Regulating Code: Towards a Prosumer Law

February 5, 2013

Over a billion people now use YouTube to watch and upload videos, Facebook and Instagram to share news, gossip and photos, and Twitter and other blogs to say just about anything. We are all becoming ‘prosumers,’ sharing intimate details of our personal lives online. But this ‘prosumer environment’ is currently either grossly unregulated, leaving personal information at the mercy of the multinationals who host it, sell adverts based on it, and sometimes claim to own it, or subject to knee-jerk over-regulation, such as the Prime Minister’s on-off plans to subject all UK Internet users to filters, which may be revealed in the forthcoming Communications White Paper of 2013.

The article is developed from our new book Regulating Code,[1] which uses detailed examination of five case studies to illustrate the regulatory crisis and ‘prosumer law’ solution.[2] These include:

•           copyright issues surrounding music and video file-sharing;

•           privacy and data protection including the implications of new European laws relating to companies such as Google and Facebook;

•           state-sponsored censorship of protest such as Wikileaks,

•           private censorship for commercial gain, breaching network neutrality.

We analyze the regulatory shaping of ‘code’—the technological environment of the Internet—to achieve more economically efficient and socially just regulation. We describe the increasing ‘multistakeholderization’ of Internet governance, in which non-governmental organizations (NGOs) and other prosumer groups from civil society argue for representation in the closed business-government dialogue, seeking to bring in both rights-based and technologically expert perspectives.

In the year since the book was completed (production and publication does not move in Internet time), the world has moved on, and this article examines how our conclusions can be applied to two recent developments. These are the continued competition investigations into Google, and the privacy law reforms specifically applied to social networks, notably Facebook. We note as background that net neutrality, state censorship and copyright reform all remain mired in exactly the public goods failures that we documented in early 2012.

Search Markets: Google

Google has faced competition investigations on both sides of the Atlantic since 2010. It settled with the US authorities on 3 January 2013,[3] and sent a settlement proposal to the European Commission on 1 February 2013.[4] Experts have severely criticized both the timing and content of the Obama Administration’s settlement, which they portray as extremely favourable to Google due to the composition of the outgoing Federal Trade Commission (FTC) board, and the decision not to proceed against the company on the main issues raised. Grimmelman argued: ‘If the final FTC statement had been any more favorable to Google, I’d be checking the file metadata to see whether Google wrote it.’[5] The European Commission investigation continues as we write, with the same four principal complaints raised against Google as in the US:

1.      Search bias – that Google favours its own products in search results over competitors;

2.      Vertical Search Opt-Out – Google protocols don’t let web sites opt out of particular uses that Google might make of the pages it indexes – only a zero-sum option. It would mean giving up all Google traffic, and one significant way that users find sites is through Google searches – especially in Europe where Google has almost 90% of the search market in the UK, and over 90% in Netherlands, France and Germany;

3.      Google restrictions on third party use of AdWords in one crucial respect: ‘The AdWords API Client may not offer a functionality that copies data between Google and a Third Party.’ That is, you can advertise on both Google and Bing, but cannot use a program to copy Google AdWords campaigns over to Bing. This was dropped by Google as their token interoperability sop to the FTC’s investigation;

4.      Recent judicial decisions have been skeptical of injunctions on standards-essential patents, including those by Google-acquired Motorola Mobility (and see Posner’s now-famous judgment in June 2012[6]). The FTC concluded (at 4-1) that the practice is unfair competition, and Google agreed not to engage in it in the future. Note that this fires a shot not just at Google, but at all its rivals – a clever concession by Google.

While it would be dangerous to speculate whether the European Commission can wring any concessions on the first two points, it is worth noting that on points 3 and 4, it is Google that had claimed the right to regulate others’ use of code, to use the Ad Words API or to use Motorola Mobility’s patents. Google and its competitors routinely privately regulate each other’s code. What we suggest is that interoperability as well as content neutrality should be taken more seriously by European regulators, as the former Commissioner has continually threatened ever since the brutally extended Microsoft litigation ground to a conclusion.[7] The first objection can be resolved through forcing Google to reinforce its search neutrality rather than bias results using its search algorithms,[8] and the second by a relatively trivial (by Google standards) amendment to its code to allow other web sites more flexibility in future listing, rather than the ‘nuclear option’ of a complete opt-out via the existing robots.txt convention.

