To Create Transparency Regulation for Digital Platforms, Look to Lessons from Other Sectors

This article is adapted from and extends A History of Transparency Regulations: Interdisciplinary Strategies for Shaping Social Media Regulation and Self-Governance.

Alongside an increasing awareness of the harms that proliferate across digital platforms, governments are engaged in various attempts to regulate them. One common demand is for platforms to exercise meaningful transparency and provide data access for independent researchers to study. Laws such as the European Digital Services Act and the United Kingdom's Online Safety Act contain such transparency provisions. And while there appears to be little movement on regulation in the United States, bills previously introduced in Congress—such as the Social Media DATA Act and the Platform Accountability and Transparency Act (PATA), and the Digital Services and Online Safety Act (DSOSA) indicate an awareness among US lawmakers of the need to secure access to platform data.

Outside the US, legally mandated transparency and data access mechanisms are still evolving, and many questions remain about how they will work. These mechanisms must balance protecting consumer privacy and commercial interests while treading carefully to gain or retain support from key political actors. In addition to catering to stakeholder interests and protecting user rights, effective transparency legislation also requires adaptable statutes that are designed to be future-proof. What incentives should these mechanisms include to promote greater compliance and to achieve the goals of laws that require it?

Transparency outside of tech

Conflicting interests in designing and enforcing transparency mechanisms are not unique to the tech industry. Other sectors—such as healthcare, finance, automotive transportation, and aviation—have also had to navigate conflicting stakeholder interests in actualizing transparency legislation. Understanding how these sectors have dealt with these questions is a useful place to start.

Healthcare

For decades, the healthcare industry has sought to defend patients' privacy while balancing the need for medical innovation. In the US, the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect the privacy of patient records in the digital age. HIPAA changed the way medical records are treated. Compliance increased steadily throughout the years following its adoption, and it is now somewhat of a given in the US healthcare system. HIPAA is far from perfect, however. It involves complicated paperwork that is time-consuming for both health care providers and patients, and naturally imposes a financial burden on the system. It also prevents seamless data access, sometimes inhibiting healthcare professionals' ability to provide timely and innovative treatment.

Can we learn from global healthcare systems to address the shortcomings of models like the one HIPAA offers? The British National Health Service and Canadian hospitals disclose comparative performance data to promote competition in their systems. This promotes healthcare innovation as hospitals strive to provide the best and safest service to gain a good reputation. The Australian Government and the Australian Commission on Safety and Quality in Health Care have established the National Safety and Quality Health Service Standards (NSQHS). The standards are enforced through frequent auditing by independent agencies approved by the Commission. All hospitals, dental practices, and other daytime procedure facilities in Australia must be audited and accredited against the NSQHS standards.

Policymakers can incorporate the lessons from the healthcare sector by developing transparency frameworks that promote privacy and safety while safeguarding the ability for innovation. Policymakers also need to encourage healthy competition by tying transparent reporting and third-party evaluations to company reputation, as the British, Canadian, and Australian health services display.

Finance

The world of finance has seen all sorts of illegal activity and deceit, some of which can be tied to a lack of transparency, from cases of fraud such as Enron and Worldcom to the financial crisis of 2008. This has resulted in stringent legislation designed to increase transparency and hold big firms accountable for their practices.

In the US, the Sarbanes-Oxley Act of 2002 established a new standard in the finance world of strict fraud reporting. It also developed the Public Company Accounting Oversight Board (PCAOB), a third party that could investigate fraud in corporate activities. The Act expanded on the Securities Exchange Act of 1934, which created the US Securities and Exchange Commission (SEC) to combat fraud and malpractice in the financial markets.

The Securities Exchange Act and the Sarbanes-Oxley Act both play major roles in curbing fraud and other illegal activities. Sarbanes-Oxley was instrumental in restoring consumer confidence in PCAOB and its company audits. Likewise, the SEC is still the major agency that holds major financial firms accountable for any sort of stock malpractice.

Platform transparency legislation could mirror Sarbanes-Oxley by expanding third-party auditing, as Europe’s DSA requires.

Transportation

The automotive and aviation transportation industries have developed a range of transparency requirements, reflecting a commitment to accountability and safety in these sectors.

In the US, the National Highway Traffic Safety Administration (NHTSA) is a federal agency that oversees vehicle performance and road safety standards. It was established to reduce highway deaths due to the lack of vehicle standards. Nowadays, the NHTSA monitors safety features across car manufacturers and ensures they follow safety protocols. The Federal Aviation Administration (FAA) was created by the Federal Aviation Act of 1958 to maintain safety and efficiency in the aviation industry. Both agencies require reporting from private companies to ensure the safety of their products.

In the EU, the 2004 regulation EU 261 holds airlines accountable for customer mistreatment and requires greater transparency in reporting flight data. Its effectiveness lies in strong enforcement, making compensation for infractions a substantial cost for airlines. Similarly, any policy aimed at promoting platform transparency must include robust enforcement mechanisms that mandate disclosure and tie it to real financial consequences to ensure consistent oversight.

