Digital Watch newsletter – Issue 66 – February 2022
Download your copy
Accédez à la version française
The three trends that will shape digital policy in 2022
Three main trends will shape the way digital policy will unfold this year. The first is a tug-of-war between governments and companies for economic and political power. The second is a quest by states to assert sovereignty over what’s perceived as the digital realm. The third is a need to protect our digital interdependence, that is, the way the internet has bound us all together.
1. A tug-of-war for economic and political power
It’s usually good news for governments when a homegrown company is able to employ thousands of people, generate millions in economic activity, and invest some of it at home to improve infrastructure and critical assets.
There comes a point, however, when a company has grown so much in economic and political power that it harvests as much personal data as it can, takes out rival companies when it feels a threat, eliminates public figures from its social platforms, and decides the rules of the game for traders using its marketplace. This is the point when governments decide certain companies have grown too much.
Yet, if it were simple to reign in their power, governments would have already done so. And there’s a lot at stake – from huge investments at every level of the economy and thousands of jobs and livelihoods to access to the technology people use to connect instantaneously with family and friends. Take any of that away, and governments are in deep trouble.
This tug-of-way for economic and political power will intensify this year as governments come under increasing pressure from other sectors of the economy and other countries to regain power and influence. But there’s a second battle…
2. A quest to assert (more) sovereignty
Sovereignty is the bedrock of any legitimate ruling system. It gives a government the authority to govern a country and uses geography (and in some cases nationality) to delineate the extent of its jurisdiction.
Geography is easy to gauge: Just look at a map. But the digital realm creates the perception that there is a parallel space that is devoid of geography. And if there’s no geography, how can governments govern the digital realm?
Governments are quickly realising that the digital realm is, indeed, anchored in geography. The information we look up online, in the intangible cloud, is travelling through physical cables that span valleys, mountains, and oceans. The cloud is a network of data centres located in cities around the globe. If it’s linked to geography, it can be ruled. As this realisation grows, so does the quest to rule digital activities and establish a flag of sovereignty over them.
For instance, some countries have taken a sovereign approach to governing people’s data, and have ordered companies to store that data within the country’s geographical borders. Others impose limits on the kind of information people can access online or through the internet, social media, or online games.
Despite a state’s right to assert its sovereignty, some digital aspects require a wider understanding of the issues and a different governance approach.
3. A need to protect digital interdependence
The internet has transformed the world into a globalised society. In modern parlance, the internet has changed us into a continuously interconnected and interdependent community.
This is the world we’ve come to experience and appreciate. There’s no going back from this instantaneous way of communicating and interacting. Without minimising the ugly side of the force, today’s world of digital interdependence has brought many advantages (or digital dividends) for society. E-commerce can’t really exist without access to sellers and customers from other markets. Data flows across borders are crucial for technological innovation. Without data, policymaking wouldn’t be as informed as it is today. It follows that any decision or action that governments, companies, and citizens take should not break this interdependence.
In practice, this requires strong collaboration and cooperation. That’s because we need to bring digital dividends to everyone and to contain the ugly side (data leaks and breaches, misinformation, violent extremism, surveillance, digital divide, and all kinds of risks and threats).
This will require some tough trade-offs on every digital policy issue you can think of – from antitrust and data protection to AI, emerging tech, and cyberconflict. But perhaps the toughest decisions will emerge as governments and companies navigate the redistribution of economic and political power and in the quest for (more) sovereignty.
Predicting 2022: What to expect on issues of security, human rights, and development
A. Peace and security
- Resilience: The possibility of a cyberattack crippling a country’s critical resources rests heavily on governments’ minds. Expect more attacks, but also more measures which deter.
- US-Russia: Expect more (but small) signs of good faith on pursuing and prosecuting cybercriminals. No side will want to throw away what the two achieved in 2021.
- Standards: IoT’s weaknesses will be addressed, in part, by a push for new security standards.
B. Human rights
- Ethics: AI has had its fair share of attention; metaverse is next. Expect deeper reflections on technological progress and humanity’s future, and on a new (digital) social contract.
- GDPR: Data transfers of European citizens to the USA need a legal basis. Companies will call for legal certainty and for rapid outcomes to ongoing negotiations.
- Inequalities: As the pandemic starts to lose its grip, we’ll be coming to terms with the digital gaps it exposed and exacerbated.
C. Social and economical development
- Antitrust (and gig work): Expect new antitrust rules from the EU (DMA/DSA) and from China, and more legislative debates in the USA.
- WTO: If the group of like-minded countries working under the Joint Statement initiative are as successful as last year, it would mark a comeback for the WTO.
