Skip to main content
SearchLoginLogin or Signup

Existential gap: Digital/AI acceleration and the missing global governance capacity

Published onDec 06, 2021
Existential gap: Digital/AI acceleration and the missing global governance capacity

Introduction

Many of the dangers we face indeed arise from science and technology – but, more fundamentally, because we have become powerful without becoming commensurately wise. The world-altering powers that technology has delivered into our hands now require a degree of consideration and foresight that has never before been asked of us (Sagan, 1994, pp. 316-317).

We are facing an ever-growing gap between the phenomenal acceleration of technology and of connectivity on the one hand, and the human capacity to manage these trends. The gap is well-documented in the fields of finance, climate change, pandemics, or nuclear risks. But the contrast between the exponential growth of disruptive technology and the lackluster supply of governance mechanisms is starkest in the fields of digital governance and artificial intelligence.

That gap becomes existential when we consider the likely future development of artificial general intelligence (AGI)(Ord, 2020) or superintelligence (Bostrom, 2015) that can be misaligned with human values or even the goal of ensuring the continuity of human existence. This question of the governance of life with AI may be the most essential question of our time (Tegmark, 2017); but you would not know it from the current output of global governance in this field. Summarizing the judgement of many scientists in the field, Ord argues that unaligned AGI is actually the number one global existential risk for humanity, with a 10% chance of human extinction within 100 years. The prophesized existential threats posed by extreme and accelerated technological advancement and expansion have never been as close to reality, as they are now. As noted by Yuval Noah Harari and Daniel Kahneman in a recent conversation, the task of taming and governing the digital/AI revolution is daunting. Humanity may have no slack for a mistake this time around, given the existential consequences of such a mistake.1

Today, we already benefit from tremendous digital or AI innovations in e-commerce, social media and communication, home management, work, healthcare, education, transportation, and entertainment (West & Allen, 2020). We can foresee that AI-driven algorithms may soon be able to correct human judgement flaws (or noise) caused by fatigue, irregularity, emotions, and other weaknesses, afflictions that can generate variation in decisions by up to 50% (Kahneman et al., 2021). Within two decades, we can envisage a world with generalized deep learning and virtual reality, computer vision, contactless love, fully autonomous vehicles in most advanced and emerging economies, autonomous weapons in militaries, and a dream of plenitude (Lee & Chen, 2021).

Yet, today, we witness tremendous havoc created by the explosion of social anger, exacerbated by sophisticated social media algorithms, deep polarization, the return of tribal politics, the loss of agreed truths and the spread of misinformation and dangerous conspiracies, the loss of privacy, the rise of massive and uber-powerful tech companies, and massive job displacement and inequality (Bartlett, 2018). Influence operations by foreign states have also amplified such social anger and polarization in many democracies, adding a degree of external threat and urgency. We also live with a world of security-driven digital decoupling between the United States and China (Ma, 2021). In other words, the digital revolution is moving faster than the human capacity to cope with it, embed it within a public good-oriented framework, and steer its disruptive power toward a non-destructive direction.

The problem is visible at the national level but particularly salient at the global level. Digital/data governance is fragmenting among at least four poles: a U.S. model with maximum innovation and limited regulation, an EU model with a strong regulatory balance, an India model with an emphasis on digital sovereignty and infant industry protection (applicable to other developing countries), and a Chinese model with both rapid innovation, strong state control, and surveillance. Our global governance capacity is affected by multiple splits: a U.S.-EU split over privacy, tax, and anti-monopoly regulations; an India-West split over data ownership and first mover advantage, and, worst of all, a potential digital cold war between the U.S. (and its allies) and China. In response to this dire need for governance, Medhora & Owen, (2020) have proposed a need for a new fundamental effort at coordinated governance – or a ‘digital Bretton Woods’. While fundamental international conditions and global distribution of power today differ drastically from the Bretton Woods era, a high-stake and fragmented digital world is in dire need of such renewed cooperative spirit.

Recognizing the gap in digital governance, we ask the following questions: what is the scale of the gap in governance relative to requirements needed to keep the digital economy afloat? And what could be a pathway forward in the context of the growing securitization and increasing divides?

It is urgent to raise a sense of awareness, mobilize all social and public actors around this urgent dilemma, and catalyze a multi-level effort to address this conundrum. We argue that no global, regional, or national institution alone will be able to deliver the right governance capacity. Instead, we recommend a highly reactive, innovative and competitive model of networked governance that operates at multiple levels with key nodes and catalysts.

