The internet was designed to be free, open and innovative. To achieve these objectives, all of which were conducive to spurring economic growth, most laissez-faire economies adopted a light regulatory touch for the internet. So what is tech regulation in business and why is it important?
Regulatory guidelines such as net neutrality, which have now become legally enforceable in some countries, allowed internet companies to grow without worrying about paying for the true cost of internet bandwidth. Telecom operators had to bear this cost and were not allowed to pass it on to internet companies.
Many laws that apply in the physical world were not re-written for the online world. Nor were they enforced in the online world, so stealing a Beatles record from a music store was always illegal, but copying it via BitTorrent was seen as acceptable, publishing a physical book was a breach of the author’s copyright, but Google’s Book project, which copied tens of thousands of the world’s books without the authors’ permission, was seen by many as a social good. Traditional publishers must follow libel laws which aim to ensure they do not print lies, but online platforms are allowed to get away with publishing fake news, children are protected from adult content screened by traditional TV broadcasters, but are free to access unsavoury content online. And the list goes on.
Moreover, many online business models are based on the premise that the internet is a free source of information. This meant that most internet companies had to adopt an advertising business model to survive. Two of the world’s largest companies, Facebook and Google, generate over 90% of their revenues from internet advertising.
Now, with a catalogue of misbehaviour by internet companies, both regulators and consumers are beginning to have doubts about the way the internet is governed.
Regulators are having second thoughts about the light regulatory touch they championed two decades ago.
Consumers are having second thoughts about the “free” internet services they enjoy as they come to grips with the true cost of handing over their personal data.
The international legal system, based on separate national sovereignties, is struggling with its task of providing a framework for internet governance, given the cross-border flows of online services. Yet a raft of online abuses culminating with the Facebook/Cambridge Analytica scandal is likely to force authorities to act unilaterally to regulate companies in certain areas:
- Data privacy: aimed at internet advertisers who sell our personal digital information for a profit.
- Data protection: aimed at companies with poor data controls who run the risk of losing personal data through negligence.
- Anti-trust: aimed at internet ecosystems that behave in an anti-competitive manner, but for whom current anti-trust laws do not work.
- Tax avoidance: aimed at tech companies who aggressively avoid local taxes by moving profits to low-tax jurisdictions.
- Legal status as a content platform: aimed at online publishers who claim to be “content neutral platforms” and therefore have no responsibility for monitoring the content published by their users.
- Net neutrality: aimed at heavy users of internet bandwidth who have hitherto been shielded from paying the full costs for the internet bandwidth they consume.
- Anti-social behaviour: aimed at online platforms who wilfully break the law and violate society’s ethical norms by assisting terrorists, promoting pornography and selling banned goods.
- Obstruction of justice: aimed at tech titans who refuse to help law enforcement agents investigating a crime by concealing evidence behind encrypted walled gardens under the guise of protecting their customers’ privacy.
- Copyright: aimed at online web crawlers who profit from other people’s copyrighted content.
Why does tech regulation matter to business?
Growing public concern over widespread abuse taking place on internet platforms, from revenge porn to fake news, political interference, obstruction of justice and promotion of terrorism, is encouraging politicians and regulators to police the internet better.
Across the world, many people are now beginning to think of big tech firms as BAADD (big, anti-competitive, addictive and destructive to democracy).
Brussels is likely to lead the charge for great regulation, warning that scandals such as the Facebook data leak brought to light by investigations into Cambridge Analytica threaten to “subvert our democratic systems”.
Governments around the world are, in one form or another, laying down ultimatums for the larger internet ecosystems: adopt a stronger “duty of care” or face tighter state controls.
3 Things That Will Change the World Today
Regulators are likely to impose significantly greater regulatory costs on some of the big internet ecosystems such as Amazon, Google, Facebook and Twitter.
What are the big themes around tech regulation?
Data privacy and data protection
Digital advertisers collect internet users’ personal data in order to help their customers target ads more effectively. Many users want their data to remain private.
Regulators are concerned that many internet companies who profit from selling their customers’ personal data are breaching existing data privacy laws as well as trampling on society’s accepted ethical norms.
The recent scandal involving Facebook and Cambridge Analytica is a case in point.
