Introduction
Many of the dangers we face indeed arise from science and technology – but, more fundamentally, because we have become powerful without becoming commensurately wise. The world-altering powers that technology has delivered into our hands now require a degree of consideration and foresight that has never before been asked of us (Sagan, 1994, pp. 316-317).
We are facing an ever-growing gap between the phenomenal acceleration of technology and of connectivity on the one hand, and the human capacity to manage these trends. The gap is well-documented in the fields of finance, climate change, pandemics, or nuclear risks. But the contrast between the exponential growth of disruptive technology and the lackluster supply of governance mechanisms is starkest in the fields of digital governance and artificial intelligence.
That gap becomes existential when we consider the likely future development of artificial general intelligence (AGI)(Ord, 2020) or superintelligence (Bostrom, 2015) that can be misaligned with human values or even the goal of ensuring the continuity of human existence. This question of the governance of life with AI may be the most essential question of our time (Tegmark, 2017); but you would not know it from the current output of global governance in this field. Summarizing the judgement of many scientists in the field, Ord argues that unaligned AGI is actually the number one global existential risk for humanity, with a 10% chance of human extinction within 100 years. The prophesized existential threats posed by extreme and accelerated technological advancement and expansion have never been as close to reality, as they are now. As noted by Yuval Noah Harari and Daniel Kahneman in a recent conversation, the task of taming and governing the digital/AI revolution is daunting. Humanity may have no slack for a mistake this time around, given the existential consequences of such a mistake.1
Today, we already benefit from tremendous digital or AI innovations in e-commerce, social media and communication, home management, work, healthcare, education, transportation, and entertainment (West & Allen, 2020). We can foresee that AI-driven algorithms may soon be able to correct human judgement flaws (or noise) caused by fatigue, irregularity, emotions, and other weaknesses, afflictions that can generate variation in decisions by up to 50% (Kahneman et al., 2021). Within two decades, we can envisage a world with generalized deep learning and virtual reality, computer vision, contactless love, fully autonomous vehicles in most advanced and emerging economies, autonomous weapons in militaries, and a dream of plenitude (Lee & Chen, 2021).
Yet, today, we witness tremendous havoc created by the explosion of social anger, exacerbated by sophisticated social media algorithms, deep polarization, the return of tribal politics, the loss of agreed truths and the spread of misinformation and dangerous conspiracies, the loss of privacy, the rise of massive and uber-powerful tech companies, and massive job displacement and inequality (Bartlett, 2018). Influence operations by foreign states have also amplified such social anger and polarization in many democracies, adding a degree of external threat and urgency. We also live with a world of security-driven digital decoupling between the United States and China (Ma, 2021). In other words, the digital revolution is moving faster than the human capacity to cope with it, embed it within a public good-oriented framework, and steer its disruptive power toward a non-destructive direction.
The problem is visible at the national level but particularly salient at the global level. Digital/data governance is fragmenting among at least four poles: a U.S. model with maximum innovation and limited regulation, an EU model with a strong regulatory balance, an India model with an emphasis on digital sovereignty and infant industry protection (applicable to other developing countries), and a Chinese model with both rapid innovation, strong state control, and surveillance. Our global governance capacity is affected by multiple splits: a U.S.-EU split over privacy, tax, and anti-monopoly regulations; an India-West split over data ownership and first mover advantage, and, worst of all, a potential digital cold war between the U.S. (and its allies) and China. In response to this dire need for governance, Medhora & Owen, (2020) have proposed a need for a new fundamental effort at coordinated governance – or a ‘digital Bretton Woods’. While fundamental international conditions and global distribution of power today differ drastically from the Bretton Woods era, a high-stake and fragmented digital world is in dire need of such renewed cooperative spirit.
Recognizing the gap in digital governance, we ask the following questions: what is the scale of the gap in governance relative to requirements needed to keep the digital economy afloat? And what could be a pathway forward in the context of the growing securitization and increasing divides?
It is urgent to raise a sense of awareness, mobilize all social and public actors around this urgent dilemma, and catalyze a multi-level effort to address this conundrum. We argue that no global, regional, or national institution alone will be able to deliver the right governance capacity. Instead, we recommend a highly reactive, innovative and competitive model of networked governance that operates at multiple levels with key nodes and catalysts.
Governance innovation must keep pace with technological innovation. Given how far the digital cold war has already proceeded and the currently low capacity to cooperate between the U.S. and China, part of the solution will need to involve clubs and alliances of countries and non-state actors. At the same time, some level of global coordination and basic rules for global coexistence are crucial for success in managing this existential threat. The G20 is one critical venue for such work, even though it has not delivered so far.