Governance innovation must keep pace with technological innovation. Given how far the digital cold war has already proceeded and the currently low capacity to cooperate between the U.S. and China, part of the solution will need to involve clubs and alliances of countries and non-state actors. At the same time, some level of global coordination and basic rules for global coexistence are crucial for success in managing this existential threat. The G20 is one critical venue for such work, even though it has not delivered so far.


I / Key Indicators on the Exponential Rise of the Digital Economy

Over the last few years, and particularly during the COVID-19 pandemic period, the digital economy has experienced an exponential rise and begun to transform human interactions, production and trade (Suominen, 2019). In Table 1, we offer a review of selected indicators on cross-border data flows and digitalization. It is clear that digital trade and cross-border data flows, along with other digital innovations are rising faster than physical trade flows.

Table 1. Summary of Key Indicators on the Explosion of the Digital Economy


2017

2018

2019

2020

2021

Cross-border Data flows, measured by bandwidth (Gbps)

286,104

362,031

453,709

608,768

785,635*

E-commerce as a % of global GDP

2.96%

3.53%

3.94%

5.14%

5.69%*

Cross-border mobile payments (USD, billion)

379.6

529.25

627.8

766.6

-

AI economy size (USD, billions)

-

-

27.23

35.92

47.47*

Self-driving cars growth trend

Expected to grow from USD 23.33 billion in 2020 to reach 64.88 billion by 2026, at 22.7% annual CAGR growth during forecast period of 2021-2026.

Facial recognition growth trend

Expected to grow from USD 4.29 billion in 2020 to reach USD 13.87 billion in 2028, at 15.7% CAGR growth during forecast period 2021-2028.

*Numbers with an asterisk are projected data.

Data on cross-border data flows retrieved from TeleGeography; Data on e-commerce as a % of global GDP derived from global e-commerce value and global GDP; global e-commerce value data retrieved from Insider Intelligence; global GDP data retrieved from World Bank; Data on cross-border mobile payments retrieved from GSMA; Data on AI economy size retrieved from Fortune Business Insights; Data on self-driving cars growth trend retrieved from Facts and Factors Research; Data on facial recognition growth trend retrieved from Emergen Research.

Table 1 shows that key components of the digital economy, including e-commerce, AI economy, and cross-border mobile payments, have experienced steady growth since 2017, and are projected to continue growing. 2020 saw the sharpest growth in several components, likely due to mobility constraints and increased reliance on digital tools associated with the COVID-19 pandemic. While current data illustrates useful trends, it is important to note that the volume of digital trade – a key component of data on the digital economy – is very hard to measure. 2 This is in part due to the lack of a shared definition of what constitutes digital trade, highlighting a need for technocratic standardization as a basis for high-level digital governance.

II / Why Addressing the Digital Governance Gap Matters

We offer here a typology of risks involved in the digital governance gap:

  1. Under-Institutionalized Markets (North, 1990; Williamson, 1985): all markets require basic rules and governance to ensure trust, accountability, resilience, and to prevent abuse by potential oligopolistic players. Global markets require global institutions. Digital governance is a new domain, where innovators and disruptors have been able to run ahead of rule-making. We are emerging from more than two decades of an under-institutionalized digital economy, in which many large imbalances and market deficiencies are appearing in every society around the world.

  2. Unprecedented Power of Digital Companies: the current moment may be the first time in human history that a private company such as Facebook (Meta) has the ability on its own to screen messages of leaders and politicians from every country in the world, except China, North Korea, Cuba, and maybe Iran. And this global function is only peripheral to Facebook’s core business, with just hundreds of assigned staff. In other words, Facebook, along with Twitter and a couple more giant for-profit digital companies, have acquired in less than fifteen years the power to control information, emotions, narratives, and political/social mobilization in the majority of countries of the world, including the United States. And they are generating disproportionate profits from this dominant position.

All this is taking place in a near complete vacuum of digital governance. Most countries outside the US and China have limited power to regulate and control these US-based and China-based global digital companies. The US government retains residual power to do so, but has been unable to act due to constitutional constraints and great polarization in Congress. China (behind its Internet fire-wall) has already started wrestling with this power and cracking down on its own giants. India has started to pass restricting measures on the power and freedom of social-media companies on its territory. The EU is taking its own regulatory path through the GDPR and its successor currently under negotiations, as well as tough competition rules, within the constraints of its relative weak position in the space (no EU-based digital giants). But the governance gap remains enormous in the US and many other countries, as well as at the global level.

