IGF 2025 - Day 0 - Studio N - [Parliamentary session 2] Striking the balance

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

(Music)

>> BJORN IHLER: All right. Ladies and gentlemen, please find your seats, then we are ready to start in just a second.

All right. I was told there would be some housekeeping. I'm still awaiting the notes on the housekeeping. We'll just go ahead and roll with it.

Distinguished Excellencies, members of Parliament, representatives, contributors, and participants on this panel, as one of the locals, it's my honour to welcome all of you to Norway and moderate this panel on the important topic of striking the balance: Upholding freedom of expression in the fight against cybercrime.

My name is Bjorn Ihler, the Founder and CEO of Revontulet, supporting digital service providers and stakeholders in improving regulatory compliance, increasing user and public safety. I'm also the Director and Co‑founder of the Khalifa Ihler Institute, building peaceful and resilient communities online and offline. Over the past 14 years, following the terrorist attack here in Norway in 2011, I've been working to counter and prevent violent extremism and terrorism on and offline. A key component of this has been working with online platforms, multilateral organizations, and the wider multistakeholder communities to address online harms.

Over the past decades, I have seen a rapid development of social media platforms and their societal impact. The power of online communities has changed the path of history, empowered individuals and communities to address and counter human rights abuses, and promote civil liberties around the world.

Our online communities have also been abused and exploited by nefarious actors to undermine democratic processes, recruit terrorist and violent extremist organizations, spread disinformation, harmful and exploitive content, intimidate individuals and representatives participating in public discourse and political processes, and engage in other forms of cybercrime, causing significant harm.

Considering both the opportunities and complex challenges posed by the evolving online landscape, it is vital that we across parliaments, governments, civil society, and multilateral organizations actively continue to engage with both tech through the private sector and regulation to strike the right balance between liberty and safety, to ensure respect for human life, dignity, and rights in the online sphere.

As online criminal activities increase in scope and sophistication, efforts to combat cybercrime continue to evolve. Recent legislative initiatives in this area have focused on targeting misinformation and other misconduct online. However, laws on regulation, surveillance, and platform liability can pose serious risks to freedom of expression and access to information.

Experts from media, the private sector, law enforcement, and technical and intergovernmental organizations will in this session provide a holistic view of this complex policy landscape and explore how policymakers can navigate the delicate balance between ensuring cybersecurity and upholding fundamental human rights, especially the right to freedom of expression.

Without further ado, it's, therefore, my privilege to introduce you to this esteemed panel, consisting of Paul Ash, Chief Executive Officer of the Christchurch Call Foundation; Cagatay Pekyour, Head of Community Engagement and Advocacy at Meta; Pavel Popescu, Vice President of ANCOM; and Mallory Knodel, Executive Director of the Social Web Foundation and member of the Global Encryption Coalition.

Paul, start with a brief introduction of yourself in one minute or so, and then we move on.

>> PAUL ASH: It's such a pleasure to be here in Oslo, and I'm doing my best to make sure that my body keeps up with my mind on having gotten here late last night after 27 hours of flying time. I'm based in Wellington, New Zealand. I'm the Chief Executive of the Christchurch Call Foundation. Some of you may recall, back in 2019, a devastating attack on two mosques in Christchurch, New Zealand, after which the Christchurch Call itself was established by the Prime Minister, Jacinda Ardern and President Macron of France. The intent was to eliminate terrorist and violent extremist content online while respecting human reports and a free, open, and security Internet.

Over the time since the Call was launched, it's grown to about 140 participating entities, 56 governments, just around 20 tech firms, a dozen partners and about 50 civil society organizations. Over the last year, we have established our Secretariat in the Christchurch Call Foundation that is now independent of and acting outside of the New Zealand government, and I've been delighted to work with Bjorn and a number of others on this panel over the time since the Call was established and since the foundation was. Thanks very much for having me here today.

>> BJORN IHLER: Thank you, Paul. Cagatay?

>> CAGATAY PEKYOUR: Hi, everyone. My name is Cagatay Pekyour. I am Head of Advocacy for Meta, in charge of community engagement and advocacy for the region. My work involves engaging with communities and also civil society organizations to understand the risks on content when it comes to the content being harmful and also how we may protect voice and expression of these groups. Would you like me to... 

>> BJORN IHLER: The introduction is fine. Thank you very much.

>> CAGATAY PEKYOUR: That's okay.

>> BJORN IHLER: Pavel?

>> PAVEL POPESCU: Hello, everybody. Thank you for inviting me to this panel. My name is Pavel Popescu from Romania, Vice President of our telco regulator called ANCOM. Actually, lived for a few years in this country, which is my second motherland. And I was almost for two terms a member of the Parliament, in the Romanian Parliament, chairing the Defense and National Security community and laying down most of the legislation that we have passed in the last years on cybersecurity, which involves definitely legislation creating the problem of cybercrime. Today I'm in the position of Deputy Minister of State Secretary at ANCOM, as the Vice President.

And our institution has many hats. It's much more than a regulator. It has to do with lots of domains, starting from DSA, telecommunication, space more recently, and postal services and cyber from December 2024. So, we are actually covering lots of things, and it's starting to be more and more challenging in the world we are living in. I'm looking forward to discuss about this in the next minutes. Thank you.

>> BJORN IHLER: Thank you, Pavel. Mallory?

>> MALLORY KNODEL: Thanks so much. I'm Mallory Knodel, and I'm part of what's called the Global Encryption Coalition. So, I'll spend a little time introducing that, as well as myself. And just, first, thanks so much to the organizers for inviting me. It's a privilege to be able to speak in front of you as a member of civil society and as someone who engages in the technical community. I think it's really important that we continue these dialogues in a multistakeholder fashion.

So, the Global Encryption Coalition, it was founded in year 2020. There was sort of pre‑meeting at the Berlin IGF. Maybe some of you were there in 2019. And it was because we saw an increasing attack on end‑to‑end encryption at the legislative level in a few key countries, notably, (?) countries and we wanted to make sure that both sort of the private sector response and the civil society response, as well as the scientific community and computer science and so on, cryptography, were aligned in trying to talk about the benefits and protect encryption.

So, I was in my capacity as Chief Technologist at the Centre for Democracy and Technology, founding Secretariat member, and now I am one of the technical specialists. So, the Coalition is made up of civil society organizations, only small companies, mind you. We don't have members from the large big tech companies you might imagine. Small, medium‑sized enterprises all over the world, and then, as well, academics.

So, I also spend time in the Internet Engineering Task Force and the Internet Research Task Force. There's a research group there called Human Rights Protocol Considerations that I've chaired for a number of years. Some of these issues come up from time to time, although our mandate is much broader than free expression, but it's a subject to the panel today that I'm really happy to talk about. And I'll also say that on the topic of cybercrime, when I was at the Centre for Democracy and Technology, we were members of the ad hoc committee process as observer members, as civil society, so I also followed that for its duration, and so have a lot of sort of aggregate thoughts and reactions to that process, and then the way forward based on civil society perspective, which I'm really, really, again, excited to share with you today. So, thanks.

