Social media platforms and content exposure: How to restore users’ control

Abstract

Social media platforms have become the main channel for people to communicate, access information and share content. A handful of giant platforms dominate the markets and, through a complex typology of conducts, are able to strongly affect users’ exposure to content, violating their privacy, as well as their freedom of expression and information. Regulators have at disposal a toolbox to fix the problem. This article analyses possible instruments and makes suggestions to contribute to the debate.

Keywords

Social media freedom of expression competition regulation

Introduction. Social media services and their impact on users’ fundamental rights

Social media companies have revolutionized the way people communicate, access and circulate information and participate to public debate. Platforms like Facebook, Twitter, Instagram, just to mention the most common, have provided individuals with possibilities of communication, interaction and sharing not imaginable 15 years ago.

Some data help picturing the phenomenon. In 2018, 3.196 billion people around the world have actively used social media (We Are Social and Hootsuite, 2018). In the same year, in various States, like, for example, the United Kingdom, about 90% of the population aged 13+ had a Facebook profile (OFCOM, 2018). In a number of countries, especially in the developing world, where social media platforms often offer zero-rating packages, users access the internet mainly, if not only, through these platforms¹.

Given the scale and scope of those platforms’ impact on our lives, it is not surprising that they stimulate fears and raise concerns. In recent years, the focus of attention has been on content moderation issues and on how to ensure that phenomena such as copyright infringement, circulation of terrorist content, diffusion of hate speech or dissemination of disinformation could be avoided or punished when they happen on social media platforms.

Scholars, enforcers and civil society have already identified a number of possible theory of harms concerning content moderation and have called for different actions, which so far have taken place mostly in the form of self-regulatory initiatives by the same platforms.

This article aims to look at the content users are exposed to not only in pathological instances, for example when it infringes copyright or constitutes illegal hate speech, but anytime. In other words, this article focuses on exposure in social media and looks at content moderation in general, not only when related to illegal or legal but harmful content.

Content exposure can be looked at from an active perspective: what users can or cannot post and share on their accounts and those of others; and from a passive one: what users do or do not see and access when using the social media. Currently, the active perspective is regulated by companies’ community rules or policies, which tend to ban, with a number of shortfalls that are better analysed in section ‘The theory of harm’, hate speech, terrorist content and the other pathological cases mentioned before. In electoral times, active content exposure can also be regulated by rules on campaigns, which traditionally establish more stringent requirements in terms of transparency. The passive perspective is basically unregulated and received, so far, less attention. In social media, active and passive perspectives are strongly intertwined, as limits on the first will necessarily impact on the second.

Content exposure deserves utmost attention. In fact, information goods play a special role in society, supporting democratic engagement, promoting the transmission of ideas, building community identities and enabling economic empowerment. Therefore, the way people are exposed to information goods is fundamental for the establishment and maintenance of a democratic society. This is all the more true if one considers that, nowadays, many people access content via social media, which are a handful of companies dominating the markets.

Platforms’ interference on content exposure can be qualified in different ways depending on the kind of actions put in place. This article aims to describe how this interference violates users freedom of expression (and, it will be argued, also data protection) and to analyse the toolbox regulators currently have at their disposal to remedy this situation.

‘The theory of harm’ section of this article analyses the complex typology of conducts put in place by social media platforms that are deemed to be relevant spelling out the theory of harm, starting from the terms and conditions these platforms impose on users. ‘Possible regulatory responses’ section examines the various tools regulators could use to fix the problem, reasoning on pros and cons and possible comparative advantages or disadvantages. The article concludes with some recommendations for further research and policymaking.

The theory of harm

Currently, the majority of social media companies allegedly offer their services ‘for free’. Users are not required to pay any money to create a Facebook or Twitter account nor to post a video on YouTube. They are only required to agree on the platform’s commercial conditions (terms and conditions, community rules, privacy rules and similar, hereinafter jointly referred to as Terms of Services or ToS), which regulate the contractual relationship with the platform and dictate what the user, and the platform, can or cannot do. Among others, ToS establish which users’ data the platform is going to gather and for what purpose; which content will be allowed on the platform and which not; rules on spam, false advertising, frauds and security breaches; mechanisms to prevent or ‘discourage’ the spread of disinformation.

An accurate analysis of these ToS reveals a number of potential theories of harm, depending on whether one focuses on, among others, use of personal data, mechanisms of content moderation and rules about consent. This article argues that ToS, together with a number of behaviours that implement them, cause harm to users in terms of content exposure, both in an active and passive perspective. This harm includes a violation of users’ right to freedom of expression and a violation to data protection.

The harm to content exposure is the result of a complex typology. To be able to properly identify such harm, then, the conducts part of this typology have to be disentangled and looked at both individually and in their intertwined relation with the others. Although a number of these behaviours might constitute per se a violation of relevant rules, the aim of this analysis is to look at the overall picture and not to focus on the single element, because it is the overall picture and not the single element that produces the harm at stake.

The ToS

The ToS currently adopted by the biggest social media platforms are typically formulated using overly broad and imprecise language² that renders their application unpredictable and often seemingly arbitrary and means they can be used excessively to censor expression.³ In addition, information about what and how has been removed by these platforms in the application of their policies are rather limited and mostly released in an opaque way.

An example is ‘hate speech’. Currently, there is no common normative definition to be used, although there are international standards to take into account. Each platform has established its own definition. According to Facebook Community Standards, hate speech is ‘a direct attack on people based on what we call protected characteristics – race, ethnicity, national origin, religious affiliation, sexual orientation, caste, sex, gender, gender identity and serious disease or disability’ (Facebook, 2019). Furthermore, Facebook defines ‘attack’ as violent or dehumanizing speech, statements of inferiority or calls for exclusion or segregation (Facebook, 2019). On the other side, Twitter does not use the term ‘hate speech’ but refers to ‘hateful conduct’, explaining that users ‘may not promote violence against or directly attack or threaten other people on the basis of race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, or serious disease’. Additionally, Twitter specifies that it also does not allow accounts whose primary purpose is inciting harm towards others on the basis of these categories nor the use of hateful images or symbols in profile image or profile header (Twitter, 2019).

Apart from using different and quite vague definitions, neither Facebook nor Twitter provides sufficiently detailed examples or case studies on how the self-set standards should be applied in practice, therefore it cannot be excluded that the application of their policies will continue to be arbitrary and biased.

Another example of arbitrary enforcement of ToS concerns ‘terrorist’ video content. Platforms have established various mechanisms for takedown. But they reveal nothing about the criteria used for such takedown and about how their algorithms of filters operate in practice.

More in general, social media platforms often times recur to so-called trusted flaggers (YouTube, 2018)⁴ for the identification of content to be removed. The practice raises numerous concerns. First, it is not clear how flaggers are selected, nor if they receive training and, if so, which kind. Second, flaggers can be biased or can manipulate the system; nevertheless, no information is available on whether platforms have safeguard mechanisms in place to avoid or mitigate these risks. Finally, no indication is provided on who should be held accountable for flaggers’ actions (ARTICLE 19, 2017; McNamee, 2017).

Furthermore, enforcement of ToS is obscured from the user and lacking in sufficient procedural safeguards. Through processes internal to the company, and void of external scrutiny, it is not clear if arbitrators of what is wrong and right according to the ToS are acting on behalf of the commercial interests of their organizations or in the spirit of upholding the fundamental rights of users.

