Data Regulation In 2021: More Small Steps Or A Giant Leap?
A byline by our Founder, Li Jun
Note: This was originally posted in NASDAQ.
We are living through an activist period of data regulation that will dictate how our economies function for generations to come. Most industries have precedents for regulation that go back centuries, in the case of banking, pharmaceutical, and industrial relations, or at least decades in the case of environmental regulation and telecoms. Even antitrust, that other great set of regulatory concerns facing big technology companies, seems to be based on theories that were formulated around the turn of the twentieth century.
Data regulation is being designed from first principles before our very eyes. It draws from notions of individual privacy, and is heavily influenced by world events from national security regulation following 9/11 to a reckoning on data collection in the aftermath of the 2016 US presidential election. Technical considerations are also feeding into regulation, in particular the ability of machine learning technology to help with medical treatment or predict crime using ever larger data sets.
Where previously data regulation has been a knee-jerk response to high-profile events, both the tech and government sectors have matured enough to move beyond hard cases making bad law. The introduction of the European Union’s General Data Protection Regulation (GDPR) in 2018 set a new, unprecedented global standard for data protection, while the California Consumer Protection Act (CCPA) came into play on New Year’s Day last year. This brought data regulation much closer to what we see in Europe, and with California the home of US tech, this arguably amounts to de facto regulation of the whole country. Similar laws have also been passed in countries such as Canada, New Zealand, China, and South Africa, bringing with them a new global age of data regulation.
With 2020 firmly in the rearview mirror, how will the industry evolve over the next 12 months to meet growing needs? This could be the year where data privacy legislation finally gets road tested and we are provided some case law by which to assess their effects. In 2020 the pandemic put a dampener on enforcing non-compliance GDPR penalties, as many prominent UK fines that had been announced were postponed and reduced. British Airways had to pay £20 million of a fine originally set at £183 million, while Marriott Hotels had to pay £18.4 million out of £100 million. The economic hardship played a big role, as both companies operated in sectors that were decimated by the pandemic, but regulators will not want to be seen as a soft touch. We can expect the honeymoon to end and an increase in fines issued during 2021, as European regulators establish themselves again and their international equivalents flex their muscles for the first time.
While much of the conversation around data regulation focuses on privacy, data localization is another trend we can expect to see more of this year. This refers to a legal requirement that data be stored within specific regional or national borders, forcing multinationals to create local storage facilities to house data sourced from a given country. In 2020 this issue became international news when the Trump administration threatened to force the sale of TikTok’s US business in the name of data localization, or data sovereignty. For the government to interfere with a private company to this extent caused some to talk about a new Cold War, fought with proxy companies rather than proxy states. In the process, it elevated data localization to an urgent consideration for data lawyers and lobbyists. This issue is not going away, and international governments are likely to mirror the US approach and demand special treatment for their citizens’ data. This is also expected to put considerable pressure on international tech companies dealing with non-democratic regimes.
In the wake of the extended trade negotiations surrounding the UK’s decision to leave the EU, and the growing consternation between the US and China, it will be no surprise to see data sovereignty become an issue for nationalist politicians. Just as trade restrictions are touted in order to protect jobs, data restrictions will be suggested to protect citizen information and intellectual property. Countries that have created artificial intelligence companies in particular will become more inclined to see data as an asset that is important for economic success and national security. A growing interplay between individual privacy and nationalism with economic and national security components will define the politics and regulation of data in 2021.
Finally, empowering the growing data-driven economy by connecting data in a decentralized way will be key if the industry is to evolve. We are beginning to see emerging technologies such as blockchain adopted in data sharing and this too will have a major impact on regulation. Most recently in Britain, two hospitals are using a distributed ledger to keep tabs on the storage of Covid-19 vaccines and the distribution of doses. As real-life use cases become increasingly common, this could be the catalyst for further regulation, most likely driven by the EU or US. President Biden’s pick to lead the SEC has previously stated that cryptocurrencies are under regulated, and the first mover in 2021 could shape global regulation, just as GDPR did for privacy. Technology and data are defining our economy and culture, and they will in turn be defined by how they are regulated. 2021 may be the year where we finally see how this plays out.