Expert Speak Digital Frontiers
Published on Sep 28, 2022 Updated 8 Hours ago
Decentralising the internet has always been about letting users have more power. India must align its regulations with global efforts that govern citizen data.
Democratising the Internet: Landscape of digital markets and its impact The internet has, since its inception, acted as a platform meant to ease communication, connectivity, and access. It can be argued that the internet in its origins was more decentralised than its present iteration which was characterised by open protocols, open-source codes, and shared forums. Whereas now, the internet with faster speeds, desirable content-focused websites, and, most prominently, the rise of the mobile internet is licensed by large companies, creating a platform controlled mainly by these conglomerates. New regulations that aim to focus on the democratisation of the internet have been announced worldwide. This marks a shift from the licensed and profit-focused aspects of the internet to allow for a more community-focused space to prosper. Decentralising the internet has always been a matter of letting the people who use the internet have more power than the organisations that offer services to these people. In this article, we discuss the new regulations that have been proposed across the globe that may have an impact not only on their areas of jurisdiction but also across other sites.  This same path was seen with the launch of the General Data Protection Regulation (GDPR), which redefined privacy in the European Union (EU) and in countries where many EU-centred companies also conducted business.

Decentralising the internet has always been a matter of letting the people who use the internet have more power than the organisations that offer services to these people.

American Data Privacy and Protection Act

The first regulation in question is the American Data Privacy and Protection Act (ADPPA). This bill excited many in the technology policy field by making it further than any other privacy bill that preceded it. The ADPPA has, in its preliminary segments, redefined many terms compared to definitions present in preceding bills. Children are categorised as those under the age of 17. Sensitive data has been augmented from the state laws that cover race, ethnicity, genetic data, children’s data, social security numbers, and union memberships to include login credentials for different devices. One of the most important additions to the data privacy sector made by the ADPPA is the ‘Private Right to Action.’ This permits users to file lawsuits against non-complying companies. However, it still protects small businesses to foster ease of doing business if they make less than US$25 million in revenue annually, have fewer than 50,000 individuals’ covered data, and earn less than half their revenue from transferring covered data. Further, the ADPPA also covers the pipeline of data privacy from data capture to algorithmic bias. The bill requires large data holders to conduct impact assessments to gauge the scope for bias in employment, loan applications, etc. While the bill has made many novel introductions and protections, there are some criticisms around the scope of enforcement, protections for whistle-blowers, and increased accountability on users for filing complaints. The bill still acts as a needed foundation to remove concerns around data privacy in cyberspace.

Children are categorised as those under the age of 17. Sensitive data has been augmented from the state laws that cover race, ethnicity, genetic data, children’s data, social security numbers, and union memberships to include login credentials for different devices.

The bill, in its current form, addresses the powers of tech conglomerates in hosting and using data for advertising without user permission and monetising the use of data through third-party sales. Removing this feature in large tech companies is a primary step in addressing the people-focus on a decentralised, democratic internet.

American Innovation and Choice Online Act

The colloquially ‘Tech Anti-Trust Bill’, or American Innovation and Choice Online Act (AICOA), represents a shift from market-oriented principles to consumer protections. This bill restricts the business practices of a segment of United States (US) technology firms but cannot implicate any international organisations. The AICOA:
  • Applies only to companies with revenue exceeding US$ 550 million, along with demarcations for the type of service provided and the number of US-based active users.
  • Restricts covered platforms from prioritising their merchandise over those of competitors.
  • Restricts non-compliance with a hefty fine of 15 percent of annual revenue charged
The AICOA, however, has seen many criticisms from within the country it aims to govern. While favouring artificial competitive practices may benefit smaller local or international businesses, the reduced space for success for US-based firms has warranted many criticisms. One major drawback of this bill is the lack of clarity in powers vested to Anti-trust organisations. The AICOA endows both the Federal Trade Committee (FTC) and the Department of Justice (DoJ) with the ability to classify a business as a “covered platform” without creating explicit boundaries for co-existence. The lack of clarity regarding how the agencies will coordinate creates legal uncertainty for companies. The bill in question has seen more success than any other efforts to address discrepancies in market power. The aforementioned disincentives for the digital sector in the US have led the largest tech firms in the US and their associated trade groups to invest US$ 95 million in lobbying efforts to derail the bill from passing into law.

The legislation primarily aims to govern large technology firms and create a fair market by deprioritising “in-house” products (products local to the site displaying them), allowing equal competition for smaller businesses, and fair decision-making unaffected by user advertising.