For example, often times companies do not notify users that their content has been removed or flagged, or that their account has been penalized, not they explain why so. In addition, ToS typically do not include appeal mechanisms to challenge wrongful removal of content,⁵ nor provide clear information about redress or remedies in that case.

Broadly speaking, ToS provide lower free speech standards than those guaranteed by the international human rights framework.

Indeed, Article 19 (3) of the International Covenant on Civil and Political Rights provides that limitation to the right to freedom of expression is possible only if they conform to the strict requirements of a three-party test, under which they must be (i) provided by law, (ii) in pursuit of a legitimate aim, and (iii) necessary and proportionate in a democratic society. None of these criteria seems to be respected by what analysed above. ToS are not established by law, but by contract, and it can be argued, as better explained later on, that they are not negotiated among parties, but unilaterally imposed by dominant platforms. Furthermore, their wording is often vague and opaque, negatively impacting on legal certainty. The legitimate aim cannot be identified in the business purposes that shape the ToS. Neither the necessity and proportionality test appears to be satisfied: no proper fact-based assessment of the effectiveness of certain ToS for the objective pursued has been performed nor an assessment of whether they are less intrusive compared to other options for achieving the same goal.

As a result, the public spaces created by dominant social media and regulated by the ToS end up being a sanitized or controlled environment where users’ freedom of expression is not limited respecting the standards established by under international law,⁶ but rather by private rules based on property⁷.

All the above considered, it is evident that ToS affect users’ content exposure and negatively impact their right to free expression and information. However, this is only half of the story, which mainly concerns illegal or legal but harmful content. To gain an understanding the other half, which on the contrary mainly concerns legal content, one has to look closer at a number of intertwined conducts that characterize the business model social media platforms typically use when providing their services.

The complex typology of conducts that negatively affects users’ rights

Social media companies operate in two-sided markets, acting as intermediaries for two groups of customers. On the one side, they interact with users to whom they offer the social media service. On the other side, they interact with advertisers to whom they sell different advertising options. While the service to users is allegedly offered ‘for free’, the one to advertisers constitutes the main channel of monetization (Evans & Schmalensee, 2015; Filistrucchi, Geradin, & van Damme, 2012; Jullien, 2011).

Social media, thus, offer two different products or services to two different groups of customers, where the demand from one group depends on the demand from the other group. The interdependency among the groups creates direct positive network effects: in fact, the value of a social media for users grows with the growing of the user base on their side of the platforms. Furthermore, these platforms show also indirect positive network effects, as the value of the platform for advertisers grows with the growing of the user base on the other side of the platform.

Direct network effects are not a new phenomenon in the media sector. However, in the case of social media, two new elements play a great role. First, the massive diffusion of user-generated content. Second, scale: indeed, to result attractive for users, social media platforms have to reach a critical mass. Scale leads to market concentration, where it becomes easier for a player to hold market power. Furthermore, scale combined with network effects can create the conditions for the platform to tip the market and gain a position of dominance or super dominance. Once there, it will be easy for a social media platform to act as gatekeeper and lock in users.

Additionally, the more a social media platform is able to keep users engaging with content, the more it can sell users’ attention to advertisers, and thus the more it can earn profit. Therefore, platforms have all incentives to adopt mechanisms to engage users as much and as long as possible (Wu, 2017). To do so, they currently rely on two main elements: data collection and profiling, on the one hand, and personalization through automated systems of content moderation, on the other. These elements are realized in practice through a complex typology of behaviours that, it is herein argued, violate users’ fundamental rights to data protection and freedom of expression and information.

Data collection and profiling

Profiling has become common practice for online platforms and has evolved to an extent not imaginable just a few years ago. It implies the use of personal data to segment people according to precise profiles. Major social media platforms use dozens of thousand indicators to classify people’s interests and personal attributes; in addition, automated profiling is capable of identifying patterns that are invisible to the human eye.

Profiling needs data harvesting: the more platforms know about users, the more they can profile them. It follows that the first step for this model to work is to gather as many users’ personal data as possible and definitely more than it would be necessary to offer the social media service.

This approach is problematic, or more precisely illegal, for at least two reasons. First, it infringes the principles of necessity and proportionality, which should be used to measure the fairness of ToS under Article 102 TFEU. The EU Courts and the European Commission have provided, already long ago, an interpretation of the concept of ‘fairness’ of trading conditions by reference to the minimum balance that must exist between the rights, interests and obligations of the contracting parties that have agreed to trade under those conditions. A condition going beyond what is ‘absolutely necessary’ for the achievement of the one party’s objective has been considered as an ‘unfair’ limitation of the freedom of the other party, and thus abusive if enacted by a dominant player. From this perspective, the test of ‘fairness’ of trading conditions is essentially a test of ‘indispensability’ or ‘proportionality’ of those conditions.⁸

Second, it infringes the principle of data minimization provided by the General Data Protection Regulation⁹ (GDPR, 2016), which seeks ensure that organizations are only collecting the minimum amount of personal data required to fulfil a purpose. The GDPR establishes three relevant criteria for the compliance with this principle: data that are collected shall be adequate, relevant and limited to what it is necessary for the purpose. Nevertheless, social media platforms often collect data that are not directly relevant nor necessary for the offering of the social media service.

Furthermore, studies have demonstrated that majority of users are not aware they are subject to profiling nor are they happy about it. In 2018, 74% of US users weren’t aware that Facebook assembled lists of their interests and traits and 58% declared they were ‘not comfortable’ with the company compiling that information, which could include racial or ethnic ‘affinities’ and political leanings (Hitlin & Rainie, 2019).

Enforcers in different EU countries have started to deal with these concerns. For example, as it is described in more details later on, the Italian Competition Authority has recently assessed that Facebook’s ToS require consent to unnecessary personal data processing operations and that they impose on users, without express and prior consent, the transmission of their data to third-party websites or apps for commercial purposes (AGCM, 2018). A similar approach, this as well analysed more in depth in the following session, has been adopted by the German Competition Authority, which states that ‘by combining data from its own website, company-owned services and the analysis of third party websites, Facebook obtains very detailed profiles of its users and knows what they are doing online’. (Bundeskattellamt, 2019). It is worth noting that the legal instrument used in both cases is different: the Italian Authority applied provisions on unfair commercial practices, while the German based its intervention on competition rules and in particular on the provisions of abuse of dominance under German law.

Personalization through automated systems of content moderation

The more companies can profile users, the more they can personalize, via automated systems of content moderation, the service they offer to them, and this includes prices, advertising and content in general. Although the behind mechanism is similar, the impact of these different types of personalization on users’ rights might be substantially different.

Price personalization implies that the platform can use the data it has collected from the user to infer his/her willingness to pay. Here again, the more information a platform can collect from the user, the more accurate it will be its estimation of his/her willingness to pay. The impact of personalized pricing on individual users can vary. If his/her willingness to pay is high, the platform might decide to charge higher prices than the ones it would charge under uniform pricing. But if his/her willingness to pay is low, the platform might decide to charge lower prices than the ones it would charge in case of uniform pricing. Therefore, a user can be better off or worse off depending on his/her specific willingness to pay (Bourreau & De Streel, 2018).

The increased capacity of profiling users allows platforms to personalize also ad messages, which are tailored on the users’ preferences. This practice generates immediate economic gains for different actors: for the advertisers, because when target market aligns with the user demographics of a social platform, social advertising can provide huge increases in conversions and sales with comparatively lower cost of acquisition; and for the platforms, because they usually charge advertisers based on impressions served and/or on users’ action (AGCOM, 2018; Edwards, 2018).

