What Should Regulators do with Online and AI?

As we move on from Cookie Gate and back to our day jobs, it's time to reflect on how we want regulators to behave. The CMA and the shadow of the DOJ had a huge influence on the mess that is the end of the third-party cookie. Indeed, six years on from GDPR day, most would agree that we don't have consistency in the enforcement of legislation or a stable playing field that encourages innovation. Worse, I would argue that the internet is not a more privacy-safe place for consumers. Consider that before GDPR, fairly benign cookies ruled the roost. Now, sales data linked to an email is pinged around to providers left and right through conversion APIs with little real-world consent (no regular person understands how their data is shared and used).

Yet the worst outcome of this privacy limbo is that it has pushed power away from the independent sector to the giants. The competitive advantage of the big players has grown directly as a consequence of legislative activity. Not what they intended, but without better action, legislators could be seen to have killed the open web and harmed democracy in the process. Some may say that's hyperbole, but given that all marketing revenue now goes to the giants, not journalists, I think it's justified.

So what actions would we like the regulators to take to adjust for this? Well, I have heard some suggest they should demand Apple bring back the third-party cookie to prominence. I find this unlikely and a ridiculous concept, harming privacy and going against consumer choice (Google’s weapon to get out of the quicksand). Sure, let's debate it, but I would prefer the legislators look to these areas. What do you think?

Legislators need to understand that the cookie is no longer the most important data conduit. That now goes to the various CAPI solutions from Meta, Google, TikTok, Amazon, et al. CRM/Sales data is synced by email and phone number to the giants and, to a much lesser extent, the independent sector. This advantage is crushing, and the regulator needs to find a way to balance the playing field. One idea would be that this data be forced to be centrally held, with appropriate controls, encrypted, and then appropriately shared with different entities, both giants and independents. This can include a single sign-on approach. Not an easy circle to square, yet vitally important to the health of the space.

The need for accountability: If you have an account that posts hate on social media, either the account takes responsibility or the network does. If fraud/illegal content is pushed onto an exchange, either the final actor (publisher) takes responsibility or the SSP does. Buyers should then be able to see a list of all the endpoints they pay and have the ability to either include or exclude lists that go not to domain but to end payment details. New accounts can be flagged and maybe have payments in escrow until they prove themselves. There is a lot to work out here, but one thing is certain: we need to move to a position of accountability, rather than the status quo where everyone shrugs their shoulders and points at a different part of the chain.

Taxes: It can't be right that the biggest companies in the world rig the tax system and declare wherever suits them best. The idea that these players don't "sell" in the countries in which their users reside is patently ridiculous (I'd be happy to take the stand on that as an expert witness). These companies effectively operate as utilities in each market and are vital to the very fabric of society. This needs to come with responsibilities to those markets, including paying appropriate taxes. This is something the democratic people of the world should demand. In a world where adequate WIFI is seen as a human right, the companies that service this demand need to be accountable in the markets in which they operate.

Competition: I, among many, await with interest the results of the DOJ Google case. All of the giants need to be tasked with ensuring they are not overly stifling fair competition. In previous investigations, we have seen politicians and state officials being bamboozled by the giants and their tech bro founders. Watching individual ICOs in Europe go up against the giants is like taking a spoon to a nuke fight. For the regulators to be effective, we need to beef up our legislature appropriately. This won't be easy and could go disastrously wrong, yet it's also vital to society's progress.

These are just my ideas. I would love to help get a consensus here. Given I disagree with some pretty smart folk on the Apple thing, maybe a consensus is impossible. Yet I think it's right to try. I know many, at least in part, share these feelings. I am lucky that I am in a position to talk about them where others have their hands tied.

What does everyone think? Please put your comments below.