This year's winner of our annual Sir Henry Brooke Student Essay Prize is Isabel Lightbody from the University of Law and Dentons.
Our entrants were asked to answer this question: “At the start of the 2010s, two billion people used the Internet, MySpace rivalled Facebook as the most popular social network, iPads did not exist and few people had swapped their trusty Nokias for iPhones. Peer to peer networking was seen as an existential threat to copyright industries and net neutrality was not yet the law anywhere, while cloud computing was unknown to the general population. The future was unpredictable.” What, where, how, and when will the greatest regulatory challenges for the Internet of 2030 be?’
When the printing press was first introduced in Western Europe in the mid-fifteenth century, it enjoyed almost fifty years without formal regulation.1 Prior to its invention, most books and manuscripts had been copied by hand, resulting in a level of dissemination that did not warrant supervision. The printing press, however, allowed information to be spread at hitherto unforeseen speed and quantity, reaching a far larger audience than ever before. Naturally, the eventual state and church intervention led to backlash and debates regarding the necessary degree of regulation, as famously evidenced by John Milton’s “Areopagitica” in protest of regulated printing in 1644.2 All in all, it took over 200 years for the debate to die down.3
In the years since, this cycle has repeated itself: a new development occurs, able to perform functions at far greater speed than its predecessors and initially given a ‘light touch approach’ so as not to inhibit its initial development. In its early days, the internet was thought of as a “global, borderless playground”4 that, like the American frontier, was “naturally independent of the tyrannies [Governments] seek to impose”.5 In 2020, however, the internet is no longer an unregulated “Wild West”.6 The internet’s widespread usage coupled with concerns about online harms and the dominance of digital players have seen the ‘light touch approach’ give way to increasing regulations. Yet these regulations have not been able to prevent the internet from “slouching into mid-life crisis”:7in a recent survey of 1,500 internet experts,8 the majority believed, for the first time ever, that the ‘positives’ of the internet no longer outweigh the ‘negatives’, with the biggest concerns being “interpersonal ethics, surveillance, terror and crime”,9 a stance that is reflected in the EU Illegal Harms Paper.10
As more and more of our life takes place online, these concerns are only set to increase.11 It is becoming clear that the scale of the problems that need addressing over the next decade is enormous, especially given the UK’s current failure to meet international standards12 in terms of independent, accountable and transparent internet regulation.13 The key challenges for regulating the internet of 2030 include the convergence of traditionally separate sectors online, international cooperation, content regulation, the regulatory lag caused by the internet’s speed of change, privacy concerns and online harms. Addressing these challenges must start today: a slow and methodical approach avoids hasty and poorly thought-out legislation, as witnessed in Germany14 and Australia,15 and ensures that a comprehensive and durable structure is in place for the long-term.
This essay will set out the key challenges facing the internet over the next decade, proposing solutions along the way.
1. Traditional boundaries are blurring
a. The UK
Before the age of the internet, print and broadcast media fit into neat boxes and supervision was easy to allocate. The disruptive force of the digital world has seen the collision of various sectors all within one platform (e.g. YouTube), leading to overlapping laws and regulatory scope and resulting in duplication or even the bystander effect among regulators, as well as bearing witness to the erosion of boundaries between the online and offline world.16 This amalgamation is set to increase as 5G enables greater integration of the internet into people’s lives.17 Yet rather than addressing this, the UK’s 2019 Online Harms White Paper and its accompanying 2020 update (together the White Paper)18 perpetuates a distinction between the offline and online world by proposing rules that would de facto limit free speech to a greater extent online (such as on Twitter) than offline (such as in a newspaper). The imposition of criminal liability for leaving unremoved nebulously defined “harmful” but legal content will cause platforms to err on the side of caution and remove anything politically sensitive. As any remaining distinction between offline and online will be marginal by 2030, the UK must follow UN recommendations and act now to ensure that universal human rights apply equally online and offline.19
However, despite the merging of worlds, the online world needs additional regulatory attention in light of the unique nature of the internet. The need for this is clear from the many court cases concerning, for example, whether emojis can constitute hate speech.20 Not only is new legislation required to clarify the nuances of the internet, but old legislation such as the Malicious Communications Act 1988 and the Communications Act 2003 must be updated. For example, their focus on “sending” but not “posting” harmful communications leaves regulatory gaps that private companies decide how to fill. Amendments are also required in relation to the Competition Act 1998, as the frequently used price-based test to determine abuse of a dominant position is not effective when ‘free’ services are obtained in exchange for data.
