American tech/media giants like Facebook and Google may soon face huge fines in the billions in the U.K., if they fail to tamper the spread of fake news, hate speech and other types of harmful content on their platforms, according to plans laid out in an upcoming policy paper next month.
The policy paper, focusing on internet safety, calls for the formation of a new regulating body independent of the British government to protect consumers from “toxic content” on the internet, U.K.’s minister Margot James told Business Insider during an interview last week in San Francisco.
The new regulating body is expected to carry out a broader examination of what constitutes harmful content than the existing frameworks in the European Union. For example, in Germany, platform-based companies would only get into trouble for spreading hate speech, per a law known as NetzDG (Network Enforcement Law); while in the U.K., these companies would be held accountable for everything from misinformation to content around suicide or self-harm, in addition to hate speech.
A guiding principle is that “what is illegal and unacceptable offline should be illegal and unacceptable online,” James explained.
James said the scope of penalty under the new independent regulator would be similar to the that of the existing Information Commissioner’s Office (ICO), the enforcer of the EU’s General Data Protection Regulation (GDPR), which focuses on privacy protection, not content.
Under GDPR, passed in 2016, ICO is allowed to levy fines of up to four percent of a company’s annual global revenue. For Facebook, that could mean a penalty of up to $2.2 billion, based on on its 2018 revenue of $55.8 billion. And for Google, it could add up to $5.4 billion for its parent company Alphabet, based on its 2018 revenue of $136.8 billion.
“There will be a powerful sanction regime and it’s inconceivable that it won’t include financial penalties. And they will have to be of a size to act as a deterrent. If you look at the ICO’s fining powers, that might be a useful guide to what we’re thinking about,” James said.
While recent legislation like GDPR grants governments the power to slap huge fines on businesses, very few companies have been seriously punished under this new regime.
In January, the French data protection authority slapped a €50 million ($57 million) fine on Google in response to privacy complaints filed by two consumer rights groups. The penalty is by far the largest issued by EU regulators under GDPR.
Last July, Facebook was fined $660,000 by Britain’s ICO over the Cambridge Analytica data breach. The amount was the maximum fine allowed under the EU’s old privacy law, which was in effect when the data leak happened (in 2015).
At one point, larger Cambridge Analytica-related fines were expected on Facebook in the U.S. as multiple federal agencies—the FBI, FTC, SEC and the Justice Department—investigated the case. Theoretically, U.S. regulators could slap a total fine up to billions of dollars on Facebook, but the lack of precedent in such cases has made it hard to predict the end game for the social media giant, regulation experts have told Observer.
As for the new content regulation in the U.K., James conceded that it’s not necessarily a company’s fault when harmful content appears on its platform, but it’s the company’s responsibility to moderate it.
“You’ve got to take it down before it proliferates. That’s the point. It’s too late once three weeks have gone by,” she said.