1 Introduction

The Internet is more than a leap ahead for the information society. The Internet, both in itself and in its fruits, marks a positive step-change leap in human social development. Can we say anything intelligent as to the future shape of such an overwhelming process?

Ian Morris, in his magisterial assessment (Morris 2010) of the lessons of the last 16 or so millennia, has drawn out some striking patterns of global social development through human history. If we were to apply those patterns to the Future Internet, treating it as an epoch of human history, what might we learn? Current fears would not dissipate entirely: the big breakthroughs, both upward in civilisation and back into dark ages, may produce in future, as in the past, organisational dominance of systems such as the Net. But disruption and growth may come also from peripheral players acting in response to backwardness, exploiting the unexpected advantages of handicap against smugger incumbents, and saving humanity from both stagnation and oligopoly.

Morris also serves as a reminder that, for the Future Internet as for the long history of humankind, the degree of organisation, of control, even of bureaucracy, could be the result of complex social mechanics, rather than an exogenous matter open to be settled by the will of leading actors. In human society down the ages, freedom-lovers on the frontiers have often been drawn into "heavier" models, not by bureaucrats and kings, but by the dynamics of their own environment. Humans did not domesticate dogs, dogs became domesticated by the mere presence of sedentary humanity. We may not get to choose.

That perspective calls for deeper humility than most of us show in enunciating as truths the Internet Principles best suited to our peculiar present preferences. And it is certainly not the purpose of this brief note to explore futuristic perspectives for the Internet as a whole in any depth.

The narrower goal here is to draw attention, on the microscopic level, to the issue of Internet corporate behaviour, where a shorter historical perspective offers off-line evidence of what works, and where recent Internet signals also suggest positive progress. Progress beyond a debate of principle apparently isolated from the "real world" and ignoring its historical evidence. Progress towards the pragmatic acceptance of proportionate corporate responsibility.

2 What Could the Off-line History of Corporate Responsibility Teach the Internet?

To dip a toe in the waters of the Internet debate is to bathe in the Fountain of Youth. There have been a good 20 years of rapid evolution in the concept of corporate responsibility (Zadek 2001). The propriety and limits of business concern for matters beyond the shareholder dividend has been, in my personal experience, a central issue, to take but two examples, in the advance both of economic globalisation (Madelin 2000) and of health promotion in the food and drink value chain (cf. http://ec.europa.eu/health/nutrition_physical_activity/docs/evaluation_frep_en.pdf; http://ec.europa.eu/health/nutrition_physical_activity/policy/implementation_report_en.htm). The Internet discourse seems to an incomer typically to affect a high degree of naivety, or simply of Internet Exceptionalism, in relation to that evidence. This purely personal article seeks to highlight the relevance of applicable learnings from non-Internet experiences. Neither those learnings nor corporate Internet thought are static, or indeed monotonic. The locomotive of Internet Responsibility seems this year to be building a welcome head of steam. The hope now would be that a more active exchange of knowledge could help the train to gain momentum.

What have we learned about voluntary cooperative action in the last three decades? There is a body of literature available, whose synthesis would be beyond the scope of this note, drawing on multiple case studies of failure as well as of success.

At the level of the firm, the business school prescriptionFootnote 1 would be that corporate strategists need to align the goals of the firm with the needs of the societies whose markets they intend to serve. This means that, properly understood, corporate "social" responsibilities (CSR) for people and planet, profits are structural and not skin-deep: a matter for the line and not for the PR department. The alternative, infant approach to CSR, seeing it as a deterrent to regulators and a sop to civil society, is to be dismissed. It is not only unsustainable in today's disrespectful and well-informed world; it is a source of risks, cost and error, whereas the strategic embedding of responsible behaviour is a reliable source of public but also corporate value.

So, defensive self-regulation does not often work at all, and never for very long. At the other extreme, companies that learn to understand and align on societal challenges, to work with society, and not merely for it, to contribute to a solution, are going to extract trust and value from their endeavour.

If corporate strategy seeks alignment with societal needs, are there then particular consequences for the ways in which strategy should be executed? Here again, a clear, if challenging, best practice toolbox exists (cf. European Commission/DG for Health 2006).