Note that we suggest simple code-based solutions rather than multi-billion Euro fines or structural separation of businesses.[9] This is an illustration of what we mean by a smarter ‘prosumer law’ approach. Prosumers enjoy using Google products, and would like to trust Google more by seeing transparency rather than bias. Google is not evil, but it is a stockholder company, and its directors’ duties since it was floated publicly in 2003 are to maximise returns. Regulated capitalism demands a response that works with markets and prosumers.

Facebook and Privacy

If Google’s flotation took some time to wipe away an idealistic founders’ myth of anti-evil cartoon-book coding, Facebook’s 2012 flotation required no such adjustment. Facebook’s buccaneering attitude to ‘monetizing’ your personal intimate data, and those of your children and grandchildren, was recognised long ago as requiring greater regulatory action. The European home of half of its users has 27 state regulators of personal data, and Facebook chose one that relocated in 2006 from Dublin to Station Road, Portarlington, Co. Laois, Ireland, resulting in wholesale removal or resignation of its expert staff.[10] Google is also regulated from Portarlington. While German state and federal regulators and others may rattle sabres at Facebook, it is the Irish regulator that took action in auditing Facebook in spring 2012 and insisting on remedial action on at least nine counts.[11]

Americans constantly complain that the proposed new EU Data Protection Regulation will raise their costs of doing business. But separate the rhetoric from reality: it is the US federal and state authorities – and litigants in court – which have far more vigorously pursued Facebook, Google and others for their failures to guarantee users’ privacy. In November 2012, Google settled for $22.5million a case brought by the FTC in the case of tracking cookies for Safari browser users,[12] on top of a 2011 $8.5million settlement for privacy breaches involving Google Buzz. In January 2013, Facebook settled a class action with a $20million payment into a compensation fund that – as with the Google Buzz settlement – will likely end up in privacy advocacy and education groups receiving a substantial part of the settlement.[13] In 2012, both companies agreed to settle privacy complaints by agreeing to FTC privacy audit of their products for a 20-year period.[14] Sector-specific regulation of social networking already exists de facto in the United States, while Europeans wring their hands on the sidelines.

Conclusion: Towards Prosumer Law?

Governments, users, and better functioning markets need a smarter ‘prosumer law’ approach to Internet regulation. Prosumer law would be designed to enhance the competitive production of public goods, including innovation, public safety, and fundamental democratic rights. Prosumer law suggests a more directed intervention to prevent Facebook or Google or any other network from erecting a fence around its piece of the information commons: to ensure interoperability with open standards.

Prosumerism should be a declared policy of the European Commission alongside the European interoperability framework (EIF). In fact, the Commission on 17 December 2012 launched its Code of European Union Online Rights for European citizens using the Internet.[15] The UK government has made a giant rhetorical stride towards embracing interoperability in its open data purchasing principles of November 2012, a surprisingly strong statement of belief in interoperability as sound economics as well as normative policy[16] – although this will not be trivial to put into practice.[17]

By contrast, Facebook in January 2013 enforced its ban on exporting data for use in social networks, by blocking Russian search engine Yandex’s new social search mobile app API calls within three hours of launch. It also cut off two apps from ‘Find Friends’ (Facebook’s API): Twitter’s photo app Vine and messaging app Voxer. This sounds remarkably like many recent reports of blocking of APIs and content by telecoms companies in breach of net neutrality law. As Constine argues, Facebook could find its actions backfiring for its platform supporters: ‘Facebook is playing with fire. It could use policy enforcement to cook competitors and shine a light on its dominance of social networking. But if this enforcement scares off developers whose apps might otherwise provide content that could be shown next to ads in the news feed and piped into Graph Search, Facebook could get burned badly.’[18] We emphasise that it will be more badly burnt if – like Google and Microsoft before it – it is found in abuse of a dominant position. It should be required to remedy its failure to follow our prosumer law principles, to permit interoperability rather than harming smaller competitors.