  1. Risk of Explosive Social Disruptions and Inequality: the scale of disruption induced by digital and AI innovation under current IP protection and lack of redistribution accrues immense winner-take-all benefits to first movers. We are witnessing at the same time a historic concentration of capital and wealth and growing numbers of displaced or laid-off workers in declining industries. We can soon expect to have digital entrepreneurs with a net worth of $1 Trillion (from a quarter of a trillion so far with Elon Musk and Jeff Bezos), alongside massive job displacement. Such fast-paced social dislocation and inequality could prove politically explosive and very hard to manage (Lee, 2018). No social system is ready - and the global governance is not ready either. The viability of modern states is also at stake, as their revenue base keeps eroding. In the late 19th century, when the oil and railroad revolutions generated similar concentration of wealth, it took all the power and energy of a Teddy Roosevelt to tame these forces. We don’t have such capacity today.

  2. Global Systemic Risks: the global digital economy is extraordinarily interconnected and fast-paced. It encompasses data flows, e-commerce, mobile payments, digital currency (with increasing future prevalence), AI algorithms, fully automated cars and weapons. Is the current system resilient against contagion effects or collapse? What is the safety net in case of a crisis?

  3. Loss of Privacy and Potential Loss of Human Freedom: the rise of the surveillance state is an extreme reality in China, including in repression operations. But it is also a reality all over the world. Companies like Google and Facebook not only have more data about each individual than they can imagine, but also the capacity to couple this data with future AI algorithms for all kinds of usage. For the first time in human history, most humans have handed over fundamentally private information to either giant private actors, states, or both. Even worse, regulatory breaches (cf Cambridge Analytica) give political or criminal actors access to important and strategic data, with which they can manipulate human psychology.

  4. Democratic Existential Crisis: the explosion and equalization of information, and the intensification of complexity have eroded any sense of agreed truth and reality within most nations. Social media has unexpectedly accelerated polarization, amplified echo chambers, and closed loops among like-minded individuals, greatly contributing to extreme polarization in many societies across the planet. Absurd conspiracies can spread virally and inspire violent actions by large spontaneous groups, as shown by the January 6 insurrection in the United States (with a large number of people mobilized by QAnon beliefs).

At a deeper level, new understandings about the concept of extended mind in psychology show that humans are increasingly delegating part of their thinking processes to smart phones and their algorithm-driven suggestions devised to serve profit-seeking companies (cf work by Peter Reiner).3 Human behavior may be profoundly changing in ways never seen before, which our democratic institutions are not ready for. Facebook’s move to a metaverse world that can attract humans to spend time and to be transformed in a totally unregulated environment has the potential to further increase this risk.

  1. External cyber-threats to democracy: The current digitalized world is also increasingly used as tool to undermine democracy from the outside. Russia’s interference in the 2016 American presidential election through social campaigns highlights the extent to which an unregulated digital sphere could undermine democratic institutions. China’s propaganda efforts on platforms such as Twitter and YouTube during the 2020 Taiwanese presidential election are yet another example that an unregulated cyberspace could warrant injudicious digital campaigns. More recently, the sale of Israeli spyware Pegasus to various governments – who in turn used it for malicious efforts against other states, and individuals like journalists, reporters, and human rights activists.

  2. Rise of cybercrimes, cyberpiracy, and cyberattacks (Deibert, 2013, 2020; Sanger, 2018). The open structure of the Internet has left great space for hackers organized gangs. Worse, the existence of an illegal black market incentivizes smart young digital talents in many places around the world to look for zero-day loopholes in operating systems and sell those to highest bidders, including national security agencies of many countries (Perlroth, 2020). This quickly escalates into a growing cyberspying competition and even cyberwar (Segal, 2016).

  3. Fragmentation of the Internet and of the Digital Economy into Rival Spheres (splinternet), and Weaponization of Interdependence (Drezner et al., 2021; Farrell & Newman, 2019; Ma, 2021; Suominen, 2019). The raising of stakes in the digital economy, the sudden acceleration of the digital transformation in China, the intensification of security competition, and the high prevalence of dual use technologies in the digital/AI space have led to an increasing potential for a digital Cold War, as well as other fractures among various regional poles.

As Ma writes: “all in all, U.S.-China tech decoupling is real and accelerating. Hence, the digital economy is in a vital conflict and crisis: the global tech world, together with at least part of the world economy, is now fractured into two-and potential more (…) spheres of influence, whereas tech entrepreneurs are driving the prospect of a technological singularity, hyper-connected society, and internet of everything” (Ma 2021: 42).

This decoupling is extremely risky, because it is abrupt, driven by fears, and not negotiated. It leads to highly explosive tit-for-tat measures that are hard to contain. This process massively interferes with the human effort to generate a global governance framework.