Paradoxically, the first rule would be that the goals and mechanisms of CSR self-regulation must be co-owned: that is to say, strategy must be co-created by the firm in partnership with all other actors having an interest in the societal challenge to which a company's behaviour is intended to respond. Consultation down the track on "what companies intend" is no substitute.

Beyond cooperative conception, the process of implementation is also best seen as a continuous cooperative learning loop, rather than the one-off, heroic and solitary execution of a company plan. This puts the emphasis on collective monitoring and objective reporting. Briefly, this requires the development of co-owned metrics, with unconflicted (even third-party) accountability reports and with the active involvement of all those who took part in the initial design in regular reviews of progress and adjustments to planned next steps.

An Internet-enabled tool for co-ownership lies in the distributed power of Web 2.0: there are good, bad and half-baked instances of Web 2.0 CSR. Two highly inspirational examples would be a drinks company filming customers' testimony as a driver for responsible use (cf. Diageo: http://www.nightlife-confessions.com), and a sportswear company putting its factory locations on-line (http://nikebiz.com/responsibility/documents/factory_disclosure_list.pdf) so that local civil society pressure can help to keep factories running ethically, and trusted to do so. The emerging blueprint here strikes the author as offering an optimistic future, based around collaborative governance to better meet societal expectations. Behaviour coming out of this space flies well above introverted and distrusted self-regulation and skirts the turbulent "statutory disorder" that results almost inevitably from attempts at slow-moving regulation in the fast-moving Internet world. The blueprint requires innovation and risk-taking on the part of all: civil society and government as well as corporate actors. It requires sustained, open-minded effort. It is not a substitute for law, government or the regulator: indeed, it can help to create alliances that will strengthen the case for a legislative backstop or even for the law as an alternative to CSR, in some cases. But it is a blueprint that requires, as a threshold condition for its more active exploration on-line, a sense of responsibility from Internet corporate leaders.

3 Where is the Internet Debate on CSR?

Turning to the Internet, the responsible European Commission Vice-President, Neelie Kroes, has spoken out in favour of proactive risk-taking by responsible companies,Footnote 2 and has spoken against a reductionist vision of Internet actors as "atoms",Footnote 3 held together by a Hobbesian Leviathan or not at all. The G8 conclusions from Deauville this spring speak equally clearly (G8 Deauville Declaration 2011) of the need for the principles of a democratic society to receive the same protection, with the same guarantees, on the Internet as everywhere else. All leaders involved in recent debate, both at G8 and OECD level, have made clear that they wish to reconcile Internet growth, speed and innovation with society needs, doing so in a way that is deferential to the ability of corporate actors to go first, go fast, and fix the problem; they have made clear that governments "get" the special needs of the Internet and intend to give full weight to them in assessing the cost–benefit trade-offs of any regulatory burden, whether that burden be envisaged as voluntary or as created by law.

In response, Internet operators have situated themselves at different times rather differently on the spectrum of corporate identity: sometimes as "responsible" actors, and sometimes merely as "law-abiding". CEOs cannot necessarily be blamed for this, since the legal discourse around responsibility is itself still fluctuating. Compliance lawyers and lobbyists lay very heavy emphasis on limited liability of the "mere conduit" under EU law. At its worst, this zero-sum defence gives inadequate weight to the scope in EU law for Member States to require at least certain service providers to apply additional duties of care, normally to be specified in national law. Recent judgements (ECJ judgment in case C-324/09, 2011) of the European Court of Justice also point to a more nuanced account of responsibility and its limits.

Against this background, where proactive corporate attitudes seem on the rise, where the Court points to a new balance and yet where consensus still evades us, some actors now proposeFootnote 4 that the boundaries of limited liability be more narrowly drawn, distinguishing the sophisticated and active from the technical, automatic and passive actor. It has also been proposed that the duty of care should be taken out of the preambular language of EU law and made explicit, at least in such areas as IPR enforcement. This would certainly take the regulatory part of the overall burden on the Internet beyond the current mix of national legislation (in practice largely absent) and ad-hoc injunctive direction.