>> BJORN IHLER: Thank you, Mallory. So, as you can see, we have a really broad spectrum here from civil society organizations, now also civil society organization, which is exciting, to government and the corporate sector as well. I think this represents how multistakeholderism should be happening in conversation between all of those bodies, so I'm excited for this.

Paul, the Christchurch Call is working towards eliminating violent terrorism and extremist content online. How can members of Parliament take action while making sure to uphold human rights online in free and secure and public Internet? And what alternatives and effective measures can be drafted into legislation to counter cybercrime that you can recommend?

>> PAUL ASH: Wow! No pressure. We start.

>> BJORN IHLER: Real easy start. Sliding into here.

>> PAUL ASH: Yeah. I guess as a starting point, if I was sitting as a member of Parliament, considering this challenge, would be beware of false dichotomies. Beware to people who say we have to either legislate or we can't do anything about this problem, because both of those ways are quite perilous when dealing with technology issues.

The second thing I would say is get good technological advice. Find people within your jurisdiction who understand the technology well, who understand the issues around the way the technical community can feed into this discussion so that you're being well advised as you're thinking about how to deal with the challenges and issues in front of you.

I guess that's where we started when we were looking at the response to what happened in Christchurch, and I was fortunate enough to be sitting in a role in government where I was able to give that advice to a leader who took it and was keen to find ways to preserve human rights and a free, open, and secure Internet, while not ignoring the fact that radicalization and violent extremism, broadcasting of terrorist acts, the use of the Internet, the abuse of the Internet to promulgate terrorist and violent extremist content was also happening and could not be left unchecked. But that those two things were not a dichotomy that we needed to fall on one side or the other of, but we needed to try and bring together.

Great. That all sounds good and high‑minded in theory. It dovetails neatly with the theme of the IGF around building digital governance together. It reflects 20 years of cooperation. What does that mean by practice if you're an MP or a member of Parliament? I guess the first thing I'd say there is ensuring that you put human rights at the real core of your work, that you're looking at right‑spaced processes that involve the communities you represent in work, trying to keep people safe and secure online.

The key tools that can be used there are things like human rights and impact assessments, working with communities to ensure that as you're thinking about responses to problems like terrorist and violent extremist content, you're not compounding the problems that that content causes; you're not creating a violation of other rights than the ones that you're dealing with.

The second is making sure that you build in really smart human rights review and sunset clauses for the provisions that you're putting in place, because as technology evolves, so too must our solutions. And being able to make sure that regulatory measures are updated is really important.

And ensuring that the work that you're looking to do in this area is really tightly constrained, and you don't have scope creep or mission creep in it. How many times we have seen a piece of legislation, well intended, aimed at dealing with a specific problem like terrorist or violent extremist content or child sexual abuse online, suddenly find a whole pile of things added to it at the last moment as it's going through its third reading in Parliament and coming out like we would say in my part of the world, the proverbial Christmas tree with all manner of things on it that are difficult to deal with. So, human rights first.

The second, demanding radical transparency. Transparency about the way the online environment works is critical to try and solve problems like terrorist and violent extremist content or child sexual abuse or any other of the things we're grappling with, in an open and, I guess, standardized way. So, ensuring that you have platform agnostic transparency reports is important; ensuring that you've embedded in the government work you do just as much transparency as is being demanded of tick platforms is important, and it's a big part of the Transparency Working Group that the Christchurch Call has been driving over the last couple of years, standardized data formats so that a range of entities can have access to that data. Civil society can have inputs and can verify claims, and ensuring you have oversight over transparency mechanisms are all critically important.

Probably the most important thing to me, though, in how we work and I think in legitimizing and building sound processes, is multistakeholder oversight of the work. Making sure that as you, as a parliamentarian take forward processes and solutions, you're finding ways to ensure that you bring together tech platforms, government officials, members of law enforcement, and civil society groups to oversee that work and have regular input into it is critically important. Creating digital trust caucuses is one way of doing that; reaching out to counterparts across the floor to try and find ways to work together on digital issues, and meeting regularly with industry, technical experts and rights defenders.

And I'll make one really critical point here. When I say technical experts, I mean technical experts. One of the biggest issues we've seen over the last five to ten years is sometimes the sidelining of the technical community that Mallory described earlier, those who built the Internet and know how it works. And even if we're dealing with issues right up at the top of the content layer, those folks have a really important role to play in helping advise how to keep that process safe.

Finally, I think digital resilience. You're not going to be able to legislature way out of this challenge. One of the reasons we stood up a multistakeholder process was precisely that, that regulation in this area, in this field, is fraught, it's challenging, and it's imperfect. And if you meet someone who tells you that their regulatory process has got this nailed and it won't need to change, I suggest you're dealing with another one of those false dichotomies and you need to let your intuition and alarm bells kick in at that point. So, making sure that you've got other tools, particularly tools around building resilience in the community, building digital literacy. All of those things critically important.

The challenge, I would say, is there's a huge focus on building digital resilience that is going to take much longer to deliver than the challenges we're dealing with, with technology. The tech has moved much, much faster than resilience is able to keep up with, and you won't be able to rely on resilience alone. Training in schools is great, but it's a solution that will kick in, in 10, 20, 30 years' time, and we may not have that long to deal with some of the challenges that we're finding in the online environment right now.

Very quickly, because I'm suspecting I'm running out on time ‑‑ one of the alternatives that you have in front of you to legislation as a tool ‑‑ so, those principles: Transparency, multistakeholderism, technical input and digital resilience ‑‑ need to be applied, I guess, to a range of different alternatives that exist to legislation.

There's a number of ways that legislators can impact on a positive digital environment that go beyond the simple regulation, and they're often messy, they're often much more challenging than regulating, or at first seen that way, but long term, they're probably more sustainable. One of those is voluntary and co‑regulatory codes, pulling together mixed groups across industry, across government, across civil society in the tech community to find ways that are a bit more flexible sometimes than regulation. And sometimes, those can be a subset of regulatory measures. They could be mandated by regulation. We've done this in the Christchurch Call for instance with the crisis response protocols where we work really, really hard to ensure multistakeholder input into work to respond to online crises and into building out a toolkit now as part of the work we have under way at the moment, building out a toolkit to help communities being more resilient after those crises.

Technical support; funding in particular. Open-source solutions and funding ways for the technical community to build out tools for resilience is actually really important. Offering safe harbor data‑sharing frameworks, for instance, with multistakeholder oversight to try and deal with some of the questions around the way algorithms work or respecting privacy. Again, something we're working on within the Christchurch Call construct, something that was mandated in the Call when it was launched. Critically important that happens. Critically important also that as legislators, you are not the only people overseeing that, that you actually have support from across the multistakeholder community.

You can use economic levers. There are many, many economic tools that can be used by legislators to try and ensure that in their own jurisdiction or working with other jurisdictions, they bring parties together to work constructively on digital solutions. Software and diplomacy. You're here because you're part of Inter‑Parliament groups. Those groups have a potential that I think is well more advanced than is currently being delivered upon, and there is plenty of scope to be working across jurisdictions with your peers and colleagues on solutions and on tools that work.