III/ Measuring the Digital Global Governance Gap

In Table 2 (and in greater detail, Annex 1), we offer a summary of existing digital governance at the global, regional, club, or national levels. Overall, we evaluate that the governance of basic internet functions remains surprisingly resilient (8/10), but other dimensions of digital and AI governance are extremely weak (2/10 in most cases).

One powerful indicator that highlights the gap between the risks outlined above and the current state of global governance is found in the latest G20 Leaders Declaration in Rome (October 31, 2021). The focus remains on sharing the gains of digital innovation for green economy, education, and economic growth. However, the digital economy gets only brief mentions toward the latter part of the declaration with generic and toothless statements such as the following:

“In cooperation with social partners, we will adopt human-centered policy approaches to promote social dialogue and to ensure greater social justice; safe and healthy working conditions; and decent work for all, including within global supply chains. To reduce inequalities, eradicate poverty, support worker transitions and reintegration in labour markets and promote inclusive and sustainable growth, we will strengthen our social protection systems” (Paragraph 35).

“We recognize the role of technology and innovation as key enablers for the global recovery and sustainable development. (…) With this in mind, we will work to strengthen bilateral and multilateral cooperation to secure our ICT, address shared vulnerabilities and threats, and combat cybercrime.” (Paragraph 46).

“Well aware of the benefits stemming from the responsible use and development of trustworthy human-centered Artificial Intelligence (AI), we will advance the implementation of the G20 AI Principles.” (Paragraph 47).

“We will also continue to further common understanding and to work towards identifying commonalities, complementarities and elements of convergence between existing regulatory approaches and instruments enabling data to flow with trust, in order to foster future interoperability. Recognizing the responsibility of digital service providers, we will work in 2022 towards enhancing confidence in the digital environment by improving internet safety and countering online abuse, hate speech, online violence and terrorism while protecting human rights and fundamental freedoms.” (Paragraph 48).

This summary of current global digital governance reveals the extent of the gap with what is at stake!


Table 2. Evaluation of what we have and of the gap to a functional global system, under conditions of securitization and great power rivalry


Global rules 2015

Global rules today, differential

Regional and mega-regional governance

Private governance

Aggregate index of governance capacity (1-10)

Internet governance

Well-established, comprehensive rules since late 80s and early 90s

No real difference from 2015, governing bodies less connected to US government 

Absent

Governing bodies are mostly private entities (e.g. ICANN)

8

Relatively well-developed

Data governance 

Limited and non-binding guidelines and frameworks, mostly focusing on privacy and personal data protection

Notable increase in regional and national binding rules targeting privacy and personal data protection since 2015

Globally fragmented approach to cross-border data transfer with some national legislations focusing on data localization

Regional regulation or shared standards focusing on privacy and personal information protection developed by EU, ASEAN, ECOWAS, OIE

EU GDPR provides robust blueprint for numerous domestic legislation

Private data governance focuses on organizational data security, has no global rulemaking power or initiative. 

6

Limited success with regards to privacy and personal information protection

Digital trade

Often appears as a part of bilateral/multilateral FTAs

A mixture of a few binding and non-binding initiatives targeting e-commerce

No global digital trade framework and rules; no clear and commonly accepted definition of digital trade

Increasing number of regional digital trade agreements (e.g. DEPA, SADEA)

No progress on global digital trade framework and rules or clear and commonly accepted definition of digital trade

Regional digital trade governance increasingly popular in absence of global digital trade framework

Absent

5

Fragmented; some efforts at regional governance

Cyber security

Some regional conventions or shared frameworks

Wassenaar Arrangement is most relevant piece of governance

Several OECD recommendations

No major difference in binding rules or governance

Regional organizations active in promoting shared principles: NATO, CARICOM, South African Development Community, League of Arab States, ECOWAS

Many private initiatives emerging since 2015 (e.g. Siemens Charter of Trust, Microsoft Cybersecurity tech accord, Kaspersky, Global transparency initiative)

3

Outdated and/or non-binding

Rules against misinformation, violence, etc.

