Peter’s Newsletter 11 – How do we decide which ads to ban?

July 30, 2020 in Essays, Weekly Newsletter

There wasn’t much important news in the world of tech this week, so this week’s newsletter is a deeper piece of analysis on the ASAI’s decision to remove the Tampax commercial, the role of self-regulation and the Facebook Supreme Court which will set up later this year and make lots of decisions like these.

The “Tampons & Tea” Ad

This week the Advertising Standards Authority for Ireland upheld complaints about a tampon commercial which Tampax have been running on Irish TV.

The decision to recommend the ad be removed from air has caused quite a bit of backlash, not least because many saw the ad as genuinely educational. You don’t read this newsletter to hear a tech nerd express opinions on tampon commercials, so I won’t, but I do think it’s interesting to consider how the ASAI made their decision and to ask the more important question… who even are the ASAI?

A total of 84 complaints were made about the advertisement, under 4 broad headings. Under three of the headings, the ASAI didn’t find the complaints adequate. These were “Sexual Innuendo”, “Suitability for Children” and being “Demeaning to Women”.

The only complaints that were upheld were under the heading of “General Offence” and even here the reasoning is peculiar. From my reading of their findings, it seems that, while the ASAU didn’t find it to be offensive, enough people complained that they considered the ad to be breaking the code that “A marketing communication should not bring advertising into disrepute.”

To paraphrase, ‘We didn’t find it offensive, but enough people did, and the rules say not to be offensive’.

In defence of the position, ASAI Chief Executive Orla Twomey said in the last four-and-a-half years there have been only seven adverts that have had 60 or more complaints.

So I guess we know the magic number now. If you want any ad you dislike taken off the air, just get 60 people to fill in an online form.

Who are the ASAI?

Despite what you might first guess, the ASAI is not a government body or publicly funded. It is an industry group which has a self-regulatory code of conduct for all advertisers.

The optimistic view of this setup is that all industry players have a vested interest in keeping the standards in advertising high. If one advertiser tries something crass and eye-grabbing which opportunistically works for them in the short term, but degrades the efficacy of advertising in the long term, this is bad for everybody.

Also, not being defined in legislation gives self-regulatory bodies a bit of nimbleness to adapt as methods and trends change.

The more pessimistic view is that they do “just enough” to keep the worst behaviour at bay, but give government no impetus to setup a public regulator or enforce stricter rules. The main motive of a body like the ASAI is to keep advertising a profitable enterprise over the long term by setting code of conduct for advertisers. Sometimes this profit motive overlaps with the wider goals of society, but sometimes it does not.

This week’s decision is a good example of when those interests can come into conflict. If you’re an industry body charged with keeping a medium profitable, why wouldn’t you ban the one ad a year that generates too much controversy? Assessing it complexly is difficult and erring on the side of conservatism makes sense.

Where as a statutory (non-industry) regulator may have to weigh up a decision more complexly, considering the educational benefit, the wider context of gendered “offence” and the importance of free expression.

This decision is also another great example of how difficult it will be to regulate “political” and “commercial” advertisements as if they are always distinct and separate. Is Always’ “Run Like A Girl” ad commerical or political? Nike’s Colin Kapernick ads? What about Monsanto running ads about the benefits of fertiliser?

This isn’t the ASAI’s first difficulty with this distinction either. In 2018, they refused to hear any complaints about any advertisements in the abortion referendum, which left the digital ads in an un-regulated limbo. In 2016, they found the ads for Eircode to be misleading, it said they were outside its remit because they’re “public broadcasts.” (Which is probably fair – you can’t have an industry body regulating the government?)

Facebook’s Supreme Court

While we’re on the topic of self-regulation, the new Facebook “supreme court” has been established this summer and will soon start hearing cases.

The Facebook Oversight Board, as it’s officially called, will play an interesting role for the company and is an experiment worth watching for anyone interested in the ongoing debate around how we moderate content online. It is made up of some pretty impressive people, mostly former judges and human rights lawyers, and the intention is that it sits separate to Facebook (although funded by it).

Characterizing the FOB is tricky, as Evelyn Douek notes – “It is court-like in that it will hear appeals from and act as a check on Facebook’s policy-formation and enforcement processes and provide public reasons for its decisions. But it will also give policy recommendations, and neither its members nor those who appear before it will be lawyers applying the law. It is a private institution fully of Facebook’s own creation, but it has reasonably robust mechanisms to ensure independence from Facebook, which has put $130 million into a trust intended to fund the FOB for at least two three-year terms. It is a global body, but it would be naïve to think that it will be able to settle global speech norms when different jurisdictions have clashed about these for many decades.”

Facebook currently employees about 35,000 content moderators globally, who make decisions every minute of every day to remove content from the platform based on an ever growing set of company policies. If the removal of an individual piece of content, or a certain type of content, proves very controversial, Facebook can escalate this to the FOB for deliberation.