And finally, I think, capacity building for civil society. If you're a regulator, if you're a legislator, it can sometimes feel a bit painful. I've seen this advising legislators. The civil society elements, and this can sometimes even seem inconvenient, but they're critically important. And making sure in the current environment, where civil society is finding funding harder and harder to secure, that you support civil society's role in this work is, I think, a critically important way of building out a more holistic approach to online safety. And I think in particular some of the work around supporting civil society groups to build out counterspeech or free speech narratives that manage the risk of what is in most jurisdictions illegal content, by providing alternatives to it is also critically important.

I guess if I leave one quick snapshot on this, it's ultimately that the work we've done with the Christchurch Call is around trying to show that shared norms can travel way faster and be far more effective and more flexible than any individual statute. And if parliaments focus on transparency, on compatibility and capacity building, and they work hand in hand with the technical, academic, and civil society communities and with industry, I think we can curb terrorist and violent extremist content and radicalization to violence while keeping the Internet open, free, secure, and rights respecting. Thank you. That's how we truly build digital governance.

>> BJORN IHLER: Thank you, Paul. Applause, yeah. Picking up on some of the things you said. I think including the technical community and meaning the technical community, is an important one. And with that, also thinking about resilience by design and other elements, that can be inspired by privacy by design, which I think is one key principle you've been working on, Mallory, but also something we should learn from and adopt.

And so, throwing it to you, I'm wondering how efforts to combat cybercrime and cybersecurity thinks about end‑to‑end encryption and the challenges that comes with that, but also the opportunities that come with that, and how to also frame that in the context of user‑centric security and privacy tools.

>> MALLORY KNODEL: Yeah, thanks for the pointed question, because I'll definitely appreciate Paul for covering all of human rights, and I think, you know, encryption protects all human rights, actually, but it does have a specific, narrow focus on privacy. You know, we've heard from the UN for a long time, it also protects free expression and freedom of opinion, freedom of association. But yeah, let me get really more specific than just the over‑broad approach.

And I'll say, you know, a lot of my comments here are coming from the perspective of civil society. Having worked for nonprofit organizations, civil society for 15‑plus years, I will say and acknowledge that we can often be very strident in our beliefs and in protecting this, but it's part of a much longer struggle. And so, I recognise like the opportunity I have in front of you today, and so, I'm giving you I think a glimpse into how civil society organizations, human rights defenders tend to approach this issue, and I mean it to be direct, and of course, recognise that governments and states are in particular positions and states are complicated and no one in this room is actually responsible for any one government's policy. But I really start from the history far beyond the digital age in which, really, the exercise of democracy is trying to strike this balance, right?

We know that one of the very difficult things to get right is investigatory powers ‑‑ crime and punishment, policing, and so on ‑‑ and how then that infringes on rights. So, if we take this as a long, long history, again, before the digital age even comes into view, we know that we need legislative power, legislative checks on this power, but we need to keep this in mind at all times. What's changed now is we have, as well, technical mechanisms to do the same, to create limits, to effect boundaries.

And encryption is, perhaps, the paragon of this, right? It is the one thing ‑‑ end‑to‑end encryption is really the one thing that democratizes the ability to set a boundary, the ability to say, you know, this conversation between you and I is private, and I've set those terms, and it can't be disruptive, right? So, I think we have to keep this as an imagination, as part of the historical struggle to create some balance here. And so, that's in the tradition that I'm coming at this from. I'm sort of on the side of human rights and trying to correct that power imbalance where it's happened.

And I think in the recent past, we have had a lot of examples of how we're overcorrecting, right? We're overcorrecting for the strength of investigate entry powers and policing and cybercrime, instead of rights. You know, not ‑‑ every month it feels like there's a new example in the headlines, but effectively, we have, as well, you know, this lesson we continue to learn, which is that when you intentionally weaken things from a technical perspective, in terms of security and privacy, you actually do create vulnerabilities that can be rather egregious and that can invite even more kinds of, I don't know, hacking and vulnerabilities and things like that.

But let me get concrete. Let me get concrete. I think the other thing that has happened in this digital age is there's the belief ‑‑ and Paul, you actually set me up because you mentioned this ‑‑ that tech moves faster than policy, right, and that we need, in fact, the policy to somehow catch up and to help rein in the technology. Now, I will point out, that is almost always used in service of speaking against democratization of the technology, right? It's only peoples' use of technology that needs to be reined in, which, in fact, we should also be concerned about the government's use of the same technology in a way that is exceeding legislative controls and powers and checks on that power.

So, when you have, for example, mass surveillance, or even started surveillance, right, with unchecked power that's not going through proper channels, that it's unlawful, that is also an example of tech outpacing policy, right. And we tend to not think of it in those terms, but that is absolutely what, from a civil society perspective, is very clear to us.

So, I want to also mention that I think when we imagine the digital age versus how this is different from previous tangles between, you know, the State and the people, the other issue is scale, right? The scale and the capabilities are now beyond natural limits for what we would consider a personal boundary, right? In the sort of offline, predigital world, there was a limit to the number of homes one could walk into and the number of things one could know about a person.

We, with the digitalisation of all of our lives, that scale is now beyond any sort of natural limit. And the idea that you could take all of that data, if you're a company, right, is sort of the business model right now, so you're sort of harvesting, creating, storing, using all of that data, and that it should also, of course, be accessible to the governments of the jurisdiction where those companies reside as well. That seems like a very obvious thing to follow on. But again, it's exceeded what our society was built upon, in terms of the natural limits of the private realm. And so, that's where I think we have basically just one technology that does try to create that personal boundary, and that technology is encryption. That's the only one, really. It's the only thing that's between me and someone else who would like to listen in or have access to my conversation. And that goes for companies as well.

I want to say that for all of those out there that feel there might be this sort of pro companies, pro private sector side of encryption policy, a lot of end users, a lot of human rights defenders, a lot of people who care about and use encryption, are also trying to create a boundary between themselves and companies, right? It's a really important thing. And especially in the case of end‑to‑end encryption, that is in the power of the users.

So, let me move into, like, Paul so helpfully gave very specific jurisdictional approaches to this issue. I'm going to try to do the same. I have about four points, and then I'll end on a question for everyone to sort of think about.

So, looking at the way we have articulated cybercrime, global cybercrime coordination, some themes that have really come up that are of importance to civil society, and I think that differ by jurisdiction, are, firstly, cybersecurity research. So, one of the ways that you ensure that the Internet, digital technologies are secure, is you have everyone concerned about the cybersecurity aspect. And it's a very holistic approach and you get a lot of different folks to use it, to test it, to audit it, and so, you have to accommodate cybersecurity research from every conceivable perspective. Civil society. They're going to be concerned about it, and that should not be criminalized. Also, private sector and third‑party private sector, as well as the academic community. It's really crucial to allow for that, to uncover vulnerabilities, and to secure everyone.

I've already mentioned the scale of surveillance, but I think that the policies that are already in place in virtually every jurisdiction to limit power need to be strengthened during this time of international cooperation on cybersecurity and cybercrime, not weakened. So, if you have these increased capabilities globally, you need to make sure that jurisdictionally speaking, those are stronger. And again, I am sure that they exist everywhere. Right?

