In The Digital Republic, UK barrister and academic Jamie Susskind discusses the need for an effective mechanism by which large corporations and governments can be held accountable for the collection and use of our personal information via internet platforms. Susskind proposes a system of internet regulation based on the republican model of governance. That is, with accountability at its core. He states:

'For the republican, freedom lies in the ability to challenge the decisions of even the mightiest powers.'

The need for greater corporate accountability for data collection, use and protection was highlighted by the recent data breach that resulted in the private details of around 9.7 million Optus customers being leaked. That event followed significant public concern around the use of facial recognition technology in Bunnings and Target retail stores.

Susskind provides a cogent critique of the dominant free market and technocratic paradigm of internet regulation, the key principles of which are freedom of choice and consent. He points to how consent is rendered illusory with the click of a button, where more often than not internet users do not read the lengthy set of terms and conditions when given the opportunity to do so before clicking ‘Agree’ to access a digital platform. People invariably proceed without reading the terms, whether to save time, for convenience, or because there is no reasonably practicable alternative to accessing the desired or necessary products and services. That brief exchange gives a superficial sense of freedom of choice which masks the power imbalance between large corporations and governments compared to the individual consumer in terms of control over their personal data after clicking ‘Agree’.

Self-regulation is inadequate because it allows too much scope for self-interest to prevail. Republican governance requires power to be devolved into the hands of independent statutory bodies and individuals, providing them with the means to enforce standards of behaviour. An example of the former would be data protection audits carried out by an independent statutory body. An example of the latter would be the creation of a statutory tort of privacy as proposed by the Office of the Australian Information Commissioner in its submission to the government review of the Privacy Act 1988 (Cth).

Another accountability mechanism would be the creation of an independent tribunal for the resolution of disputes concerning data collection and use. Large amounts of private data are collected using algorithms. Susskind suggests that a Tribunal with specialist knowledge would be well placed to determine disputes arising from the use of ‘high stakes algorithms’. High stakes algorithms are those which have serious social importance and share the following traits: (1) a significant impact on the lives of those affected by its use; (2) involve valuejudgments which are inherently moral or political; and (3) the decision-maker is in a position of relative power over the person who is the subject of the decision. The types of disputes suitable for determination by a specialist tribunal might include where algorithms collect and organise data in a manner that reproduces social prejudices or misinformation to the detriment of an individual.

Susskind’s book is a thoughtful and thought-provoking look at the way we interact through online platforms today and the resultant power those platforms have to shape and influence our behaviour, opinions and identities. There is a justified urgency in his call to impose a system of regulatory standards and institutional safeguards that protects the privacy of our personal data, not only to avoid malicious exploitation, but to maintain a degree of control over our digital identities consistent with democratic principles. BN