- Semiconductors: Expect new rules from the EU and major investment by US companies to wean off their dependency.
A month-by-month forecast: Top events to follow in 2022
The digital policy calendar in 2022 will be as busy as ever. Not only will it include the events on typical issue areas of digital policy (cybersecurity, e-commerce, and the rest), but will also feature mainstream events which will tackle digital aspects. Here’s our list of events to watch for.
DSA and DMA: A start-of-year recap
This will be a critical year for the regulation of tech companies. Europe is progressing particularly fast: The draft Digital Services Act and a Digital Markets Act are now being negotiated by the European Parliament and the EU’s Council (representing member states). Here, we track their progress and what this means for Big Tech.
There’s a lot going on right now in transatlantic digital affairs. The USA and the EU are working out a new post-Privacy Shield arrangement (that will give US companies the legal basis they need for transferring EU citizens’ personal data to the USA). There are also home turf negotiations on how to implement the OECD’s new global tax deal. Over at the Trade and Tech Council, how to cooperate on semiconductors is one of the main issues.
In addition, there will soon be two new pieces of EU legislation – the Digital Services Act (DSA), and the Digital Markets Act (DMA) – that will impact Big Tech directly. The pressure is on for policymakers, as the French Presidency of the EU Council wants to see these materialised as soon as possible.
Regulating tech companies
Both draft laws aim to regulate online platforms, which is why they are often discussed together. Yet, they regulate different aspects.
The DSA is concerned with harmful and illegal goods, services, and content online. The DMA addresses competition and antitrust issues. See the fact box below.
Across the pond, the US government is in a bit of a bind. It wants to advance its antitrust agenda on its home turf, but also wants to defend US tech firms overseas. Of the two, the transatlantic issue is a more serious problem. It’s been reported that the US government has called on EU policymakers not to raise the threshold for defining gatekeepers under the DMA. The higher the thresholds, the more concentration around Big Tech the law will be – something the USA thinks is discriminatory.
There’s even more bipartisan pressure on the administration to tackle this with the EU. The Senate Finance Committee thinks that both laws ‘must apply equally to firms based in Europe, China, the United States, and other countries’ in order to not give non-US companies a competitive advantage. Still, this argument is unlikely to hold water, considering that the world’s most valuable tech companies are US companies.
Back to our first prediction
Perhaps the biggest worry, at least for Europe’s network of consumer organisations, is that Big Tech companies are able to dilute the rules during the trialogue phase. ‘Big Tech firms are therefore throwing immense resources (that they can easily afford) on a scale rarely seen to influence, persuade and cajole members of the European Parliament, member state governments and European Commission officials to roll back the obligations the DMA would impose’, BEUC’s deputy director-general wrote.
‘Not only are they lobbying in their own names, but they are also deploying trade associations, think tanks and “favourable” academics to mirror, endorse, and amplify their arguments. They have even claimed to represent the best interests of small and medium-sized companies (!), much to the annoyance of genuine SME representatives.’
Talk about a tug-of-war.
Digital Services Act (DSA)
Digital Markets Act (DMA)
What will they regulate?
They both aim to regulate tech companies:
The DSA is concerned with harmful and illegal goods, services, and content online.
It will replace the E-Commerce Directive (2000).
The DMA is concerned with competition and antitrust issues.
It will broaden the range of existing measures for investigating and correcting market practices by creating ex ante rules that prohibit certain behaviours.
Who will be regulated by the new laws?
Intermediary services, that is, companies whose business places them between sellers and customers.
Companies will be categorised according to the type of service they offer, that is:
These definitions are still up for debate. The EU Council, for instance, thinks that the law should include a reference to online search engines; there’s no such reference in the Parliament’s draft.
Gatekeepers, which in practice means only a small number of tech companies.
The original proposal defines gatekeepers as those companies that control core services on the internet, and which service more than 45 million users and 10 000 business users in the EU per month.
One open issue relates to this definition. The European Parliament, for instance, thinks that smart devices such as virtual assistants should be added to the list of core services due to their growing demand. The Council calls this ‘voice assistant technology’, which could be interpreted a bit differently.
Another question relates to the size of companies: the proposal targets companies with more than €8 billion in annual turnover and a market value of €80 billion. While the Council and Parliament are likely to agree, there will be rebukes from across the ocean.
How will companies be regulated?
This depends on the type of intermediary services. The original proposal describes a basic set of obligations for intermediary service providers but heftier rules for the other categories. This means more transparency and consumer protection-related obligations for these companies.
Up for serious debate is a list of stricter obligations for online marketplaces and very large online platforms – such as rules on how to tackle illegal and harmful content – something which both the Council and the Parliament want. This is where the crux of DSA negotiations lies.