The third thing, this was already mentioned, but any sort of use of these transnational cooperation capabilities or the use of government hacking, the use of other things, need to be responsible; they need to be transparent, especially when there's cooperation between governments and the private sector, because I think that's a combination of two very strong forms of power that need additional scrutiny, that need additional oversight.

Warrants, right? Dual‑use technologies regulation. Making sure that zero‑day exploits and back doors are not used, because they are very dangerous, and they present ‑‑ over and over again, we've seen how they present cybersecurity insecurities for everyone.

And the last thing I'll just say is, related to the UN Treaty ‑‑ and for the countries in the room that have signed, that potentially will be part of that treaty ‑‑ I think, again, it's important to think of the standards and the safeguards that a lot of civil society organizations feel are insufficient that you jurisdictionally can, of course, exceed them. The human rights safeguards that are suggested in that treaty and in place, there's no reason why you cannot go above and beyond to really protect human rights, human rights defenders, journalists, activists, in your jurisdiction.

So, leaving them with a question. I think there does persist a dichotomy, unfortunately, maybe that never gets resolved. But I think if we admire the problem from different angles, it can help to smooth the edges a bit. I will say, I will be here in ten years plus, still talking about encryption, because I think we will never really quite get to it. You can't ban it in one place. It will continue to persist in others. So, what do we do?

I think the question we should be asking is, rather, are people the ones that we are erecting these treaties and these policies and this technology to protect people, or are we protecting against people, right? Are we leaning into democracy or are we afraid of it to the point where we must worry about the end user, basically, or the people as a threat? That's how I think of this. And I think once we try to flip that around and you put people at the centre of security, of privacy, of human rights, these edges seem to me to resolve very quickly. But that takes a lot of political will, and I think that might not always be the political moment that we're in. But I think we can imagine it and we can imagine it being stronger in the end. So, anyway, thanks very much. Appreciate it.

>> BJORN IHLER: Thanks, Mallory. One of the things I keep reminding the policy people at Meta about is that you're effectively having a lot of users based in any one country in the world, and so, the de facto also governing the online experiences for a larger population than any one government in the world. And so, it's interesting to think about the scale of that and the responsibilities that come with that.

And so, building off that, I'm wondering what regulation looks like, in terms of striking the balance between combatting cybercrime, misinformation, and online misconduct on your platforms, while also protecting freedom of expression. I'm also wondering if you could elaborate on how Meta works to protect freedom of expression while navigating the increased regulatory burden from governments and from multilateral organizations, such as the European Union. There's a lot to balance there, and so, I'm wondering if you can think a little bit about that. Thank you.

>> CAGATAY PEKYOUR: Of course. Thank you. And thank you so much, Mallory, for mentioning the historic background, because that was also a part of my entrance, actually, for today. This topic is not completely new for us. Like, for centuries, particularly, the first activists have resolved with the question how and when governments should place limits on freedom of expression to protect people from harmful content. And increasingly in the online space, privately run companies like Meta are making these determinations.

And on the other hand, a significant number of people are using our platforms to express their political opinions. And in many parts of the world, like, they actually don't have any other alternatives to express these opinions or, like, gather. So, we are deeply aware of the importance of protecting the speech in our platforms while balancing, while protecting people from severely harmful content.

This situation puts companies like Meta almost like an intermediary between the governments and the users. We are seeing the users, while they want us to reduce the abuse, they also expect us to protect their freedom of expression. And we are hearing from the governments, who are not only expecting us to remove illegal content, but also us to take action on all sorts of harmful content. So, we are trying to navigate this space for both users and also for the governments.

I will first start with talking about regulations that we see. In the region that I'm also working for ‑‑ African, Middle East, and Turkiye ‑‑ there are at the moment more than 120 meeting regulations. These are cybercrime laws and content regulations in the region. If they are enforced over broadly, they may constitute a risk on our users' freedom of expression, while the original intent is protecting people from harm. And there are 40 other regulations that's in the making in the region.

90 of these regulations are only bringing liability on the users directly and doesn't bring in liability or responsibilities for the platforms like Meta, but the rest of them actually bring responsibilities and also sanctions on the platforms, which sometimes may lead platforms to even take the safer approach and over-enforce certain policies to avoid some sanctions.

In Meta, to find a balanced approach, we have our Community Standards, as I'm sure like you all know, which sets the rules for which speech is allowed on our platforms and which is not. That's mainly to protect users from harmful content, but also, at its very core, there are principles around freedom of expression. And we have several other policies that actually are designed to make sure that we are protecting our users' freedom of expression, which is our regulatory compliance policy to begin with. That policy is about how we are responding to governments' requests on takedown, content takedown. And it is based on our human rights commitments and also our commitments as part of the Global Network Initiative. And actually, it mandates our teams to conduct five‑step due diligence, which assesses the request's legality and legitimacy, necessity and proportionality and also the external risks that such takedown requests may pose.

We make our decisions on our users' speech in relation to regulations after going through this process for each request that we receive. And we regular actually publish transparency reports in relation to how we are managing government takedown requests and also how we are responding to governments' requests on user data, because we are also aware that the user data requests may also sometimes lead to silencing certain communities.

These transparency reports not only happen in six‑months periods, but also in some significant cases, we publish case studies on our transparency centre, and we try to provide as much as possible, like, information to make sure civil society and also the affected parties, civil society is well informed about the request that we receive and the affected parties' impact is at least explained in a transparent manner.

This is a very complex space. Like, we are not only talking about the content itself, but also, like we know that sometimes it's the actors who are, like, causing the problematic situation, like it can be, for example, a fake account that is causing what we are seeing is a problem. And sometimes it's the behavior. So, it might be the fake engagement itself, not the content. So, our policies also try to address these different types of problematic areas when it comes to the topic of cybercrime and, like, severe harmful content, but also any regulation that tries to regulate this space I believe should also consider the fact that speech norms actually evolve and change over time.

Also, the threats we see online that is around cybercrime, they also are constantly and repeatedly evolving. As Mallory mentioned, like the volume and scalability is another thing that brings more complexity into this situation. If we only rely on notice and takedown processes, it's definitely not effective to protect people from harmful content, but also, like it puts companies like Meta into difficult position from time to time when it comes to protecting people's freedom of expression as well.

As, again, Mallory mentioned, like, some of the content and these behaviors happen in private spaces, like messaging groups, and sometimes, like, they happen in public spaces, like a public page on a platform. And how these regulations are treating into these different spaces is also quite important.

Another thing is, like, how we are treating to organic and also page content, like, should regulation have the same approach for these two different types of content, or should we have a different set of rules for content created by an ordinary user, or for content that is backed by advertisement?

Then we look at regulations in our region and also for the rest of the world ‑‑ in the rest of the world. An effective and also rights‑respecting regulation has certain characteristics which I'd like to highlight before ending my intervention. The first bit is, like, complying with Article 19 of the International Covenant on Civil Society and Political Acts of the UN Treaty. This is very important, how we are balancing, like, protections on fundamental human rights, including privacy and access to information. Like, this should be at the core of any regulation that may want to regulate this space.

