Data vs Regulation

Doesn’t this look like fun?

Anyone with an interest in how online marketplaces and platforms like Uber and TaskRabbit that are creating the future of work might build trust in the future with both the market and with government regulators should be reading what my friend Nick Grossman has to say about the subject.

Nick’s basic theory is that traditional, government regulatory mechanisms is based on up front permissioning via licensing, comprised of some combination of inspections, testing, offline data pulls such as background and credit checks, and payment to the regulatory body, without which you couldn’t start your business. Such regulation is slow and expensive to comply with, creating barriers to entry and stifling new business formation. They are also one-time — with at most renewal requirements every few years and random inspections to theoretically deter suppliers from future non-compliance.

Contrasted with these are the regulatory mechanisms of online platforms such as Uber, AirBNB, and TaskRabbit — and make no mistake about it, regardless of the employment status of the suppliers on their platform, they are engaged in regulation every bit as much as governments are — which are based on a continuous stream of data via customer ratings, sensors, and inline, real-time third-party data such as social network profiles. Online methods are constantly being updated in real-time and require no special inspection or renewal because compliance is being inspected and verified with every transaction.

However data-based regulation has its shortcomings as well. The first is that when a new provider joins the platform, sufficient data on that particular provider will not yet exist to establish that they do not present a risk to the public (let’s say X data points are needed to make an accurate determination of risk level and set X to 10 for the sake of argument for this post). The second is when it is difficult or impossible for regulators — government or platform — to collect data that is predictive of future or current public safety. The third — really a subset of the second, but given the reliance of most platforms on customer ratings as the primary source of regulatory data is worth calling out — is when the risk factors are not something customers are able or trained to identify.

With this in mind, it becomes clear that some industries and markets are better suited for alternative, data-based compliance, and others where traditional, licensing-driven regulation should be preserved (though possibly supplemented with data)

I therefore propose three tests to determine whether an industry can be regulated by the type of alternative compliance mechanisms Nick proposes:

  1. Is it safe to allow new suppliers to deliver their first 10 transactions before sufficient data can be collected for regulation? (I call this “the 10 transaction rule”)
  2. Are regulators able to collect data that is predictive of public safety in future or current transactions?
  3. If customer ratings are the primary data, are customers able to identify factors that create risk to public health and/or safety?

If the answers to the above are all yes, then that industry can appropriately be regulated according to a data-driven, permissionless method.

Nick’s post proposed a specific alternative regime for peer-to-peer food-sharing. This is an interesting space to look at, because food poses a particularly challenging case. His proposal is far more nuanced, but can be summed up as relying on user reviews and ratings — potentially supplemented with some sort of sensor data — to identify the “non-compliant” cooks and remove them from the platform,.

Applying my proposed heuristic, I arrive at the conclusion that food safety does not qualify for this model of alternative compliance [1]:

1. Is it safe to allow new cooks to deliver their first X meals before sufficient data can be collected for regulation?

Risk is the probability of a negative outcome times the impact of that outcome, i.e. what are the odds of something bad happening times how bad would it be. To ask whether something is safe is to ask whether it is not risky. I would argue that cooking on a commercial scale — even preparing and cleaning up for 20 meals a night — is quite different from cooking for 2 or even 4 people, and requires different safety measures. Therefore the probability of food-borne illness is increased from personal, non-commercial cooking, particularly if individuals who aren’t really great cooks try to get on the platform as a way to make a buck. The impact of selling one batch of salmonella-infected chicken is high. Therefore overall safety risk is significant, therefore it is not sufficiently safe by the standards set in the US for government to be the watch guard of public health.

2. Are regulators able to collect data that is predictive of public health in future or current transactions?
3. If regulators depend on customer ratings, are customers able to identify factors that create risk to public health?

Unfortunately customer reviews of food or meals are unlikely to catch food safety violations until well after the fact — if at all — because customers do not generally see food storage or preparation. The counterargument is that if customers pick up their food from the cooks they will be able to see and judge their kitchens, but I’m not convinced that customers know how to identify food-safety issues, and they still won’t get a look “behind the scenes” as to how the food was made. If specific harm could always be reported, it would be an effective means of regulation, but as anyone who has ever gotten food poisoning knows, the source is not always easy to trace.

