Three core digital governance models are colliding in today’s world. They are deeply rooted in the politics of digital policy making in three parts of the world—China, the European Union, and the United States.
Open the news and you can feel the friction:
- Apple, the company that negated helping the FBI to access a terrorist’s iPhone data in the San Bernardino attack, has localized its Chinese citizens’ data in China, delegating the iCloud to a Chinese supplier.
- The EU fined Facebook $110 mn for merging WhatsApp data with FB’s, violating a restriction the EU had imposed to approve FB’s acquisition of WhatsApp.
- Google, Facebook and Twitter don’t operate in China, and are struggling to find a way in.
- Chinese smartphone and telecom infrastructure maker Huawei has a hard time gaining access to the U.S. market.
Security and data privacy (or data surveillance) concerns dominate those government decisions to block entry, penalize companies, and force data localization. This occurs in a global environment which lacks institutional mechanisms to govern digital disruption, as Peter Cowhey and Jonathan Aronson noted in “Digital DNA,” a book I discussed in another blog.
Under an increasingly authoritarian regime, China’s state apparatus can access personal data held by any company operating in its territory. China engaged with the Internet for commercial reasons, but also practices extensive censorship and citizen surveillance. Its policies protect domestic service providers, creating a “largely Chinese-owned Internet ecosystem,” in the words of Cowhey and Aronson. This ecosystem nurtures powerful domestic Internet companies that are second in size only to the largest U.S. players.
The EU stand on data privacy is rooted in post-Nazi and post-Soviet-era rejection of government surveillance. It is also possible to see in EU’s policies a measure of dissatisfaction with the fact that American companies dominate the data landscape in the EU, in which Google, for example, has a larger market share in web search in Europe (92%) than in the U.S. (64%). The Privacy Shield, the EU-U.S. agreement to protect European citizens’ data as they are transferred to the U.S., is a bridge between the U.S. and European models, but an increasingly precarious one.
The U.S. has a complicated model of digital governance, which favors free-speech and personal data commercialization. Its data privacy regulatory protections are fragmented across regulatory agencies (FTC and FCC), various sector-specific laws (as opposed to EU’s general data privacy law), and legal cases. American citizens are protected from domestic surveillance, but U.S. spy agencies have a free hand to tap into foreigners’ personal data across the globe. The fierce political conflict between the U.S. two major parties, Republicans and Democrats, has precluded so far the emergence of bipartisan data privacy legislation.
In the absence of global norms, companies must adapt to different regional governance regimes. This creates enormous reputational and transaction costs challenges for global players as they navigate different or even opposing governance schemes. The world is crying for global digital norms that regulate market access and digital behavior, but supply is likely to remain scarce for the time being.