Digital Watch newsletter – Issue 40 – May 2019
Every month, we analyse hundreds of developments to identify the trends in digital policy, and the unfolding issues that drive it forward. These are the key trends in May.
1. Huawei controversy wages on
In April, we wrote about the controversy around Huawei products and how they are seen by some countries as a threat to national security. Several developments took place meanwhile, keeping Huawei in the headlines.
US President Donald Trump issued an executive order banning ‘any acquisition, importation, transfer, installation, dealing in, or use’ of technologies by persons under US jurisdiction, where the transaction involves entities ‘owned by, controlled by, or subject to the jurisdiction of direction of a foreign adversary’ and poses risks to US security. In practice, the order bans the export of US technology (including intellectual property (IP)), unless a special licence is issued by the Department of Commerce (DoC). The ban does not affect current products and software versions, but it will impact innovations and future upgrades.
To ensure the ban directly targets Huawei, the DoC added the company to its Entity list – a trade blacklist banning US entities to trade with them without government approval.
Soon after the order was issued, several companies, including Google, Intel and Qualcomm, announced they would no longer sell their technologies to Huawei. What does this mean for the Chinese company?
In the short term, the effects will likely be limited. In the medium term, Huawei will struggle to develop its own software and hardware components that it can no longer import from companies adhering to the US ban. But, in the long term, if it manages to develop its own know-how, the company might end up being even better positioned on the global market. Beyond Huawei, by cutting ties with Chinese technology giants, the order may also impact US tech companies, the US economy at large, and even the global technology innovations. Read more
2. Christchurch Call: Eliminating online violent extremism
In March 2019, a terrorist attack against two mosques in Christchurch, New Zealand, was live streamed for 17 minutes. Although this seems like a short time, violent content spreads online very fast, demonstrating once again why quick reactions are essential for taking it down. Two months later, New Zealand Prime Minister Jacinda Ardern and French President Emmanuel Macron launched the Christchurch Call to eliminate terrorist and violent extremist content online.
Supported by 18 countries and multiple tech companies, the Call outlines voluntary commitments to prevent the dissemination of illegal content. The USA did not endorse the Call, apparently due to ‘free-speech concerns’. China, Russia, and Middle Eastern countries are not among the signatories either, and one possible explanation could be that they would prefer a multilateral framework to address such issues over this type of initiative.
What is notable about the Call? First, it refocuses attention from Facebook, Google, and Twitter to a wider set of online service providers within the reach of national jurisdictions. So, instead of long negotiations with large tech companies, governments may be able to order Internet service providers (ISPs), for example, to block access to illegal content. The message here is clear: Governments have been patient long enough; now it is time for stronger regulation. This is in line with regulatory developments in other digital policy areas, such as online taxation and e-commerce.
Second, the Call makes reference to long-term solutions, such as education and capacity building, media literacy, and research into new technical solutions. However, there are several issues which still need to be tackled. To start with, what is ‘violent extremism’? This is a long-standing and crucial political challenge that needs to be addressed sooner rather than later. Then, the Call promotes the use of tech solutions. But can we rely on technology, including artificial intelligence (AI), to filter violent content, if we do not even have a universally agreed definition of violent content? How about the risk of incorrect decisions taken by algorithms?
And, third, the Call talks about the need for ‘immediate, effective measures’ to mitigate the dissemination of extremist content. There are ongoing discussions within several frameworks, including the European Parliament and the G7, about asking Internet companies to remove materials within one hour of identification. But, considering the Christchurch attack, will one hour be soon enough?
Beyond the Christchurch Call, Canada’s new Digital Charter also tackles online hate speech and violent extremism. Announcing the charter, Prime Minister Justin Trudeau said that ‘social media platforms must be held accountable for the hate speech and disinformation we see online, and if they don’t step up, there will be consequences.’
Both initiatives reflect an ongoing push from governments for strong regulations to ensure that platforms take more serious measures to curb the spread of illegal content online. The G7 Summit in August 2019 is expected to discuss these issues as well.
3. Facial recognition technology raises alarms
The use of facial recognition technology by public authorities remains controversial, due to concerns about potential negative consequences on human rights. These concerns were acknowledged this month in San Francisco: The city’s Board of Supervisors adopted an anti-surveillance ordinance which, among other provisions, bans the use of facial recognition tools by the police and other city departments.