Aside from private sector efforts, government officials have also quoted concerns on how such a bill can reduce Big Tech’s moderation efforts. The legislation primarily aims to govern large technology firms and create a fair market by deprioritising “in-house” products (products local to the site displaying them), allowing equal competition for smaller businesses, and fair decision-making unaffected by user advertising. While the bill was introduced as being consumer-friendly, these concerns around reduced moderation, limited private sector support, and confusion regarding implementation have limited the speed with which the passing of this bill was predicted.

Digital Markets Act

The European Union’s Digital Markets Act (DMA) aims to reduce gatekeeping of the benefits of conducting business on online platforms. The Digital Markets Act is accompanied by the  Digital Services Act, its counterpart, which is said to focus on illegal content. The two acts will be   Europe’s answer to complaints concerning market practices. The legislation reinforces user consent for data capture for targeting advertising, enhancing the existing legal base provided by the General Data Protection Regulation (GDPR). The DMA also removes self-prioritising products and enforces non-discriminatory practices for all result displays. The bill further allows users to change preinstalled and default settings, switch between and subscribe to different services, and access and port their data without roadblocks. While the AICOA has been criticised for being very restrictive on businesses, the DMA has been commended despite hosting similar obligations for companies, indicating a need to harmonise these regulations with a global adoption in mind. These, among other obligations set on the ‘gatekeepers’, have been implemented to create equity in cyberspace and a more conducive relationship with US-based tech giants. This equity aims to develop a user-focused and user-preference space rather than one dictated by advertising and increasing profit margins.

The bill further allows users to change preinstalled and default settings, switch between and subscribe to different services, and access and port their data without roadblocks.

Impact on India

India has so far governed cybersecurity issues with a combination of its Information Technology Act, 2000 (IT Act) (with new amendments upcoming) and the Indian Penal Code (IPC). Indian companies are moderated under the Competition Act, 2002. The announcement of the aforementioned regulations indicates a global demand for holding digital platforms and the companies that operate them responsible for their impact on society and the economy. In India alone, this is evidenced by the Competition Commission of India’s (CCI) investigations into the operations of digital platforms such as Google, WhatsApp, Apple, etc. Many companies that partake in business in India also comply with GDPR, as it is currently the highest benchmark of data protection that caters to a large population of consumers and businesses. With the introduction of the above bills, the tech market is facing regulations that will govern local jurisdictions and impact the global market. The bills governing tech giants will help enable equitable platforms for small businesses in their local jurisdictions and across the sites of business activity. India, being one of the largest users of technology platforms, will also align with these regulations. India also withdrew its Personal Data Protection Bill on 3 August 2022. The government intends to introduce four comprehensive laws to cover the digital tech landscape. These will regulate the telecom sector, information and technology, personal data and privacy, and social media accountability. While India does have existing laws to govern competition on digital platforms, cases like that of Google and Microsoft investigated by CCI indicate how the current legislation is not enough to hinder the recreation of market inequality. Thus, India needs to create legislation addressing market inequality that does not favour tech giants. Till these upcoming amendments and bills are passed, Indian companies and companies practising business in India will likely abide by the policies set by the EU and US. A similar outcome was seen when GDPR was implemented. Further, with the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), companies in partnership with the United States under this Act are permitted to share data demarcated as necessary to fight crime and terrorism under current legal authorities. This promise of mutual legal assistance further incentivises Indian companies to align with international regulations when local regulations are missing.

While India does have existing laws to govern competition on digital platforms, cases like that of Google and Microsoft investigated by CCI indicate how the current legislation is not enough to hinder the recreation of market inequality

Though India is relaunching its data governance framework for its Data Protection Bill and Digital India Act in the upcoming months, the need to focus on governing technology firms akin to the DMA and ADPPA is increasingly important. With the internet becoming progressively decentralised, cooperation between businesses and governments to create a protected and conducive online environment for the user is the primary task. Further, to ensure that India stays on the path to achieving ease-of-doing business, the country’s regulations must align with global efforts that govern citizen data and the large companies that host, trade, or use this data.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

Author

Shravishtha Ajaykumar

Shravishtha Ajaykumar

Shravishtha Ajaykumar is Associate Fellow at the Centre for Security, Strategy and Technology. Her fields of research include geospatial technology, data privacy, cybersecurity, and strategic ...

Read More +