I / Key Indicators on the Exponential Rise of the Digital Economy
Over the last few years, and particularly during the COVID-19 pandemic period, the digital economy has experienced an exponential rise and begun to transform human interactions, production and trade (Suominen, 2019). In Table 1, we offer a review of selected indicators on cross-border data flows and digitalization. It is clear that digital trade and cross-border data flows, along with other digital innovations are rising faster than physical trade flows.
Table 1. Summary of Key Indicators on the Explosion of the Digital Economy
2017 | 2018 | 2019 | 2020 | 2021 | |
---|---|---|---|---|---|
Cross-border Data flows, measured by bandwidth (Gbps) | 286,104 | 362,031 | 453,709 | 608,768 | 785,635* |
E-commerce as a % of global GDP | 2.96% | 3.53% | 3.94% | 5.14% | 5.69%* |
Cross-border mobile payments (USD, billion) | 379.6 | 529.25 | 627.8 | 766.6 | - |
AI economy size (USD, billions) | - | - | 27.23 | 35.92 | 47.47* |
Self-driving cars growth trend | Expected to grow from USD 23.33 billion in 2020 to reach 64.88 billion by 2026, at 22.7% annual CAGR growth during forecast period of 2021-2026. | ||||
Facial recognition growth trend | Expected to grow from USD 4.29 billion in 2020 to reach USD 13.87 billion in 2028, at 15.7% CAGR growth during forecast period 2021-2028. | ||||
*Numbers with an asterisk are projected data. |
Data on cross-border data flows retrieved from TeleGeography; Data on e-commerce as a % of global GDP derived from global e-commerce value and global GDP; global e-commerce value data retrieved from Insider Intelligence; global GDP data retrieved from World Bank; Data on cross-border mobile payments retrieved from GSMA; Data on AI economy size retrieved from Fortune Business Insights; Data on self-driving cars growth trend retrieved from Facts and Factors Research; Data on facial recognition growth trend retrieved from Emergen Research.
Table 1 shows that key components of the digital economy, including e-commerce, AI economy, and cross-border mobile payments, have experienced steady growth since 2017, and are projected to continue growing. 2020 saw the sharpest growth in several components, likely due to mobility constraints and increased reliance on digital tools associated with the COVID-19 pandemic. While current data illustrates useful trends, it is important to note that the volume of digital trade – a key component of data on the digital economy – is very hard to measure. 2 This is in part due to the lack of a shared definition of what constitutes digital trade, highlighting a need for technocratic standardization as a basis for high-level digital governance.
II / Why Addressing the Digital Governance Gap Matters
We offer here a typology of risks involved in the digital governance gap:
Under-Institutionalized Markets (North, 1990; Williamson, 1985): all markets require basic rules and governance to ensure trust, accountability, resilience, and to prevent abuse by potential oligopolistic players. Global markets require global institutions. Digital governance is a new domain, where innovators and disruptors have been able to run ahead of rule-making. We are emerging from more than two decades of an under-institutionalized digital economy, in which many large imbalances and market deficiencies are appearing in every society around the world.
Unprecedented Power of Digital Companies: the current moment may be the first time in human history that a private company such as Facebook (Meta) has the ability on its own to screen messages of leaders and politicians from every country in the world, except China, North Korea, Cuba, and maybe Iran. And this global function is only peripheral to Facebook’s core business, with just hundreds of assigned staff. In other words, Facebook, along with Twitter and a couple more giant for-profit digital companies, have acquired in less than fifteen years the power to control information, emotions, narratives, and political/social mobilization in the majority of countries of the world, including the United States. And they are generating disproportionate profits from this dominant position.
All this is taking place in a near complete vacuum of digital governance. Most countries outside the US and China have limited power to regulate and control these US-based and China-based global digital companies. The US government retains residual power to do so, but has been unable to act due to constitutional constraints and great polarization in Congress. China (behind its Internet fire-wall) has already started wrestling with this power and cracking down on its own giants. India has started to pass restricting measures on the power and freedom of social-media companies on its territory. The EU is taking its own regulatory path through the GDPR and its successor currently under negotiations, as well as tough competition rules, within the constraints of its relative weak position in the space (no EU-based digital giants). But the governance gap remains enormous in the US and many other countries, as well as at the global level.