An academic created a Facebook app luring 270,000 people into answering personal questions they believed were to be used for an academic purpose. These people had 50 million Facebook friends who unwittingly gave up their data too. Cambridge Analytica allegedly used all this personal data for political campaigns.
The surprising element was just how easy Facebook made it for third party app developers to access its users’ personal data. Facebook conducts limited vetting of third party app developers and typically has no idea what the data is used for.
In 2011, the Federal Trade Commission reached a settlement with Facebook under which it warned the company that it would impose substantial fines on the company if it continued to mislead its users about how their personal information was shared. This is all the more important because the US does not have comprehensive laws governing data privacy.
The realisation that the last decade of their lives is being brutally monetised on someone else’s servers will alert citizens to the risks of handing over their data to internet companies in return for free ad-supported internet services.
Regulators are also concerned that companies who hold private data, even if they are not profiting from that data, are not taking sufficient action to protect this data from hackers.
Data privacy laws are stricter in the EU than they are in the US. In 2016, the EU-US Privacy Shield, a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States, replaced its predecessor deal known as the “Safe Harbor” agreement.
It was negotiated in the aftermath of the Edward Snowden revelations in 2014 about mass US surveillance. Under Privacy Shield, US companies are able to “self-certify” that they follow the EU’s privacy principles. It is a stronger agreement than the Safe Harbor agreement it replaced. Under it, the privacy rights of EU citizens are protected even under US law.
EU data protection laws are getting much tougher. The General Data Protection Regulation (GDPR) is a European law which came into force on 25 May 2018 for all companies operating in the European Union. It gives citizens enhanced powers to see and control their personal data, with fines for non-compliance of up to €20m or 4% of global turnover, whichever is greater.
The EU’s GDPR is a key plank of the EU’s Digital Single Market (DSM). It mandates that any organization wishing to conduct business in Europe must follow certain rules around the storage and processing of data. The key principles are: they must obtain an individual’s “consent” for any data processing; they must honour the user’s “right to be forgotten”; and they must make data portability easy.
Compliance with GDPR is likely to be challenging for most businesses. In the firing line will be digital advertising leaders like Google and Facebook who hold large amounts of user data. European courts are also introducing a new precedent: privacy class actions.
Data privacy regulation such as GDPR could lead to the likes of Facebook, Amazon and Google being inundated with thousands of incoming subject access requests (SARs), written requests from individuals to see a copy of the information a company holds about them.
Regulators are concerned that the world’s largest internet ecosystems, Amazon, Facebook, Apple, Google, Alibaba, Tencent and Microsoft, are behaving in an anti-competitive and monopolistic manner. Yet the current rules governing anti-competitive behaviour do not always allow them to act.
The first problem is the way significant market power and anti-competitive practices are defined under existing competition laws. Amazon, for example, accounts for 44% of the US e-commerce market and 4% of all retail sales (online and offline) in the US, according to eMarketer. By hollowing out high streets, through cheaper out-of-town warehouses, and undercutting traditional retailers, through aggressive tax avoidance, it is not breaking traditional anti-trust laws. Yet, many policymakers, most notably, President Trump, believe that there is not a level playing field between Amazon and traditional retailers. We predict that the definition of significant market power will change in some jurisdictions around the world as it becomes crystal clear that the largest internet ecosystems are monopolies in all but name. Specifically, regulators in some jurisdictions will define the e-commerce market as separate from the broader retail market. This will open up the way for anti-trust suits against Amazon.
The second problem is that it is difficult to argue the case for intervention by anti-competition authorities when many internet services are provided free of charge to consumers. Google, Facebook and Twitter do not sell services to consumers, because the consumer is the product. There is no framework in anti-trust law to address the situation where a consumer exchanges their personal data in return for an internet service such as an internet search engine or a social network. Yet there is a case for stating that internet companies like Google and Facebook are abusing their market power even in circumstances where the customer receives a free service.
In June 2017, the European Commission fined Google €2.42bn for lack of search neutrality, Google was found to have breached anti-competition rules by promoting its own comparison shopping service, Google Shopping, over other similar services, abusing its power as a dominant online search engine.
Similarly, Facebook makes it difficult to transfer a user’s personal data to rival social networks, raising the question: who owns the personal data on Facebook, the user or Facebook?
