The Oversight Board & The Standards
On May 5, 2021, the Oversight Board published its long-awaited opinion on Facebook’s ban on former President Donald Trump’s Facebook and Instagram accounts. While commentary abounds from those who agree or not with the Board’s decision, the purpose of this article is not to declare an opinion on whether the Board’s decision was right or wrong.
Instead, I would like to look at the Oversight Board through the lens of internal auditing by reviewing the Oversight Board Charter and comparing it specifically against Attribute Standard 1000 (Purpose, Authority, and Responsibility) of the International Standards for the Professional Practice of Internal Auditing.
For the sake of some semblance of brevity, I will limit my comments below to only those items where I believe there is significant misalignment between the Charter and the Standards.
Note: The “Article” numbers below correspond to the applicable Article from the Oversight Board Charter.
Article 1 — Members
4. Collective Powers
The board will have the following expressly defined authorities for content properly brought to the board for review:
1. Request that Facebook provide information reasonably required for board deliberations in a timely and transparent manner;
Rather than using a strong word choice (such as “compel” or “require”) that would obligate Facebook to provide requested information, the Charter contains the far less demanding “request.” This word choice allows Facebook enormous flexibility in determining both what information is “reasonably required” and whether or not Facebook chooses to provide the requested information even if Facebook does deem it to be “reasonably required.” This small but critical word choice represents a significant weakness in the authority of the Oversight Board.
Article 2 — Authority to Review
The board has the discretion to choose which requests it will review and decide upon. In its selection, the board will seek to consider cases that have the greatest potential to guide future decisions and policies. In limited circumstances where the board’s decision on a case could result in criminal liability or regulatory sanctions, the board will not take the case for review.
One can certainly understand the desire of avoidance of criminal liability or regulatory sanctions. But is stripping the Board of the ability to even take the case the most appropriate approach? Further, who determines these “limited circumstances?” The Charter doesn’t make this point clear. Perhaps directing the Oversight Board to seek legal counsel in determining appropriate course of action would have been a stronger option.
Article 3 — Procedures for Review
Facebook may make available to the board additional resolutions or other technical remedies.
The Charter doesn’t make clear if this is reserved for situations where the proposed remedy is not feasible, or if it also extends to remedies Facebook deems “impractical” (or just may not want to implement). This gives Facebook quite a bit of flexibility in determining which Oversight Board-proposed remedies they choose to adopt or not, and which ones they will make available “additional resolutions or other technical remedies.”
How does the Oversight Board Charter compare against Attribute Standard 1000 — Purpose, Authority, and Responsibility? If I were to give it a letter grade, I’d give it a “C.” Overall, the Charter contains many good governance elements found in Standard 1000. However, there are a small number of significant deficiencies which take “teeth” away from the Oversight Board. The Oversight Board could have been a model, indeed the model, of good governance in the ongoing debate surrounding free speech and “Big Tech’s” role in society. With a few improvements, it still can be.
Note: The views expressed in this article are solely those of the author, and do not necessarily represent the view of any organization with which the author is affiliated.