Nick’s alternative regulatory regime also includes the possibility of sensor- or other technology- based solutions to these regulatory challenges. This possibility is intriguing, and could be an attractive business in its own right, but at least in this case the solution for monitoring all of the disparate parts of a kitchen and cooking process to provide sufficient data for a regulatory regime driven by data alone is sufficiently non-obvious that it needs to be assumed that it won’t work until demonstrated otherwise.

Other industries such as construction and health care also suffer from the difficulty that customer ratings are not necessarily indicative of risk, because customers are not trained to spot safety risks.

Now let’s contrast this with livery, or taxi cabs, which present a very different profile. Livery is a positive example of qualifying for alternative compliance under the proposed heuristic, as follows:

1. Is it safe to allow new drivers to perform their first 10 rides before sufficient data can be collected for regulation?

I would say the answer here is yes. Providing commercial rides to a passenger isn’t really that different from giving a ride to a friend or just driving yourself, particularly in the era of point-to-point navigation. Significant amounts of data to prove this by ride-hailing platforms such as Uber and Lyft at this point as well, showing them to be as safe if not safer than traditionally licensed taxi cabs. A lot has been made about the question of background checks for drivers and assaults on passengers, but in reality the risks of an incident with an Uber or Lyft driver regulated by alternative compliance mechanisms is probably lower that with a traditionally licensed cabbie, if nothing else b/c every ride is logged and the entire route and time spent at each location can by tracked by GPS, providing the possibility of full accountability (whether Uber and/or Lyft have lived up to this possibility is a separate question). Suspicious behavior can be flagged, and reported incidents can be immediately corroborated with the data and dealt with.

2. Are regulators able to collect data that is predictive of public safety in future or current transactions?
3. If customer ratings are the primary data, are customers able to identify factors that create risk to public health and/or safety?

The answer to both of these questions is unequivocally yes. Riders are qualified to identify unsafe or inappropriate behavior by drivers, and it is easy and frictionless for them to report this in ratings and reviews. The GPS data from both rider and driver phones should be adequate for most technical reviews of the driving data, and as Nick points out, a connection to the OBD port can easily provide any additional data required.

What does it all mean?

One takeaway is that it is important to avoid getting caught up in dogma and not try to impose this model in areas where it does not work. This is true even if — as I suspect — most industries will lend themselves to being regulated in this way as long as alternative compliance is carefully considered and thought through by all stakeholders.

A second takeaway, alluded to above, is that the details really matter. It’s not enough to leave it to the platforms and marketplaces to set their own standards, or to point to their growth as evidence that their regulation and compliance mechanisms work. The platforms might be the best suited to draft the initial proposals, but members of the regulatory bodies should participate and in the conversation and ultimately review and approve any officially sanctioned alternative compliance mechanism.

What is the way forward?

Getting this done will be difficult, but change always is. Nick has a number of good proposals for how this could happen in the real world.

One way to get regulators and the public sector in general more comfortable with data-driven regulation would be to initially use it to supplement, rather than replace, existing regulation. It could also run in parallel to existing regulation, as it does for livery drivers operating on Uber or Lyft’s platforms in NYC, giving regulators an opportunity to compare the results of each mechanism.

Gradually, as legislators and regulators grew comfortable with it over time, the compliance officers of the marketplace companies operating in these spaces could work with their public sector counterparts to look for ways to expand the data-driven requirements of regulation and, at a pace that is comfortable to everyone, replace the licensing-based requirements with them. As normal generational shifts start to place millennial that grew up with such marketplaces as “normal” into government roles, this pace will accelerate.

[1] Note that I am expert in neither food safety nor driving safety, and as such my attempts to answer these screening questions for these specific industries is meant to be illustrative rather than technical. The idea of using this filter holds regardless of whether my risk assessment is incorrect.