GDPR makes it clear that the user owns the data. When this law came into force in May 2018, Facebook was exposed to anti-trust cases against it if it does not allow its users to easily transfer their data to rival sites.
Anti-trust regulators are in a quagmire because they cannot punish companies simply for being dominant or successful. They can only punish them for acting in an anti-competitive manner. In some countries, anti-competition authorities take account of what this means for consumer choice.
Yet anti-trust authorities are not blind to the fact that consumers, despite receiving a free service from many internet companies, do not have full transparency over the contracts they sign up to online when they agree to use these services.
Regulators are concerned that tech companies are aggressively avoiding tax by moving digital assets, like websites, and intellectual property, like software, to low tax jurisdictions.
Over the last decade, average reported effective tax rates have fallen 13% for the largest technology companies, whilst they have remained broadly flat in the health, consumer staples and materials sectors, according to a research study by the Financial Times conducted in March 2018.
Now, the political will to ensure that internet companies pay their fair share of taxes is strong.
Examples abound of successful internet companies paying miniscule overseas tax bills in their most profitable overseas markets. In the UK, for example, Apple, eBay, Netflix and Uber generate significant local revenues, yet book negligible local profits as justification for paying disproportionally low corporate taxes.
To put things in perspective, eBay paid £1.6m of UK corporation tax in 2016 on £200m of revenues, as stated in its British filings. Yet, its US filings declared UK revenues of $1.3bn of revenues.
Similarly, Google recorded £1bn of revenues in Britain in 2016 but paid just £25m in corporate taxes.
Chasing taxable profits in the internet sector has become elusive, even for the smartest tax officials. As a result, many governments are now considering taxing revenues, which are harder to manipulate than profits. Revenue taxes would be devastating for high growth technology companies like Amazon who are more concerned with gaining market share than generating short term profits.
Under pressure from European governments, some internet giants are re-visiting their revenue booking practices. In December 2017, Facebook announced plans to change the way it sells advertising. Until recently, the majority of sales made in the UK were booked in Ireland, where corporate tax rates are up to 50% lower. Consequently, advertising revenue generated by its UK teams will be recorded by its UK division rather than being booked in Dublin.
Legal status of content aggregators
Regulators are concerned that online content aggregators – like Facebook, Google, Twitter, Baidu, Tencent and Weibo – have the potential to undermine many of the values that society holds dear if they are not regulated as media companies.
Their refusal to police their own sites and clamp down on cyberbullying, grooming of children and other crimes and social ills is encouraging regulators to consider taking action.
The emergence of “fake news” stories has already had profound consequences for democracies that respect free speech. Many commentators believe that the Brexit vote in the UK and the November 2016 US presidential elections were influenced by false stories deliberately circulated on social media outlets by foreign actors. Over the next 12 months, intelligence agencies are likely to respond to the brainwashing of their citizens by foreign powers by asking for greater powers to censor social media platforms.
Fake news is the inevitable result of the continued shift in mass news consumption from established newspapers with journalistic reputations to protect, such as The New York Times, to user-generated blog posts on Facebook and other social media sites that refuse, on principle, to conduct fact checks.
In addition, “bot factories” where web robots can be programmed to “like” false news items in a bid to rapidly give the impression that a certain item of fake news is popular when in fact no human has read it.
Advances in areas such as machine learning have also led to the development of sophisticated tools that enable the manipulation of video and audio. This has been dubbed “the future of fake news”, as it allows users to manufacture footage, such as a politician endorsing a controversial position, that is indistinguishable from the real thing.
Thus, a combination of big data, botnets (networks of web robots) and AI technologies allow the leading social networks to target particular users with a level of precision unknown in the history of advertising, giving them the power to shape and manipulate society, without any form of accountability or responsibility.
When these social networks are used by malicious actors for unsavoury purposes there is a strong case for regulation to ensure better monitoring and reporting of suspicious behaviour.
Many of Facebook’s 2 billion users get their news and entertainment from Facebook. Yet no one at Facebook dares call it a media company because that has legal implications. Media companies are responsible for what they publish or broadcast and can be sued. That implies they have a duty to investigate reports of fake news on the platform.