The personalization extends to general content, being it articles, posts, pictures or anything that can be shared and access on social media.

The combination of big data and algorithmically controlled exposure to content leads to users being exposed only to a specific type of content: the one platforms believe they will engage the most because it matches the users’ profile as created by the platform itself based on the massive amount of personal data collected from users.¹⁰

Among others, this mechanism tends to lock users into the so-called filter bubbles or echo chambers, where they encounter only information and ideas that they view favourably or agree with. Some have argued that it is also at the basis of many disinformation strategies, which can be implemented for commercial but also for political and ideological reasons.

This article focuses on the targeting and personalization of content at the level of the individual. Nevertheless, it is worth recalling that these behaviours raise problems also at community level. The violation of freedom of expression of the individual user can become a threat to democracy at societal level, as it makes possible to influence, or event to manipulate the public discourse, and to shape social views, political opinions and norms. In this regard, scale augment the danger: the percentage of population potentially subject to social media platforms’ influence is more than relevant. In addition, the fact that these platforms are a handful raises additional high concerns in terms of media plurality and media freedom, which currently do not appear to be guaranteed online as they are offline.

Social media companies typically present the personalization of content as a mechanism to improve the service offered to users, a feature that enhances their experience. To describe it, they use terms such as moderating, managing, ranking, discouraging or promoting content.

However, the practice has a strong negative impact on users’ freedom of expression and information (Yeung, 2018). This right implies people shall have access to plurality and variety of information and content, because this is the way they can form their own opinions and actively participate to societal debate. To guarantee that citizens are exposed to free, diverse and pluralistic media has traditionally been a fundamental public objective for democratic States. Considering that social media platforms nowadays constitute one of the main channels’ citizens access information, one can argue that the continuous interference in the content users are exposed to violate their freedom of expression and information.

Additionally, a number of characteristics of this kind of interference raise additional high worries. First, it is hidden, in fact, digital technologies allow social media platforms to perform data collection, profiling and personalization in a way that is barely visible to users. But it is there, and widespread, for as these platforms mediate so much of so many users’ lives that the potential reach of the interference is limitless. Second, it is targeted and therefore suited to better exploit cognitive, emotional and other user’s vulnerabilities.

All this summed up, one can argue that the interference caused by social media platforms takes the form of manipulative practices (CoE Committee of Ministers, 2019; Susser, Roessler, & Nissenbaun, 2018). In fact, it alters users’ choice architecture, which can be defined as the context in which users make decisions, in turn shaped by the way users’ options are selected, arranged and presented. The choice architecture, therefore, naturally impacts the way users’ understand options and respond to them. When this architecture is altered by platforms behaviours users are not aware of, manipulation of the latter decision-making process occurs. It has to be noted that for manipulation to realize, it is not necessary to prove that in the counterfactual, that is, the absence of the manipulative practice, the target would have decided differently. In fact, manipulation is the interference in the decision-making process, irrespective of the outcome.

Preliminary conclusions

Put together, what so far described about social media platforms’ ToS, data collection, profiling, personalization and algorithmic content moderation show that users’ exposure to content is dictated by opaque mechanisms concerning unlawful content as well as lawful one . The claim that this part of the article has delineated and tried to demonstrate is that social media platforms disproportionately interfere with the content users are exposed to via manipulative practices, violating their freedom of expression and information, and data protection rights. The violation is the result of a complex typology of intertwined conducts, which for the purpose of this analysis have to be assessed jointly, as they constitute concurring causal elements of the same outcome.

From a legal perspective, the attribution of a specific harm to a series of conducts rather than to a single one is not a novelty. What matters in the identification of a complex typology is the causal nexus among the single conducts and the final outcome, together with their continuity. In the case at stake, massive data collection, profiling, personalization and automated content moderation are interlinked as part of the same business model and are all necessary elements for the causation of the harm in terms of content exposure (Ranking Digital Rights, 2019). More in particular, data collection is the necessary premise for and an essential component of profiling, which in turn is a premise for and component of personalization (EDPS, 2019).

This approach does not exclude that a conduct part of the complex typology, taken in isolation, could be illegal per se if it violates a specific rule, but such analysis is not covered by this article.¹¹

On the contrary, this article looks at the broad picture, the only one that, it is argued, allows a proper assessment of the impact of the relevant behaviours on users’ content exposure, and thus of the theory of harm delineated in this part. The claim is that a combination of relevant conducts calls for a combination of responses, which might come from different sets of rules and are enforced by different actors, while intervention targeting a single component, that is to say a single conduct, might not be able to, depending on the circumstances, adequately address the challenge or sufficiently remedy the harm.

It is worth noting that dealing with a set of behaviours rather than a single one might bring into play two somehow interrelated challenges. The first is to avoid the ne bis idem and thus to avoid that a legal action is instituted twice for the same course of action.¹² The second is to ensure coordination among the authorities that might be competent to act,¹³ which could include, among others, the establishment of consultative obligations and rules on follow on actions that exclude the need for a new and separate assessment of the violation already determined by one authority.

The following part concentrates on the instruments that could be used to avoid that social media companies harm users in terms of content exposure and to provide adequate remedy once the harm occurs.

Possible regulatory responses

There are many regulatory instruments that could potentially be used to condemn and remedy the harm to users’ in terms of content exposure (Graef, 2018). The following paragraphs take stock of these instruments, trying to identify strengths and limits of each, and, where possible, suggesting likely links to other solutions.

Consumer protection

Relevant rules and conducts concerned

Consumer protection rules usually regulate B2C relationships and aim to ensure that the latter remain fair notwithstanding the different bargaining powers held by professional traders, on the one side, and consumers, on the other side. Among others, these rules typically impose obligation with regard to transparency, fairness of clauses and consent.

EU consumer law is bulky.¹⁴ For the purpose of this analysis, the legislative instruments of major interest are three: the Unfair Commercial Terms Directive,¹⁵ the Unfair Commercial Practice Directive¹⁶ and the Consumer Rights Directive.¹⁷ None of these instruments contains a one size fits all regulatory solution for the theory of harm addressed in this article; in addition, as directives need to be implemented by member States, national rules remain quite relevant and not always sufficiently harmonized.

Consumer rules address platforms’ ToS and more in general any aspect of the relations between platforms and users with regard to the provision of the service.

Possible remedies

Consumer protection rules could be used to oblige social media platforms to duly inform users that the content they are exposed to has been artificially promoted and/or given prominent display and explain why and how. In other words, when platforms perform personalization by automated systems for content moderation, they should empower users to understand how the content is organized, filtered and displayed and which criteria and which personal data have been used to do it. This would imply to also adequately inform users about, among others, the data that the platform collects about them, how and for what purpose it processes it, whether and under which conditions it resells data to third parties.

Currently though there is a spread claim that social media platforms do not sufficiently satisfy information requirements and as mentioned, enforcers have started to intervene. For example, the Italian Competition Authority has recently sanctioned Facebook for unfair commercial practices arguing, among others, that the information the platforms provide to its users about the use of their data is general and incomplete and does not adequately make a distinction between the use of data to personalize the service (to connect users with each other) and the use of data to carry out advertising campaigns aimed at specific targets. The Italian Authority also found that Facebook exerts undue influence on registered users, who suffer, without express and prior consent and therefore unconsciously and automatically, the transmission of their data from Facebook to third-party websites/apps for commercial purposes, and vice versa. The undue influence is caused, argues the authority, by the preselection by Facebook of the broadest consent to data sharing (AGCM, 2018)¹⁸.

