Yesterday, Sandy Parakilas published an insightful op-ed in the NY Times. Titled We Can’t Trust Facebook to Regulate Itself. In this article, Parakilas,  a developer for Facebook leading up to the 2012 IPO, describes Facebook as “a company that prioritized data collection from its users over protecting them from abuse.” Parakilas writes:

Facebook knows what you look like, your location, who your friends are, your interests, if you’re in a relationship or not, and what other pages you look at on the web. This data allows advertisers to target the more than one billion Facebook visitors a day. It’s no wonder the company has ballooned in size to a $500 billion behemoth in the five years since its I.P.O.

The more data it has on offer, the more value it creates for advertisers. That means it has no incentive to police the collection or use of that data — except when negative press or regulators are involved. Facebook is free to do almost whatever it wants with your personal information, and has no reason to put safeguards in place.

In my PhD dissertation, completed in 2013, I made this very point from the outside, arguing for strong evidence that Facebook is in essence a media company rather than the technology provider that at that time they claimed to be. There is an important difference between a technology company and a media company of course. A technology company doesn’t tend to make money off of advertising whereas advertising is essential for media companies. What is particularly insidious about Facebook, as highlighted in Parakilas’ op-ed, is that beyond simply providing attention to advertisers, Facebook also mines and sells user data.

Facebook is not alone in this, of course. Many so called “technology” companies are in fact data companies. Uber, Google, Amazon, LinkedIn, Twitter… all of these companies, and more, make money from selling user data to others. As Scott Goodson, Forbes contributor, wrote, “If you’re not paying for the product, you are the product.”

What does this tell us? Well none of these companies have a vested interest in protecting either our data or the vitality of our communities and democracies. Instead, their interest lies in mining as much data as possible and selling it to whomever will pay for it. As Parakilas shows in the Facebook example, this could mean these companies actually have a vested interest in undermining things like democracy, in the case of Russian meddling in the 2016 US election.

At the very least, I agree with Parakilas that we cannot expect these companies to regulate themselves in ways that would go against their own interests, and thus we need policies, procedures and actions that will force them to act for privacy, for people and for communities. It’s time to recognize that complete deregulation of any market can be as exploitative as complete regulation. The invisible hand theory isn’t working in practice because markets will not regulate themselves as long as human fallibility and greed is involved. Therefore, we need a balance between responsible citizen regulation and freedom for smaller businesses to grow and innovate. “We can regulate ourselves” is Facebook’s claim now, and has been the claim of many large and exploitative companies in the past. It wasn’t true before, and it won’t become true just because the medium of doing business has changed.