Furthermore, given the convergence of previously separate sectors online, an overarching regulatory system enabling the internet to be regulated under sector-specific approaches should be instituted, with one internet regulator overseeing sector-specific regulators. Such an overarching regulator would not just cooperate closely with, for example, the Financial Conduct Authority (FCA) and the Advertising Standards Authority, but would also have agencies such as the Internet Watch Foundation and Counter Terrorism Internet Referral Unit within its purview in order to provide external accountability, especially given their opaque decision making, high error rate and lack of supervision.21 The UK Government has put forward Ofcom, the communications regulator, and ICO, a body for information rights, for this task.22 However, Ofcom’s 1,000 employees pale in comparison to Facebook’s 35,000 content monitors.23 The White Paper therefore leaves the onus to regulate content with platforms, without foreseeing direct appeals to Ofcom. This is problematic: the self-designed systems used by platforms frequently overlook content or mistakenly flag false positives.24 As platforms affect many millions of lives in the UK, any internet regulator should be closely involved with designing such systems or at least closely assessing systems already in place and following this up with randomised checks. The UK might consider adopting something akin to the EU’s proposed Digital Services Act, which grants the EU the power to “look under the hood” of BigTech firms.25 Furthermore, by 2030, AI advances will hopefully have reduced the scale issue and allow more supervision to move from tech firms to the internet regulator. However, as AI will then in a sense be our new judiciary, the criteria it uses should be transparent and free from algorithmic bias, as it should indeed be today. Between now and 2030, the UK’s Select Committee on Artificial Intelligence will hopefully work on legislation to this effect, perhaps emulating the first steps taken by Art. 22 of the GDPR if the UK does not achieve GPDR “equivalence”.26
Furthermore, in order to effectively police the systems used by platforms, the internet regulator needs a ‘strong bite’. The White Paper does grant the regulator the power to issue “substantial fines” but does not specify any numerical values. If the UK copies the €50 million fine set out in the German Netzwerkdurchsetzungsgesetz,27 a similar though somewhat more stringent law, this may prove ineffective in relation to BigTech – in 2019, YouTube earned $15 billion from advertising alone.28 A better approach would be emulating competition law and setting fines of up to 10% of annual global turnover.29 If fines are ineffective, the White Paper does allow the internet regulator to block websites. Whilst this may work for smaller companies it will not work for the platforms hosting them, given the innocent actors dependent upon its framework. It is, therefore, difficult to imagine the UK internet regulator suddenly blocking YouTube or Google. Other intermediary tools, such as suspending advertisements in order to reduce revenue, may therefore be required. Alternatively, the regulator might consider positive enforcement mechanisms such as setting goals for companies and incentivising them with tax cuts.
Lastly, given the structural importance of the tech sector, any ‘blurring’ of boundaries should be avoided within the Government: Digital should be its own department rather than being grouped with Culture, Media and Sport. All ministers within the department should be assigned to various areas of the Digital (AI, privacy, harms etc.), consult with experts, industry groups and regulators, assess developments and anticipate dangers, work with the House of Commons Science and Technology Committee, and (jointly) propose bills to Parliament. Furthermore, ministers should focus on safeguarding net neutrality and equitable access, creating an information ombudsman position and designing a body within the court system to manage appeals against content removal by agencies, platforms or regulators.30
The digitally interdependent nature of the internet and its biggest players means it transcends national boundaries and defies regulatory logic.31 Any nation regulating the internet should therefore go beyond its own borders and engage with other countries, if only to prevent regulatory overlap. The UK already cooperates (among others) in the realm of serious crime, such as under the Cloud Act of 2018,32 which enables British warrants concerning non-US citizens to be enforceable against US platforms, but more should be done.
