Lying in the Procrustean Bed: The Future of Information Governance

1. Introduction

Procrustes was a mythical figure in ancient Greece known for terrorizing the pilgrims taking the sacred way between Athens and Eleusis. A smith by training, Procrustes had placed a bed in the only available passage, and he forced passers-by to spend the night there. When they laid in the bed, Procrustes would either stretch their legs using his hammer to make them fit the bed, or he would amputate them if they exceeded its length. Procrustes’ horrible practice is not too different from how we approach information governance. Private companies have been undertaking an increasing amount of duties usually reserved for public authorities in a great variety of fields, such as data protection, copyright, or hate speech. Yet, as they fall short of the standards that we consider appropriate for the handling of such cases, we stretch the way they operate to approximate it to public authorities. Of course, there are also those that think we have stretched too much and that it is time to start amputating.

This blogpost will examine the issue in three parts. The first part will examine the paradox at the heart of modern information governance, ie the curious practice of increasingly privatizing information governance and then trying to assimilate private actors to the public sector. The second part will seek to clarify the distinction between the public and the private and it will argue that this distinction is one of degree. The third part will build on those insights to examine the best way to draw the line between the public and the private in relation to information governance.

2. The Paradox of Modern Information Governance

After the emergence of the big tech giants that act as intermediaries, the so-called new governors, there has been a steady trend towards the privatization of information governance, across various fields. Search engines have now become the main decision- makers in relation to right to be forgotten requests, online platforms have had to implement stringent copyright rules concerning the content they host, and we have turned to social media companies to address problems with terrorist and hate speech. Moreover, such companies also impose their own rules through their terms of service and in some extent, they act as the legislator, the executive, and the adjudicator.

These developments have not been without controversy. The decisions that take place in such contexts directly affect the exercise of fundamental rights online as well as important state interests. It is a very delicate task that requires impartiality, transparency, and procedural fairness. Such traits are usually not associated with private companies but with public authorities or courts. Public authorities have direct legal obligations to abide by such principles and they are subject to judicial review as opposed to private companies, which are subject to much more limited obligations of that nature.

Unsurprisingly, there have been many doubts about whether private companies should undertake such duties. Although some scholars argue that we should strip companies from information governance duties entirely, most of the discussion has focused on introducing appropriate standards that ensure compliance with fundamental rights.

Regardless of the controversies about the role that private companies should have, there is a remarkable paradox in the way we approach information governance. On the one hand, we delegate an increasing amount of such duties to private companies. Usually, when a privatization takes place, the rationale supporting it is that the free market will perform better than the state. Yet, we try to make these private companies behave as if they were part of the public sector. We want them to ignore their own interests and to maintain the same standards as public authorities. The question is why. If we want private companies to behave like public authorities, why don’t we assign such duties to public authorities in the first place?

The answer to that question is complicated. In some instances, like data protection, the increasing role of private companies stems from their importance as gatekeepers and the accessibility of their remedies rather than from a direct delegation by law. Data subjects always could lodge a request before data controllers and exercise their rights under data protection law. However, in practice, there used to be few such requests. Only much later, especially after the Google Spain case, did the removal of data by search engines gain some importance. Although data protection law imposes some obligations on data controllers, requesting that the opposing party respect your rights before taking administrative or judicial action is nothing new.

However, in other occasions, such as copyright or the removal of terrorist content, there was explicit delegation of such duties by law. Although there was no discussion on whether these duties could or should be undertaken by state authorities, the reason for imposing such duties on platforms was clearly that they had the resources to ensure the automatic removal of such content. Given the emphasis that both measures give on taking proactive and automated measures, it would be almost impossible to expect public authorities to have the capacity to develop such tools. In fact, legislators do not even prescribe any specifics on how to implement this technically; they just trust platforms to figure it out on their own.

The problem with those two explanations for delegating information governance to the private sector is that they have little normative value. Obviously, the fact that it is a traditional practice to request that the counterparty comply with your demands before pursuing action provides no justification for maintaining that practice, if it is problematic in a specific manifestation. Additionally, although the lack of resources presents an important problem, states have powerful ways to transfer resources from the private to the public sector. At best, this argument opens the discussion of whether it is more expedient to transfer private resources to the public sector or to transfer public standards to the private sector.

The problem with a large part of the digital constitutionalism scholarship is that it completely neglects this aspect. In most such scholarship, the fact that private companies make decisions on such issues is a given and the task is to discover the optimal procedures and standards that these companies should apply. Of course, a similar objection could be made against traditional constitutionalism. Constitutionalism presupposes the existence of a state. If someone makes an argument against the existence of a state, constitutionalism on its own has no reply. However, the assumption that companies must perform information governance tasks has much flimsier normative underpinnings than the assumption that we must have states.

This does not mean that having private companies making such decisions will always be wrong or that the quest to ensure appropriate standards when they do so is without value. But this discussion must take place at a second stage. Before discussing how companies should adjudicate such cases, we must decide whether they should so and in what extent. To demarcate the boundaries between the public and the private in relation to information governance we must first look closer at the distinction and its nuances.

3. The Public/Private Distinction

As is well-known, the activities of modern administrative states have blurred the lines between the public and the private. Apart from traditional public authorities, states often act through companies. These companies might be part of the market and subject to private law, but they may also have special legal powers and act in the exercise of public authority. For instance, in some countries, central banks are private corporations, which however act completely as public authorities and are not part of the market.