Facebook and, to a lesser extent Google and Twitter, will be under rising pressure to “fix” themselves in the wake of the alleged use of their platforms by Russian actors to sow political confusion during elections in the US and Europe, and by terrorists, paedophiles and other criminal groups.
The lack of accountability amongst internet companies for fake news on their platforms will likely lead to more punitive fines by the authorities, increasing the commercial case for spending large sums of money to fix the problem and clean up the content on their networks.
Indeed, fixing the fake news problem will become a test case for AI: whoever does it with the minimum number of support staff will be able to showcase their AI prowess. Facebook, for example, is now employing over 20,000 fact checkers from reputed news organisations, despite significant cost implications. Google, by contrast, has a track record of addressing such threats using AI with ruthless efficiency.
Governments are seriously considering whether ad-supported internet platforms like Google or Facebook should be regulated in the same way as traditional media companies like The Washington Post or ITV.
Online publishers like Facebook argue vehemently that they should not be held accountable for the content on their platforms because they are “content aggregation platforms” rather than “publishers”. The content, they argue, is all user-generated.
Yet this position is disingenuous. The key attribute of a publisher is that it selects and edits content before it is published. Although Facebook, for example, claims to be a “neutral technology platform”, it is, in fact, the opposite: its algorithms target content to specific users based on their past preferences.
By targeting users only with news and information that they are likely to agree with, social networks are creating more polarised societies. Barack Obama recently stated that, without access to a wide range of responsible, balanced sources, people can become “cocooned in information that reinforces their current biases”. This is dangerous for society and regulators are likely to act to curb it.
Regulators in the US, Europe and elsewhere are concerned that net neutrality rules have created a disincentive for telecom operators to build the high-speed broadband networks their economies need in order to compete in the digital world.
Net neutrality rules forbid internet service providers (ISPs) from discriminating against any type of internet content, no matter how much they clog up telecom networks. This has created a market distortion because it means that ISPs are not allowed to charge internet companies like Google or Netflix commercial rates for the heavy bandwidth usage they benefit from, lest they discriminate against them.
Like most forms of regulation, net neutrality is a market distortion. Initially, when the internet was born, it was justified by a “higher purpose” to encourage an open and free internet and spur innovation in a fledgeling internet sector. But like all market distortions, it resulted in an unintended consequence: telecom operators refused to invest in high-speed broadband networks at the rate politicians expected because their returns on investment were artificially capped by net neutrality rules. Telecom operators ended up subsidising some of the most profitable and fastest growing companies in the world in the name of an open and free internet.
In 2015, under the Obama administration, America’s telecom regulator, the FCC, passed net neutrality laws which required internet service providers to provide equal treatment to all internet traffic.
In December 2017, under the Trump administration, the new FCC Chairman, Ajit Pai, who had argued against net neutrality back in 2015, scrapped US net neutrality rules on the grounds they were a market distortion. This was a controversial decision and many parties are currently lobbying the FCC to reverse Ajit Pai’s decision on the grounds that a free, open and innovative internet can only exist alongside net neutrality.
Many internet evangelists predict that without net neutrality, America would create a two-speed internet, which would thus no longer be open, free and innovative.
But, if implemented sensibly, a world without net neutrality may not be so bad, so long as the new rules for charging heavy bandwidth users take account of ability to pay.
Just as high-income earners pay a higher proportion of their earnings in income tax in many countries, so ISPs could be allowed to charge higher bandwidth fees only to larger internet companies, say those with revenues over $1bn, while smaller companies and start-ups would continue to pay almost nothing.
A revenue threshold below which no internet company would need to pay for fast lane access would achieve both the objectives the regulator is seeking, namely:
- Encouraging investment in broadband infrastructure by allowing ISPs to charge commercial rates (to those who can afford it) for use of their pipes; and
- Encouraging an open, free and innovative internet by protecting start-ups and smaller companies (with revenues below the threshold) from having to pay any more to ISPs for internet bandwidth usage.
Promoting anti-social and criminal behaviour
Regulators are concerned that the fabric of society is being torn apart by abusive, often criminal behaviour online.
Many laws that apply in the physical world tend not to be enforced so heavily on the internet, such as child grooming, pornography, providing safe harbour to terrorists, incitement to hatred or the sale of counterfeit goods.
Similarly, many of society’s ethical norms tend to be disregarded on some internet platforms, such as cyberbullying, online abuse or even death threats.
