Though this year’s World Economic Forum at the resort of Davos was missing some of the global economic leaders (most notably the United States, which opted to not even send a delegation), an assortment of countries put a major emphasis on data governance and tech regulation.
The need for increased tech regulation was a running theme among speakers at the summit. Leaders from China, Japan, Germany and South Africa made statements in support of greater government oversight in their own countries as well as international cooperation on data governance and collection standards.
Prime Minister Shinzo Abe of Japan issued the strongest call for tech regulation, establishing data governance as a central theme of the upcoming Group of 20 (G20) summit being held in Osaka in June.
Vice President Wang Qishan of China also cited the need for improved international standards of data oversight, but tempered his remarks by adding that the international community should respect the “independent choices” of sovereign nations in their internal handling of digital data and intellectual property.
Chancellor Angela Merkel of Germany called for a “common digital market” to be established in the European Union (EU) as well as the establishment of international oversight models that are transparent and effective.
President Cyril Ramaphosa of South Africa committed to putting tech regulation on the schedule of topics to be addressed when the African Union meets in Ethiopia next month. The president stated his support for an “overarching body” of cybersecurity standards.
What the future holds
It’s important to note that none of the speakers at Davos directly addressed any sort of joint efforts. The Japanese leader’s remarks were the most substantial, however, putting talks on the agenda for the G20 meeting in the summer. Abe proposed expanding World Trade Organization (WTO) rules to cover trade conducted by means of digital data.
Three primary approaches will have to be reconciled for any sort of international architecture that is effective in protecting end users to take shape. Europe has implemented the strongest fully active regulations in the world in the form of the General Data Protection Regulation (GDPR). China’s insistence on government autonomy in tech regulation is likely tied to their broad surveillance of their citizens, some of which takes place with the direct cooperation of tech companies that are based there. Washington DC has been largely hands-off in terms of tech regulation to date, at least at the federal level; while discussions of that nature have begun, Silicon Valley is actively seeking to have strong influence in shaping any laws that are passed.
As chair of the upcoming G20 meeting, Japan is looking to take point on the development of international data handling agreements. Prime Minister Abe referred to this as the “Osaka track” in his speech. He advocated working within the framework of the WTO, calling the plan “Data Free Flow With Trust.”
No specifics were proposed in the speech at Davos, but Abe stressed that his proposal for free flows of data across borders applied only to non-personal data necessary for economic activity and growth. Issues of user data privacy will apparently not be broached until the summer.
Tech industry pushback
The tech industry would obviously prefer as little regulation as possible. However, the hacks and data breaches have simply become too large and too frequent to ignore. They present a serious threat to public safety, and tech companies seem to recognize that increased data governance and tech regulation is inevitable. Some also seek to rebuild trust in the wake of high-profile data breaches.
Big tech companies in Silicon Valley have signaled willingness to go along with tech regulation; however, they also want an outsized role in shaping it. In China, Alibaba co-founder Jack Ma made some vague statements about the unpredictability of future tech developments and how companies might be constrained by regulation. Fairly stock resistance that one would expect from such a company, but notable in that it is in opposition to Beijing’s positions on data collection.
The direction of international tech regulation and data governance will very likely be shaped by any national laws that might be in place by the time the G20 meeting rolls around. Europe already has comprehensive legislation in place, but things are still taking shape in other parts of the world.
A number of proposals are on the table in the United States. The National Telecommunications and Information Administration is currently taking public comments on a set of proposed outcomes that could eventually be used to form a federal data governance law. Some members of Congress have already either introduced their own bills or have announced that they are in development, however. Ron Wyden, Democrat Senator from Oregon, has introduced the Consumer Data Protection Act of 2018 which provides for fines for first-time offenders and potential incarceration for senior tech company executives. A competing bill from a fellow Democrat, the Data Care Act of 2018, has been introduced by Brian Schatz of Hawaii and sponsored by 14 fellow members of Congress. This bill does not include sentences for executives, but does also grant the FTC expanded ability to fine offenders. Yet another unnamed bill, a bipartisan collaboration between Senators Jerry Moran (R-Kansas) and Richard Blumenthal (D-Connecticut), is currently in development and is expected to be introduced sometime in early 2019.
Meanwhile, China has been working on their own version of the GDPR. Called the Cyber Security Law, it has been gradually going into effect in segments since mid-2017. The full measures covering data governance and transfer are expected to become active sometime in 2019. Among other things, the law states that companies are prohibited from collecting any information not relevant to the service being offered. Companies must also fully disclose what data is collected and how it is used, and must encrypt certain stored data that is classified as “important.” Affected parties must also be notified in the event of a data breach.
The future of tech regulation and data governance
There are clearly major obstacles to international data governance standards, but 2019 is likely to at least be a year of significant progress within the world’s major economic powers. The first major fines and enforcement actions are bringing clarity to the structure of the GDPR, China’s policies look to be cemented, and the United States will at least have some vigorous debate over the creation of federal standards.
Even though details are still scanty at this point, the Osaka G20 may well be the first significant step in the establishment of a transparent and rules based international order for protecting personal data.