The original proposal lists what a gatekeeper is prohibited from doing, such as giving preference to its own goods and services over those of others using its platforms.
Things a gatekeeper should do include allowing users to uninstall native software and allowing business users access to the platform’s data.
The Council and Parliament are asking for more. For instance, a ban on the use of children’s data and easier ways for users to unsubscribe from a core service. The devil will be in the details.
How will digital standards shape geopolitics?
After a lot of positioning last year, digital standards will this year regain a central focus in geopolitics. This text provides a short ‘navigation guide’ for the digital standardisation space.
Standards provide blueprints for future tech developments – from data flows and AI, to 6G and consumer economics. By influencing digital standards, companies and countries will try to promote their values, interests, and technical strengths. Digital standards, especially in AI and data, will have far-reaching consequences on human rights as well.
There are two ‘temporal’ aspects of digital standardisation. First is historical evolution consisting of three main phases in digital standardisation: during the 1980s, the dominant actors were the USA, the UK and Germany; during the 1990s the shift towards Asia started with the prominent roles of Japan and South Korea reflecting their fast digitalisation; during the 2010s China emerged as a prominent actor especially concerning Huawei's impact on 5G standards. China’s growing standardisation footprint has prompted increasing interest in digital standards in the media and governments worldwide.
The second temporal aspect is the duration of the standardisation process ranging from the extremely short duration of 9 months, which rarely happens to 18 months, which is realistic and fast to 3-4 years which is the most common duration needed to develop digital standards.
Two leading tech powers – the USA and China – are positioning themselves as the major actors in digital standardisation. The USA’s tech experts and companies have been shaping digital standards for decades, including core internet norms and telecommunications standards.
During the 2010s China ramped up its efforts at being active in as many forums as possible. It is part of the broad Chinese strategy to evolve from being a user to a producer of digital standards. For example, its go global approach, China tries to export national automobile standards for self-driving and autonomous vehicles on a global level.
Standards play a critical part in the EU’s value-based digital policy as a way to link technology to human rights, the rule of law, and global public goods. India and other actors, mainly from Asia, are increasing their involvement in digital policy. Most African and developing countries are absent from digital standardisation processes.
Standardisation organisations in Geneva work on more inclusive standard-making processes via capacity building, peer learning, seminars, and publications as outlined in, for example, ISO’s action plan.
Thousands of standards shape our digital world, from the way hardware is designed to how internet traffic flows. However, some standards are more prominent in public discourse.
The New Internet Protocol (IP) caused considerable stir in 2019 when it was proposed in ITU-T’s Telecommunication Standardization Advisory Group (TSAG) by Huawei, China Mobile, China Unicom, and MIIT.
The New IP was presented as a way to design ‘a new information and communications network with [a] new protocol system that satisfies and serves for the future.’
The concerns were diverse – from those that suggested that users’ privacy would be affected to arguments that it would replicate something which already existed and worked well. Eventually, the proposal was shelved, but there are several lessons to be learned from this process.
AI, data flows, facial recognition, quantum computing, IOT, and 6G are among the issues that will emerge on the standardisation agenda.
Traditionally, digital standards have been developed by international standardisation organisations (ISOs) based in Geneva: the International Standardisation Organisation, the International Telecommunication Union, and the International Electrical Commission.
Second, a wide range of highly influential technical and business standardisation organisations and initiatives are involved, including the IETF for the internet, the 3GPP for 5G, and IEEE for AI.
Digital standards have also been raised in diplomatic agendas worldwide. For example, China is pursuing digital standards in APEC, BRICS, and the Belt and Road Initiative. Digital standards are high on the agenda of the US-EU Trade and Technological Commission.
Digital standardisation processes will be shaped by the interplay between strategic competition and the necessity for cooperation. There is a shared and strong interest of tech companies from both China and USA to have common digital standards globally enabling easier access to markets worldwide.
On the modus operandi of digital standardisation, the main challenge has been to build cross-cutting impacts of digitalisation into new standards by design. For example, technical standards for facial recognition directly impact privacy protection. AI standards can support the right to non-discrimination. Environment and digital will come into closer proximity through standards for dealing with e-waste and the circular economy.
For in-depth information, consult The geopolitics of digital standards: China’s role in standard-setting organisations, a study published by Diplo/Geneva Internet Platform and Multilateral Dialogue Konrad Adenauer Foundation Geneva. Consult also the digital standards section of the Digital Watch Observatory.
Digital policy developments that made headlines
The digital policy landscape changes daily, so here are all the main developments from January. We’ve decoded them into bite-sized authoritative updates. There’s more detail in each update on the Digital Watch Observatory.