The Italian Competition Authority stresses several times that the unfair collection and use of users’ data is done for profiling and commercial exploitation purposes. Therefore, it explicitly recognizes the link between the elements of the complex typology analysed by this article, that is, data collection, profiling and personalization, which causes the harm to content exposure.

Interestingly, the authority also clarifies the relationship between consumer protection rules and data protection ones, justifying its intervention under the former. According to the authority, there is no conflict between the two set of rules, which complement each other.¹⁹ If on the one hand Facebook remains subject to data protection rules, on the other hand the case at stake deals with the impact that the company’s conducts have on the commercial decisions of consumers and not on their right to privacy or data protection (AGCM, 2018). Thus, the focus of attention appears to be on the effects of the conducts on users’ choice architecture.

Likely strengths and limits

These enforcement actions could contribute to set higher standards in the market and stimulate platforms to compete on the quality of ToS with regard to transparency and data protection. In fact, consumer rules apply horizontally to all players, irrespective of size and market power. Possibly, enforcers and decision makers could also create a black list of commercial terms, to be regularly updated and impose platforms to provide users with a clear summary of key ToS (BEUC, 2017).

Another advantage of consumer rules is that they provide mechanisms for collective redress in mass harm situations. This feature is all the more useful in the social media context due to the fact that users are millions, if not billions, and they all asked to agree to the same ToS, profiled and subject to the same content moderation mechanisms (BEUC, 2018).

Nevertheless, improving transparency without providing users with effective choice does not solve the problem. Certainly, the first step is to make users aware of the features of the service they use and understand and freely agree to the commercial terms existing between themselves and the providers. But the second, inevitable, step is to provide them with a choice in case they are not willing to consent to what they receive information about. Finally, transparency might place a substantive burden on users who have to seek information about the business conducts they are subject to, interpret them and assess the impact they have on their rights, and only to find that they have limited, if any, power to change anything.

Furthermore, the current EU consumer protection rules reveal a number of shortfalls when applied in social media markets, which the EC proposal for modernization (European Commission, 2018b) is partly attempting to fix (EDPS, 2018; European Parliament Research Service, 2018). For example, the Consumer Rights Directive only refers to contracts under which the consumer pays a price, and it is therefore not applicable where users provide their personal data in exchange for the service. It is unclear if information requirements contained in this Directive therefore currently apply to social media platforms.

Consumer legislation contains further inconsistencies with regard to ‘free’ digital services. The Consumer Rights Directive applies to contracts for the supply of both paid and ‘free’ digital content (e.g. apps, games and videos), but it only applies to paid digital services (e.g. cloud storage, webmail, social media), while ‘free’ digital services, which are usually paid by personal data, are excluded. If the proposed Digital Content Directive is adopted in its current version, it will contain remedies in contracts for both paid and free digital services and for both paid and free digital content, therefore possibly creating further inconsistencies. To avoid conflict and guarantee legal certainty, further clarity should be provided for businesses and consumers.

Moreover, under the Unfair Commercial Practice Directive, price is one of the most important elements to test if a commercial practice is unfair. But users pay the social media service with their data, and while the economic value of the latter is undisputed, if data are considered a counter-performance, then the concept of price is not applicable.

Neither the Unfair Commercial Terms Directive grants adequate attention to data. In particular, it does not include contract terms on the processing of data or the performance of data among those that can cause significant imbalance between the provider’s and the user’s rights and obligations.

All the above considered, the extent to which consumer protection rules will be able to address the harm at stake depends on the future evolution of the norms, as well as on the capacity of consumer protection authorities to address behaviours such as profiling and personalization. In this scenario, consumer associations across the EU might have an important role to play in raising awareness and providing relevant data and information about relevant conducts.

Link to other solutions

As noted, the application of consumer protection rules does not imply that companies are exempted from respecting other rules such as, among others, data protection (Helberger, Zuiderveen Borgesius, & Reyna, 2017; Jerker & Svantesson, 2018) and, if they are in a dominant position, competition norms on abuse.

In addition, enforcement initiatives have so far targeted only part of the complex typology that, as explained, causes the harm in terms of content exposure. In fact, actions have focused on opacity and unfairness concerning data collection and data usage but not (yet) on the lack of transparency concerning the automated systems of content moderation. In other words, as noted by distinguished voices, the algorithms, which constitute the backbone of the platforms’ business model, remain a mystery for users (BEUC, 2018). Therefore, the scope of the intervention could be enlarged, including an assessment of the unfair conducts impact on freedom of expression and information. To this aim, enforcers of consumer rules could refer to the existing body of human rights rules as a normative parameter in their analysis and coordinate with enforcers traditionally called to apply them. Finally, consumer protection authorities could work together with other relevant regulators to ensure that measures enhancing user autonomy are implemented as well as part as part of the enforcement action.

Competition law

Relevant rules and conducts concerned

Competition rules exist to protect consumer welfare and competitive process. They aim to guarantee that markets remain open to new entrants and that players compete fairly to the consumers’ benefit.

Competition law does not condemn dominance per se but attributes a special responsibility to dominant players: because of their position of market power, they cannot take certain actions, which would not be a concern from smaller players.

For example, Article 102 TFEU prohibits dominant players from exploiting consumers, among others through the imposition of unfair commercial clauses. When a social media platform holds a dominant position on the market, therefore Article 102 TFEU applies to its ToS.

Competition rules do not deal only with market power but also with market concentration, prohibiting practices that increase it in a way that significantly lessen competitive dynamics. As social media platforms operate in highly concentrated markets, they are subject to these rules too, in particular insofar as they put in place conducts that make more difficult, for competitors, to enter the market or strategically acquire them to avoid competition.

Competition rules potentially apply to any elements of the business model of social media platforms, therefore also to those that harm consumer right to freedom of expression.

Possible remedies

As mentioned, in the EU, the normative concept of ‘fairness’ of commercial conditions is tested against the minimum balance that must exist between the rights, interests and obligations of the contracting parties that have agreed to trade under those conditions (Kalimo & Majcher, 2017). In the previous part of this article, it has been argued that ToS regulating data harvesting, profiling, personalization and content moderation disproportionately restrict users’ freedom of expression and data protection rights and that such restrictions do not appear necessary for the provision of the service, nor proportionate. Therefore, they constitute unfair commercial terms under Article 102 TFEU.

Moreover, a sufficient guarantee of users’ privacy and free of expression is a parameter of the service’s quality, which a dominant player should not be allowed to lower disproportionately only by virtue of its position of market power. It follows that enforcers could apply Article 102 TFEU to sanction the quality degradation that dominant platforms impose on their users.²⁰ If the degradation concerns specifically data protection, enforcers could use the GDPR as normative frameworks against which assess this degradation; if the latter concerns free expression, enforcers could be guided by the international framework that protects that right.

In both cases, dominant social media platforms’ behaviour causes the exploitation of users and should be sanctioned. Competition enforcers could impose pecuniary penalties to infringers, together with a cease and desist order for the illegal behaviour, and behavioural of structural remedies, which shall be proportioned to the infringement committed and necessary to bring it effectively to an end.