Absent

Some laws and taskforces at national level

Absent

Absent

2

Largely absent

Mobile payments

National regulations focusing on ensuring competition and interoperability

No global regulatory framework

No difference from 2015, despite significant growth in mobile payment volume

Absent

Absent

3

Fragmented

AI

Absent

Increasing number of shared rules and principles, no binding rules or governance

EU harmonized rules on AI in process of development

Absent

2

Largely absent

Taxation

Absent

No global digital service tax; several individual countries have adopted digital service tax

Global minimum 15% corporate tax agreed on in 2021 will significantly impact ‘big tech’ (but US ratification unlikely at the moment)

EU initiated digital service tax has been adopted by several EU member states

Absent

4

Moving towards a commonly shared digital tax standard

Monopoly and competition

Absent

Articles on non-discriminatory treatment of digital products appear in digital partnership/trade agreements

Still no rules on monopoly and competition for ‘big tech’

Articles on non-discriminatory treatment of digital products included in some regional trade agreements: DEPA, CPTPP

EU enforcement increasing

No governance, although this issue is driven by the private sector (e.g. FAANG)

2

Largely absent

Hardware (chips, 5G)

Absent

Largely absent

Primary motivation behind limited alignment on accepted 5G/semiconductor providers is driven by US geopolitical push against Chinese 5G giant Huawei and semiconductor giant SMIC, risking bifurcation in global standards

5G: The EU has launched non-binding frameworks such focusing on security of critical infrastructure and cybersecurity.

Semiconductor: The EU has proposed the "European Chips Act" intended to increase chip research, production capacity and international cooperation, focusing on self-sufficiency

Large private players (e.g. Huawei and Qualcomm) build semiconductors and basic 5G infrastructure and determine their standards

1

Absent, with risk of bifurcation and autarky

From Table 2, we can draw several important lessons. First, the well-established nature of internet governance shows that governance in the digital domain is indeed possible. Internet governance was established several decades ago and is operated by largely independent and apolitical entities. However, times have changed. It is important to recognize the current geopolitical stakes and inherent international context that now constitutes multi-polarities of interest. Second, despite the absence of a centralized governance mechanism for digital trade, the language and framing of rules on digital trade as expressed in recent free-trade and digital partnership agreements are increasingly similar, and indicate some degree of convergence in the governance of digital trade. Finally, the domain that fairs most poorly in terms of governance is also the domain that is most politicized. The primary motivation behind limited alignment on accepted 5G or semiconductor providers is driven by the U.S. geopolitical push against Chinese 5G giant Huawei and semiconductor giant SMIC, risking bifurcation in global standards and encouraging autarkic behaviours such as the EU idea of "chips self-sufficiency".

As a reference, Table 3 offers a comparative summary of different approached used by the US, EU, China, and India. For a more detailed look at key legislation shaping digital governance in each jurisdiction, refer to Annex 2.

Table 3. Four competing approaches to digital governance

CHINA

  • Focuses on innovation and national security

  • Cracking down on private tech firms

  • Not committed to data localization or free flows yet

EUROPEAN UNION

  • Centred around privacy and human rights

  • Pro taxation, anti-monopoly

  • First mover advantage in norm setting (e.g., GDPR)

INDIA

  • Prefers data localization

  • Infant industry protection

  • Wants developing countries to be more involved in shaping tech governance

UNITED STATES

  • Dominated by big tech

  • No federal legislation

  • Pro data free flow

  • Wants to minimize barriers to free trade

IV/ Conclusion and Global Digital Governance Proposals.

  1. There is a huge disconnect between the speed of technological development, the scale of existential risks involved, and the acceleration of securitization on the one hand AND the supply of national / global governance and increase in human capacity on the other hand.

  2. Political leaders are not yet incentivized to deal with this existential set of issues. They are distracted by short-term political urgencies and the acceleration of tit-for-tat rivalry.

  3. A ‘digital Bretton Woods’ captures the spirit of global digital governance we should strive for. However, it is essential to recognize the radically different context of today compared to 1944. The lack of “global yearning for peace and stability” highlighted by Rohinton and Owen, is further aggravated by a new environment of multi-polarity and diffused interests. Thus, we may only be able to reach a thin global framework under current geopolitical conditions, and it can only be part of a larger multi-level and partly competitive effort to generate governance capacity.

  4. The human solutions to the predicament cannot come from a single locus or look like responses to past governance issues. There will need to be multiple entry points with a networking and competitive dynamic among them – some from the G20, WTO, UN, some from club governance (G7, Quad, China-based solutions, along with bilateral forums such as the US-EU dialogue), and some from private actors, civil society networks, think tanks, and academic actors.

  5. For any critical mass process of capacity development to occur in a such way, both catalyzing focal points and elements of coordination will be required. The global level may yet play a key signalling role or allow minimum convergence on dimensions of common interest. The G20 urgently needs an upgraded high-level working group on all digital governance questions.

  6. It is also critical to develop rules for coexistence similar to arms control agreements for the large part of the digital and AI economy that is going to be fully decoupled and fragmented, especially between China, Russia, and the Western world.