Risk of Explosive Social Disruptions and Inequality: the scale of disruption induced by digital and AI innovation under current IP protection and lack of redistribution accrues immense winner-take-all benefits to first movers. We are witnessing at the same time a historic concentration of capital and wealth and growing numbers of displaced or laid-off workers in declining industries. We can soon expect to have digital entrepreneurs with a net worth of $1 Trillion (from a quarter of a trillion so far with Elon Musk and Jeff Bezos), alongside massive job displacement. Such fast-paced social dislocation and inequality could prove politically explosive and very hard to manage (Lee, 2018). No social system is ready - and the global governance is not ready either. The viability of modern states is also at stake, as their revenue base keeps eroding. In the late 19th century, when the oil and railroad revolutions generated similar concentration of wealth, it took all the power and energy of a Teddy Roosevelt to tame these forces. We don’t have such capacity today.
Global Systemic Risks: the global digital economy is extraordinarily interconnected and fast-paced. It encompasses data flows, e-commerce, mobile payments, digital currency (with increasing future prevalence), AI algorithms, fully automated cars and weapons. Is the current system resilient against contagion effects or collapse? What is the safety net in case of a crisis?
Loss of Privacy and Potential Loss of Human Freedom: the rise of the surveillance state is an extreme reality in China, including in repression operations. But it is also a reality all over the world. Companies like Google and Facebook not only have more data about each individual than they can imagine, but also the capacity to couple this data with future AI algorithms for all kinds of usage. For the first time in human history, most humans have handed over fundamentally private information to either giant private actors, states, or both. Even worse, regulatory breaches (cf Cambridge Analytica) give political or criminal actors access to important and strategic data, with which they can manipulate human psychology.
Democratic Existential Crisis: the explosion and equalization of information, and the intensification of complexity have eroded any sense of agreed truth and reality within most nations. Social media has unexpectedly accelerated polarization, amplified echo chambers, and closed loops among like-minded individuals, greatly contributing to extreme polarization in many societies across the planet. Absurd conspiracies can spread virally and inspire violent actions by large spontaneous groups, as shown by the January 6 insurrection in the United States (with a large number of people mobilized by QAnon beliefs).
At a deeper level, new understandings about the concept of extended mind in psychology show that humans are increasingly delegating part of their thinking processes to smart phones and their algorithm-driven suggestions devised to serve profit-seeking companies (cf work by Peter Reiner).3 Human behavior may be profoundly changing in ways never seen before, which our democratic institutions are not ready for. Facebook’s move to a metaverse world that can attract humans to spend time and to be transformed in a totally unregulated environment has the potential to further increase this risk.
External cyber-threats to democracy: The current digitalized world is also increasingly used as tool to undermine democracy from the outside. Russia’s interference in the 2016 American presidential election through social campaigns highlights the extent to which an unregulated digital sphere could undermine democratic institutions. China’s propaganda efforts on platforms such as Twitter and YouTube during the 2020 Taiwanese presidential election are yet another example that an unregulated cyberspace could warrant injudicious digital campaigns. More recently, the sale of Israeli spyware Pegasus to various governments – who in turn used it for malicious efforts against other states, and individuals like journalists, reporters, and human rights activists.
Rise of cybercrimes, cyberpiracy, and cyberattacks (Deibert, 2013, 2020; Sanger, 2018). The open structure of the Internet has left great space for hackers organized gangs. Worse, the existence of an illegal black market incentivizes smart young digital talents in many places around the world to look for zero-day loopholes in operating systems and sell those to highest bidders, including national security agencies of many countries (Perlroth, 2020). This quickly escalates into a growing cyberspying competition and even cyberwar (Segal, 2016).
Fragmentation of the Internet and of the Digital Economy into Rival Spheres (splinternet), and Weaponization of Interdependence (Drezner et al., 2021; Farrell & Newman, 2019; Ma, 2021; Suominen, 2019). The raising of stakes in the digital economy, the sudden acceleration of the digital transformation in China, the intensification of security competition, and the high prevalence of dual use technologies in the digital/AI space have led to an increasing potential for a digital Cold War, as well as other fractures among various regional poles.
As Ma writes: “all in all, U.S.-China tech decoupling is real and accelerating. Hence, the digital economy is in a vital conflict and crisis: the global tech world, together with at least part of the world economy, is now fractured into two-and potential more (…) spheres of influence, whereas tech entrepreneurs are driving the prospect of a technological singularity, hyper-connected society, and internet of everything” (Ma 2021: 42).
This decoupling is extremely risky, because it is abrupt, driven by fears, and not negotiated. It leads to highly explosive tit-for-tat measures that are hard to contain. This process massively interferes with the human effort to generate a global governance framework.