The ban was largely motivated by human rights considerations. If law enforcement agencies (LEAs) rely on facial recognition, this can lead to biased and discriminatory decisions, including false arrests. As Microsoft explained in April, when announcing a decision not to sell its facial recognition technology to a Californian LEA, innocent women and minorities are at a high risk of being improperly targeted. The algorithms used to feed the technology are largely trained on photos of males and white people, as demonstrated by a study carried by researchers at the Massachusetts Institute of Technology and Stanford University. Moreover, facial recognition can be misused for mass surveillance, thus impairing on the right to privacy.
San Francisco is the first city to impose a ban on facial recognition technology, but we may see others following a similar path. And the USA is not the only country where the technology is being looked at with concern. In the UK, a worker who believes his image was captured by the police via street cameras launched a legal action. He argued that his face was scanned in a public space without his consent and without him being suspected of wrongdoing, thus infringing on his right to privacy. The police, however, stated that there was no privacy breach.
How do tech companies position themselves in the debate around facial recognition and human rights? Microsoft has recently reiterated a previous call for regulations to govern the use of the technology. Google committed back in December 2018 not to sell general-purpose facial recognition technology before addressing ‘important technology and policy questions’. Amazon’s shareholders, however, rejected two proposals requiring the company not to sell its facial recognition to governmental entities.
Digital policy developments
With so many developments taking place every week, the policy environment is chock-full of new initiatives, evolving regulatory frameworks, new court cases and judgments, and a rich geo-political environment.
Through the Digital Watch observatory, we decode, contextualise, and analyse these issues, and present them in digestible formats. The monthly barometer tracks and compares them to reveal new focal trends and to determine the presence of new issues in comparison to the previous month. The following is a summarised version; read more about each one by following the blue icons, or by visiting the Updates section on the observatory.
Global IG architecture
The 50th World Telecommunication and Information Society Day emphasised the need to strengthen the participation of developing countries in the standards-making process of the International Telecommunication Union (ITU).
At its 22nd annual session, the United Nations Commission on Science and Technology for Development (UN CSTD) discussed the impact of rapid technological changes on sustainable development.
The UN Conference on Trade and Development (UNCTAD) developed a framework to assess whether a nation’s science, technology, and innovation policies are in line with its development objectives. New Zealand launched an Action Plan to enhance digital inclusion nationally.
France and New Zealand initiated the Christchurch Call to Action to eliminate extremist content online. Canada launched a Digital Charter for promoting trust in the digital world.WhatsApp was exploited to install surveillance malware on smartphones. The Council of the EU adopted a decision allowing the EU to impose sanctions in response to cyber-attacks.
E-commerce and Internet economy
The Advocate General of the Court of Justice of the European Union (CJEU) opined that Airbnb is an information society service.
Uber drivers in several cities around the world protested against the company’s working conditions and pay practices. The US National Labor Relations Board concluded that Uber drivers are independent contractors.
Facebook announced plans to launch a cryptocurrency for digital payments by 2020. Kenya released a Digital Economy Blueprint with proposals to support the country’s economic growth.
The Irish Data Protection Commission launched investigations into ad tech giant Quantcast[link] and Google’s personalised advertsfor breaching the EU GDPR.
One year after the entry into force of the GDPR, EU Justice Commissioner Vera Jourová asked member states to respect ‘the letter and the spirit’ of the regulation.
The US Justice Department indicted WikiLeaks founder Julian Assange on 17 counts of violations of USA’s Espionage Act.
Jurisdiction and legal issues
An Australian worker won a landmark case against his employer after he refused to provide his fingerprints to sign on or off for work.
The US Federal Trade Commission is delaying a decision on a multibillion USD settlement with Facebook over privacy breaches.
ICANN’s decision to continue processing the applications for .amazon attracted criticism from Peru, Colombia, Ecuador, and Bolivia.
Huawei plans to invest $100 million in the development of cloud infrastructure in Chile.
SpaceX launched the first Starlink satellites, as part of its plans to provide affordable broadband across the globe.