There is another, although indirect, way in which competition rules can be used to protect users’ right to decide what content to be exposed to.

In fact, competition law also protects choice. For choice to be available on the market, the competitive process has to be protected and the market has to remain open to new entrants.

It can be argued that dominant social media companies act as gatekeepers: economic gatekeepers, because they manage to lock in users and maintain competitors out of the market, and ‘fundamental rights’ gatekeepers, because with their behaviours, they set the standards for the protection, or better said the violation, of users’ free expression and data protection in that market.

Enforcers could use competition rules to prohibit incumbents from putting in practice illegal behaviours to exclude competitors or to impede newcomers from accessing the market. If sufficient competitive process is restored in social media markets, one can assume that the main competitive drivers for platforms will be the quality of the service they offer, and not price, as the service is usually offered for free. If this happens, users who want their data to be protected, or who want to have control of the content they see and access to on social media, should be able to find real alternative on the market.

Competition authorities could also ensure that users can easily switch from a provider to another. In fact, because social media platforms are usually ever more attractive the more people use it, users will have real choice only if efficient competitors are able to enter the market and gain critical mass and only if measures such as data portability and multi-homing are effectively in place.

Finally, competition enforcers could play a role in preventing further concentration in the market, for example, by stopping social media platforms to further grow by acquiring other players in the same or adjacent markets.

Likely strengths and limits

Competition rules could be used not only to provide short-term remedies for the harm delineated in this article but also long-term ones. More specifically, competition law could be used to trigger the competitive process in the social media markets on parameters such as quality and choice, which will contribute to the creation of a healthier, and more human rights friendly environment for users.

Furthermore, competition law could be used to target the entire complex typology of conducts addressed in this article. In fact, competition norms typically look at combination of conducts and at business models in their entirety.

In addition, as mentioned, while sanctioning conducts under Article 102 TFEU, competition authorities can impose structural or behavioural remedies. Thus, they could impose on social media platforms the use of specific ToS or limits to data collection or data processing that go even further what provided by the GDPR. However, this way of acting runs the risk of resulting too invasive for the economic freedoms of the platforms and too oriented towards ex ante regulation rather than ex post intervention.

Link to other solutions

Competition enforcers could easily use the GDPR and the human rights framework as normative parameters for the assessment of relevant conducts and ask relevant authorities for opinions, technical analysis or similar forms of support and cooperation.

In addition, competition intervention, coming ex post, does not undermine the possibility, for other regulators, to apply complementary norms to reinforce the protection of users’ free expression from illegal violation perpetuated by social media platforms. As long as these actions are coordinated, they will mutually exploit synergies and tackle the entire set of relevant conducts.

Human rights rules

Relevant rules and conduct covered

In the available regulatory toolbox, one could also include the international legal framework for the protection of these human rights, which is composed by international and regional norms, such as relevant international treaties, conventions, the EU Charter of fundamental rights,²¹ national constitutional norms but also soft law instruments such as recommendations, opinions and declarations.

The international body of norms concerning human rights is particularly rich. Although these rules are usually addressed to States, the requirement that private actors shall respect fundamental rights is not a new call. The Guiding Principles on Business and Human Rights²² provide a starting point to shape companies’ responsibilities in this regard. Among others, the Guiding Principles recommend companies to (i) make public statement on their commitments to respect human rights; (ii) conduct due diligence and impact assessments to identify, prevent and mitigate against any potential negative human rights impacts of their activities; (iii) incorporate human rights safeguards by design to mitigate adverse impact; and (iv) make remedies available where adverse human rights impacts are created.

In his 2013 Report (OAS Special Rapporteur on Foe, 2013), the Special Rapporteur for Freedom of Expression of the Inter-American Commission of Human Rights recommended, among others, that private companies establish and implement service conditions that are transparent, clear, accessible and consistent with international human rights standards and principle. More in particular, the report notes that companies have to ensure that any restrictions based on their ToS do not unlawfully or disproportionately restrict free expression.²³ Similar principles are recalled in the 2016 Report on Standards for a Free, Open and Inclusive Internet.

More recently, the Special Rapporteur on Freedom of Expression, in its 2018 Report on AI and its impact on freedom of expression and information, has recommended, inter alia, that companies should make explicit where and how artificial intelligence technologies and automated techniques are used on their platforms, services and applications (Special Rapporteur on FoE, 2018). Furthermore, the Special Rapporteur has recalled that people have the right to individual autonomy, which implies that ‘artificial intelligence must not invisibly supplant, manipulate or interfere with the ability of individuals to form and hold their opinions or access and express ideas in the information environment’. For the Special Rapporteur, respecting individual autonomy means,

at the very least, ensuring that users have knowledge, choice and control. Pervasive and hidden artificial intelligence applications that obscure the processes of content display, personalization, moderation and profiling and targeting undermine the ability of individuals to exercise the rights to freedom of opinion, expression and privacy.²⁴

As for regional norms, the Council of Europe has repeatedly focused its attention, directly or indirectly, to social media networks and the impact of their activities on human rights. The Committee of Ministers made clear, already in its Recommendation of April 2012 (Committee of Ministers, 2012), that social networking providers should respect human rights and the rule of law. Furthermore, in its recent Declaration on the manipulative capabilities of algorithmic processes (Committee of Ministers, 2019), the Committee has recognized that algorithmic content moderation can negatively impact freedom of expression per se, and therefore irrespective of whether it concerns illegal or legal content. Worth noting that in the same Declaration, the Committee has also highlighted the need of effective protection against unfair practices or abuse of position of market power.²⁵

Although the EU Charter does not apply to undertakings, but to member States and EU institutions when acting within the scope of EU law, it is hereby argued that the provisions of Articles 8 and 11 of the Charter could indirectly target social media platforms, obliging them to guarantee the fundamental rights of their users. Article 8 and Article 11 establish, respectively, the right to protection of personal data and the right to freedom of expression and information. Both these rights are also enshrined in the constitutional traditions of the EU member States. Therefore, States have positive obligations to put in place measures that guarantee them.

Possible remedies

The enforcement of the human rights framework usually concerns the single individual and the single case and focuses on compensating the harm that has been caused to the claimant.

Users could claim the reimbursement of the damage suffered and the restitutio in integrum. Possibly, and depending on the procedural rules in place in the country where they have their residence or bring the action, they could also ask for injunctions.

In parallel, the international human rights framework should guide States in their legislative and policymaking activities. States are not only called to respect citizens’ human rights in their actions but also to set the frameworks and conditions for private actors to do so.

Likely strengths and limits

In terms of enforcement, the application of the EU Charter often implies a balancing exercise between fundamental rights and economic freedoms. Traditionally, courts are better placed to perform this assessment. Possible shortfalls of recurring to courts are first, that users bear the burden of proof, in a context characterized by enormous information asymmetries. Second, that class actions might be difficult to run, therefore it might take long time before companies decide to change their behaviours, and thus before the social dimension of the problem, rather than the individual one, is solved.

On the contrary, if enforcers are called to perform the assessment, safeguards could be established to avoid an a priori hierarchization of rights. This is all the more needed, and all the more problematic, if companies themselves perform the assessment via self-regulatory measures.

Link with other solutions

As mentioned, rather than being a self-standing solution to the harm at stake in this article, the human rights framework could be better used as a normative parameter to assess social media platforms’ behaviours. This could be performed ex post, by regulators in enforcement actions or by users in damage claims; or ex ante, in the form of impact assessment operated by platforms themselves while shaping their business models and by legislators while issuing new rules concerning the activities of social media platforms.