III/ Measuring the Digital Global Governance Gap
In Table 2 (and in greater detail, Annex 1), we offer a summary of existing digital governance at the global, regional, club, or national levels. Overall, we evaluate that the governance of basic internet functions remains surprisingly resilient (8/10), but other dimensions of digital and AI governance are extremely weak (2/10 in most cases).
One powerful indicator that highlights the gap between the risks outlined above and the current state of global governance is found in the latest G20 Leaders Declaration in Rome (October 31, 2021). The focus remains on sharing the gains of digital innovation for green economy, education, and economic growth. However, the digital economy gets only brief mentions toward the latter part of the declaration with generic and toothless statements such as the following:
“In cooperation with social partners, we will adopt human-centered policy approaches to promote social dialogue and to ensure greater social justice; safe and healthy working conditions; and decent work for all, including within global supply chains. To reduce inequalities, eradicate poverty, support worker transitions and reintegration in labour markets and promote inclusive and sustainable growth, we will strengthen our social protection systems” (Paragraph 35).
“We recognize the role of technology and innovation as key enablers for the global recovery and sustainable development. (…) With this in mind, we will work to strengthen bilateral and multilateral cooperation to secure our ICT, address shared vulnerabilities and threats, and combat cybercrime.” (Paragraph 46).
“Well aware of the benefits stemming from the responsible use and development of trustworthy human-centered Artificial Intelligence (AI), we will advance the implementation of the G20 AI Principles.” (Paragraph 47).
“We will also continue to further common understanding and to work towards identifying commonalities, complementarities and elements of convergence between existing regulatory approaches and instruments enabling data to flow with trust, in order to foster future interoperability. Recognizing the responsibility of digital service providers, we will work in 2022 towards enhancing confidence in the digital environment by improving internet safety and countering online abuse, hate speech, online violence and terrorism while protecting human rights and fundamental freedoms.” (Paragraph 48).
This summary of current global digital governance reveals the extent of the gap with what is at stake!
Table 2. Evaluation of what we have and of the gap to a functional global system, under conditions of securitization and great power rivalry
Global rules 2015 | Global rules today, differential | Regional and mega-regional governance | Private governance | Aggregate index of governance capacity (1-10) | |
---|---|---|---|---|---|
Internet governance | Well-established, comprehensive rules since late 80s and early 90s | No real difference from 2015, governing bodies less connected to US government | Absent | Governing bodies are mostly private entities (e.g. ICANN) | 8 Relatively well-developed |
Data governance | Limited and non-binding guidelines and frameworks, mostly focusing on privacy and personal data protection | Notable increase in regional and national binding rules targeting privacy and personal data protection since 2015 Globally fragmented approach to cross-border data transfer with some national legislations focusing on data localization | Regional regulation or shared standards focusing on privacy and personal information protection developed by EU, ASEAN, ECOWAS, OIE EU GDPR provides robust blueprint for numerous domestic legislation | Private data governance focuses on organizational data security, has no global rulemaking power or initiative. | 6 Limited success with regards to privacy and personal information protection |
Digital trade | Often appears as a part of bilateral/multilateral FTAs A mixture of a few binding and non-binding initiatives targeting e-commerce No global digital trade framework and rules; no clear and commonly accepted definition of digital trade | Increasing number of regional digital trade agreements (e.g. DEPA, SADEA) No progress on global digital trade framework and rules or clear and commonly accepted definition of digital trade | Regional digital trade governance increasingly popular in absence of global digital trade framework | Absent | 5 Fragmented; some efforts at regional governance |
Cyber security | Some regional conventions or shared frameworks Wassenaar Arrangement is most relevant piece of governance | Several OECD recommendations No major difference in binding rules or governance | Regional organizations active in promoting shared principles: NATO, CARICOM, South African Development Community, League of Arab States, ECOWAS | Many private initiatives emerging since 2015 (e.g. Siemens Charter of Trust, Microsoft Cybersecurity tech accord, Kaspersky, Global transparency initiative) | 3 Outdated and/or non-binding |
Rules against misinformation, violence, etc. | Absent | Some laws and taskforces at national level | Absent | Absent | 2 Largely absent |
Mobile payments | National regulations focusing on ensuring competition and interoperability No global regulatory framework | No difference from 2015, despite significant growth in mobile payment volume | Absent | Absent | 3 Fragmented |
AI | Absent | Increasing number of shared rules and principles, no binding rules or governance | EU harmonized rules on AI in process of development | Absent | 2 Largely absent |
