Europe’s missed opportunity: How the Internet’s global regulator is failing … the Internet!

​Last week was a busy one for Europe. A preliminary question over the global reach of “right to be forgotten” reached the European Court of Justice, the European Parliament voted on the highly contested Copyright Directive and a new regulation to curb online terrorism was hinted. (More on these regulations in a while).
 
Such an activity should not be a surprise to anyone. For quite some time now (but mainly over the past couple of years), state actors have engaged in a regulatory race over the Internet. Concentrated at national regulation, this race is important because whoever comes on top will get to determine much of the way the Internet will evolve.
 
Europe is leading the regulatory race. This is not surprising, given the historical broad consensus that sees Europe as a regulatory “great power”.  A combination of a significant market size, a sophisticated regulatory capability and a culture of rigorous regulations - all these make Europe a leader in regulation. Europe has the reputation of a ‘normative hegemon’ or even an ‘empire’ that is in the position to coercively promote its own regulatory culture in areas as diverse as the environment, competition, consumer protection, etc.
 
The Internet is its next frontier. Over the past few months, Europe has been preoccupied with either adopting or working on legislation that would end up affecting the global Internet (and users around the world).
 
The start was with the General Data Protection Regulations (GDRP). Seeking to address the real issue of privacy, Europe promulgated the GDPR as a statute that would protect the data of European citizens held anywhere in the world. The impact of the GDPR was asteroid-equivalent. Companies, NGOs and any entity holding any personal data of European citizens have rushed to comply. A growing number of countries[1] have been reshaping their laws to reflect the language of the GDRP.
 
Moreover, a preliminary question before the European Court of Justice is asking whether Google must enforce the “right to be forgotten” – which necessitates that search engines delete results based on European law – at a global scale, i.e. deleting results from its global index. But “can Europe export privacy rules world-wide” is the question that will determine much of the conversation in the future and depending on how the court rules.
 
And, then there is the Copyright Directive. Like everywhere else, Europe has been struggling to figure out how to update its copyright regime in light of the Internet. And, this time around there was no exemption. A highly contentious article 13 see platforms directly accountable for content they host (apart from some minor exemptions). The Directive is not explicit as to how platforms will go about doing that but there is general consensus that in order to comply they will need to implement “upload filters” – detection tools that will crawl all over the Internet ‘judging’ the content we upload. And, this rule will not remain shy of any global implications. According to Wired, “although the rules would only apply inside the EU, it's possible that companies would apply filters globally, just as some companies are complying with EU privacy regulations even outside of Europe.”
 
Similar effects will ensue from the Commission’s proposal “to get terrorist content off the web”. During his State of the Union address, President of the European Commission, Jean-Claude Juncker, stated: “[…] the Commission is today proposing new rules to get terrorist content off the web within one hour—the critical window in which the greatest damage is done.” Given the state of the debate currently across the world over the content hosted in platforms, it should be anticipated that, platforms will implement this rule globally, only if for the costs associated with not doing this.  
 
In all this regulatory action, Europe has the unique opportunity to be seen as the beacon of promise to address some of the real issues that permeate the Internet. Fake news, extremist content, manipulation of democratic processes and, massive user-data breaches are only but a few of the current problems the Internet faces. Europe could have set a positive tone, one that could demonstrate its wish to protect the Internet. But, it didn’t.
 
The thing is this. When people say that the Internet is a complex ecosystem, they do not exaggerate. Its complexity mainly derives from the diverse number of participants and the relationships they need to have in order to make sure the networks they join the Internet interoperate. Unlike other technologies, the Internet comes with certain characteristics as part of its design. These characteristics are unique in that they “have enabled the Internet to serve as a platform for seemingly limitless innovation, outline not only its technology, but also its shape in terms of global impact and social structures”.
 
Europe did not deal with this complexity nor were the Internet’s characteristics part of its regulatory thinking. Why else, when parts of the copyright directive were debated, would it turn its back on the advice of 70+ creators and innovators, including the father of the Web, Sir Tim Berners-Lee and Wikipedia’s Founder, Jimmy Wales? Why would Europe be instructing companies to deploy technology -- “automated detection tools” –tools that will directly impact the openness of the Internet?
 
So, we need to take a step back and recalibrate. Collaboration is key as is the realization that, if regulation is to be effective, it needs to be technology-neutral, and technology-informed so it does not operate to the detriment of the Internet.
 
My current boss, Andrew Sullivan, summarized all this pretty accurately when he wrote: “Things have changed. Every technology can be used for negative ends. The Internet still, plainly, brings gains in efficiency, convenience, and communications. Yet in the recent past, some of the negative uses have become apparent, which leads some people to ask whether the Internet is just too dangerous. This environment has produced a golden opportunity for those who always preferred a sanitized, tightly-controlled utility to the generative, empowering Internet. These forces claim that only national governments, treaties, laws, regulations, and monopolies can protect us from the problems we face. They do not want the extraordinary collaboration of the Internet. They think there is some mere political choice to be made between the Internet we have known on the one hand, and a tidy, regulated network on the other. If these forces are successful, we will all lose.”
 
 
[1] To date, the European Commission has recognized Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and the USA (limited to the Privacy Shield framework) as providing adequate protection, while Japan and South Korea are in discussions with the EU. European Commission, ‘Adequacy of the Protection of Personal Data in Non-EU Countries. How the EU Determines if a Non-EU Country has an Adequate Level of Data Protection’, https://goo.gl/8a4Sds