By Tala Issa
As we move towards a more digitalized future, concerns continue to grow about consumer privacy. But, are legal systems adapting to the fast-paced age of emerging tech?
The new challenges and major opportunities posed by technology require some coordination and innovative policies. Regulatory bodies need to keep up with advancements in technology in order to address new frontiers pertaining to regulation.
As emerging technology prevails and continues to modernize, there have been growing concerns around legislation and how fast governments and regulatory bodies are managing to keep up with the advancements in technology. In recent years, we have seen the world prepare itself for 5G technology and smart cities which promises higher speeds and ultra-low latency, artificial intelligence and its promise to improve our lives along with augmented and virtual reality and their ability to give us the ultimate consumer experience.
There are many reasons to why policymakers need to implement regulation, especially when it comes to emerging technology. They must make it their duty to protect individuals, promote competition and internalize externalities.
When creating regulation policies in this context, it is key to remain relevant. Regulations very often need to be revisited and amended or updated. Deloitte Insights’ ‘The Future of Regulation’ highlighted that existing regulatory structures are often too slow at adapting to changing economic and societal circumstances and this is why they are very often risk-averse. Rapid adaptation to technology is a big problem because in the technology industry, changes occur at such a rapid rate.
“If the volume and pace of digital transformation continues to remain the way it is, the existing regulatory approach won’t work. There’s a disconnect between the street, iterative development and ubiquitous connected nature of digital health technologies and the existing regulatory structures and processes,” said Bakul Patel, the US Food and Drug Administration (FDA) Associate Centre Director for Digital Health.
“The current regulatory approach is not well-suited to support the fast pace of developments,” he added.
Apart from emerging tech, we have also seen over the past decade how social networks have consistently modernized and shifted their business models such as through the incorporation of digital advertising tailored to each specific individual. The world has begun to gear itself up to deal with legislation regarding data privacy and over the past year, we have seen the European Union put in place measures to tackle this issue. Tech titans such as Facebook, Twitter, Google and Instagram have changed their business models in order to secure greater revenue through digital advertising but this has brought with it a number of ethical dilemmas such as anti-trust, anti-competitive behavior in the marketplace, and the use of our data when we were not aware of its consequences.
In this era, data is money. In fact, research has found that by 2020, around 1.7MB of data will be created per second for every person on earth and right now, over 2.5 quintillion bytes of data are created on a daily basis, according to the sixth edition of DOMO’s report. The very essence of privacy and how much of it we can still control as mere consumers at the moment, is still in question. Of course, this depends on which country we are living in as some governments lag behind others when it comes to putting in place the right regulations to give the power of individual privacy back to consumers.
The traditional concept of privacy - our right as individuals to have our communications confidential and the right to be left alone - is being challenged constantly with the prevalence of emerging tech as new technology brings with it new risks. In a world where personal data is constantly being collected, used, analyzed, forwarded to third parties, shared, stored and copied in a way that we are unable to control due to the rate and volume at which it is being done, it has become almost impossible for consumers to take back control of their data into their own hands.
Also, the unprecedented volume of ever-increasing connected devices such as our smartphones, watches, drones, connected cars and virtual assistants, among many others, makes matters a whole lot more difficult. This brings to mind the concept of the internet of things (IoT) which essentially connects physical objects to a network, whether electronics, sensors or software, and it enables these objects to not only collect our data, but also exchange it. Also, the market for these devices is expected to expand at a projection of 20.4 billion devices in 2020 from just 8.4 billion in 2017.
This data-intensive world will make it harder to opt out because not only are we as consumers becoming more dependent on emerging tech as a part of our daily lives, but many industries also depend on them right now and will continue to do so. Emerging tech is being deployed in education, healthcare, employment, agriculture, security, and the list goes on. It is still unclear what is going to happen to our personal data in this increasingly connected world.
Around nine in 10 Americans who use the internet have said that they are concerned with regards to the privacy and security of their personal data online and 67 per cent are in favor of strict national regulations on privacy.
There have been a series of incidents that led to this growing concern such as the 2017 Equifax hack and the use of social media data in politics especially. The first large-scale effort the world ever saw in terms of privacy regulation was Europe’s GDPR (general data protection regulation) which came into effect in May 2018. The US has also taken a step in this direction by creating the California Consumer Privacy Act which will come into effect in January 2020. But what about the Middle East and North Africa?
The EU’s GDPR seems to have sparked a global movement which aims to safeguard users’ data and privacy. Many GCC countries have put in place some form of legislation that protects an individual’s personal data and in fact, many of these countries created them before GDPR came into effect. Such as Dubai’s International Financial Center (DIFC), its Data Protection Law came into effect back in 2007. However, it needed to be updated to match newly established international standards in 2018.
However, many companies need to start taking matters into their own hands in order to be able to do business with Europe and to avoid hefty fines. And since Dubai’s laws are not as strict as GDPR, many companies could experience challenges when doing business in Europe.
However, the UAE has been working on a nation-wide cybersecurity strategy and data protection law similar to the EU’s GDPR.
“Large organizations are impacted by the GDPR but we observed, unlike in Europe where privacy has been a topic for a very long time, in the Middle East there is a lower understanding of how privacy impacts organizations,” said Mohammad Al Zarooni, director of Policies and Programs Department at Telecommunications Regulatory Authority (TRA) in the UAE.
It is of the essence to consider that regulation can often halt progress and put pressure on certain industries, causing them to limit their freedom to expand or restrict their growth. Disruptive technological changes very often surpass traditional boundaries set by specific industries. When products and services evolve, they tend to shift from one category to another which could pose a problem when regulation comes into the equation. This has been the case with ride-hailing companies such as Uber when it introduced Uber Eats and suddenly had to fall under health jurisdiction. It has been rumored that the ride-hailing company is thinking of venturing into helicopter service; if this does happen then the company would fall under the jurisdiction of aviation regulators and so on.
It is in situations like these where it can become increasingly difficult for regulators and policymakers to do their job properly. Maintaining consistency and updating rules and regulations constantly are very difficult especially when the lines between customers, facilitators and vendors are blurred. What is more, is that this can make it challenging to assign liability for consumer harm. This is a legal and ethical dilemma for ride-hailing companies which are planning to introduce autonomous vehicles.
It seems as though despite the fact that institutions and governments have taken steps towards combatting this issue, there is still a lot more to be done. This issue is very complex and companies can’t seem to secure or protect our data in an efficient enough manner. All the scandals that have taken place over the course of 2018 alone have left many consumers frustrated especially towards tech giants such as Facebook which have been time and time again exposed for antitrust issues or anticompetitive behavior. This brings to question the amount of ethical dilemmas that have emerged from data privacy and a lack of regulation and compliance.
Data creates privacy-related ethical and legal problems which could pose substantial threats, like in national security for instance. At the Global Symposium for Regulators 2019, the ITU released ‘Fast Forward Digital Connectivity for All’ in which it set out guidelines, outlining the best and most ethical methods of regulation. The document stated that policy should be evidence, outcome, incentive, consultation and collaboration-based as well as adaptive, balanced, trustworthy, holistic and fit for purpose. The guidelines also highlighted the importance of encouraging pro-competition frameworks to allow the digital transformation to flourish along with imposing mechanisms to ensure better decision making and improve market outcomes.
Regulation in the age of technological innovation can be very tricky. As tech evolves, it brings with it new challenges and new advantages. Regulators need to find a way to keep up with the fast-paced changes of the tech ecosystem and perhaps start to rethink their approach towards legislation in a world where business models are constantly changing.