Key principles of historical transparency legislation

The history of transparency regulations in other sectors brings to light several principles that will be of the utmost importance going forward with social media transparency. Below, we list some pragmatic insights that could inform policymaking for future online safety regulation:

1. Internal visibility comes first. A platform needs to have greater internal visibility over user-generated content. The Taylor Swift debacle is evidence of this. VLOPs like Meta (Facebook) need to have better knowledge of the real-time harms they may be platforming. Past solutions have mandated improving user-reporting mechanisms, expanding their third-party fact-checking program, or supporting a larger trust and safety staff and improving data management. As a short-term solution, it may need more civic partners with the ability to audit the platform and raise awareness of harms without platform restrictions on their data access, setting new standards for the “post-API age."
2. Companies need a system to hold them accountable and mandate disclosures. The most plausible candidates are independent external organizations and regulators. If companies violate regulations, it is certainly warranted for governments to impose corresponding fines. However, the punishment needs to move beyond one-time penalties and introduce longitudinal accountability mechanisms in order to stimulate lasting change in their practices. Independent and disinterested oversight is the key to enacting transparency legislation. Perhaps working through regulatory levers is how independent researchers will regain data access from VLOPs for auditing online information and commerce systems.
   
   Current attempts to share information with external bodies suggest the need for watchdogs with complete independence from industry interests. For instance, the Global Internet Forum to Counter Terrorism (GIFCT) is a major player in the world of content governance, fostering “collaboration and information-sharing to counter terrorist and violent extremist activity online.” Governed by YouTube, Microsoft, and Meta, the GIFCT is not a completely independent third party organization and thus runs the risk of falling prey to the corporate needs of its member companies. The organization has recently faced funding challenges and discord amongst its membership, including the departure of X from its board. Yet the GIFCT is, in many regards, an instructive experiment in incentivizing platform collaboration, even if it has clear and obvious limitations since the participating companies primarily have corporate and shareholder interests at stake. This criticism resurfaces when considering whether Meta is actually accountable in any meaningful way to its Oversight Board, given that the company frequently chooses not to implement the Oversight Board’s recommendations.
3. Platforms need to accord due importance to user agency when designing transparency and disclosure mechanisms. These sites should have clear data policies that are friendly to the user and do not have hidden loopholes for accessing sensitive data from the user. This is easier said than done, but regulatory awareness of—and enforcement against—this phenomenon is key to driving global change in deceptive platform practices.
4. Data traceability is a central tenet of transparency. Especially when it comes to online harms, it is necessary to identify the source of the harm in order to deal with it. When data is traceable it is also easier to identify the failures in the system of guardrails that are intended to protect online users. For instance, platforms engaged in this through the sharing of post-hoc platform activity of adversarial networks they took down (The Australian Strategic Policy Institute and Information Operations Archive still index it), which empowered the analysis of coordinated networks and helped improve understanding of their influence while on the platform. Knowledge of past risks and harms informs improvements in best practices for online safety, and is crucial for online transparency.

The role of civic and federal organizations

The mandate for any company is maximizing shareholder value at all costs. With a lack of focus on sufficient incentives underpinned by transparency legislation, economics might dictate they absorb the reputational damage and incorporate penalties into operating costs, continuing to ignore or skirt regulation.

That is why third parties and independent and disinterested oversight play a critical role in improving digital safety. Take the American Bar Association (ABA) for example— the largest voluntary professional organization for lawyers in the United States. The Bar judges the aptitude of lawyers and if they should be attorneys. It also develops task forces for emerging problems within society, such as a new Task Force on Law and Artificial Intelligence. The Bar holds lawyers to a high standard, as they have been promoting ethical legal practice for more than a century. The ABA, of course, has its own flaws, especially in its inability to modernize, but the organization still offers a good model.

Other prominent examples include the International Association of Privacy Professionals (IAPP), which performs a function similar in spirit to the ABA in that it is a professional association that was born out of concern with data ethics and data privacy and grew substantially as professionals sought better education around laws such as Europe’s General Data Protection Regulation (GDPR). The IAPP offers recognized credentials and holds yearly conferences to discuss the future of data privacy and advancements in the field of ethical data practices.

Conclusion

“The technologies that increasingly govern our lives operate behind corporate veils of secrecy, protected by claims of proprietary algorithms and trade secrets,” according to a report published this month by the Coalition of Independent Technology Researchers. To lift the veil, lawmakers should review transparency regulation and draw on lessons from healthcare, finance, aviation, and automotives and translate them to the world of digital media so that they may find solutions to increase trust and safety and address harms. Although legislative progress in the US may be unlikely in the current deregulatory environment, other fields have navigated similar challenges and may offer viable solutions around accountability, traceability, and external mechanisms such as the development of civic and federal organizations. We can learn from the lessons of the past to develop a safer future for a generation of digital natives.