Taxation | Absent | No global digital service tax; several individual countries have adopted digital service tax Global minimum 15% corporate tax agreed on in 2021 will significantly impact ‘big tech’ (but US ratification unlikely at the moment) | EU initiated digital service tax has been adopted by several EU member states | Absent | 4 Moving towards a commonly shared digital tax standard |
Monopoly and competition | Absent | Articles on non-discriminatory treatment of digital products appear in digital partnership/trade agreements Still no rules on monopoly and competition for ‘big tech’ | Articles on non-discriminatory treatment of digital products included in some regional trade agreements: DEPA, CPTPP EU enforcement increasing | No governance, although this issue is driven by the private sector (e.g. FAANG) | 2 Largely absent |
Hardware (chips, 5G) | Absent | Largely absent Primary motivation behind limited alignment on accepted 5G/semiconductor providers is driven by US geopolitical push against Chinese 5G giant Huawei and semiconductor giant SMIC, risking bifurcation in global standards | 5G: The EU has launched non-binding frameworks such focusing on security of critical infrastructure and cybersecurity. Semiconductor: The EU has proposed the "European Chips Act" intended to increase chip research, production capacity and international cooperation, focusing on self-sufficiency | Large private players (e.g. Huawei and Qualcomm) build semiconductors and basic 5G infrastructure and determine their standards | 1 Absent, with risk of bifurcation and autarky |
From Table 2, we can draw several important lessons. First, the well-established nature of internet governance shows that governance in the digital domain is indeed possible. Internet governance was established several decades ago and is operated by largely independent and apolitical entities. However, times have changed. It is important to recognize the current geopolitical stakes and inherent international context that now constitutes multi-polarities of interest. Second, despite the absence of a centralized governance mechanism for digital trade, the language and framing of rules on digital trade as expressed in recent free-trade and digital partnership agreements are increasingly similar, and indicate some degree of convergence in the governance of digital trade. Finally, the domain that fairs most poorly in terms of governance is also the domain that is most politicized. The primary motivation behind limited alignment on accepted 5G or semiconductor providers is driven by the U.S. geopolitical push against Chinese 5G giant Huawei and semiconductor giant SMIC, risking bifurcation in global standards and encouraging autarkic behaviours such as the EU idea of "chips self-sufficiency".
As a reference, Table 3 offers a comparative summary of different approached used by the US, EU, China, and India. For a more detailed look at key legislation shaping digital governance in each jurisdiction, refer to Annex 2.
Table 3. Four competing approaches to digital governance
CHINA
| EUROPEAN UNION
|
---|---|
INDIA
| UNITED STATES
|
IV/ Conclusion and Global Digital Governance Proposals.
There is a huge disconnect between the speed of technological development, the scale of existential risks involved, and the acceleration of securitization on the one hand AND the supply of national / global governance and increase in human capacity on the other hand.
Political leaders are not yet incentivized to deal with this existential set of issues. They are distracted by short-term political urgencies and the acceleration of tit-for-tat rivalry.
A ‘digital Bretton Woods’ captures the spirit of global digital governance we should strive for. However, it is essential to recognize the radically different context of today compared to 1944. The lack of “global yearning for peace and stability” highlighted by Rohinton and Owen, is further aggravated by a new environment of multi-polarity and diffused interests. Thus, we may only be able to reach a thin global framework under current geopolitical conditions, and it can only be part of a larger multi-level and partly competitive effort to generate governance capacity.
The human solutions to the predicament cannot come from a single locus or look like responses to past governance issues. There will need to be multiple entry points with a networking and competitive dynamic among them – some from the G20, WTO, UN, some from club governance (G7, Quad, China-based solutions, along with bilateral forums such as the US-EU dialogue), and some from private actors, civil society networks, think tanks, and academic actors.
For any critical mass process of capacity development to occur in a such way, both catalyzing focal points and elements of coordination will be required. The global level may yet play a key signalling role or allow minimum convergence on dimensions of common interest. The G20 urgently needs an upgraded high-level working group on all digital governance questions.
It is also critical to develop rules for coexistence similar to arms control agreements for the large part of the digital and AI economy that is going to be fully decoupled and fragmented, especially between China, Russia, and the Western world.
REFERENCES CITED
Bartlett, J. (2018). The People vs Tech: How the Internet is killing democracy (and how we save it). Penguin.
Bostrom, N. (2015). Superintelligence: Paths, Dangers, Strategies. Oxford University Press.
Deibert, R. J. (2013). Black Code: Inside the Battle for Cyberspace. McClelland & Stewart.
Deibert, R. J. (2020). Reset: Reclaiming the Internet for Civil Society. House of Anansi Press.
Drezner, D. W., Farrell, H., & Newman, A. L. (Eds.). (2021). The Uses and Abuses of Weaponized Interdependence. Brookings Institution Press.