General Data Protection Regulation

Relevant rules and conducts covered

The GDPR applies directly to undertakings, as long as they process data of data subjects who are in the Union.²⁶ Articles 5, 6 and 7 establish the principles relating to the processing of personal data, the condition for the lawfulness of processing, as well as the conditions for consent. The ambitious objective this regulation wants to achieve is to protect all EU citizens from privacy and data breaches in today’s data-driven world.

Social media platforms are one of the biggest data controllers and data processors of our time. Therefore, there is no doubt that their ToS, and more generally their behaviours with regard to data collection and data processing, need to comply with the GDPR.

Possible remedies

The GDPR establishes that consent of the data subject means

any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.²⁷

The above indicated parameters for consent are not respected in the case of ToS, for at least two reasons. First, as already confirmed by various authorities within the EU, ToS are excessively long and written in a misleading way (AGCM, 2018; Bundeskattellamt, 2019; CNIL, 2019).²⁸ Second, ToS are not the result of fair negotiations among two parties, but rather a unilateral imposition.²⁹ In fact, users are in a take it or leave it situation and have no real choice. Therefore, data protection authorities (DPAs) could use the GDPR to oblige social media to ask for meaningful consent from users.

Furthermore, the provisions on data minimization could be used to limit the disproportionate collection of data by social media platforms. In fact, Article 5 of the GDPR mandates that personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. In addition, Article 25 of the GDPR requires organizations to incorporate data minimization into the total lifecycle of their products, services and processes.

Moreover, DPAs could use the right to data portability as established in Article 20 GDPR to oblige social media platforms to make switching easier for users. To a certain extent, to be effective, this right needs to be complemented with adequate measures aimed to ensure transparency and interoperability, which could, in turn, have a positive impact on the competitive structure of the market.

Other GDPR provisions could be used to protect users from social media platforms abuses. For example, the regulation limits the use of automated decision-making in certain circumstances and requires individuals to be provided with information as to the existence of automated decision-making, the logic involved and the significance and envisaged consequences on the individual.³⁰ Furthermore, the GDPR prohibits (with narrow exceptions) decisions that are made solely on automated processing, when they have legal or other significant effect on the individual.³¹ Finally, and more in general, the GDPR introduces a range of provisions aimed at supporting the design of less privacy intrusive AI systems (Privacy International and ARTICLE 19, 2018).

This powerful regulatory instrument has been already used by a number of DPAs in the EU to condemn behaviours of online platforms. Interventions focused on the protection of users’ right to know what personal data companies have gathered about them, where they got it and with whom these companies have shared it. For example, the Swedish privacy watchdog accused Google of non-compliance with the GDPR with regard to its collection of location history from mobile devices (Datainspektionen, 2019). The French DPA imposed on the same company a financial penalty of 50 million Euros for violations of the GDPR rules for lack of transparency, inadequate information and lack of valid consent regarding ads personalization (CNIL, 2019). The Italian DPA has closed its investigation against Facebook concerning the Cambridge Analytica case and at the moment of writing is preparing to issue sanctions against the platform (Garante della Privacy, 2019).

Likely strengths and limits

With the entry into force of the GDPR, the role DPAs can play in the protection of users’ rights has increased. DPAs around the EU are developing new skills, expertise and capacity, and there are evident moves towards harmonized approaches in different member States.

Nevertheless, although data protection rules are an efficient instrument to condemn data protection breaches, they address only one element of the complex typology that causes harms to users, that is the way data harvesting and data processing are conducted. In other words, the GDPR enforcement by DPAs could be part of the solution, but to avoid the harm to content exposure more is needed.

Link with other solutions

Using data protection rules allows DPAs to proceed with targeted intervention, but in a number of cases these authorities have already declared their willingness to cooperate with competition and regulatory authorities where needed, to ensure that individuals’ personal data are duly protected in the relevant market.

For example, the Italian DPA has recently worked together with the Italian Competition Authority and the Italian regulator for telecoms and media on a study about big data (AGCOM, AGCM, Garante della Privacy, 2017). This kind of cooperation should take place not only with regards to market studies but also in enforcement actions where a comprehensive assessment and response to complex digital behaviours is needed.

Further steps have already been taken in this direction. By way of example, the European Data Protection Supervisor has clearly expressed its support to regulators’ cooperation across sectors, which include competition authorities, consumer protection ones and DPAs (EDPS, 2018).

In addition, there appears to be consensus on the fact that privacy is a parameter of competition and that therefore DPAs should work closer with NCAs to ensure that the decisions and measures adopted to protect privacy also go in the direction of restoring the competitive structure of the market. To reach this aim, various forms of coordination could be foreseen: for example, NCAs could be obliged to ask DPAs to provide specific expertise (in the form of an opinion or other non-binding instrument) in cases where the accused behaviours involve data collection or data processing.

Media law

Relevant rules and conducts covered

Broadcasting regulation was historically posited in part on the limited number of channels being available to audiences. The imposition of rules was justified by the existence of a bottleneck at the level of content production, which was considered a risk for media freedom, plurality and diversity, that are essential components of a democratic society.

Currently, an additional bottleneck might be identified at the level of distribution online. In fact, irrespective of the content produced and available, a handful of platforms intervene on how it is distributed, and thus on what users finally see or do not see. Being this the case, the rules by which intermediaries control discovery and distribution become a matter of legitimate public interest

It can then be argued that this additional bottleneck justifies the application, to social media platforms, of the specific obligations traditionally imposed on content producers, with due adjustments.

Furthermore, normative and policy discussions about media diversity and plurality might not be limited to the supply side but should also take into account the demand side. In other words, what matters is the content the user actually selects, not the content that is available; the diversity of exposure and consumption, not the diversity of supply (Helberger, 2012; Helberger, Karppinen, & D’Acunto, 2018; Karppinen, 2013; Nguyen, Hui, Harper, Terveen, & Konstan, 2014). The exposure to different content is valuable from an economic and societal perspective and should be then protected by regulatory intervention.

Possible remedies

A possible instrument to safeguard media plurality and diversity could be the imposition, on platforms, of rules aimed at avoiding concentration in social media markets, such as limits to social media or cross- (social) media ownership concentration, or special rules on quotas concerning selected type of content.

Transparency obligations about how algorithmic systems impact exposure diversity could as well contribute, although as argued already in previous parts of this article transparency is not a sufficient solution.

Likely strengths and limits

The imposition of limits to concentration could guarantee users the access to different social media platforms. This, in turn, could increase the variety of content they are exposed to, if not eliminating at least limiting the harm this article has identified. Furthermore, aiming to create a diverse and plural ecosystem, these rules could establish the conditions for the long-term guarantee of users’ freedom of expression and information.

Although the imposition of these rules would not imply the requalification of social media platforms as media companies, change which has been strongly resisted by these companies in the past years, it nevertheless would create risks of inconsistency with the existing regulatory framework, starting from the e-Commerce Directive.³² In addition, although media freedom and media pluralism are values recognized and guaranteed by the EU Charter,³³ their implementation is left to member States. Therefore, national rules could differ, creating disparity of conditions across the EU.

Link to other solutions

Here again, the application of rules borrowed from the traditional media regulatory framework will not compete, but rather complement the enforcement of other instruments, and specifically of competition rules. To this aim, a closer cooperation between media regulators and competition authorities should be guaranteed.

