa.

In the context of today’s call for a compulsory Code of Ethics, one has to ask what is meant by this. A compulsory code for ethical behaviour that is sanctioned by an independent Regulator sounds very like a body of law. If the call is for more laws, then the question needs to be asked as to how well the laws were enforced in the past and how well the laws might be enforced in the future.

Governance, Principles, and Policies – an Outcomes Focused Model. – from Chapter 9 Ethical Data & Information Management

In the chapter on Data Governance and Ethics in our book, we set out a model for Data Governance in the context of Information Ethics. In light of today’s call for a compulsory Code of Ethics, we need to consider at what level in the model for Governance this code would be set – would it address Principles (in which case how does one legislate for a principle without having to define what a contravention of that principle looks like?), would it be at a Policy level? Or at a Procedures level?

In data protection law and practice (e.g. GDPR), quite a bit of the “doing” is actually the implementing of an unspecified body of policies, procedures, processes, and controls to give effect to some fundamental principles. However, Facebook has shown itself to struggle with the basic concepts at times. Indeed, it was the breach of basic data protection principles that allowed for the seeding of Cambridge Analytica and others. So, the question is how would any compulsory code of ethics overseen by an independent Regulator differ from a mandatory code of law overseen by an independent regulator?

The root of the issue in Ethics and Law

The root of the issue ultimately, whether we are looking at this from an ethical or legal perspective, is the business model and motivators of the organisation. Facebook has clearly shown itself through the years to be a “Shareholder Value” driven organisation rather than a “Stakeholder Value” driven organisation. The revenue streams that feed the machine are, ultimately, derived from advertising and their ability to capture and control the eyeballs of their users.

Facebook have made a big deal of their “significant contribution to [the] investigation over the past 18 months”. Turning up when a Parliamentary Committee asks you to should be entry level expectations for organisations who can have such a large influence on society. And the Committee is of the view that Facebook “has often deliberately sought to frustrate” their work.

The issue is the Ethic of the Organisation. That Ethic is expressed in the business model, and in the approach to dealing with Regulators and their approach to ‘self regulation’ internally. As Jane Addams, “the only measure of ethics is action”. The fact that Facebook’s fact checkers have quit in recent weeks doesn’t bode well for their credibility in this case.

The Upshot

This report is a wakeup call and a very definitive statement of many of the things that are wrong in the modern data economy. It will probably be welcomed and unwelcome in equal parts by the Irish Data Protection Commission.

However, the call for “compulsory codes of ethics” will not solve the problem. Codes for ethical behaviour that are made compulsory and are enforceable have many of the characteristics of laws, to the point of being law in many cases. What is needed are effective situational modifiers to change the behaviour of individuals in organisations so as to deliver more ethically acceptable outcomes, and to support those internally in organisations who seek to influence or effect change but are often frozen out.

A starting point would be effective and robust enforcement of data protection laws. Facebook’s ecosystem evolved as it did as there were no consequences for treating people as a means to an ends rather than an end in and of themselves.