The debate thus launched on greater legal clarity will run for some little time. That leaves the space and time needed for voluntary cooperation to give greater proof of its worth. Presumably, the legislative debate as it evolves will respect the goal restated so recently in the OECD, of minimising burdens on Internet operators, so that feasibility and proportionality will be given full weight. The ECJ certainly gives full weight to the degree of active involvement of platforms in serving up or merely transmitting information. Regulatory tradition in Europe would in addition suggest the need, on grounds of proportionality, to exclude very small players from the sort of burden that established, and certainly major global players, could take in their stride.

That this is not going to be an easy or calm period of reflection was made clear most recently in the EU legislative endgame around child pornography. Here, a careful debate of principle took place between legislators, who felt that the need for action against child pornography was paramount, and those who felt that blocking and filtering measures would not only be of marginal benefit, but would end the exceptional state of the Open Internet, and set a dangerous precedent for corporate censorship, under public pressure, in other fields. In the event, the emerging consensusFootnote 5 could well provide that Member States not only shall take the necessary measures to remove web-pages containing or disseminating child pornography hosted in their territory, but may take measures to block access to other such web-pages. There would however be clear recognition that both the mandatory and the voluntary provisions could be fulfilled by various types of public action, legislative, non-legislative, judicial or other, and that the provisions are intended to stand without prejudice to voluntary corporate action.

4 What Next?

It would seem that the public policy discussion of the first half of 2011, together with the work of the ECJ, has considerably clarified the framework of principle and the meaning of applicable law around Internet corporate and collective voluntary action. The Internet should be managed in a manner that delivers the same guarantees for society's key goals as are available off-line.

International debate has identified a clear set of priority concerns for global society. As listed in Deauville, they would include: the openness, transparency and freedom of the Internet; freedom and security, transparency and respect for confidentiality, as well as the exercise of individual rights and responsibilities. The action agenda includes protection of children and the continued drive to enhance global Internet access, network security, the protection of personal data and individual privacy, as well as of intellectual property.

There is a priori no preference for achieving society goals by legislation over voluntary action or vice versa but, in both cases, transparency, legal certainty and judicial redress have been identified as important safeguards of good functioning. All actions should be framed in full recognition of what is feasible and should minimise burdens on the Internet value chain, respecting the smaller players and reflecting the varied degree of active involvement that different businesses may practice.

An opportunity now exists, and will exist for a reasonable but perhaps limited window, for the corporate Internet to show leadership. The trend is towards embracing cooperative voluntarism. But a more widely shared and consistent commitment to responsible and not "merely" law-abiding behaviour would be the next step. Equally crucial would be a commitment to co-ownership of self-regulatory execution, since execution has hitherto revealed itself on the Internet to be rather business-dominated, and even secretive, in the formative stages of most specific current endeavours.

If such a willingness to engage were to emerge more widely, the question would then arise as to the most effective organisation of cooperative action. Should cooperative voluntary action pop up in little islands of enlightenment, determined by the strength of the self-regulatory tradition in certain jurisdictions and the strength of feeling, also variable across jurisdictions, around one or other of the action goals set out above? Alternatively, is there a benefit to be had at reasonable cost from some overarching frame to what must remain a series of discrete and focussed experiments? Can the management of multi-stakeholder answers to child pornography, stalking, privacy abuse and IP rip-offs be entirely distinct? Or does the overlapping nature of the necessary responses to these challenges require at least that even distinct voluntary responses, carried forward separately, be reported in a networked manner and against a common set of best practice benchmarks? One can explore the latter possibility without conflating either the objective gravity of the problems in question or the level of (self-imposed) burden that may be justifiable in order to protect against them. Neither road leads certainly to disaster, but it seems very clear that the more joined-up approach would promise greater consistency, faster mutual learning, probably higher levels of trust in individual solutions as they emerge and certainly greater recognition for the separate efforts of each stakeholder.

5 Conclusions

The Internet is not a parallel universe. Society's on-line and off-line expectations are essentially the same and the best practice voluntarism that frequently meets those expectations off-line can produce similar light-touch benefits on-line. There are glimmers of evidence that the tide of proactive CSR is rising. Now is a good time for more leaders to join that flow. The more joined-up the value-chain's pattern of action can be, the lower the risk of incompatible responses across different jurisdictions, and the lower the risk of resulting obstacles to the effective exploitation of the Internet's myriad benefits to 21st century human society.