Conclusions

Lot has been said and studied about social media platforms business models and the relevance of their behaviours under different set of rules. Nevertheless, rarely if ever, the attention has been dedicated to the harm that some of these conducts, taken together, cause to users in terms of content exposure. The aim of this article is thus to raise attention on a possible theory of harm that, on the one hand, focuses on users’ freedom of expression and information, and, on the other hand, considers a combination of conducts rather than a single one.

This approach, which can be argued provides a better understanding of the challenges at stake, implies to cope with a number of issues. To start with, it calls for the use of an entire toolbox of regulatory instruments, rather than a single one. This, in turn, can be efficiently done only with the establishment of effective mechanisms of cooperation between relevant authorities, to avoid gaps, as well as conflicting enforcement actions.

Further research is needed to properly inform policymaking, on at least two elements.

First, the factual assessment of the conducts that have legal relevance for the theory of harm at stake. In fact, few information are available, yet, about the mechanisms social media platforms use for data collection, profiling, personalization and content moderation. For this to happen, a higher level of transparency from platforms is required, and the possibility, for researchers, to access the relevant data, although with the due safeguards for companies’ rights.

Second, the combination of behaviours that cause the harm needs a combination of responses to address it. Therefore, more research is welcome at both the level of the instruments and at the level of the enforcement structure. In other words, researchers should further explore which regulatory instruments can be used together and how and which authorities should act together and how. The aim should be to avoid conflicts of law, as well as grey areas that will undermine legal certainty for all actors. In addition, the spectrum of solutions for having a clear division of labour is wide and goes from the establishment of an ‘umbrella regulator’ to the coordination of various individual actions. By way of example, the establishment by the European Data Protection Supervisor of the Digital Clearinghouse, ‘as a voluntary network of enforcement bodies can contribute to enhancing their work and their respective enforcement activities and can help deepen the synergies and the safeguarding of the rights and interests of individuals’ (European Parliament, 2017), is an important precedent which deserves due attention. In any case, the approach should put users at the centre and work in the direction of solutions which ensure that users’ fundamental rights are adequately guaranteed.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

Notes

References

ARTICLE 19. (2017). EU fails to protect free speech online, again. Retrieved from https://www.article19.org/resources/eu-fails-to-protect-free-speech-online-again/

ARTICLE 19. (2018). Side-stepping rights: Regulating speech by contract, policy brief. Retrieved from https://www.article19.org/resources/side-stepping-rights-regulating-speech-by-contract/

Autorità Garante della Concorrenza e del Mercato. (2018). PS11112 Facebook-Condivisione dati con terzi, Decision n. 27432.

Autorità per le Garanzie nelle Comunicazioni. (2018). Online disinformation practices and the fake content supply chain, Report, EN version. Retrieved from https://www.agcom.it/documents/10179/13325831/Pubblicazione+20-12-2018/7db41746-11e8-43d4-824b-003d80a6284d?version=1.0

Autorità Garante della Concorrenza e del Mercato, Autorità per le Garanzie nelle Comunicazioni, Garante della Privacy. (2017). Big data Interim report in the context of the joint inquiry on ‘Big data’. Retrieved from https://www.agcom.it/documents/10179/10875949/Allegato+4-9-2018/f9befcb1-4706-4daa-ad38-c0d767add5fd?version=1.0

BEUC. (2017). Fitness Check of EU Consumer Law, Position Paper.

BEUC. (2018). Ensuring consumer protection in the platform economy, position paper. BEUC-X-2018-080–02/10/2018

Botta

Wiedeman

(2018). EU competition law enforcement vis-à-vis exploitative conducts in the data economy. Exploring the Terra Incognita, Max Planck Institute for Innovation and Competition Research Paper 18-08.

Bourreau

De Streel

(2018). The regulation of personalised pricing in the digital era, DAFT/COMP, WD(2018)150, OECD publication

10.

Bundeskattellamt. (2019). Bundeskartellamt prohibits Facebook from combining user data from different sources, Press release. Retrieved from https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2019/07_02_2019_Facebook.html

11.

Charter of Fundamental Rights of the European Union. (2012). OJ C 326, 26.10.2012, pp. 391–407. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT

12.

Clifford

(2018). Citizen-Consumers in a Personalised Galaxy: Emotion Influenced Decision-Making, a True Path to the Dark Side?. Retrieved from https://papers.ssrn.com/abstract1/43037425

13.

Clifford

Verdoodt

(2017). Integrative advertising: The marketing ‘Dark Side’ or merely the emperor’s new clothes? European Journal of Law and Technology, 8.

14.

CoE Committee of Ministers. (2012). Recommendation COM/Reg (2012)4 of the Committee of Ministers to member States on the protection of human rights with regard to social networking services.

15.

CoE Committee of Ministers. (2019). Declaration on the manipulative capabilities of algorithmic processes, Decl (13/02/2019)1.

16.

Commission nationale de l’informatique et des libertés. (2019). Deliberation of the Restricted Committee SAN-2019-001 of 21 January 2019 pronouncing a financial sanction against GOOGLE LLC.

17.

Costa

Cabral F.

Lynskey

(2017). Family ties: The intersection between data protection and competition in EU Law. Common Market Law Review, 54, 11–50.

18.

Court of Justice of the EU. (1974). Case 127/73. Belgische Radio en Televisie and société belge des auteurs, compositeurs et éditeurs v SV SABAM and NV Fonior.

19.

D’ Cunha

(2018). Best of frenemies? Reflections on privacy and competition four years after the EDPS Preliminary Opinion. International Data Privacy Law, 8, 253–257.

20.

Datainspektionen. (2019). Request for reply and further information sent to Google. Retrieved from https://www.datainspektionen.se/globalassets/dokument/ovrigt/google—request-for-reply-and-further-clarification—skrivelse-till-tillsynsobjekt.pdf

21.

Editorial Board. (2019). How silicon valley puts the ‘Con’ in Consent. If no one reads the terms and conditions, how can they continue to be the legal backbone of the internet. New York Times. Retrieved from https://www.nytimes.com/2019/02/02/opinion/internet-facebook-google-consent.html

22.

Edwards

(2018). Data protection and e-privacy: From spam and cookies to big data, machine learning and profiling, in law, Policy and the Internet Hart Publishing

23.

EFF. (2016). Zero Rating: What it is and why you should care. Retrieved from https://www.eff.org/deeplinks/2016/02/zero-rating-what-it-is-why-you-should-care

24.

EU Council (1993). Directive 93/13/EEC on unfair terms in consumer contracts, OJ L 95, 21.4.1993, pp. 29–34.

25.

European Commission. (1971). Decision 71/224/CEE.

26.

European Commission. (1972). Decision 72/268/CEE.

27.

European Commission. (1981). Decision 82/204.

28.

European Commission. (2001). Decision 2001/463/EC.

29.

European Commission. (2018a). Recommendation on measures to effectively tackle illegal content online, C(2018) 1177 final.

30.

European Commission. (2018b). A new deal for consumers: Commission strengthens EU consumer rights and enforcement. Retrieved from https://ec.europa.eu/newsroom/just/item-detail.cfm?item_id=620435

31.

European Data Protection Supervisor. (2018). Opinion 8/2018 on the legislative package ‘A New Deal for Consumers’.

32.

