26 October 2021

The internet police are coming – and Britain isn’t ready


The world is about to experience one of the biggest regulatory revolutions ever. A high and fast-moving wave of new laws to control and shape the digital world is set to break, with the EU’s Digital Markets Act and Digital Services Act alongside new laws on AI and data governance in the EU and the US, and more, all set to change the global rules of the game. Who is ready for this change?

The old internet is disappearing. That was the cowboy version of the internet, the place where there was no law on the new frontier and the fastest guns were the ones who ran the world. That was the internet that Facebook and Google and Amazon grew up in, and it will soon be but a memory.

In its place a new regulated digital world has already begun to take shape. The rollout of the EU’s General Data Protection Regulation or GDPR (and the California Online Privacy Protection Act which does roughly the same job and which is the default setting for corporations across the US) has been the biggest online regulation innovation of the last ten years, but there is much more where that came from.

Several jurisdictions and notably the EU are about to legislate powers and norms that will set iron-clad boundaries to the operations of any company that functions online, which means just about any company. It’s a change of game comparable to trust-busting legislation of the early 20th century when US lawmakers began to break up monopolies and cartels in oil and transport and beyond.

There is a reason this is happening, and it is to do with power. Governments everywhere have woken up to the fact that online is now a global estate. Some of us can remember when being online was a geek thing: in the space of just a couple of decades it has become a universal stage, where ideas and emotions can be channeled, politicised and sometimes turned into weapons. In a world where almost four billion people own a smartphone the unregulated internet compromises the sovereignty of governments, and governments are reacting according to their various natures. For those still outside the authoritarian spheres, that means building a new law-based order.

But there are leaders and laggards in this march of change, and while there are digital regulatory initiatives in just about every country there is no doubt the EU is the leading force when it comes to using law rather than coercion to manage the online world. Following the implementation of GDPR (which is part of UK law as the Data Protection Act) there will follow two new packages of regulation that amount to the most comprehensive attempt yet to order the private online world.

The Digital Services and Digital Markets Acts (the DSA and DMA) will govern just about everything that online companies of any significant size do, and include powers to levy fines and impose restrictions that could take even a Google or a Facebook out of business. There are other EU laws brewing too, including an Artificial Intelligence Regulation that could reach deep into the secret machinery of any company with digital ambitions.

By contrast the US has the look of an economy in catch-up mode. While the EU has no inhibitions about mapping out ambitious principles-based regulations like the DSA and DMA, the US has an aversion to imposing new rules on industries still seen as disrupters and innovators (even though the ‘internet platform’ giants are now actually incumbents and oligopolists). The US approach to digital regulation is to fall back on competition laws more than a century old (the Sherman, Clayton and Federal Trade Commission Acts), and hope for the best.

Then there is the UK. Leaving the EU has left our authorities with a regulatory blank slate to write on but little idea of what to write. In June the Government published its Digital Regulation Plan which is a concoction of generalities and ambitions but short of specific proposals at a time when the EU’s future regulatory programme is already in black and white.

A new UK digital sector regulator (something the US does not have) in the form of a Digital Markets Unit within the Competition and Markets Authority has been outlined, possibly with powers to regulate tech giants with ‘Strategic Market Status’ (which sounds a lot like the ‘Digital Gatekeeper’ concept in the upcoming EU legislation). But although the Unit is supposedly already in existence in what the Government teasingly calls ‘shadow’ form, its powers and funding will not be legislated until 2022 at the earliest. This is partly because it is far from clear how the Unit will interact with overlapping regulators like Ofcom and with already legislated rules like the new National Security and Investment Act. Despite a rash of consultations, plans and strategic statements during the course of this year the impression remains one of over-stretch and unreadiness.

What comes next? If there is a contest between those who would regulate and those who would not, then it does at least look as if governments in the regulatory vanguard have a plan. Whether it’s the right plan is an open question, but plan always beats no plan.

Meanwhile those without a plan will be buffeted by events. And for those digital companies that now wield an influence that is probably unmatched in history, the examples of names like Standard Oil and AT&T – dismantled by force of law – should be a warning. The breaking of the giants could happen again.

Click here to subscribe to our daily briefing – the best pieces from CapX and across the web.

CapX depends on the generosity of its readers. If you value what we do, please consider making a donation.

Richard Walker is a journalist and communications adviser to financial companies.

Columns are the author's own opinion and do not necessarily reflect the views of CapX.