There is a variety of criteria across jurisdictions to demarcate the private from the public. However, there are three criteria that are dominant and a combination of which is usually used in most administrative law systems. The first criterion is form. If an entity is part of the state apparatus it is public; if not, it is private. Under this criterion, even if a state-owned company has legal powers that private companies do not and it exercises public authority, it will still be private. The second criterion is that of rules. If public law governs the entity in question, it is public and if private law applies, it is private. The third criterion that administrative law uses is functional. Regardless of the legal status of an entity, if its function serves the public interest, it is itself public. Under this criterion, central banks for instance, even if privately owned, will still be considered public.

These criteria are rarely used in isolation and in such a straightforward way. Usually, there is a combination of them and there are further conditions attached. Furthermore, there might be some historical differences in this respect between common and civil law systems, given that originally common law would apply both to public authorities and private individuals. In any case, I do not mean to use these concepts according to some specific legal rules. They do, however, offer a very useful starting point for delving in the private/public distinction.

Although these criteria distinguish in a black and white fashion, I believe they could be meaningfully understood as nexuses. Although we can draw a line in the sand, an entity can be more or less public than another one, in terms of form, rules, and function. A charity for example is more public than a company in terms of form, legal regime, and function than a company, even if both are private. Hence, it is important to remember that there are multiple configurations that make sense across the three axes. If understood that way, the public/private distinction becomes much more nuanced. Not only must we consider whether information governance should be carried out by the public or the private sector but also what is the optimal configuration across the relevant axes.

4. The Way Forward

In order to protect the fundamental rights as well as the other important societal interests at stake in information governance cases, we must figure out the optimal way to combine private sector resources with the standards that apply to public authorities and courts. The answer to that question cannot be universal. There is a wide variety of parameters that affect such an endeavor and there are multiple ways to achieve that end.

The administrative capacity of a state is a major consideration to begin with. The capacity of states to subject big companies, especially foreign ones, to taxation varies widely. Furthermore, even if states manage to gain such resources, they will need a rather well-organized existing administration to utilize them. Of course, it is not feasible to expect all states across the globe to acquire such resources. Even if they manage to gain the necessary funds, there is a finite amount of personnel that has the necessary expertise and increased demand by states will make hiring them even more difficult.

A second important consideration is the state of the markets and the consequences of imposing administrative burdens on competition. Information governance, especially when carried out in an automatic fashion, is a very resource-intensive endeavor. Although big companies may be able to withstand such burdens, the same does not apply for smaller competitors. Such burdens may distort competition and create barriers to enter the market. A potential solution might be to adapt these obligations to the size of the companies. However, this might have two important negative repercussions. On the one hand, the protection of human rights is not uniform but dependent on which company will happen to be the adjudicator. On the other hand, if smaller companies censor less content, this might create a new market. However, as soon as one of the companies in that market starts growing, it will start being subject to increased removal obligations and lose its competitive advantage.

Furthermore, another important consideration is the state of civil society organizations that defend human rights. Such organizations have at times been formidable allies in the protection of human rights, both by raising awareness and through strategic litigation. The achievements of Max Schrems in the field of data protection is an obvious example. Involving these organizations in the decision-making process can help avoid conflicts of interest that corporations may have and increase scrutiny, beyond the activities of public authorities.

I do not mean to provide here a full list of all parameters that should feature in deciding how to demarcate information governance between the private and the public. We need further research in that direction and, in any case, there is a limit on how accurate purely theoretical accounts can be without considering the particularities that exist in specific countries and regions. Such parameters may also differ among the various fields clustered under the umbrella of information governance.

However, I do believe that there is a strong prima facie case against letting private companies conduct such activities for several reasons. Beyond the competition concerns mentioned above, there is an important deficiency that is inherent in having private companies perform such tasks. There is a crucial difference between the way that public and private authorities act vis-à-vis their legal obligations. That principle is expressed in French administrative law by the term of positive and negative legality. Negative legality, which applies to the private sector, grants the freedom to act as long as those actions are legal. Positive legality requires that public authorities only act in the public interest and provided that they have a legal basis to do so.

This means that applying public law standards to private companies can only be achieved by introducing specific obligations that curtail their freedom to act. We could try to compensate for that deficiency by creating legal constructions such as the horizontal application of human rights or the positive obligations of states. Yet, we must seriously ponder on whether, legally and pragmatically, such constructions are equivalent to the decision-making by public authorities.

Second, companies perceive their legal obligations through the lens of compliance. Although hard to grasp, there are important differences between the compliance mindset and that of actually protecting human rights. Even if they have some degree of independence on the books, embedding decision-makers within the company structures affects their mindset and orients them towards minimizing company liability. There is an important body of research that examines how companies comply with relevant legal obligations in a performative fashion and how they end up constructing the meaning of the law through such practices. This can create the illusion of human rights protection through elaborate but ultimately hollow machinery.

5. Conclusion

This blogpost aims to stress three main points. First, before deciding whether and to what extent private companies should be the new locus of the application of constitutional law, we must consider how we should demarcate the divide of power between the public and the private, as well as to produce strong normative reasons for that divide. Second, we must refine our understanding of the public/private divide and enrich our thinking accordingly in relation to the privatization of information governance. Third, we must situate our thinking in the context of the realities that information governance faces on the ground and reach our decisions accordingly. This blogpost does not aspire to prescribe a recipe for resolving all such issues but to set forward a framework, within which our thinking should take place.

Suggested Citation

Emmanouil Bougiakiotis, ‘Lying in the Procrustean Bed: The Future of Information Governance’ (The Digital Constitutionalist, 14 February 2023). Available at: https://digi-con.org/lying-in-the-procrustean-bed-the-future-of-information-governance/