People who are hoping this might act like the US Supreme Court, handing down binding rulings and setting precedent for Facebook, will be disappointed. This Oversight Board won’t act in that way, and it would probably be naïve to trust that such a system could always work – Facebook can always just choose to ignore a body that it established, if it wishes.

But Evelyn Douek argues, quite compellingly, that this isn’t what optimists should hope for from a body like this. Instead, the benefit should come from the act of public deliberation itself, rather than just the final ruling. Forcing Facebook to explain why they removed content, and defend the logic publicly, should greatly enhance the public debate around these issues and also cause Facebook to more carefully consider each internal policy they implement, knowing that they may one day have to defend it publicly.

The hope is that the dialogue between the FOB and Facebook, through being forced to make arguments in cases and publicly respond to FOB recommendations, will finally ventilate the reasons behind why Facebook makes the decisions that it does by forcing Facebook to justify them. This process itself will hopefully improve decision-making, but at the very least it will provide a level of transparency and accountability that is currently sorely lacking. To those from the United States, the paradigm “strong-form” judicial review jurisdiction, this might seem feeble. But many other jurisdictions have a version of this dialogic “weak-form” review, and it often turns out to be much stronger in practice than it appears in theory.

As we’ve seen this week here in Ireland, self-regulation has its own problems. As Douek notes, “it is unsatisfactory for private, profit-driven platforms to be making these decisions unilaterally and without any accountability.

“On the other hand, heavy-handed government involvement in speech regulation is always suspect, and the cure to our current woes should not be worse than the disease. The FOB is therefore an effort to find a third, least-worst option.”

Similar to the industry that the ASAI represents, much of Facebook’s business model would just be simpler if it was an uncontroversial space to sell people’s attention to advertisers, so why not delegate some of these decisions away?

These are issues that will only become more and more prevalent in the coming decade, as the public sphere shifts from broadcast and print to digital, so every new experiment is worth watching closely. I’ll be watching with skepticism and a dash of hope.

The HSE’s New Covid Tracking App

July 2, 2020 in Essays

Update: Since publishing this post, the HSE app has been released. You can download it here.

The HSE have released the details of their new public facing app “Covid Tracker“. They released a very comprehensive overview, access to the app’s source code, and their detailed Data Protection Impact Assessment.

With the details of app now public, journalists, policy makers and citizens will want to start analysing and appraising the app. So what are the questions we should be asking? What constitutes a good app or a bad one? What are the trade-offs other countries had been considering, and how have they been handled here?

I’ve sketched out a series of questions which I hope are a useful framework for analysing this, or any other app that is used in the fight against Covid-19.

If you want to keep updated on the app as it progresses, you can subscribe to my free weekly newsletter. Every Friday morning I share the interesting tech & public policy news of the week.

    Newsletter: I write a weekly newsletter, picking several developments from the world of economics, with notes and analysis on the context. It is intended to be informative for people interested in economic policy making.

    This is stored in Mailchimp and will only be used to send you this newsletter.

    Overview – A “Touchpoint” for the Wider Regime

    We couldn’t assess a restaurant’s new app for food delivery, without the wider context of the restaurant business itself. Is an app good if it’s always accessible, but the kitchen is only open and making food in the mornings?

    Here too it’s worth a quick recap on contact tracing as a wider programme of activity before we assess how an individual app fits within that.

    A contact tracing regime is a prediction exercise that takes in data from infected patients (cases), makes predictions about others they may have infected (contacts) and then takes action on those predictions. Here’s an example:

    Data: A person gets diagnosed with Covid at a hospital. A staff member at the hospital asks them for all the names and phone numbers of all the people they’ve seen in the last week.

    Prediction: Their contacts are predicted to have an increased likelihood of infection.

    Action: Somebody calls them to recommend they self-isolate or come in for testing.

    An app is a tool that can play a part in this wider regime. Most countries are looking at an app to a) help gather more data to make infection predictions and b) take action by notifying people they are at risk. Some countries, mostly Asian, are also adding proactive testing as an action, deploying resources to schools, workplaces, churches etc. where infection is predicted.

    Key Questions

    With this in mind, here are some of the key questions we can ask about an app, to assess its role in the wider trace & test regime, the data and privacy implications of the data it gathers and the actions it will enable our health service to take.

    I’ve discussed each question in more detail below, but here’s the cheatsheet to get started:

    Key Question Answer Implications
    Use Bluetooth? Yes Uncertainty around the accuracy of a “contact” prediction with bluetooth
    Apple/Google Framework Yes International standard. Better than any alternative bluetooth option. Anonymised solution.
    Using GPS? No No sense of “place” for the virus. Can’t use location for contact prediction. Can’t show where outbreaks are occurring
    Contact Notification Yes Alerts users to potential infection. Introduces spoofing risk.
    Self-Diagnosis No Only allows confirmed diagnoses from HSE. Removes risk of fake activity.
    Symptom Tracking Yes Anonymous information passed to HSE, but “probably” positive people are encouraged to isolate and test
    Behaviour Change Yes Goes beyond “news” seen in other apps. Encourages people to “check in” every day and shows country-wide stats on app downloads, check-ins and symptom reporting.

