Big tech’s duty of care
Lawyers and doctors have to act in their clients' best interests. What if Facebook and Google had to do the same?
03 August 2021
Imagine that you have a serious and embarrassing medical condition, or need financial or legal help to extricate yourself from bankruptcy, or help with a painful divorce. You go and visit your doctor, financial advisor or lawyer, where you explain your problem in detail to get advice and help. Now imagine you later realise that this had not been a private conversation with a trusted professional, and they had, in fact, been recording your conversation and were selling the data to anyone interested and willing to pay, especially advertisers.
Everyone would justifiably be outraged by this. To prevent such abuses, we have something called ‘fiduciary duty’. This is a legal concept which requires professionals in positions of trust to have a duty of care towards their clients and to always act in the client’s interest, especially where there is any conflict with their own.
In many ways, the relationships we have with technology companies like Google, Facebook and Amazon are similar to those we enter into with lawyers, doctors and financial advisors. They all involve a direct contractual relationship, either as a customer or a user. They all also collect sensitive data about us, and use that information to provide recommendations. In fact, digital platforms encourage us to share as much information as possible with them, including searching for your embarrassing health condition on Google, opening up about a painful divorce on Facebook, or buying a ‘how to escape from bankruptcy’ book from Amazon. Finally, the power is one-sided, with technology platforms able to monitor their users’ activities, while users lack the reciprocal power.
But unlike lawyers, doctors and financial advisors, in the UK, digital platforms are currently under no legal obligation to only use information about you that they have legally collected, processed or bought in your interests. This means they can, for instance, target users in financial distress with payday loan adverts or gambling addicts with gambling adverts.
“In many ways, the relationships we have with technology companies like Google, Facebook and Amazon are similar to those we enter into with lawyers, doctors and financial advisors.”
Fiduciary obligations could complement the more proscriptive rights that are already included the Data Protection Act. Data protection legislation like this sets the rules for when data can legally be collected, while fiduciary duty applies when a professional has power over a person via being in a position of trust. This means that data protection legislation can cover areas that fiduciary obligations can’t, like the behaviour of data brokers. Unlike companies like Facebook, data brokers don’t gather data from internet users directly – they aggregate data from a huge variety of other sources, in order to sell it on to advertisers.
But fiduciary duties are important for companies who have a direct contractual relationship with a user. If we applied fiduciary duties to tech companies, then the business would owe fiduciary duties to their customer. This would require them to put the user’s best interest above their own when conflicts of interest arise. The duty would not prohibit a company from earning a profit through the use of their customers’ data. Small companies, which generally hold much less information about their users and therefore do not have the same privileged position, could be exempt from the rules. A threshold for exemption could be based on the volume of data that the company holds about its users, as well as turnover, number of employees, or number of users. Any breach of these obligations could result in the user bringing a legal case against the company.
There are many types of fiduciary duties. Applying the fiduciary concept does not mean we have to treat Google or Facebook the same as your doctor, financial advisor or lawyer. In fact, once the general obligations had been set out in legislation, it would fall primarily to our courts, on a case-by-case basis, to address whether breaches of any of the duties and obligations had occurred.
The new obligations would bring many benefits, including:
- If a company collects data for one purpose, it would not generally be allowed to use that data for an entirely different purpose, or transfer it to a third party that would do so.
- An online business would not be allowed to secretly conduct experiments on its customers, in an attempt to change their moods or behaviours – something Facebook has done in the past.
- Predatory advertising would be prohibited, like promotions for payday loans or gambling sites targeted at users who are particularly vulnerable.
- When applied to children, the majority of adverts would be deemed not in the child’s best interests, so children’s exposure to targeted advertising would be limited.
It is interesting that some platforms already see themselves as fiduciaries. Mark Zuckerberg, for example, recently stated that:
“The idea of us having a fiduciary relationship with the people who use our services is intuitive. [Facebook’s] own self-image of ourselves and what we’re doing is that we’re acting as fiduciaries and trying to build services for people… Where this gets interesting is who gets to decide in the legal sense, or in the policy sense, of what’s in people’s best interest.”
One of the defining features of our 21st century existence is that we now share more information about ourselves with technology platforms than we do with the professionals for whom fiduciary obligations were developed. It is about time the law caught up with this reality.
Image: Pexels
Topics Technology