The second important thing that we see is there has certain mechanisms of proportionality in limiting a speech or certain actions online. So, regulations that legislate only for the most harmful forms of content actually has less risk on infringing people's freedom of expression. This can only happen if such regulation may consider the severity and also prevalence of harmful content in question and also its status in the law.

Also, we believe if the regulations take into account the efforts of the platforms in addressing harmful content, they may have more flexibility, which may allow them to adopt an evolving technology and also evolving threats.

Another important thing to avoid limiting people's freedom of expression is having clear definitions. We are seeing several regulations that has really broad definitions of harmful content, which puts platforms in difficult positions, as only a narrowly defined harmful content types would allow us not to expand our enforcement and protect people's freedom of expression.

One last thing that I believe has a part and importance in this space is, having these regulations, building around procedural safeguards. As I mentioned, it's mostly about how these regulations are enforced, rather than how they are written. If there are no effective right of defense or remedy for the users in relation to enforcement of these regulations, they can be quite easily enforced in an overbroad manner by the governments.

And if there are, like, heavy sanctions attached to them, the expectation of the companies, like ‑‑ what I'm trying to say is, like, the companies may pick the safer side and not to take risk because of those sanctions and may tend to over-enforce and remain, like, I think it's the right to expect that, like, they are taking this approach. But if we are having legal safeguards and also paths for remedy for the users in relation to importance of these regulations, then we may avoid overenforcement of the companies and also overbroad enforcement that may come from regulators and also the governments.

>> BJORN IHLER: Thank you very much. We have a lot of parliamentarians in the audience, also a couple regulators I see. So, Pavel, having been a parliamentarian and now filling the shoes of a regulator in Romania, you're balancing a couple of hats here. And I think it would be interesting to listen to you and hear what kind of tangible takeaways there can be in terms of good practices for whole‑of‑government collaboration across both Parliament and for regulators, but also what challenges and solutions you are seeing in addressing cybercrime and upholding freedom of expression in legislation and practice. I know Romania has also been having some interesting experiences with the recent elections, et cetera. That might be worth touching upon here.

>> PAVEL POPESCU: Oh, so you want to extend the panel to three‑four hours?

>> BJORN IHLER: I'm sure we could do a couple of days on this.

>> PAVEL POPESCU: Yeah, it's going to take a lot. How many parliamentarians do we have here today? Can you raise your hands? So, quite many. Yeah. It's a very interesting -– actually, the most valuable thing that I've learned through these years. I consider it to be the experience passing through these events that happened, including recently in my country, you know, in my country, because it set up an example for all the countries across the world to see what's happening.

For example, when a social media platform is weaponized, there are so many ‑‑ you know, there are two ways of doing this thing, whenever we go, you know, at conferences. I quit going to too many conferences. But there are two ways of doing it: Speaking out, I mean, attacking the problem, or just being diplomatic and not being bluntly. I hate the second thing, so I'm here to speak bluntly to you. And I think it's with all the humbleness and modesty I can say the things I'm going to say in the next minutes, because I have the hats. I know what's the power of being an MP.

And sometimes, I feel it's very frustrating that in the Parliaments, when you have actually the biggest power in the world, it's in the power of a Parliament, you do not use that power the way you should use it. And you let so many times, at the level of a social media platform or at the level of a regulator, which, by the way, today we regulators, we are scared a lot. And as a regulator, I am against regulation. I want less regulation. I want less regulation in the European Union. I want the private companies to do profit, but I want the citizens to be safe while the private companies are doing profit using the social media platforms, for example.

So, I think you are not aware of the power you have. In order to apply that power, we all have to do something which is very complicated, to keep the speed with what's happening in the world. Because in three years from now, you know, everybody's saying, in ten years from now, the world will look differently. Let's wait to see how it's going to look in three years. In three years from now, we're not going to recognise the social media platforms and ecosystem because of the AI. We will not be able, even the most advanced from us, which are keeping up with this race, we will not be able to see what's wrong and right. And we have to prepare for that. We have to prepare our kids for that. And actually, we have to enforce regulation, which is already in place.

Because if you go across the world, starting from United Nations, starting from this beautiful country where I live for almost seven years, everywhere in the world, we have enough regulation in place, but it is not enforced. This is a fact. Today, let's take an example of what's happening these days across the world. And I'm going to touch the topic of cybercrime.

I am the biggest supporter of free speech. I think everybody on this earth, no matter the color of your skin, no matter the religion, no matter the country you are coming from, has to be allowed to say what they think. People should say what they think, without consequences. That's the most valuable thing that God created for us, the freedom of saying what we believe. And I think this is the main, you know, the root from where we start the whole conversation.

But ‑‑ and this is a big "but" ‑‑ let's take, for example, in the social media ecosystem, when we discuss about freedom of speech, how much we discuss about the actual regulation in place. And let's take, for example, the Digital Services Act. In our institution as a regulator, we are also responsible for the Digital Services Act, a very complicated regulation from, you know, from the European Commission, but it's a regulation which actually raises a problem which was not solved before by the social media platform itself.

Today, if we would be honest, we do not need ‑‑ we would not need that regulation ‑‑ we do not need extra regulation in place, if you go and read the terms and conditions of each social media platform. So, as a regulator, when I go back home, I am challenged by thousands of, you know, independent journalists, people who are trying to say something online, and they say, you know, I was censored, and it's your fault because you are the regulator. While we do the not have any fault ‑‑ we do not moderate content, we do not ask the social media platform, bring that content down, because we do not have legislation in place to censor people, but what we have in place is legislation about what's legal and illegal.

And my question is going back to the Romanian elections. How would you define discord, for example? Somebody involved in a political campaign, let's say a presidential candidate or where an MP goes online and says, "Tonight, Romania will be invaded by French soldiers and Russian soldiers." Where a presidential candidate goes online and says, "Romania is going to attack Russia with its military MK NATO base." What do you do as a government official? Because that certain phrase creates panic through millions of people. Instant panic. People are going to the passport offices, trying to renew their passports and saying, "I'm leaving Romania tonight. I don't want to go at war with Russia." And actually, nobody wants to go at war with anybody. So, when you have these kinds of situations, as a government official, as somebody who has to put regulation in place, you have to take decisions while protecting freedom of speech.

Imagine that the last nine months for my government, previous government than this government and our regulator, we have been challenged with thousands of cases like this. And if anybody in the world believes that ‑‑ still believes that there are countries like Russia, which there are not countries like Russia which are putting, you know, serious money into rigging an election or influencing an election or using social media platforms to influence those elections, you should look at Romania's case, because we're going to set up, you know, I would say an example of how we handle that.

And here, let's not even talk about countries. It can happen in any country with any state or non‑state adversary. We've been through this. We've seen this. We handle this. And we managed to go alive out of this, but with a lot of consequences, I would say.

And I want to emphasize the fact that the main responsibility in the social media ecosystem to date for the platforms. The platforms should wake up. It's a wake‑up call for the platforms to understand that their terms and conditions, which are extremely strict, should protect our kids from child pornography, should protect our citizens from cybercrime, should protect the whole citizens for the freedom of speech, should protect us all from the way that AI is evolving and using cybercrime instantly and constantly today.

