Can the EU Keep Pace With Tomorrow's Digitized Society?

By Andrew Kessler, tech entrepreneur and cryptographic expert

The strength of GDPR enforcement came as a surprise to North America. This was only the beginning of EU data enforcement with more to come following the announcement of these new regulations. We all expect digital service providers to be held liable for data in their custody, especially when acting as data intermediaries with a strong emphasis on oversight and enforcement. Here, the practical value of the Digital Services Act (DSA) and the Digital Markets Act (DMA) regulations will depend in large part on watchdog agencies and the strength and severity of penalties. 

Compliance and regulation are the only verticals where Europe carries an advantage to take on America and China in the fight for digital dominance. I predict a “surprise” in the legislature regarding controls on the aggregation of data and rules to defend “privacy poisoning” of data sets. This will be problematic for Machine Learning (ML) based processes but would be the most meaningful move of the new DSA/DMA proposal when defending the man in the street.

Impending Enforcement of New Rules

“Illegal content” monitoring is a double-edged sword. European guidelines are always well-formed and well thought out, but enforcement requires content moderation. Platforms like Twitter run into trouble when tasked with content moderation. Nation-states seeking to suppress the voice of truth can dig for dirt on political commentators while hiding behind “content moderation” to circumvent encryption. While desirable, what really matters is how content is moderated and what that means as a loophole that oppressive regimes use to violate our right to privacy.

Transparency on algorithm function and design is a good idea but will likely not be practical. Consider the Bitcoin mining algorithm that makes the trading, supply and spending of BTC tokens safe. How many of us believe what we are told about this algorithm and who understands it? Sector-specific digital service providers and their specific toolchains should meet minimum code review for compliance against standards, like FIPS 140-3 for medical apps, and this review should be a service offered by app stores to allow competition for small business while maintaining standards and compliance.

Political markets globally suffer the highest failure rates of all markets because of the high cost borne by citizens to self educate, the feeling that “one vote doesn’t matter” and the lack of responsibility by political parties to deliver on campaign promises. As a result, there is a very strong case to be made to remove any, if not all, political ads from digital environments to preserve the ideals of democracy. Ultimately, I hope for stronger ad control mechanism in DSA/DMA with a specific focus on political ads. 

Reining in Big Tech companies turns out to be relatively straight forward. Initially, they respond by finding loopholes in the wording of legislation and shuffling operations and resources around to come back full circle to where they started. But the regulator responds through amendments, and when the true cost of non-compliance exceeds the cost of compliance they fall in line. What these rules will produce is accountability, liability, and visibility but rules alone don’t achieve compliance - enforcement does. However, the EU is proactive and ready for the challenge.

Ironically, while DSA/DMA hopes to foster digital competition, historically, strongly regulated environments breed monopolies. Add to this, that data regulation increases risk to small enterprises more than incumbents. DSA/DMA reduces enterprise ability to monetise data to generate ad revenue and it will most likely have unintended consequences to SMEs.

In Adversity Comes Opportunity, Particularly for SME’s 

While strongly felt in the short term, the EU may not go far enough when one considers that it took twenty years to revisit and amend previous legislation. In the next 20 years, ML and artificial intelligence (AI) data set sizes will all increase exponentially, and if the legislature is absent to defend the man in the street, it will not be governments creating Orwellian Dystopia, but corporations and digital ecosystems. Small enterprises tend to adapt faster than incumbents.

Forward-thinking SMEs should embrace this move, remain agile and change track quickly to start playing a new digital game with their customers, one that the incumbents can’t respond quickly enough to. For example, SMEs that use AI to rate hiring, and talent placement agencies that place job seekers better and comply with privacy better will emerge. Such SMEs would not only comply with DSA/DMA but capitalize on it while serving job seekers. DSA/DMA probably won’t assist SMEs in fair competition but in adversity comes opportunity, to which SMEs through agility and speed normally profit from better.

The Real Future for Data Enforcement

Antitrust is an interesting question. Why do we not file antitrust suits against monopolistic national post offices? Is cryptocurrency not an antitrust measure against national monopolistic currencies? The point to consider here is that certain systems within a digital environment must form natural monopolies as they do at national levels where currencies and post offices are exempt from antitrust. Google is a good example of where traditional antitrust law does not help the digital market behave more fairly to smaller players. Isn’t Gmail just digital post? Should Gmail, therefore, not be exempt from antitrust the way the post offices are but subject to quality control and good practice legislation? Antitrust in the digital space, CCPA, HIPPA, PECR, DCA, Section 230, “Good Samaritan Act”, SEC regulations, NIST standards, and more various national digital acts, standards, and guidelines don’t mix well and will spill over into many messy discussions such as the threat by some nations to impose a digital tax on its citizens.

The solution is the rapid formation of digital maritime law to defend data in international waters while finding on-ramp and off-ramp algorithms for data across national boundaries. The future of data is a dynamic data format that is aware of its local environment and a body of international law aimed at framing basic opt-in data rights under a large body of private law supported by national law. Enforcement needs to move from the human level to the server and ultimately data itself. By the sheer rate of data growth and its volume, practical data regulation enforcement is the digital challenge of our generation in defense of what makes us human in the face of machine judges. 

When you get denied a loan based on an algorithm sampling your social media data, that will be the day such regulation is held in praise, and Europe will have been where it all began.

About the author

Andrew Kessler is an award winning serial entrepreneur with an extensive background in chemistry and biochemistry research. Since 2010, he has founded a number of tech startups related to the areas of biometric scanning and establishing human identity. Winner of the IDC Inventors Garage for best mobile app development, Andrew was one of the top 20 entrepreneurs in global start-up search SEED STARS. A renowned expert in the field of cryptography, Andrew was a keynote speaker at the South African National Defense Force on cryptographic practices such as the KLJN key exchange protocol - an alternative to quantum key exchange. He graduated with a BSc Hons in Biochemistry from the University of Cape Town, before spending over seven years in postgraduate research in biochemistry and organic chemistry.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.