Farrell, H., & Newman, A. L. (2019). Weaponized Interdependence: How Global Economic Networks Shape State Coercion. International Security, 44(1), 42-79. https://doi.org/10.1162/isec_a_00351
Kahneman, D., Sibony, O., & Sunstein, C. R. (2021). Noise: a Flaw in Human Judgement. Little, Brown Spark.
Lee, K.-F. (2018). AI Super-Powers: China, Silicon Valley, and the New World Order. Houghton Mifflin Harcourt.
Lee, K.-F., & Chen, Q. (2021). AI 2041: Ten Visions for Our Future. Currency.
Ma, W. (2021). The Digital War: How China’s Tech Power Shapes the Future of AI, Blockchain, and Cyberspace. Wiley.
Medhora, R. P., & Owen, T. (2020). A Post-Covid-19 Digital Bretton Woods. Project Syndicate.
North, D. C. (1990). Institutions, institutional change and economic performance. Cambridge University Press.
Ord, T. (2020). The Precipice: Existential Risk and the Future of Humanity. Hachette Books.
Park, Y. J. (2021). The Future of Digital Surveillance: Why Digital Monitoring Will Never Lose its Appeal in a World of Algorithm-driven AI. University of Michigan Press.
Perlroth, N. (2020). This is How they Tell Me the World Ends: the Cyber-Weapons Arms Race. Bloombsbury Publishing.
Sagan, C. (1994). Pale Blue Dot: A Vision of the Human Future in Space. Random House.
Sanger, D. (2018). The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age. Scribe Publication.
Segal, A. (2016). The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age. Council on Foreign Relations.
Suominen, K. (2019). Revolutionizing World Trade: How Disruptive Technologies Open Opportunities for All. Stanford University Press.
Tegmark, M. (2017). Life 3.0: Being Human in the Age of Artificial Intelligence. Vintage Books.
West, D. M., & Allen, J. R. (2020). Turning Point: Policymaking in the Era of Artificial Intelligence. Brookings Institution Press.
Williamson, O. E. (1985). The Economic Institutions Of Capitalism : Firms, Markets, Relational Contracting. Free Press.
Zuboff, S. (2019). The Age of Surveillance Capitalism: the Fight for a Human Future at the New Frontier of Power. Public Affairs.
ADDITIONAL SOURCES USED:
TeleGeography Global Internet Research Service. The 2021 Global Internet Geography Executive Summary, 2021, page 2. https://blog.telegeography.com/2021-international-bandwidth-trends-demand-global-networks
Insider Intelligence. Global E-Commerce Forecast 2021. Zach Goldner, Peter Newman, Shelleen Shum, Peter Vahle, Debra Aho Williamson. Page 2. https://content-na2.emarketer.com/global-ecommerce-forecast-2021
The World Bank, World GDP (constant 2015 US$). https://data.worldbank.org/indicator/NY.GDP.MKTP.KD
GSMA, Mobile Money Metrics, https://www.gsma.com/mobilemoneymetrics/#global
Fortunate Business Insight, Market Research Report, September 2021. https://www.fortunebusinessinsights.com/industry-reports/toc/artificial-intelligence-market-100114
Facts and Factors Research, Global Autonomous Car Market, August 2021. https://www.fnfresearch.com/autonomous-cars-market
Emergen Research, Facial Recognition Market, April 2021. https://www.emergenresearch.com/industry-report/facial-recognition-market
The European Union, General Data Protection Regulation (GDPR), 27 April 2016. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
India, The Personal Data Protection Bill, 2019, Bill No. 373 of 2019. http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf
The State of California, California Consumer Privacy Act (CCPA), 2018. https://oag.ca.gov/privacy/ccpa
Canada, Personal Information Protection and Electronic Documents Act, 21 June 2019. https://laws-lois.justice.gc.ca/PDF/P-8.6.pdf
China, Data Security Law of the People’s Republic of China, 10 June 2019. http://www.npc.gov.cn/npc/c30834/202106/7c9af12f51334a73b56d7938f99a788a.shtml
China, Personal Information Protection Law of the People’s Republic of China, 20 Aug 2021. https://digichina.stanford.edu/work/translation-personal-information-protection-law-of-the-peoples-republic-of-china-effective-nov-1-2021/
ANNEX 1: Detailed look at current digital governance tools and policies
Governance tool or policy | Year | Scope of application | |
---|---|---|---|
Internet governance | ICANN, Uniform Domain-Name Dispute-Resolution Policy | 1999 | Global |
Internet Assigned Numbers Authority (IANA) | 1988 | Global | |
Internet Engineering Task Force (IETF) | 1986 | Global | |
Data governance | General Data Protection Regulation (GDPR) | 2016 | EU |
Digital Economy Partnership Agreement (DEPA) | 2020 | Singapore, New Zealand, Chile | |
Singapore-Australia Digital Economy Agreement (SADEA) | 2020 | Singapore, Australia | |