For example, a similar initiative to the Global Financial Innovation Network33 should be created for the internet, allowing companies to test new supervisory mechanisms across jurisdictions. Sharing knowledge can increases expertise, cut costs, prevent regulatory arbitrage and provide a united political and economic front against powerful tech companies. The latter is vital given the extent to which they enable democracy to be undermined (e.g. Cambridge Analytica in 2016) whilst also displaying nation-like tendencies. In recent years, for example, BigTech has sent representatives to the UN, recruited diplomats, and attended annual security conferences together with leaders of state.34
Global cooperation also allows for the easiest access to top industry leaders and academic experts, as envisioned by the UN’s High-level Panel on Digital Cooperation,35 as well as allowing for legal issues (e.g. in relation to IP and tax) arising due to the cross-border nature of commerce and information to be addressed. Alibaba’s recent proposal for a cross-border, online free trade platform may herald a new era that will see wide-ranging changes to the structure of global commerce by 2030.36 As the WTO has not brokered a cross-border e-commerce agreement in twenty years, it is vital that nations take action individually.37
Despite the internet’s ability to erode national borders, there is a risk that 2030 will see a more fragmented internet due to nations’ differing approaches towards censorship and putting regulation in private companies’ hands.38 Whilst these choices are expressions of national sovereignty, an important principle, increasingly stark fragmentation will leave no one better off. The UK’s goal “to lead the world in regulatory innovation”39 following Brexit is a tremendous one but any isolationist tendencies contained in the White Paper should be balanced by global cooperation in order to regulate effectively.
2. The rate of change will increase
Not only are new rules dealing with the erosion of traditional boundaries required, so too are changes to the underpinning regulatory methodology. The rate of current breakthroughs means that we are on the brink of the next industrial revolution,40 which will evolve at an exponential rather than linear pace.41 Yet our 5 – 20-year policy cycle42 was designed for a different age43 and is not able to promptly deal with digital developments after they occur. It is also difficult to approve products or services prior to their release given the rapid metamorphosis online products or services frequently undergo after their launch. If nothing changes, technology will therefore continue to outpace regulation,44 and accounting for exponential change, this ‘gap’ is set to increase by 2030.
One solution to these issues is the use of guidelines, that is outcome-based regulation rather than traditional rules, allowing quick adaptation to technological or social change. Standards can be reworked for new risks much quicker than regulations and laws, and their use in relation to financial services since 1990 has shown they are effective and, whilst not always popular, are not unduly burdensome.45
Additionally, the large amounts of data generated by online platforms could be provided to the internet regulator on a confidential and secure basis, provided that it has the proper infrastructure in place. Allowing the regulator to assess digital information (using more AI as time progresses) with very little delay will enable quicker response times and reduce the cost of supervision for regulators and compliance for companies. Such a platform for financial services is being piloted in the UK and is showing early signs of success.46
Other similarly innovative schemes are also being used to regulate FinTech and RegTech in the UK.47 Commonly referred to as ‘regulatory sandboxes’, they support innovation by allowing for experimentation in a controlled environment, thus enabling agile technological regulation, as well as for companies to take the first step and start a dialogue with the regulator. Such an approach, which was taken in relation to Skype in its early days,48 can reduce barriers to entry and hopefully allow for innovations that result in lower market prices, better services and competition with larger companies.
Lastly, whilst regulating for an unknown future is challenging as it is impossible to predict, the internet regulator should at least engage in substantiated speculation and explore possibilities such as greater interconnectedness, the merging of markets, smarter AI, automation and machine learning and the commoditisation of privacy. It should aim to increase its expertise by initiating a project similar to the Joint Money Laundering Intelligence Taskforce formed by banks, regulators, and the UK Government.49 Such industry cooperation would ensure access to newly emerging risks ahead of time, allowing for well-thought-out policies. As it is partially the policies themselves that will determine the shape of the future internet, technological literacy and an understanding of technological developments is crucial when regulating.
Adapting our legislative and regulatory framework to the nature of the internet and the upcoming fourth industrial revolution will take time, but there are no shortcuts. The UK’s core democratic values must guide it whilst it debates the various trade-offs between freedom of expression and harms and determines the extent of intervention required for optimum market efficiency and innovation. Whilst the country able to help the internet out of its mid-life crisis will be set to lead the world’s digital revolution, the UK should prioritise international cooperation over winning any kind of digital race.
Humans’ adjustment to the printing press, telephone and industrial manufacturing, all completely novel at the time, show that the challenges are not insurmountable. Even during the first industrial revolution, when large companies with monopoly power took advantage of under-regulation to pollute and pay low wages, various stakeholders came together to create regulations that changed the way companies operate.50 These regulations struck the appropriate balance between intervention and innovation and companies thrived as a result. The same can be achieved in relation to the internet. Whilst there will be inevitable backlash and modern versions of Milton’s “Areopagitica” during the period of adjustment, the greatest regulatory challenges for the internet of 2030 can be overcome.
Isabel Lightbody graduated with a degree in Law with German Law from the University of Birmingham. She is currently completing the LPC at the University of Law whilst also working at Dentons.
References & sources: all links last accessed 30 August 2020.