Global digital architecture
UN Secretary-General Antonio Guterres urged member states to ‘speed up work on banning lethal autonomous weapons, and to begin considering new governance frameworks for biotechnology and neurotechnology’.
Australia and the UK concluded a new Cyber and Critical Technology Partnership.
China published a plan to foster the development of the country’s digital economy. Malaysia launched two initiatives to support digital trade and the growth of the digital economy.
Ukraine accused Russian hackers of being behind a massive cyberattack, taking down about 70 government websites. Russia took down ransomware crime group REvil.
Experts and civil society groups urged the Ad Hoc Committee working on a potential UN cybercrime treaty to embed human rights protections in the document.
The UK announced draft legislation to improve cyber resilience.
Figures released by the Internet Watch Foundation show that 2021 was the worst year for child sexual abuse online.
E-commerce and Internet economy
France’s data protection authority fined Facebook and Google for not complying with cookie rules. China’s market regulator fined tech companies for undeclared acquisitions. The US Federal Trade Commission (FTC) and the US Department of Justice announced a review of merger and acquisition approvals to ‘address unique problems raised by the tech industry’.
The European Parliament adopted the Digital Services Act, paving the way for further negotiations on the act, between the Parliament, Commission, and Council. More on pages 8–9.
The European Commission launched a tender for the deployment of a recursive European domain name system (DNS) resolver service infrastructure.
The Wi-Fi Alliance announced a new wireless standard. The Coalition for Content Provenance and Authenticity launched a technical specification for content provenance.
The European Commission proposed a European declaration on Digital Rights and Principles.
Meta was sued in the UK for gathering users’ data without compensating them. The European Commission asked WhatsApp to clarify its personal data processing practices by the end of February.
The European Data Protection Supervisor ordered Europol to erase personal data not related to crime.
Civil society groups called on the UAE to bring its new law on combating rumours and cybercrime in line with international human rights standards.
The US Congress committee investigating the 2021 Capitol attack ordered YouTube, Facebook, Twitter, and Reddit to provide records relating to the spread of misinformation and violent extremism.
Jurisdiction and legal issues
The Austrian Data Protection Authority ruled that Google Analytics (in German) violated the EU’s General Data Protection Regulation.
In the USA, four attorneys general sued Google over use of ‘dark patterns’ to track people’s location. The General Court of the EU annulled a €1.06 billion fine imposed on Intel by the European Commission in 2009.
China issued new rules for algorithm recommendation technologies (in Chinese) and published a draft regulation for deepfake technologies (in Chinese). The UK announced the establishment of an AI Standards Hub.
Egypt’s telecom regulator issued a regulatory framework for providing IoT services.
France launched a quantum computing platform to facilitate access to quantum resources for researchers and companies.
Policy updates from International Geneva
Many policy discussions take place in Geneva every month. In this space, we update you with all that’s been happening in the past few weeks.
18 January | Swiss Digital Initiative’s launch of the Digital Trust Label
After more than two years in the making, the Swiss Digital Initiative launched the Digital Trust Label, which marks the world’s first label for digital responsibility.
SDI Foundation president Doris Leuthard explained: ‘Similar to the organic label and a nutrition facts table, the Digital Trust Label acts as a seal of trust in the digital world.’
In order to obtain the label, digital services are audited on 35 criteria related to security, data protection, reliability, and fair interaction with the users. The criteria catalogue was created by the Label Expert Committee, under the leadership of École polytechnique fédérale de Lausanne (EPFL), and chaired by Stephanie Borg Psaila, Diplo’s Director for Digital Policy (and editor of this newsletter)
25 January | Roundtable – How to prevent cyber threats and participate in cyber peace
The roundtable, organised by the CyberPeace Institute, addressed the rise of cybercrime and cyberattacks and the most widespread cyber threats. Panellists from the private sector and international organisations discussed solutions and practices that can be adopted to prevent and mitigate the issues and to work collectively towards a more peaceful cyberspace.
25-27 January | DC³ Conference – From Cryptocurrencies to CBDCs
The three-day Digital Currency Conference (DC3) organised by the Digital Currency Global Initiative, a joint collaboration between ITU and the Future of Digital Currency Initiative at Stanford University, brought together industry experts and practitioners to discuss the latest developments related to central bank digital currencies (CBDCs), cryptocurrencies, and stablecoins. The parallel tracks and deep-dive sessions looked at standardisation issues and cross-border interoperability, security and privacy challenges, and financial inclusion. If you missed the event, recordings of the sessions and presentations are available.