The digital revolution is bringing many policy areas together; we need a more unified response.
The digital revolution has brought about the convergence of different policy areas. The arrival of companies where large volumes of data is integral to their services and business models is bringing several areas together. At the same time, the policy response is getting fragmented.
To give some examples where issues are becoming more connected and/or occurring simultaneously:
Competition policy and data protection: It is generally considered that an element of what gives large tech companies their power is unique access to data, which is a barrier to entry for those wanting to compete with them. Parts of the General Data Protection Regulation (GDPR), such as the ability to take data between providers, are motivated by the principle of data control, but also by competition considerations.
Intellectual property (IP), innovation policy and data protection: The transparency of algorithms which process information on us is to some extent included in GDPR, however many of these algorithms are also trade secrets and the data that feeds them may be covered by data protection law. Meanwhile, one of the drivers of the current excitement about AI and machine learning is that a lot of IP on this is freely available as open source software on sites like GitHub.
Discrimination legislation and data protection: Companies are increasingly offering different services and/or prices based on data on personal characteristics. This can sometimes raise the question of whether this activity is in breach of discrimination legislation, as shown in the recent debates around the Apple Card credit ratings.
National security, advertising standards and data protection: Facebook data collected by third parties has been used to target voters with political advertising, with a lack of transparency on who was purchasing the adverts. It is widely considered that Russia was involved in supporting part of this, and in the spread of disinformation on social media, however the official report on the impact of this has yet to be released.
And this list is certainly not exhaustive.
The UK has at least a department focused on Digital, the Department for Digital, Culture, Media and Sport (DCMS), and a Government Digital Service. However beyond this, the tendency of digital to get everywhere and increasingly raise multiple, interconnected, issues means that we have many regulators and a proliferation of digital initiatives that, while all addressing legitimate concerns, at least publicly, do not appear that connected.
For example, the UK has the Information Commissioner’s Office (ICO), the Competition Markets Authority (CMA), the Intellectual Property Office (IPO), the Advertising Standards Agency, the communications regulator Ofcom and the National Cyber Security Centre (NCSC). There are also new initiatives like the Office for Artificial Intelligence and the Centre for Data Ethics and Innovation. The Furman review into competition in digital markets proposed that government should set up a pro-competition digital markets unit to stimulate competition, innovation and beneficial outcomes for consumers. The Government in its white paper on online harm has itself proposed another independent regulator.
The civil servants involved are doubtless very aware of the challenges of coordinating these different bodies and initiatives. However, in practical terms, the current structure of multiple entities does not obviously lend itself to an integrated position. Anyone who has worked in the public sector knows the rueful laugh that goes round the room when there is talk of ‘joined-up’ government.
The fragmentation of the policy response is not just problematic for reasons of Whitehall efficiency, but for other reasons too:
The interdisciplinary nature of the issues: The policy issues raised are inherently interdisciplinary and require specialists to work together from a variety of different areas: technological, legal, economic and more. Some of the overlapping policy areas are also quite different. Crudely simplifying, data protection is often form-based, i.e. there are legal restrictions over what can and cannot be done with personal data. By contrast competition policy is more effects-based; companies are prohibited from doing certain things if these activities are found to have negative effects or considered likely to lead to bad outcomes.[1] There are also proposals that greater weight should be put on other policy areas in the digital economy, such as consumer law.
The highly connected character of certain technological topics: The interdisciplinary nature of these topics aside, debates in the digital economy often end up using different language to talk about the same, or very closely related, technical phenomena. For example, the implementation and success of machine learning algorithms is very dependent on the data used to train them.[2] A lot of what is called ‘AI’ is what others mean when they talk about data science. Yet, it is quite possible to attend public discussions on ‘AI’ or ‘data science’ or ‘data’ without these links being clearly made. Centralising these domains more within government should help reduce the unproductive confusion that can occur from tackling related issues separately. It should also make it easier to deal with the skills shortages that exist in this area.
The limitations of existing regulatory structures: Centralisation of approach is also important, as regulators, for good democratic reasons, operate within very proscribed remits. It is therefore hard to capture the bigger picture within existing regulatory frameworks. This does not necessarily imply a single super regulator for the UK.[3] These issues are not always combined – there are many issues that are purely data protection, purely competition policy, purely IP and so on. However we should have a body that deals with the integration of these issues in the digital realm and which unifies the existing objectives and initiatives in this space. What the boundaries should be between this body, and between the Digital Department and existing regulators, is not a straightforward issue, but a more integrated discussion should hopefully lead to better outcomes.
The risks of a one-size-fits-all approach: In general, it is larger tech companies that are more likely to raise certain kinds of issue. Unless this is recognised, the same approach can be applied to entities that are very different. You can see this with the GDPR that, while having much to recommend it, in parts looks like legislation that is designed for companies running sophisticated data operations. A business model that, at least for now, is the exception rather than the rule. However GDPR has then also been applied to many organisations whose data operations are probably not much more sophisticated than some spreadsheets and email address books, if that.
The need for a concerted response: Highly resourced tech companies, which effectively have monopoly positions in certain areas, may use a fragmented policy response as an opportunity to play different parts of this off against each other. Some are likely to become more influential still as their cloud computing operations increasingly provide the digital infrastructure companies use and they attempt to leverage their existing strengths into other areas.[4] Facebook’s attempt to launch its own currency, Libra, being a recent prominent example. Other countries are already adopting a more connected response, for example Denmark has appointed its own ambassador to deal with the large tech companies.
Some may misinterpret this article as calling for an ideological campaign against the large tech companies, it is not. In a lot of public debate there is insufficient recognition of existing regulatory frameworks and insufficient focus on what the exact issues are and what we should want policy to achieve. At the same time, the past five years have felt like a transition period where policy has been slowly, but not completely, catching up with technological change and what these companies are doing. The world has changed and our policy response needs to change too.
Acknowledgements: Thanks go to Tom Symons for his helpful comments.
[1] This is not always true, for example price fixing arrangements are strictly forbidden in UK competition law. It does not matter what the intent behind such activities is or what their effects are.
[2] See for example: Sculley at al. (2015) ‘Hidden technical debt in machine learning systems’, Google.
[3] For further discussion on the role of regulation in the face of technology change see Armstrong, H., Gorst, C. and Rae, J. ‘ Renewing regulation ‘Anticipatory regulation’ in an age of disruption’, Nesta.
[4] Coyle, D. and Nguyen, D. ' Cloud Computing and National Accounting' (ESCoE DP 2018-19). Amazon’s cloud computing business is more profitable than its online retail business.