In a letter to EU officials, several organisations, companies, and individuals expressed concerns over the impact of deep packet inspection technology used by Internet access providers on net neutrality.
New technologies (IoT, AI, etc.)
San Francisco banned the use of facial-recognition technology by the police and other city departments. A UK worker who believes his image was captured by the police via street cameras launched a legal action against the use of such technology.
The UN Educational, Scientific and Cultural Organization (UNESCO) issued recommendations for combating gender bias in AI applications. The Organisation for Economic Co-operation and Development (OECD) adopted a Recommendation on AI, outlining principles for the responsible development of AI systems we can trust.
The UK government launched a public consultation on proposed security requirements for consumer Internet of Things products.
Chinese institutes and companies launched the Beijing AI Principles to guide the development and use of beneficial AI.
Numerous policy discussions take place in Geneva every month. The following updates cover the main events in May. For event reports, visit the Past Events section on the GIP Digital Watch observatory.
The session discussed the impact of rapid technological change on sustainable development and the role of science, technology, and innovation (STI) in building resilient communities. It further stressed the crucial role played by the sharing of knowledge and education to foster UNCTAD’s mandate and marked the launch of its Technology and Innovation Report 2018: Harnessing Frontier Technologies for Sustainable Development. Read our reports from the sessions.
The 50th version of the World Telecommunication & Information Society Day (WTISD) recognised the efforts of the ITU as a driver of international standards and enabling mechanisms for the sharing of innovation. Discussions focused on the importance of standards through the example of smart cities, digital finances, and financial inclusion as well as through examples of joint World Health Organization (WHO) – ITU standards on safe listening and AI for health (AI4H). Read our report from the event.
72nd World Health Assembly – 20–28 May 2019
During its 72nd Assembly, the WHO adopted the eleventh revision of its International Statistical Classification of Diseases and Related Health Problems (ICD-11), which recognises gaming disorder as a medical condition. The disorder is defined as 'a pattern of gaming behavior (“digital-gaming” or “video-gaming”) characterized by impaired control over gaming, increasing priority given to gaming over other activities to the extent that gaming takes precedence over other interests and daily activities, and continuation or escalation of gaming despite the occurrence of negative consequences.'
AI 4 Good Global Summit – 28–31 May 2019
The summit was held under the theme of ‘Accelerating progress towards the Sustainable Development Goals’ and discussed practical applications of AI. Recognising the efforts of a number of countries that have developed or are developing national AI strategies, discussions focused on aspects of sustainable development and identified existing practices, missing norms and necessary adjustments to harness the potential of AI for sustainable development. Read our reports from designated sessions.
The Huawei controversy: Crossing the rubicon?
The latest US Executive Order, signed by President Trump in May, added new dimensions to the Huawei controversy. Several US-based companies have adhered to the order and announced they would no longer work with Huawei. What does this mean for Huawei, the US tech industry, and the global market?
First strike: Google’s Android OS
Soon after the order was released, Google revoked Huawei’s licence to use their proprietary Android operating system (OS) on its devices. This decision does not affect the Chinese market considerably, as there Huawei relies largely on the open source version of Android. But the impact on other Huawei markets – particularly Europe and the USA – could be significant, as Huawei devices rely on Google’s proprietary OS and customers are already somewhat dependent on Google’s proprietary apps (such as Google Play, Google Maps, Gmail, and Google Docs).
In the short term, users of Huawei devices will still have access to Android services. But in the long term, as the company goes ahead with developing its own OS and products, new users in developing countries, in particular in Asia and Africa, may opt for the more affordable Huawei devices with its new OS.
Second strike: Intel, Qualcomm, and Broadcom’s chip design
After Google, chip print designers Intel, Qualcomm, and Broadcom – on whose servers and switching chips, processors, and modems Huawei is heavily dependent – also joined the ban. While Huawei might not suffer much in the short term due to its stock of chips and processors, the company could struggle over the next few years to develop its own chip design. In the long term, however, this might turn into a win for Huawei: having its own chip design could secure its current global dominance in mobile and telecom markets.
Third strike: ARM chip logic
The most threatening news for Huawei came with the announced ban by ARM, the UK-based company owned by Japan’s SoftBank Corp., which is the unique global designer of logical architecture of almost all the world’s chips. ARM extensively uses intellectual property of US research institutions, to which the ban applies.
