Big tech versus regulation - the start of an interesting decade

An almighty battle is brewing over control and sovereignty of citizens' data

As we head towards 2021, governments around the world are grappling with how to manage what will be a digital decade.

If nothing else has come out of Covid-19's collection of Track and Trace apps around the world, people now have a bigger understanding of how their data can be collected and used via technology in the service of business and government.

At the same time, governments have recognised how control over data has become more important - both for their own operations around citizen data, and for businesses to use around their activities too. This all relies on consent from citizens, which will not be forthcoming if they do not trust in how their data will be used. However, there is also a new element - governments are looking at increasing the levels of sovereignty and control over how citizen data is handled by businesses.

Over the last decade, regulators became more sophisticated around data and built a clearer understanding of the revenue streams across technology. Both Europe and the UK are now pushing forward with legislation to move a clear step further in this direction.

Where have we come from?

Historically the UK and Europe, like the US, have managed all consumer content compliance via a "take-down" regime. In Europe this developed from the hosts or platforms being deemed to be a "mere conduit", rather than being editors with responsibility for third party content on their site. The US took a similar position with the DMCA, or Digital Millennium Copyright Act.

At the time when these laws were first created 20 years ago, I worked for an ISP - Freeserve - and was very involved in the lobbying process behind their creation, along with lawyers at organisations like the new online book seller, Amazon. Oh, how the world has changed since then. Whilst this approach was appropriate to the scale of digital content getting created two decades ago, the scale of social media, user generated content and the platform economy means that new legislation in both Europe and the UK is long overdue.

Both Europe and the US currently work on the basis that the platforms are not responsible for the user generated content they facilitate sharing, but that they should manage taking things down once required. They also have moderator teams in place to rule on content uploaded and reported. This will continue to be the case for online news sites, but there will be new responsibilities and requirement for platforms to police content that users upload. This is not just related to social media either - other formats including apps, marketplaces, and in games will also be covered.

Where are we headed?

The European Union published its Digital Services Act and the UK published its plans for online safety, through its "online harms" proposals, on the same day. In the UK, platforms that fail to "remove and limit the spread of illegal content" such as child pornography will be fined up to 10 per cent of global turnover or £18 million, whichever is greater. This therefore has significant teeth from the get-go, unlike many past regulations which have only evolved such teeth and impact over a number of years. Ofcom will also have the power to block non-compliant services from the UK and to impose criminal sanctions directly upon managers for repeat offences should fines not be effective as a deterrent.

Last week, the UK created its new Digital Markets Unit, a tech regulator to regulate the Big Tech Companies' activities in the UK. Sitting within the CMA (Competition and Markets Authority), it will enforce the UK's competition regime.

Alongside the EU's Digital Services Act, the Digital Markets Act was also published. In the DMA, any failure to comply with this may be met with fines of up to six times global revenue or turnover.

The DMA looks at what it means to be a market dominant player and allows for fines of up to 10 per cent of global turnover, in line with other Competition penalties. There is also a "three strikes and you're out" provision for repeat offenders that may also be forced to structurally separate parts of the business and be subjected to other remedies proportionate to the infringement. This might give the Commissions' Competition Authority the power to break up Big Tech, alongside the US antitrust approach.

The EU will look at ways to establish which companies in a market effectively hold the role of "gatekeeper" and set the rules of the market. The reason for this is that the EU does not want a handful of companies - mainly US-based - to dictate Europe's digital future. Not only will there be potential power to require divestures where appropriate, but also a move to require gatekeepers to ensure third party software interoperability.

EU President Ursula von der Leyen reached out to the Biden administration only two weeks ago offering a "once in a generation" opportunity to collaborate. The timing of these publications is a clear indictator that whilst Europe is keen to collaborate but also show its willingness to take a stand.

We can expect to see more collaboration and ‘co-opetition' across the next decade and more open collaboration in response to these actions in both the UK and Europe, like the Gaia-X project. Our governments are more engaged with tech than ever before, both in their role as regulators of business and as providers of public sector infrastructure and services and their attempt to bring order to the perceived chaos is no surprise.

Next up

Europe have been extremely clear with their direction and the impact of Covid, partly as a result of the experience with track, test and trace in accelerating their plans. A 25-point list from the European Parliament's EPRS briefing paper in July made clear that a European Cloud infrastructure would be first on their list and with GaiaX, which OpenUK is a first Day Member of, we have seen them move this forward.

The Commission's Open Source policy was published in November and is also now in progress with the list of activities on this list, including the set-up of a Commission Open Source Program Office (OSPO). Two members of staff have already been recruited to run this. We can expect to see Open Technology at the heart of Europe's strategy to build transparency and trust.

Back in the UK, the National Data Strategy consultation ended on 9^th December following an extended consultation period. The strategy will apparently be released "in due course" but it can't come too soon. The Minister of State for Digital and Media, John Whittingdale, described it as "central to this government's wider ambition for a thriving, fast-growing digital sector in the UK underpinned by public trust." To achieve trust, the data strategy will need to be a transparent and open one. Offering portability and interoperability will be key.

This must all be proportionate. Taking a hammer to crack a nut will not create a lasting solution. Inevitably, it would create new alternatives to the current dominant players that could then engage in the same kinds of behaviour. Rather, an adjustment to the impact of the platform economy is needed, creating a sense of order. This will likely be achieved via an open and transparent approach, using standards and open source software to build interoperability across platforms.

This must inevitably be accompanied by data portability to allow citizen control. Europe (and the UK) will simply not be able to innovate quickly enough and catch up with the US and Asia, without this open approach.

Amanda Brock is CEO of OpenUK