    Let’s dig into each of these here in detail.

    The Apple/Google Bluetooth Exposure Notification Service

    This is one of the core functionality choices within the app. They have chosen to use bluetooth to measure proximity and predict a contact.

    Generally, a contact is defined someone you share a pocket of air with for a period of time. This app will endeavour to record anyone you’ve been near for a while (within 2 metres or less, for 15 minutes or more) in the 14 days leading up to either of you getting diagnosed with covid. This is the European CDC definition of a close contact.

    The Apple/Google exposure notification framework sits “always on” in the background on your phone. It gives your phone an anonymised id. When your phone comes near another person with the app installed, your phones swap ids via bluetooth. Later, if one of you get diagnosed with Covid, you’ll be asked if you have the app installed.

    If you do, then the HSE will ask if you’re willing to upload your contact history, which is a list of all the anonymised ids you came in contact within the previous 14 days. If you say yes, the HSE send you a code by SMS. You input this into your app and it uploads a list of all the IDs of contacts on your phone.

    The HSE servers will send this list to every single app. Each app will scan through the list, and if one of the IDs matches that person’s phone, the person gets an alert.


    GPS and Location Data

    This app does not ask the users to automatically share location data. This was a big choice by the HSE, which alleviates many privacy concerns, but removes any sense of “place” from the data the app gathers.

    This means that bluetooth will be the only measure of proximity when determining a contact. The app will know if a likely contact took place, but not where in the country that was, or who the people involved were.

    This will surely calm the concerns of many privacy experts and advocates. It helps the HSE avoid the risk of headlines that read “HSE app tracks your location data” which could severely hamper adoption and public trust in the app.

    On the flip-side, it means the app gives the HSE less information about where the virus is in Ireland, but I think they have made some clever prompts and additions in other parts of the app and system which will capture much of this information in different ways, but without the attention-grabbing headlines of location tracking.

    Contact Notification

    Because the contact predictions are all being done anonymously, the HSE cannot text, call or visit anyone who might have the virus, they can just send them an anonymous push notification.

    The app will alert a contact with a push and with a persistent in-app message. It will then show them a list of recommendations for keeping safe and self-isolating.

    Most interestingly, it will also ask if they would like to share their phone number and get a call from the HSE. This will allow for more traditional contact tracing to take place. It will be really interesting to see what the uptake rate on this option is.

    Proactive Testing

    One feature of successful contact tracing regimes, like Singapore and South Korea, is proactive testing. Reaching out to people and groups of people (like workplaces) where contacts might have occurred and proactively test as many of them as you can.

    At first glance, with anonymised bluetooth and no GPS, it would seem that this app wouldn’t support such activity, but digging a bit deeper it looks like it might?

    The first way it does this is by offering users the ability to request a phone call from the HSE once they get a contact notification. On that phone call, there’s every possibility that the person can be asked some extra information, if they wish to share it, about where in the country they live. They could be also be encouraged to take a test, at which point their details could be taken, including where they live and a verbal contact history recorded, as happens today without the app.

    The other place some additional personal data can be captured is in the app’s symptom tracking section.

    Symptom Tracking

    This is, to my mind, the most unique part of the Irish app, which I haven’t seen in any other country’s apps. The app will encourage people to “Check In” every day, and report how they’re feeling.


    One of the motivators to do this is the nationwide stats that will be shared within the app – how many tens of thousands “checked-in” today. Sort of like an Operation Transformation, but for Covid fighting.

    This is really hard to assess before launch. You can see the potential if it goes well, but also the risk of how publicly and visibly it could fail. Those aren’t the kind of risks usually taken by the civil service, so fair play to them on that front.

    If it works, a large portion of the country will be recording their symptoms. Without any extra information, there isn’t much action that can be taken based on that data, but the app does prompt users to enter their sex, age range and location. So the HSE can get some self-reported data on location and demographics of users who are reporting symptoms. They also keep capturing extra data on confirmed cases outside the app, like they do today.



    You can see the balance they’re trying to strike here. Removing any functionality that is greedy for user data, or could even be perceived as a privacy concern, will help build trust and get adoption. Using the Apple/Google exposure notification system is the most privacy conscious route to allow for contact notification, but it doesn’t really support “contact tracing”.

    They then layer in some behavioural nudges in the form of “join the fight” daily check ins and “would you like a phone call?” notifications, which capture just a small amount of actionable data, and from only the most interesting users (probable infections) and in a manual way that doesn’t feel invasive. In that way they bring in some contact tracing elements, but just the minimum effective dose.

    There are probably 3 key risks they need to overcome with the launch:

    1. That the Apple/Google bluetooth system proves effective enough at recording contacts accurately
    2. That people trust the app and download it
    3. That people check it regularly enough to make the data capture from check-ins meaningful

    It seems like a very well intentioned, good faith effort at balancing all the competing concerns and I hope, for all of our sakes, that the bets they’ve made pay off.


    How to Start Thinking About “Artificial Intelligence”

    February 21, 2019 in Essays