HiSilicon, a Huawei subsidiary, has produced ARM-based chips for years. Even if HiSilicon manages to develop its own print design, it might be almost impossible for them – at least over a number of years – to design their own core logics.
What will be the market loss for Google, Intel, Qualcomm, ARM, and others, as a result of cutting ties with Huawei, one of the world’s leading information and communication technology (ICT) vendors? Will users turn to open source, striking back at the (mainly US) software industry? And has the USA crossed the Rubicon of global technology innovations? These are all open questions.
Chip-making progress in the recent decades was possible mainly because of interdependence in research and development: Different entities and researchers around the world focused on particular innovations, and collaborated closely to put them together. With the US decision, companies (and states) will realise that political decisions can significantly influence the tech industry’s supply chain, and they will likely turn to safeguarding their supply chains internally. A technology trade war could push states to invest in their own capacities and replace technological interdependence with technological independence. Such a fragmentation of technology development may slow down the overall global innovation in this field.
Hope remains that the current situation is only a temporary crisis, within the context of the China-US trade negotiations (currently at a stalemate). Regardless, we may soon see both Huawei and China retaliating in different ways, with the battle for global dominance continuing.
AI and robotics: A solution to an ageing world?
The world’s population is ageing. According to the UN, the population aged 60 or over is growing faster than all younger age groups, with a growth rate of about 3% per year, globally. This ageing trend comes with significant challenges for the economy and society. But robotics, automation, and AI may offer some solutions.
Robots: A panacea for old age?
A recent article in The Economist argues that, instead of taking people’s jobs (as many claim), robots will help the world adapt to the challenges of an ageing population.
As birth rates around the world decline, so too does the working age population. This threatens to negatively impact economic growth. If fewer people work, keeping today’s productivity and gross domestic product (GDP) requires a more productive workforce. This is a challenge that robotics and automation could help address. AI-fueled machines will help ageing workers with the labour they can no longer perform well. And, as more people retire, these machines could take over their work, ensuring that productivity rates are not affected.
More robots, therefore, could mean more productivity and better chances for economic growth. A study by McKinsey backs up this claim, estimating that automation could raise productivity growth globally by 0.8%–1.4% annually.[link]
Moreover, with the rise of the ageing population, there will be more demand for targeted services, from medical and care-giving, to housing and transportation. The robotics industry is already working on responding to this demand. While there might not be enough caregivers and service providers to support the ageing population, service robots promise to be a solution.
Currently, service robots range from machines that can perform household tasks, to companion robots such as Zora and Buddy, and robotic nurses which monitor a person's health condition. But the technology is not yet advanced enough to allow the robots to completely act as a human caregiver. For example, they still perform only specific tasks and are not yet able to engage in meaningful conversation. But this may soon change, as more companies and investors are showing interest in this specific area.
The ageing population and AI investments
The Economist also suggests that ageing countries are investing more in robotics and automation. It points out that South Korea, Singapore, Germany, and Japan have the largest number of robots per industrial worker and are also among the countries with the oldest workforce.
Is it because these countries have understood that automation and robotics will keep them productive in years to come, while their workforce is diminishing? Difficult to say, but it is interesting to look at the numbers. PwC estimates that AI advancements will lead to an increase in global GDP by 14% by 2030, with North America and China being the ones with the greatest gains, Europe following closely, and Latin America and Africa likely to benefit less.
Then, the UN population estimates for 2030 point to a significant decrease in the population aged 15–64 in Europe and North America, a rather steady curve for Latin America, and an increase in Africa.[link] So The Economist’s article may have some ring of truth, showing a correlation between demographic trends and investments in robotics and AI.
However, while the correlation is there, it does not necessarily mean that there is a cause-effect relationship as well and that an ageing population is the primary driver for investments in AI. While future studies might shed more light on this, countries will certainly benefit if they pay more attention to how machines can help address the challenges of an ageing population.
GDPR: One year on
In May 2019, the EU GDPR turned one since its coming into effect. Designed to update data protection rules in the EU, the GDPR has been a key buzzword in digital policies since 2018, partly due to its global reach and its implications for states, businesses, and citizens around the world.