European Data Protection Supervisor. (2019). Guidelines on assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data, draft version for stakeholder consultation. Retrieved from https://edps.europa.eu/sites/edp/files/publication/19-02-25_proportionality_guidelines_en.pdf

33.

European Parliament. (2017). Resolution on fundamental rights implications of big data: privacy, data protection, non-discrimination, security and law-enforcement (2016/2225(INI)).

34.

European Parliament. (2018). Recommendation on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns in the context of elections to the European Parliament, (12.9.2018, C(2018) 5949 Final).

35.

European Parliament and Council. (2000). Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) OJ L 178, 17.7.2000, pp. 1–16.

36.

European Parliament and Council. (2005). Directive 2005/29/EC concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (Text with EEA relevance), OJ L 149, 11.6.2005, pp. 22–39.

37.

European Parliament and Council. (2011). Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council Text with EEA relevance, OJ L 304, 22.11.2011, pp. 64–88.

38.

European Parliament and Council. (2016). Regulation (EU) 2016/679, OJ L 119, 4 May 2016.

39.

European Parliament Research Service. (2018). Modernisation of EU consumer protection rules. A new deal for consumers, PE 623.547.

40.

Evans

D. S.

Schmalensee

(2015). The antitrust analysis of multi-sided platform businesses. In Blair

R.D.

Sokol

D.D.

, (Eds.), Oxford Handbook of International Antitrust Economics (pp. 404–447). Oxford, England: Oxford University Press.

41.

Facebook. (2019). Community Standards. 12. Hate Speech. Retrieved from https://www.facebook.com/communitystandards/objectionable_content

42.

Filistrucchi

Geradin

van Damme

E. E. C.

(2012). Identifying two-sided markets TILEC Discussion Paper No. 2012-008. Retrieved from https://ssrn.com/abstract=2008661orhttps://dx-doi-org.web.bisu.edu.cn/10.2139/ssrn.2008661

43.

Garante della Privacy. (2019). Cambridge Analytica: Fact-finding over, Italian SA ready to impose sanctions. Investigations have shown additional instances of unlawful processing, press release. Retrieved from https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9081475#

44.

Graef

(2018). Blurring boundaries of consumer welfare: How to create synergies between competition, consumer and data protection law in digital markets. In Mark-Olivier

& others (Eds.), Personal Data in Competition, Consumer Protection and IP Law. Towards a Holistic Approach? Berlin, Germany: Springer.

45.

Graef

Clifford

Valke

(2018). Fairness and enforcement: Bridging competition, data protection and consumer law. International Data Privacy Law, 8, 200–223.

46.

Guiding Principles on Business and Human Rights. (2008). Implementing the United Nations ‘Protect, Respect and Remedy’ Framework, A/HRC/8/54/HCR/17/31 endorsed by the Human Rights Council in its Resolution 17/4 of 16 June 2011.

47.

Helberger

(2012). Exposure diversity as a policy goal. The Journal of Media Law, 4, 65–92.

48.

Helberger

Karppinen

D’Acunto

(2018). Exposure diversity as a design principle for recommender systems. Information, Communication and Society, 21, 191–207.

49.

Helberger

Zuiderveen Borgesius

Reyna

(2017). The perfect match? A closer look at the relationship between EU consumer law and data protection law. Common Market Law Review, 1427, 54.

50.

Hitlin

Rainie

(2019). Facebook algorithms and personal data, pew research center. Retrieved from http://www.pewinternet.org/2019/01/16/facebook-algorithms-and-personal-data/

51.

Jerker

Svantesson

(2018). Enter the Quagmire – The complicated relationship between data protection law and consumer protection law. Computer Law and Security Review, 25, 34.

52.

Jullien

(2011). Competition in multi-sided networks: Divide and conquer. American Economic Journal: Microeconomics 3, 1–35.

53.

Kalimo

Majcher

(2017). The concept of fairness: Linking EU competition and data protection law in the digital marketplace. European Law Review, 210, 223–228.

54.

Karppinen

(2013). Rethinking media pluralism. New York, NY: Fordham University Press.

55.

Madrigal

A. C.

(2012). Reading the privacy policies you encounter in a year would take 76 work days. The Atlantic. Retrieved from https://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/

56.

McNamee

(2017). Commission’s position on tackling illegal content online is contradictory and dangerous for free speech, EDRi. Retrieved from https://edri.org/commissions-position-tackling-illegal-content-online-contradictory-dangerous-free-speech/

57.

Nguyen

Hui

P.-M.

Harper

F. M.

Terveen

Konstan

J. A.

(2014). Exploring the filter bubble: The effect of using recommender systems on content diversity. In Proceedings of the 23rd international conference on World Wide Web, pp. 677–686. ACM.

58.

OAS Special Rapporteur on FOE. (2013). Freedom of Expression and the Internet. OEA/Ser.L/V/II.CIDH/RELE/INF. 11/13

59.

OFCOM. (2018). UK Communications Market Report. Retrived from https://www.ofcom.org.uk/_data/assets/pdf_file/0022/117256/CMR-2018-narrative-report.pdf

60.

Privacy International and ARTICLE 19. (2018). Privacy and freedom of expression in the age of artificial intelligence. Retrieved from https://www.article19.org/wp-content/uploads/2018/04/Privacy-and-Freedom-of-Expression-In-the-Age-of-Artificial-Intelligence-1.pdf

61.

Radet

(2018). Deceived by Design. How tech companies use dark patterns to discourage us from exercising our rights to privacy. Retrieved from https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf

62.

Ranking Digital Rights. (2019). Consultation draft. Human rights risk scenarios: Targeted advertising. Retrieved from https://rankingdigitalrights.org/wp-content/uploads/2019/02/Human-Rights-Risk-Scenarios-targeted-advertising.pdf

63.

Special Rapporteur on FoE. (2018). Report to the general assembly on AI and its impact on freedom of expression and information, A/73/348.

64.

Susser

Roessler

Nissenbaun

. (2018). Online Manipulation: Hidden Influences in a Digital World. Retrieved from SSRN https://ssrn.com/abstract=3306006

65.

Twitter. (2019). Hateful conduct policy. Retrieved from https://help.twitter.com/en/rules-and-policies/hateful-conduct-policy

66.

United Nations General Assembly. (1966). International covenant on civil and political rights, Vol. 999. UN Treaty Series.

67.

Yeung

(2018). Five fears about mass predictive personalisation in an age of surveillance capitalism. International Data Privacy Law, 8, 3.

68.

YouTube. (2018). Trusted flagger programme. Retrieved from https://support.google.com/youtube/answer/7554338?hl=en

69.

Youtube. (2019). Dispute A Content ID Claim. Retrieved from https://support.google.com/youtube/answer/2797454?hl=en

70.

We Are Social and Hootsuite. (2018). Digital in 2018: Q3 Global Digital Statshot, Retrieved from https://es.slideshare.net/wearesocialsg/digital-in-2018-q3-global-digital-statshot

71.

Woods

Perrin

(2018). The internet: to regulate or not to regulate? Written evidence (IRN0047), Communications Committee, House of Lords. Retrieved from http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/communications-committee/the-internet-to-regulate-or-not-to-regulate/written/82684.html

72.

(2017). The Attention Merchants: How your time and attention are gathered and sold. Atlantic Books.

73.

Zuckerberg

(2018). A blueprint for content governance and enforcement. Retrieved from https://www.facebook.com/notes/mark-zuckerberg/a-blueprint-for-content-governance-and-enforcement/10156443129621634/