And I cannot accept, as a former MP, as a current regulator, and with, as a former programmer with background in the technical background, I cannot accept that with the billions or trillions or millions of profit that the social media platforms are doing today, cannot at least install a system ‑‑ and I will give an example ‑‑ to eliminate a systemic risk, like, for example, the cybercrime campaign you have in a specific country, using some specific companies, using AI. And this is an ongoing discussion.

Recently, we took a very interesting decision and positive decision in Romania as a regulator together with our police office and the Minister of Internance, because we had in cybercrime the problem of spoofing. Like, tens of thousands of Romanian citizens were called from the police number or from the bank number, with the real number appearing on the phone, but of course, behind it was not the real number.

We took the decision, a technical decision with the telco operators, to limit the possibility to be called with these type of numbers if they are called outside the country. It's a complicated thing that they were using, but the problem was not only there; the problem was starting from the campaigns we've always seen on social media platforms, for example, with the governor of Romania or the Prime Minister or the President asking the Romanian citizen to invest in a certain company.

And I think today, we need, as in many cases, the social media platforms to make a better, better mapping and cleaning of their social media platforms in terms of this kind of new challenges we have in online. I cannot accept, and we should not accept the idea that when you have AI doing something in a negative way, you cannot have AI at that level reversing that. Everything is reversible in ITNC. And I would like to see as a regulator, and that's what we try to do home with our, you know, interaction with the social media platform, to see the social media platform being more responsible on these issues.

I think responsibility, it's a must when you use people's data, and this is a fact. I know, we are all aware that people, unfortunately, do not care too much how their data is handled these days, you know, but I think we as regulators, we as government officials, you as parliamentarians, you should be able to understand by the power you have through the vote of the people, get a better understanding of what's happening these days, get better experts and consultants who could come in your offices and teach you what's actually happening across the social media platforms. And I think we need a lot of responsibility from social media platforms. That's at least what I feel today. Thank you very much.

>> BJORN IHLER: Thank you, Pavel. Thank you very much. And I think there's a lot of parliamentarians here who can take some of this to heart. And some of you might have questions, even. And so, I want to open the floor for some questions for those of you who have that. The gentleman here. Can get a microphone on the floor? There's someone coming. Here, second row, third person in.

>> AUDIENCE: Thank you for this informative session. I benefitted a lot, as a matter of fact. But this is a parliamentarian session, is that right? So, I expect that I am going to hear about best practices legislation, how legislation addresses issues. I am a judge. I am a judge at criminal circuit, criminal chamber, so we are dealing with these cases. And we have to decide whether this is hate speech, or is this terrorism, or is it... and we have to make this balance. And we draw the line between what is crime, what is not a crime, okay. But we need the legislation. So, I wanted to hear here.

Like, for example, in Egypt, we have criminal legislation, cybercrime legislation, but the cybercrime legislation would only address the crime; it will not address the issue of human rights. But what addresses the issue of human rights is the constitution, the Bill of Rights. So, this is what I wanted to hear from you. How can legislation itself address these issues? Are we going to protect human rights and safeguard the freedoms through the legislation, the criminal legislation, or we leave it to the general principle of law or constitutional principles, for example? And we are obliged to, of course, implement the principle of the Constitution, which come over the normalization. So, I wanted to hear this, this answer: What is the strategy to address this dilemma? Thank you.

>> BJORN IHLER: Thank you very much. We'll lump together a couple of questions. So, I think the lady on the second row here.

>> TEO NIE CHING: Thank you, moderator. I'm Teo Nie Ching from Malaysia. I'm Deputy Minister of Communication, so a parliamentarian as well.

I think the first question I would like to pose would be, should, then, the platform be held responsible? Because I think that was mentioned just a while ago. I definitely think platforms should be held responsible, because the platform is very, very powerful these days. If I'm allowed to use the example given by one of my favourite authors, Yuval Harari. He basically says the platform, the algorithm is playing the role of the editor these days and decides what information is to be consumed by the user. So, in that sense, I think as an editor, you have huge power to decide on what type of information the users consume on a daily basis. And to me, platforms should be held responsible.

But coming back to say that Parliament is very powerful, government is very powerful, legislation is very powerful. I need to speak on behalf of Malaysia, from a Malaysian perspective. We actually think it is very effective. Even though we have the legislation in place, it is very difficult to get the cooperation from the platform.

For example, in Malaysia, we do not like alliance on online gambling, for example. I'm not saying, perhaps in some other countries, it is legal, but in Malaysia, it is just not legal. However, we continue to see posts promoting or related too online gambling, sponsor posts. And that is despite our numerous requests to tell the platforms that this is illegal in Malaysia, can you please ensure no such sponsor posts about online gambling appear on Malaysia users' timeline? But we almost have to repeat it on a weekly basis, if you have communication on a weekly basis. That is one example.

Second, starting from this year, Malaysia tried to introduce a regulation whereby we said, if you're a platform with more than 8 million users in Malaysia, then, please, come and get a license from us so that it will be easier for us to get cooperation from you. 8 million users, basically, administer 5% of Malaysia's population. We think there is a very reasonable threshold compared to India, compared to UK. I think 8 million ‑‑ 25% of our population ‑‑ we think that is not a very, very unreasonable threshold.

Frankly speaking, yes, some of the platform providers can apply for the license, but however, some of the larger ones, if I may ‑‑ Meta and Google ‑‑ did not comply with our regulations until today. The date line, we started the communications last year, and however, they are supposed to be in place from January 1st of January this year. But these two huge platforms, did not comply with this request.

And the next question for the government of course would be what can we do? What can we do as a Malaysia government? Yeah, we have about 55 million population. But we are not that influential in the international arena. We are not one of the superpowers. What can the government do? Because it's not our intention to bend the platforms. We know that our people are getting a lot of benefits from the platform as well. But to talk about legislation as a very super powerful tool.

I really have some doubts here, speaking on behalf of Malaysia, of course, speaking from our experience. And therefore, how can we get better cooperation from the platforms? I'm saying this because I think there are things that I think, for example, Meta is doing, is wonderful. For example, nowadays, if you want to put the sponsor post for targeting a Singaporean, Meta now has an obligation to verify who is the advertiser. And I think that is a good way to actually prevent scammers from putting up sponsor posts. But this is only in place in Singapore and not in other countries. And of course, my question would be, why? Why can't this requirement to be put in place and be practiced throughout the world? Because Malaysia, our citizens also suffer from scammers' posts.

>> BJORN IHLER: Thank you.

>> TEO NIE CHING: So, thank you.

>> BJORN IHLER: The lady on the front here. And then we'll let the panel answer and then we'll, hopefully, do another round as well.

>> AUDIENCE: Okay, thank you. I'm a former Minister for IT and telecom, and I would just like to ask the representative from ANCOM. And we had a very insightful conversation coming in from the regulator. So, I want to ask, how can the online and the offline freedom of expressions can be different? Our online rights versus our offline rights are the same. And every country legislates according to their own community, according to their own citizens, according to their own values. So, how can a social media platform sitting in the west in one country, who have their own laws and regulations, start determining what the law of the country is in the east? So, what gives them the right to start deciding the fate of the citizens, having their own laws?