REFERENCES CITED

Bartlett, J. (2018). The People vs Tech: How the Internet is killing democracy (and how we save it). Penguin.

Bostrom, N. (2015). Superintelligence: Paths, Dangers, Strategies. Oxford University Press.

Deibert, R. J. (2013). Black Code: Inside the Battle for Cyberspace. McClelland & Stewart. 

Deibert, R. J. (2020). Reset: Reclaiming the Internet for Civil Society. House of Anansi Press. 

Drezner, D. W., Farrell, H., & Newman, A. L. (Eds.). (2021). The Uses and Abuses of Weaponized Interdependence. Brookings Institution Press.

Farrell, H., & Newman, A. L. (2019). Weaponized Interdependence: How Global Economic Networks Shape State Coercion. International Security, 44(1), 42-79. https://doi.org/10.1162/isec_a_00351

Kahneman, D., Sibony, O., & Sunstein, C. R. (2021). Noise: a Flaw in Human Judgement. Little, Brown Spark.

Lee, K.-F. (2018). AI Super-Powers: China, Silicon Valley, and the New World Order. Houghton Mifflin Harcourt.

Lee, K.-F., & Chen, Q. (2021). AI 2041: Ten Visions for Our Future. Currency.

Ma, W. (2021). The Digital War: How China’s Tech Power Shapes the Future of AI, Blockchain, and Cyberspace. Wiley.

Medhora, R. P., & Owen, T. (2020). A Post-Covid-19 Digital Bretton Woods. Project Syndicate.

North, D. C. (1990). Institutions, institutional change and economic performance. Cambridge University Press.

Ord, T. (2020). The Precipice: Existential Risk and the Future of Humanity. Hachette Books.

Park, Y. J. (2021). The Future of Digital Surveillance: Why Digital Monitoring Will Never Lose its Appeal in a World of Algorithm-driven AI. University of Michigan Press.

Perlroth, N. (2020). This is How they Tell Me the World Ends: the Cyber-Weapons Arms Race. Bloombsbury Publishing.

Sagan, C. (1994). Pale Blue Dot: A Vision of the Human Future in Space. Random House.

Sanger, D. (2018). The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age. Scribe Publication.

Segal, A. (2016). The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age. Council on Foreign Relations.

Suominen, K. (2019). Revolutionizing World Trade: How Disruptive Technologies Open Opportunities for All. Stanford University Press.

Tegmark, M. (2017). Life 3.0: Being Human in the Age of Artificial Intelligence. Vintage Books.

West, D. M., & Allen, J. R. (2020). Turning Point: Policymaking in the Era of Artificial Intelligence. Brookings Institution Press.

Williamson, O. E. (1985). The Economic Institutions Of Capitalism : Firms, Markets, Relational Contracting. Free Press.

Zuboff, S. (2019). The Age of Surveillance Capitalism: the Fight for a Human Future at the New Frontier of Power. Public Affairs.


ADDITIONAL SOURCES USED:

TeleGeography Global Internet Research Service. The 2021 Global Internet Geography Executive Summary, 2021, page 2. https://blog.telegeography.com/2021-international-bandwidth-trends-demand-global-networks

Insider Intelligence. Global E-Commerce Forecast 2021. Zach Goldner, Peter Newman, Shelleen Shum, Peter Vahle, Debra Aho Williamson. Page 2. https://content-na2.emarketer.com/global-ecommerce-forecast-2021

The World Bank, World GDP (constant 2015 US$). https://data.worldbank.org/indicator/NY.GDP.MKTP.KD

GSMA, Mobile Money Metrics, https://www.gsma.com/mobilemoneymetrics/#global

Fortunate Business Insight, Market Research Report, September 2021. https://www.fortunebusinessinsights.com/industry-reports/toc/artificial-intelligence-market-100114

Facts and Factors Research, Global Autonomous Car Market, August 2021. https://www.fnfresearch.com/autonomous-cars-market

Emergen Research, Facial Recognition Market, April 2021. https://www.emergenresearch.com/industry-report/facial-recognition-market

The European Union, General Data Protection Regulation (GDPR), 27 April 2016. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

India, The Personal Data Protection Bill, 2019, Bill No. 373 of 2019. http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf

The State of California, California Consumer Privacy Act (CCPA), 2018. https://oag.ca.gov/privacy/ccpa

Canada, Personal Information Protection and Electronic Documents Act, 21 June 2019. https://laws-lois.justice.gc.ca/PDF/P-8.6.pdf