Over the past year, we have seen more complaints over privacy breaches and more and legal cases opened by national data protection authorities across the EU. Some of the investigations concluded with fines being imposed on tech companies. Non-EU countries have started looking into adopting similar data protection frameworks, and several companies have expressed their willingness to follow suit, illustrating ongoing trends that may shape the future of data protection worldwide.
Stark increase of complaints and data protection cases across the EU
One of the main objectives of the GDPR is to strengthen EU data protection rules and give more teeth to national authorities responsible for enforcing them. First reports from authorities around Europe indicate the success of the new policy in this regard.
Indeed, the introduction of this legislation has led to a sharp increase in the number of complaints and investigations related to data protection violations in all EU member states. More than 280 000 cases have been received by EU data protection authorities, while around 144 000 individual complaints were registered. This increase in complaints and cases investigated by national authorities is also mirrored by the overall augmentation of their resources and staff.
Modest financial fines issued, so far
Despite an acceleration of investigations into data protection violations, the number and size of financial fines have remained quite modest until now. Under GDPR rules, penalties can be significant and amount to up to 4% of a company’s global annual turnover. After one year, GDPR enforcement actions have generated around €56 million in penalties in total, but one single fine (levied against Google by the French Commission national de l’informatique et des libertés (CNIL)) accounts for nearly 90% of this amount.
This rather low level of penalties is partly due to the relative tolerance of national authorities towards the private sector in this first year, as companies were expected to take time to adjust their data protection practices to the new framework. But the transition period is over. For example, the head of the French data protection authority said that sanctions will be imposed without hesitation from now on.
GDPR investigations: 2018 - 2019
GDPR’s looming impact on large tech companies
Internet giants have come into the spotlight recently in the wake of a number of data protection scandals. Facebook, Google, Apple, Microsoft, and Twitter, among others, are now under investigation for potential GDPR violations, and may face substantial fines in the coming months and years. Already in January 2019, Google received from the CNIL the highest fine so far (€50 million) for GDPR violations. Though the company appealed, Google was sanctioned for breaching rules over ad targeting and transparency requirements on its Android mobile operating system.
Meanwhile, the Irish Data Protection Commission (DPC), which has become the lead authority for most of the Internet giants, opened 19 investigations into several of these firms, as most of the major US tech companies are registered for processing personal data in Ireland. The DPC’s investigations have targeted Facebook in particular and its subsidiaries (e.g. WhatsApp and Instagram) for potential privacy violations.
Facebook is now facing 11 investigations in Ireland for issues ranging from large-scale data breaches and legal bases for processing, to transparent presentation to users. The DPC launched its latest investigation in May 2019 against Google. The unique role of the DPC for investigating major US tech companies led the BBC to argue that this authority has become Europe's de facto data watchdog.
Divergence in the implementation across EU member states
Though the GDPR is a regulation directly applicable in all EU member states, some of its provisions required adjustments and transposition measures into national laws. Currently, the level of implementation of GDPR is unequal across the EU, as a number of states such as Portugal, Greece, and Slovenia, have yet to transpose some key provisions into their national legislation.
Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, recently acknowledged the slow pace of GDPR implementation, and urged all member states to respect the ‘spirit of the GDPR’ by the end of the mandate of the current European Commission. Also, not all authorities have been able to keep up with the significant increase in the number of complaints received, signalling insufficient resources available for data protection authorities in certain countries.
GDPR’s spill-over effect across the world
Though still imperfectly implemented at home, the GDPR has already had considerable impact worldwide. In Brazil, China, India, Japan, South Korea, and Thailand, legislators and governments have passed new laws, proposed new regulations, or are considering legislative changes closely aligned with the EU’s GDPR.
In the USA, current debates around the possible introduction of new data protection rules have put a strong spotlight on the new framework created by the GDPR. Though initially fiercely opposed to stricter privacy rules in Europe, several large tech companies are supporting stronger national legislation aligned with the GDPR. Apple CEO Tim Cook, for instance, invited the USA to use it as a model, while Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai have called for comprehensive privacy legislation at the federal level.
GDPR investigations by country