So, my concern is, that has been and remains, that now the time has come that the countries around the world are getting together to either collectively, according to their own value system, come together, and it's not about banning the social media platforms ‑‑ they're compelling us to do it now. Now, the time has come that the like‑minded countries need to come together and start having their own platform where they can unify, provide the information to their citizens according to their respective needs. Just because a certain platform is giving a certain type of information doesn't mean they're not the only platforms. So, we have examples of China. We have other examples where their own platforms are serving the citizens' needs.

So, perhaps, instead of struggling to get the social media platforms to discount their commercial interest in the favour of the citizens who live in the east, largely, I think the time has come that the people living in the east look forward to having their own platforms to provide the services that are required. Because now, the debate has gone in for too long. Even Mr. David Cameron in 2016 had to fight to secure the children from pedophiles. And the platforms refused to take his request of removing the content, unless an independent group was determining that there are not files that was a pedophile. What kind of attitude is that? Are we becoming a hostage to social media platforms or we're going to drive now as parliamentarians and start governing and take the rights of our citizens in our own hands?

Enough of the freedom of expression debate has gone in. There is no violation of freedom of expression when my personal right is infringed because somebody somewhere doesn't like me, decides to post against me, and the social media platform becomes the final deciding point, irrespective of what the law of my country is. So, please, now.

I'd like to ask Mr. Pavel, what gives you the right to decide that you are not going to listen to what the law of my country is? Thank you.

>> BJORN IHLER: Thank you. We'll also take the lady in the white suit in the back, then we'll get to the panel to respond to this.

>> IULIAN LORINCZ: Hi, ladies and gentlemen. My name is Iulian Lorincz. I am the President of the Committee on Investigation of Abuses, Corruptions, and for Protections in the Romanian Parliament. So, please allow me to tell something to my dear colleague. Because this kind of disinformation, it makes so worse. We need more liberty, more democracy and more critical thinking, not more forcing people to have this lack of expression.

What was happening in Romania was the actual political parties, like (?) who made the disinformation. So, we also need to decide who will have this part and who will have this power to cut the disinformation? Thank you very much.

>> BJORN IHLER: Thank you. Thank you all so much for this round of questions. Any takers on the panel to start responding? Cagatay?

>> CAGATAY PEKYOUR: Thank you. So, first, I would like to start by saying that, as Meta, we comply with local laws of the countries that we operate in, as long as they are legally enforceable on us, and also, as long as requests that we receive from the governments are aligned with international human rights principles.

There was a question around, like, how we should be regulating the space, thinking that freedom of expression is most of the times protected on a constitutional level, but these regulations are criminal laws, and how we can build a system that may allow, while protecting people from harmful content, us to protect people's freedom of opinion and expression.

Several years ago, as Meta, back when we were Facebook still, we published a white paper that was called "Charging the Way Forward for online content regulation." That was based on the research of Harvard Law School's professors, and it's comparing two different approaches in regulating content online. One of them is the content‑based approach, and the other one is the system‑based approach.

And the white paper and also the research of these professors argued that the content‑based approach, a regulation that specifies a certain type of content as harmful content and asks platforms to prevent such content to become viral or eliminates such content from their platforms, is considerably less effective and also has higher chances of impacting people's freedom of opinion and expression.

On the other hand, a system‑based approach, a regulation that may actually require companies to set certain internal procedures or build some technical systems to reduce the prevalence of the severely harmful content is highly more impactful and effective, and also has less risk on freedom of expression, and still available online, and I encourage the interested parties to check this white paper. And I'm also able to talk about it after this as well.

Just also want to comment on the responsibility part and comment on that. I believe there are, like, many things that the companies are already being held accountable and also responsible for in different parts of the world. As I mentioned in my original intervention, there are, like, several regulations that brings sanctions, sometimes heavy sanctions, on social media platforms in relation to their compliance to local legislations.

This said, when we ask for more responsibility for social media platforms, I think it's still very important to maintain the intermediary liability principles that was agreed several years ago, to be able to strike this balance that we are discussing today. Because if we move to a model which doesn't allow intermediary liability, it would definitely impact people's freedom of expression, and then the companies would have no option, like no way to protect it. We are talking about millions of content shared by users every day, and thinking that social media companies should be responsible for each and all of them, right after they are being posted, I think it's not realistic to expect from the companies and also expect us to respect people's freedom of expression.

>> BJORN IHLER: Thank you. Any other takers? Do you want to go?

>> MALLORY KNODEL: Yeah, I'd love to. I thought all the questions were really great. I wanted to address, practically, how do you do this? I'll give you an example. In the U.S., we have the Computer Fraud and Abuse Act. This is a problem because it's often over-sued and it can punish security researchers who are really trying their best to uncover vulnerabilities and to expose either unlawful behavior or risky behavior, both by companies in the U.S. So, if you have these kinds of cybercrime laws, they need to be relaxed in the cases where it's not intended to be hacking someone. It's genuinely to improve the ecosystem. That's the first one.

To the Malaysia and Egypt parliamentarians, one problem with some legislation we've seen is that it gives the platforms more power. I'll give you an example. Age verification. You're asking companies to now ask everyone to know government ID to use the Internet, and the companies are the ones who have that data now. That is really antithetical to right to privacy. That's just one example. But I think any time you are introducing new legislation, you have to ask, does this actually entrench the power of the platforms? Does it give them more power than they had before? And almost every time, it does, right? Because we imagine that we can offload our problems onto platforms, and I think any legislation that does that is really anti‑user.

This relates then to the former minister's question around how can a platform facilitate breaking of laws. And in my country, based on standards and norms in another country. I believe in the idea of plurality. In fact, I didn't talk about this, the Social Web Foundation, the organization that I'm part of, is using open protocols to proliferate social media platforms, so you don't just have a handful. You have many, and that is our hope. But I can tell you that the future in which we have multiple social media platforms per jurisdiction, so on, does not solve content moderation. It makes it much more difficult. It makes it much more difficult to sustain, to fund, to support, and it doesn't make these problems go away; it makes them more complex, which is all the more reason why the right, the advice that human rights defenders, human rights organizations give to, right now, Meta, Google, and so on, is do not ‑‑ only comply ‑‑ of course, comply with legal requests that are in line with human rights. If they're not in line with human rights, they're effectively illegitimate and illegal, right? So, that will continue to be the position of civil society, no matter who owns the platform, no matter how they manage to do content moderation.

And I'll just say, the last thing that would really facilitate this now, where we go from a centralized approach to social media to a much more decentralized approach to social media, is create for big tech consequences at the global level, at the UN level. And so, for ten years plus, civil society's been trying to push for, you know, #bindingtreaty, so that you can directly take big tech companies to the ICC or the HRC, depending on their behavior. You can't do that now. It would be really nice if you could. So, if you've got folks in Geneva that are working on the ad hoc committee on the Binding Treaty, you know, give that a thought. I think that would be very helpful. Thanks.

>> BJORN IHLER: Thank you very much. Pavel, let's throw it to you.