Many Western military commanders, for example, have complained that US social media platforms such as WhatsApp act as “command and control centres” for terrorist organisations. Facebook and Twitter are charged with not doing enough to help intelligence services deal with terrorists. Western governments have typically balanced the need for free speech with national security requirements. If the incidence of terrorist attacks rises, we may see a period of over-regulation of social networks.
When on online social networks, people can behave in ways that would not be tolerated in normal life. In the absence of rules on how to behave online, something social networks are unlikely to implement voluntarily, society’s values will fall apart.
In the wake of alleged interference by Russia in the democratic elections in the US and Europe, intelligence agencies will likely respond to the brainwashing of their citizens by foreign powers by asking for greater powers to censor social media platforms.
Obstruction of justice
Regulators are concerned that technology companies are obstructing justice by making it difficult for crime investigators to access critical evidence held on technology platforms under the guise of data privacy.
In the 2015 San Bernardino terrorist attack which killed 14 people and seriously injured 22, the FBI ordered Apple to assist its agents in their investigation of the murders. Apple refused to grant the FBI access to an Apple iPhone 5C recovered from the crime scene, despite the fact the phone was owned by the California government – the attacker, Syed Rizwan Farook, was issued the phone by his employer, the San Bernardino County. The FBI eventually hacked into the phone, but notably without Apple’s help.
For this reason, China has forced Apple to move all its iCloud data centres for its Chinese customers to mainland China where they will be run by a local Chinese firm. This way, should the Chinese government require any data stored in Apple’s iCloud, it would not need to comply with US laws to access them.
Law enforcement officials are likely to clamp down on technology companies who withhold evidence from officials in this way.
Regulators, especially in Europe, are concerned that copyright is being infringed on a daily basis by internet giants who profit from traditional publishers’ content.
When it comes to copyright protection, traditional media companies offer content creators more protection in most countries than internet companies. For example, the US Digital Millennium Copyright Act introduced a safe harbour concept which shielded intermediary platforms such as YouTube or Facebook from legal liabilities when users upload copyrighted content illegally to their sites. Whilst the Act encouraged innovation on the internet, it eroded the force of copyright law, lowering the market price of content. The result has been a perceived abuse of copyright by internet companies.
The EU is proposing a copyright law to force internet platforms such as Google and Facebook to agree on commercial terms with news publishers if they show snippets of their journalism on their sites. Under the proposed rules, news publishers would enjoy the same rights enjoyed by record or film companies and could demand a fee from internet platforms that display their content in search results. Supporters of the scheme argue it would help news publishers recapture more of the value of their content as it moves online. Critics argue that it will backfire, with companies such as Twitter and Facebook simply blocking access to content if a news publisher demands a fee. News publishers’ websites would gather much less traffic as a result.
In practice, such schemes have failed. In Spain, where the fees were mandatory, Google eventually shuttered its Spanish Google News service.
The international legal system, based on separate national sovereignties, is struggling with its task of providing a framework for internet governance, given the cross-border flows of online services. Individual countries are likely to set their own rules. The EU’s GDPR is a case in point.
The Splinternet refers to the fragmentation of the internet due to censorship, geopolitics, nationalism, cybercrime and privacy issues.
Across the world, nation-states, from Turkey to Russia and Iran, are increasing their censorship of the internet with sudden shutdowns of certain websites.
China has never endorsed an open, global internet, hence the Great Firewall of China. Under a newly empowered Xi Jinping, China will increase its policing of the internet and take very strong action to try to eliminate the use of VPNs, particularly among foreigners in China.
Daesh and other terrorist organisations will turn increasingly to fake news, and soon to AI, and the type of psychographic profiling used by the Trump campaign to package big data into rich and compelling narratives that will amass far greater subversive power, political influence and reach.
More politicians will blame social media for the growth of a more polarised society. Barack Obama recently told Prince Harry in his first interview since leaving office that, “One of the dangers on the internet is that people can have entirely different realities. They can be cocooned in information that reinforces their current biases. All of us in leadership need to find ways in which we can recreate a common space on the internet.”
This article was produced in association with GlobalData Thematic research. More details here about how to access in-depth reports and detailed thematic scorecard rankings.