CPTPP | 2018 | Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam | |
USMCA | 2020 | Canada, US, Mexico | |
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data | 2013 | OECD | |
APEC Privacy Framework | 2005 | APEC member economies | |
APEC Cross-Border Privacy Rules System (CPBR) | 2005 | Businesses and governments in APEC region | |
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) | 1981 | EU + 6 non-European states | |
AU convention on cyber security and personal data protection | 2014 | AU | |
ASEAN framework on personal data protection | 2016 | ASEAN | |
ECOWAS Supplementary Act A/SA. 1/01/10 on Personal Data Protection | 2010 | ECOWAS (West Africa) | |
Data Protection Standards of the Ibero-American States | 2017 | (OIE) Ibero-American states | |
G8 open data charter | 2013 | G8 (G7 + Russia) | |
Privacy Shield | 2016-2020 | EU, Switzerland, US | |
Safe Harbor | 2000-2015 | EU, Switzerland, US | |
G20 ministerial statement on trade and digital economy (section 2 on data free flow with trust) | 2019 | G20 | |
Digital trade | United Nations Convention on the Use of Electronic Communications in International Contracts | 2013 (entry into force) | Global |
UNCITRAL Model Law on Electronic Commerce (1996) with additional article 5 bis as adopted in 1998 | 1996/1998 | Global | |
ESCWA Directives for the Regional Harmonization of Cyber Legislation | 2012 | MENA | |
SADC Model Law on Electronic Transactions and Electronic Commerce | 2013 | South African Development Community | |
UNCITRAL Model Law on Electronic Signatures (2001) | 2001 | Global | |
ECOWAS Supplementary Act A/SA.2/01/10 on electronic transactions | 2010 | ECOWAS (West Africa) | |
OECD Recommendation of the Council on Consumer protection in e-commerce | 2016 | OECD | |
The Framework Agreement on Facilitation of Cross-border Paperless Trade in Asia and the Pacific | 2021 | Asia and Pacific | |
UNCITRAL Model Law on Electronic Transferable Records | 2017 | Global | |
Digital Economy Partnership Agreement (DEPA) | 2020 | Singapore, New Zealand, Chile | |
Singapore-Australia Digital Economy Agreement (SADEA) | 2020 | Singapore, Australia | |
CPTPP | 2018 | Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam | |
US-Japan Digital Trade Agreement | 2019 | US, Japan | |
G20 ministerial statement on trade and digital economy | 2019 | G20 | |
Cyber security | OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity | 2015 | OECD |
OECD Recommendation on Digital Security of Critical Activities | 2019 | OECD | |
Wassenaar Arrangement | 1996 | Global membership (most are EU or NATO members) | |
The Convention on Cybercrime of the Council of Europe (Budapest Convention) | 2004 | Europe | |
ECOWAS Directive C/DIR/1/08/11 on Fighting Cyber Crime | 2011 | ECOWAS (West Africa) | |
OECD Guidelines on Cryptography Policy | 1997, with 5 year reviews since | OECD | |
Paris Call for Trust and Security in Cyberspace | 2018 | Global | |
AU convention on cyber security and personal data protection | 2014 | AU | |
Arab Convention on Combating Information Technology Offenses | 2010 | League of Arab States | |
NIS Directive | 2016 | EU | |
EU cybersecurity act | 2018 | EU | |
Southern African Development Community Model Laws on Cybercrime | 2013 | South African Development Community | |
UNGGE Consensus Report of 2015 | 2015 | Global | |
Shanghai Cooperation Organization Agreement on Cooperation in the Field of Ensuring the International Information Security | 2008 | Private | |
Siemens, Charter of Trust | 2018 | Private | |
Microsoft, Cybersecurity tech accord | 2018 | Private | |
Kaspersky, Global transparency initiative | 2017 | Private | |
IoT Security Policy Platform | 2019 | Global | |
Global Commission on Stability of Cyberspace | 2015 | Global | |
Model Legislative Texts of Cybercrime/e-Crimes and Electronic Evidence | 2012 | Caribbean Community (CARICOM) | |
NATO cyber defence pledge | 2016 | NATO | |
Rules against misinformation, violence, etc. | Only national level rules | ||
Mobile payments | The E-money Directive | 2009 | EU |
AI | OECD AI Principles | 2019 | OECD + some non-OECD countries |
G20 Human-centred AI principles | 2019 | G20 | |
WEF AI procurement guidelines | 2020 | Global | |
GPA resolution on accountability in usage of AI | 2020 | Global | |
Harmonized Rules on AI | 2021 | EU | |
European strategy on AI | 2018 | EU | |
Taxation | 15% corporate tax (not yet translated into national legislations) | 2021 | Global |
Monopoly and competition | Digital Economy Partnership Agreement (DEPA) Art. 3.3 | 2020 | Singapore, New Zealand, Chile |