European electronic commerce consumer law is a marked departure from consumer protection in European contract law. It would therefore not be difficult to extend the European interoperability framework and legal protection for prosumers in this direction in law, though implementation requires all member states to commit to such a step in practice as well as theory.[19]

Strengthened data protection rules and a ‘right to be forgotten’ are an important step towards prosumer law.  But interoperability is needed as well as data portability, to permit exit to more prosumer-friendly products than Google and Facebook, should prosumers wish to switch. It requires a combination of interconnection and interoperability more than transparency and the theoretical possibility to move data. Only then will information markets become more competitive, and prosumers have the luxury of real choice between very different standards offered by their hosts. 

Dr Ian Brown is associate director of Oxford University’s Cyber Security Centre, and a senior research fellow at the Oxford Internet Institute. He is currently advising the UN and UK Cabinet Office on Internet security and privacy issues.

Professor Chris Marsden is author of six books and over fifty refereed academic articles and chapters, including the recent  Oxford Bibliography of Internet Law (Oxford UP, 2012), Internet Co-regulation (Cambridge UP, 2011), Net Neutrality (Bloomsbury, 2010) See and @ChrisTMarsden for recent work. He joins the University of Sussex in April 2013 from Essex.

[1] Professor Chris Marsden (Sussex Law School) together with Dr Ian Brown (Oxford) will have their new book ‘Regulating Code‘ published by MIT Press in spring 2013:

[2] We acknowledge here our funders for parts of several case studies: EPSRC and the European Commission.

[3] Federal Trade Commission (2013) Google Agrees to Change Its Business Practices to Resolve FTC Competition Concerns In the Markets for Devices Like Smart Phones, Games and Tablets, and in Online Search

Landmark Agreements Will Give Competitors Access to Standard-Essential Patents; Advertisers Will Get More Flexibility to Use Rival Search Engines, For Release: 1/03/2013, at

[4] Brunsden, Jim & Aoife White (2013) Google Submits Settlement Offer, EU Antitrust Chief Says, Bloomberg News, 1 Feb.

[5] Grimmelman, James (2013) Not with a Bang, Laboratorium, January 3, 2013 at 4:59 PM, at

[6] Posner, R. (2012) Apple, Inc. & Next Software Inc. V. Motorola, Inc. & Motorola Mobility, Inc., Opinion And Order of June 22, 2012, Illinois Dist. Ct. No. 1:11-cv-08540 at,%20June%2022,%202012.pdf

[7] See Brown and Marsden (2013) Regulating Code, at pp40-42. See also Coates, Kevin (2011) Competition law and regulation of technology markets, New York: Oxford University Press at Chapter 6, and Dossier of the committee IMCO/7/06240 (2011) COD/2011/0150 European standardisation (amending Directives 89/686/EEC, 93/15/EEC, 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/105/EC and 2009/23/EC) at


[8] The subject of much debate since the seminal article: Bracha, O. and Pasquale, F. (2008) Federal Search Commission? Access, Fairness, and Accountability in the Law of Search, 93 Cornell L. Rev. 1149

[9] For a structural solution proposal, see Wu, T. (2010)The master switch: The rise and fall of digital empires, New York: Knopf

[10] Department of Justice and Equality (2006) Address by the Tanaiste at the official opening of the newly decentralised Office of the Data Protection Commissioner, Portarlington, Co. Laois, 11 December at

[11] See Brown and Marsden (2013) Regulating Code, at pp134-135 for analysis.

[12] U.S. v. Google Inc., 3:12-cv-04177, U.S. District Court, Northern District of California (San Francisco). See Devine, Lauren-Kelly (2012) Court Approves Google’s Privacy Settlement, RegBlog, 27 November, at

[13] Fraley, et al. v. Facebook, Inc., et al., Case No. CV-11-01726 RS. See Marsden, C. (2013) Fraley v. Facebook, Inc. – $20m settlement for private education/research of social media users, Regulating Code Blog at

[14] See Brown and Marsden (2013) Regulating Code, at pp134, 188 for analysis.

[15] European Commission (2012) Code of EU online rights published, at

[16] Cabinet Office (2012) Government bodies must comply with Open Standards Principles, at

[17] Moody, Glyn (2013) UK Government Fails Its First Big Procurement Test, ComputerWorld, Published 11:06, 01 February, at

[18] Constine, Josh (2013) Facebook Is Done Giving Its Precious Social Graph To Competitors, Tech Crunch 24 January, at

[19] See further Brown and Marsden (2013) Regulating Code, at pp.180-192.