China, Data Security Law of the People’s Republic of China, 10 June 2019. http://www.npc.gov.cn/npc/c30834/202106/7c9af12f51334a73b56d7938f99a788a.shtml

China, Personal Information Protection Law of the People’s Republic of China, 20 Aug 2021. https://digichina.stanford.edu/work/translation-personal-information-protection-law-of-the-peoples-republic-of-china-effective-nov-1-2021/

ANNEX 1: Detailed look at current digital governance tools and policies


Governance tool or policy

Year

Scope of application

Internet governance

ICANN, Uniform Domain-Name Dispute-Resolution Policy

1999

Global

Internet Assigned Numbers Authority (IANA)

1988

Global

Internet Engineering Task Force (IETF)

1986

Global

Data governance 

General Data Protection Regulation (GDPR)

2016

EU

Digital Economy Partnership Agreement (DEPA)

2020

Singapore, New Zealand, Chile

Singapore-Australia Digital Economy Agreement (SADEA)

2020

Singapore, Australia

CPTPP

2018

Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam

USMCA

2020

Canada, US, Mexico

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

2013

OECD

APEC Privacy Framework

2005

APEC member economies

APEC Cross-Border Privacy Rules System (CPBR)

2005

Businesses and governments in APEC region

Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108)

1981

EU + 6 non-European states

AU convention on cyber security and personal data protection

2014

AU

ASEAN framework on personal data protection

2016

ASEAN

ECOWAS Supplementary Act A/SA. 1/01/10 on Personal Data Protection

2010

ECOWAS (West Africa)

Data Protection Standards of the Ibero-American States

2017

(OIE) Ibero-American states

G8 open data charter

2013

G8 (G7 + Russia)

Privacy Shield

2016-2020

EU, Switzerland, US

Safe Harbor

2000-2015

EU, Switzerland, US

G20 ministerial statement on trade and digital economy (section 2 on data free flow with trust)

2019

G20

Digital trade

United Nations Convention on the Use of Electronic Communications in International Contracts

2013 (entry into force)

Global

UNCITRAL Model Law on Electronic Commerce (1996) with additional article 5 bis as adopted in 1998

1996/1998

Global

ESCWA Directives for the Regional Harmonization of Cyber Legislation

2012

MENA

SADC Model Law on Electronic Transactions and Electronic Commerce

2013

South African Development Community

UNCITRAL Model Law on Electronic Signatures (2001)

2001

Global

ECOWAS Supplementary Act A/SA.2/01/10 on electronic transactions

2010

ECOWAS (West Africa)

OECD Recommendation of the Council on Consumer protection in e-commerce

2016

OECD

The Framework Agreement on Facilitation of Cross-border Paperless Trade in Asia and the Pacific

2021

Asia and Pacific

UNCITRAL Model Law on Electronic Transferable Records

2017

Global

Digital Economy Partnership Agreement (DEPA)

2020

Singapore, New Zealand, Chile

Singapore-Australia Digital Economy Agreement (SADEA)

2020

Singapore, Australia

CPTPP

2018

Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam

US-Japan Digital Trade Agreement

2019

US, Japan

G20 ministerial statement on trade and digital economy

2019

G20

Cyber security

OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity

2015

OECD

OECD Recommendation on Digital Security of Critical Activities

2019

OECD

Wassenaar Arrangement

1996

Global membership (most are EU or NATO members)

The Convention on Cybercrime of the Council of Europe (Budapest Convention)

2004

Europe

ECOWAS Directive C/DIR/1/08/11 on Fighting Cyber Crime

2011

ECOWAS (West Africa)

OECD Guidelines on Cryptography Policy

1997, with 5 year reviews since

OECD

Paris Call for Trust and Security in Cyberspace

2018

Global

AU convention on cyber security and personal data protection

2014

AU

Arab Convention on Combating Information Technology Offenses

2010

League of Arab States

NIS Directive

2016

EU

EU cybersecurity act

2018

EU

Southern African Development Community Model Laws on Cybercrime

2013

South African Development Community

UNGGE Consensus Report of 2015

2015

Global

Shanghai Cooperation Organization Agreement on Cooperation in the Field of Ensuring the International Information Security

2008

Private

Siemens, Charter of Trust

2018

Private

Microsoft, Cybersecurity tech accord

2018

Private

Kaspersky, Global transparency initiative

2017

Private

IoT Security Policy Platform

2019

Global

Global Commission on Stability of Cyberspace

2015

Global

Model Legislative Texts of Cybercrime/e-Crimes and Electronic Evidence

2012

Caribbean Community (CARICOM)

NATO cyber defence pledge

2016

NATO

Rules against misinformation, violence, etc.