Singapore-Australia Digital Economy Agreement (SADEA) Art 6 | 2020 | Singapore, Australia | |
CPTPP Art 14.4 | 2018 | Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam | |
US-Japan Digital Trade Agreement Art. 8 | 2019 | US, Japan | |
Hardware (chips, 5G) | WTO Information Technology Agreement (2015 update) | 2015 | Global |
ANNEX 2: Comparative look at key indicators in data protection legislations
Indicators | INDIA (Personal Data Protection Bill)* | EU (General Data Protection Regulation) | US (California Consumer Privacy Act) | CHINA (Data Security Law) | CHINA (Personal Information Protection Law) |
Extent of privacy protections | All personal data | All personal data | All personal data Complements existing data privacy laws | Any record of information in electronic or other forms | All personal data within the mainland territory of the People’s Republic of China |
Scope of definition of personal data | Identifiable individuals | Identifiable individuals | Identifiable individuals + households | Citizens and organizations | Identifiable individuals Excluding anonymized information |
Protected persons | Natural persons that reside in India or whose information is processed on Indian territories | Natural persons that reside in EU or whose information is processed on EU territories | Natural persons that reside in California | All data handling within mainland PRC | Natural persons that reside within the mainland territory |
Government exemption | Yes Government may exempt any government agency | Yes State data processing is subject to national legislation | Yes | No Section V outlines government responsibilities | Yes Article 18 and 35 outline contexts of government exemption |
Prohibition and minimization of personal data processing | Yes | Yes | No Minimal restrictions, opt-out system | No | Yes |
Global scope of applicability | Yes Any companies that use personal data of Indian residents or process personal data on Indian territories | Yes Any companies that use personal data of EU residents or process personal data on EU territories | Yes Any companies that process or use data of California residents | Yes Mainly applies to the data processing activities in China but includes certain extra-territorial application: any data processing performed outside of the Chinese territory but harms China’s national security, public interest, or legal rights and interest of its citizens and organizations shall be imposed with legal liabilities | Yes Any companies involved in processing the personal information of Chinese citizens |
Rights of data subjects 1. Right to access 2. Right to portability 3. Right to be forgotten | Yes Limited right to be forgotten | Yes | Yes | Yes | Yes Right to portability subject to conditions stipulated by the Cyberspace Administration of China |
Regulation of sale of personal data | Yes Penalties for data sold in violation of PDPB | No | Yes Consumer-oriented regulation | n/a | Yes Regulates commercial use of data |
Data security and breach notifications | Yes | Yes | Yes | No | Yes |
International transfer restrictions | Yes Copy of personal data must be stored in India | Yes Adequacy decisions or bilateral agreements | No | Yes Limits on provision of data to entities abroad | Yes Requires passing a safety assessment and a personal information protection certification Recipient must provide comparable level of protection Provisions in international treaties and agreements may be implemented |
Data residency requirements | Yes Copy of personal data must be stored in India | No | No | Yes | Yes Personal data handled by state organs must be stored in the PRC; exemption requires security assessment |
Data processing contract requirement | Yes | Yes | No | Yes | No |
Age of children and consent issues | Parental consent for <18 | Parental consent for <16 | Parental consent for <13 Prior personal consent for <16 | n/a | Parental consent for <14 |
Penalties and enforcement | Up to ₹50m or 2% of global turnover for violation of administrative articles Up to ₹150m or 4% of global turnover for more serious violations | Up to €10m or 4% of global turnover for violation of administrative articles Up to €20m or 4% of global turnover for violation of core/principle articles | Up to USD$2.5k per violation Up to $7.5k per intentional violation | ¥50-400k for administrative violation ¥500k-2m for large violation or data leak ¥2-10m for violations that endanger national sovereignty or security | Organizations: Up to 5% of annual revenue of the previous year or ¥50m Personnel: ¥100k-¥1m |
National security consideration | No | No | No | Yes | Yes |
* Incoming legislation