>> PAVEL POPESCU: I think Paul wants to ‑‑ do you want to, Paul? Please.

>> PAUL ASH: Go ahead. Go first.

>> PAVEL POPESCU: I'm going to summarize for both ministers, if I'm not wrong. Yeah, first of all, I want to make a comment regarding what my partner from the parliament said. In Romania, we do policy. We don't do politics. We do policy, so everything, what the exact examples that I gave you are backed up by very consistent evidence that, actually, TikTok in March released a public document, their annual document which, transparency document, where the platform itself came in front of the people and said that 27,000 accounts coordinated from Russia were influencing Romania's election for a specific candidate and a specific party. Of course, we knew this from November already.

The European Commission has an investigation in place of that ‑‑ what I am trying to say is, regardless the party, regardless the ideology, the orientation you have, every country can suffer from being weaponized by a social media platform, and that's what we do not want as citizens. That's why continuously supporting freedom of speech ‑‑ and by the way, I think what I was trying to ‑‑ what I was saying in the beginning is that today, while we are speaking, we do not even have to speak about ‑‑ I do not think we have a real problem in terms of how people are moderated in terms of content. I mean, not ‑‑ we have a problem about that, because we've seen examples, but I think the for month, it's much more on systemic risk. Like I give you an example ‑‑ cybercrime, child pornography. In social media platforms, they are called systemic risks, which should be solved by the platforms itself with their own, our own technology.

And to answer to the minister, I think we should have a standardized way that the platforms are applying their own rule in terms of regulations and also legislation which is law across all of the countries in place. So, I don't think a Romanian citizen is more special or should be more special treated by a Malaysian one or by any other citizen across the world. I think we all have the same rights. And I think we all should be protected in the same way.

Let's take, for example, the fact checking topic. Today across the world, we do not have fact checking in social media platforms in other places. We still have them in Europe. I can say as a regulator, and it's on the record, that we have a real problem that in many cases, and I underline, the fact checking is not genuine. And we have people which were censored by somebody who is doing the fact checking. I am openly saying that. And we try to treat these problems.

But for example, my biggest fear today for the next generations is how do we treat ‑‑ I underline ‑‑ the systemic risks of the platform? So, having a campaign in TikTok in Romania with children falling from 2 metres ‑‑ I mean, jumping from 2 metres in the arms of their colleagues, and they were pulling off their arms and they went to the hospitals. We had 140 people in the hospital. We contacted TikTok, the platform, and we said, "We want you to solve this in 24 hours," to get all of the hashtags, technically speaking, with ‑‑ I forgot the name of the campaign ‑‑ out of TikTok. It took them like three weeks. It was unacceptable. Or the powers had to challenge.

I mean, I think we live in a world where even the social media platforms themselves do not have the capacity to process the data. As human beings, we are living in a world where we have reached the incapacity of handling so much data. And I think we should move as soon as possible to use AI in a positive way to filter disinformation.

I'm saying it again ‑‑ I cannot accept that the social media platform does not focus more in using AI in eliminating these risks, for example. If you Google my ‑‑ I mean, if you try to do a search on my social media account on Meta, for example, today ‑‑ because we have a friend from Meta here ‑‑ I will show you hundreds of cases with Romanian companies ‑‑ scam cases ‑‑ with Romanian companies ‑‑ so‑called Romanian companies ‑‑ tricking Romanians to apply here, which are sponsored, by the way, on the fact that we do not have flagged who's sponsoring behind that account. And I think this should be fixed as soon as possible.

And with this, I'm going to summarize. I always take U.S. as an example. I'm not saying it's the ‑‑ it's not the perfect example. There is no perfect example in the world. But the U.S. democracy is still the best in the world, in my opinion. And this is for one reason, because I've been personally in hearings with members of the Congress and the Senate, which brought in front of a committee the COs of these social media platforms and asked them very complicated and direct questions, and I think you have the power to do the same in your parliaments. I think we should see this in the European Parliament much more, you know, often, and to ask, actually, the social media platforms to be responsible for the safety of our kids.

There's a European debate about raising the age for certain children. We have two initiatives in Romania while we are speaking here, where my former colleagues are actually asking that if you are under 16, you will not be able to access a social media platform today. Thank you very much.

>> BJORN IHLER: Thank you, Pavel. Paul, I'll hand it to you, last but not least.

>> PAUL ASH: Thanks for that. We're just about out of time, so some really quick thoughts here, based on what I'm hearing from these questions.

If I was sitting in your seat, if I were walking in your shoes as a legislator, there are a few things I'd recommend. The first is go back and look at Melvin Kranzberg's Laws of Technology, the first of which is really important here. Technology is not a good nor bad, but nor is it neutral. It is not neutral, and it will have impacts in your jurisdictions that you need to understand, to study, and find ways to grapple with.

The second ‑‑ and I'd go to our patrons' words when the Christchurch Call was launched, Jacinda Ardern, we cannot simply sit back and accept that platforms just exist and that what is said on them is not in any way the responsibility of the place where they are published. They are not just the postman; they are the publisher. And the reason they're the publisher is because the algorithmic curation that privileges some content over others on platforms is not transparent; it influences the way people experience that content, and we need to find ways to grapple with the issues that come out of that.

For regulators, there's a few things that strike me as critically important at the moment. One of those is to go right back to the UN Human Rights. The human rights that have been so hard won and so hard worked for in the UN system over the years are under threat now like never before. And as you think about regulating, as you think about solutions, going back to those is critically important.

I think Mallory and I have probably got a conversation over a cupper at some stage as to whether UN treaty's going to work well or not, because having worked in cyber for years, I've watched the unintended consequences of UN efforts on technology. I've watched things like the Cybercrime Convention, which I think have the potential to be deeply, deeply harmful to all of your constituents if they're not operated well, and I don't have the confidence at the moment that they will be operated well.

So, as you regulate, always go back to the UN Human Rights Aqui and how it afoots.

Coming back to this last point, this can't be a case of all profit and no responsibility. There needs to be a set of multistakeholder conversations. And if you are able to, reach back out from within the seats you sit in, in Parliament to your constituencies, to the technical community, to civil society, and yes, to the platforms, to encourage a multistakeholder conversation and response to this challenge, because it's unprecedented. History tells us that people will behave badly, no matter what technology they have in front of them. But the scale, the scope, the implications of the technologies we're grappling with at the moment are such that we have no alternative but to really double down on trying to find multistakeholder solutions. I'll stop there. Thank you.

>> BJORN IHLER: Thank you very much, Paul. I'm now the only thing standing between everyone and lunch. Lunch is provided in different areas around the conference, and we will all reconvene for a Parliamentary Roundtable session in the Plenary Hall on the ground floor at 2:00 p.m. More information will be shared with the members of Parliament to register for a visit to the Norwegian Parliament later.

Let me thank the panel for their contributions. This was really great. All of these are experts in their own respects, and I believe will be around for the coming days. So, for those of you that had questions that weren't answered, I at least can be grabbed in the hallways for conversations. I'm sure others here can, too.

Thank you all so much for attending this panel and we'll see you after lunch.