Only national level rules

Mobile payments

The E-money Directive

2009

EU

AI

OECD AI Principles

2019

OECD + some non-OECD countries

G20 Human-centred AI principles

2019

G20

WEF AI procurement guidelines

2020

Global

GPA resolution on accountability in usage of AI

2020

Global

Harmonized Rules on AI

2021

EU

European strategy on AI

2018

EU

Taxation

15% corporate tax (not yet translated into national legislations)

2021

Global

Monopoly and competition

Digital Economy Partnership Agreement (DEPA) Art. 3.3

2020

Singapore, New Zealand, Chile

Singapore-Australia Digital Economy Agreement (SADEA) Art 6

2020

Singapore, Australia

CPTPP Art 14.4

2018

Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam

US-Japan Digital Trade Agreement Art. 8

2019

US, Japan

Hardware (chips, 5G)

WTO Information Technology Agreement (2015 update)

2015

Global

ANNEX 2: Comparative look at key indicators in data protection legislations

Indicators

INDIA (Personal Data Protection Bill)*

EU (General Data Protection Regulation)

US (California Consumer Privacy Act)

CHINA (Data Security Law)

CHINA (Personal Information Protection Law)

Extent of privacy protections

All personal data

All personal data

All personal data

Complements existing data privacy laws

Any record of information in electronic or other forms

All personal data within the mainland territory of the People’s Republic of China

Scope of definition of personal data

Identifiable individuals

Identifiable individuals

Identifiable individuals + households

Citizens and organizations

Identifiable individuals

Excluding anonymized information

Protected persons

Natural persons that reside in India or whose information is processed on Indian territories

Natural persons that reside in EU or whose information is processed on EU territories

Natural persons that reside in California

All data handling within mainland PRC

Natural persons that reside within the mainland territory

Government exemption

Yes

Government may exempt any government agency

Yes

State data processing is subject to national legislation

Yes

No

Section V outlines government responsibilities

Yes

Article 18 and 35 outline contexts of government exemption

Prohibition and minimization of personal data processing

Yes

Yes

No

Minimal restrictions, opt-out system

No

Yes

Global scope of applicability

Yes

Any companies that use personal data of Indian residents or process personal data on Indian territories

Yes

Any companies that use personal data of EU residents or process personal data on EU territories

Yes

Any companies that process or use data of California residents

Yes

Mainly applies to the data processing activities in China but includes certain extra-territorial application: any data processing performed outside of the Chinese territory but harms China’s national security, public interest, or legal rights and interest of its citizens and organizations shall be imposed with legal liabilities

Yes

Any companies involved in processing the personal information of Chinese citizens

Rights of data subjects

1. Right to access

2. Right to portability

3. Right to be forgotten

Yes

Limited right to be forgotten

Yes

Yes

Yes

Yes

Right to portability subject to conditions stipulated by the Cyberspace Administration of China

Regulation of sale of personal data

Yes

Penalties for data sold in violation of PDPB

No

Yes

Consumer-oriented regulation

n/a

Yes

Regulates commercial use of data

Data security and breach notifications

Yes

Yes

Yes

No

Yes

International transfer restrictions

Yes

Copy of personal data must be stored in India

Yes

Adequacy decisions or bilateral agreements

No

Yes

Limits on provision of data to entities abroad

Yes

Requires passing a safety assessment and a personal information protection certification

Recipient must provide comparable level of protection

Provisions in international treaties and agreements may be implemented

Data residency requirements

Yes

Copy of personal data must be stored in India

No

No

Yes

Yes

Personal data handled by state organs must be stored in the PRC; exemption requires security assessment

Data processing contract requirement

Yes

Yes

No

Yes

No

Age of children and consent issues

Parental consent for <18

Parental consent for <16

Parental consent for <13

Prior personal consent for

<16

n/a

Parental consent for <14

Penalties and enforcement

Up to ₹50m or 2% of global turnover for violation of administrative articles

Up to ₹150m or 4% of global turnover for more serious violations

Up to €10m or 4% of global turnover for violation of administrative articles

Up to €20m or 4% of global turnover for violation of core/principle articles

Up to USD$2.5k per violation

Up to $7.5k per intentional violation

¥50-400k for administrative violation

¥500k-2m for large violation or data leak

¥2-10m for violations that endanger national sovereignty or security

Organizations: Up to 5% of annual revenue of the previous year or ¥50m

Personnel: ¥100k-¥1m

National security consideration

No

No

No

Yes

Yes

* Incoming legislation

Comments
0
comment

No comments here

Why not start the discussion?