If the big trend since the Snowden NSA data collection controversy has been the regulation of data, 2021 may see how big tech could try to set it free again.
Data is born free
Rules regulating data proliferated globally after the Snowden revelations, and to increasing fanfare. If the philosopher Jean-Jacques Rousseau were alive today, he may as well write, “data is born free, but everywhere it is localized, surveilled, regulated, breached, censored, biased and taxed”.
Data localization rules are increasingly widespread. India, under the guise of its draft data “privacy” law, may soon require entities to classify all data, labelling it for further yet unspecified regulator purposes like localization, taxation or mandatory sharing with the state or competitors. China’s Technical Committee (TC) 260 has issued a variety of regulations governing data flow, privacy and cybersecurity. Faced with peaking demand for data storage, the city-state of Singapore has placed a moratorium on constructing new data centers until it develops land-use, energy and environmental sustainability rules for future new storage.
The European Union’s privacy law, GDPR, did not introduce data localization rules but instead established extra-territorial rules governing data globally, dictating everything from data formatting to breach response, storage, erasure, processing, access and more. Lionised by GDPR’s success, Europe now invites the US to a cage match at the OECD over taxing the delivery of digital services, while threatening uncoordinated national taxes if they demur.
The US is not excluded: it has a long history of requiring the localization of certain government and financial service sector data and has no shortage of both state-level and sectoral laws at the national level dictating various aspects of data governance.
The problem is not that there are rules. The problem is that there are 195 countries in the world, each going their own slightly (or very!) different way on surveillance, lawful access, data privacy, data breach response, digital trade, digital taxation, online harms and more. While there are no doubt good intentions behind each, the results are market access barriers, burdensome regulatory requirements, soaring compliance costs, opportunities for corruption and an exacerbated global digital divide. Something less than Fair Tech.
- Expert POV: Concern for data protection greater than ever (opens in new tab)
Solutions beyond land
What is billionaire, libertarian big tech CEOs in Silicon Valley to do? One might be tempted to imagine outlandish schemes worthy of the most diabolical Bond villain: secret underwater lairs and commercial space travel to private space stations. In fact, industry news demonstrates that many such schemes are not just underway but at hand.
In 2020, Microsoft unveiled “Project Natick”, an ambitious effort for sub- sea data storage. Microsoft submerged sealed data centers off the Orkney Islands of Scotland for two years to test the feasibility of offshore data centers. The tagline: “50 percent of us live near the coasts, why shouldn’t our data?”. Yet in addition to the benefits of proximity to population, natural coolant, sustainable energy usage and ultra-low rent, hosting data at the bottom of international waters also raises a lot of interesting questions, specifically about which laws are and aren’t applicable to that data.
Not to be outdone, the “Spacebelt” satellite constellation seeks to provide highly secure cloud data to customers from low-earth orbit in outer space. Designed by the Cloud Constellation Corporation, the LA-based start-up’s marketing collateral touts the ability to comply with “data sovereignty” requirements and avoid “jurisdictional hazards”.
If they hadn’t got there, Virgin Orbit, OneWeb, SpaceX and Amazon’s Project Kuiper are not far behind. Each deploys broadband connectivity solutions in space: how long before the product shifts from connectivity to cloud-based services from orbit? Think Blue Origin’s rockets plus Kuiper’s satellites plus AWS cloud connectivity. All owned by Jeff Bezos, and all without the algae, barnacles and snooping submarines Microsoft’s Natick may face. Besides, if you’re a data center architect looking for energy efficiency options, the only place that requires less coolant than the bottom of international waters may just be outer space.
It didn’t have to be like this - data didn’t need to go and hide in outer space or at the bottom of the sea. But what do data regulators expect? As rules for data flow, localization, storage, processing, accessibility, readability, lawful access and tax accumulate in number and complexity, it is natural for heavily regulated companies to go venue shopping. Brussels isn’t the only culprit. As America and China decouple, America doesn’t want its citizens using “Chinese” tech, and China doesn’t want its citizens using “American” tech. It is easier, less political and far more “green” to simply collect, process, store and move data outside of any national borders in order to reach any customer anywhere, globally.
Regulators have three choices. The first is to start now devising data regulations for companies that may soon operate from international waters or from outer space to pre-empt big tech circumventing law. This could be via a national act, a regional one by the EU or ASEAN or a multilateral initiative in a forum like the ITU. It’s the easiest of the three because it plays to what regulators do best: regulate.
The second option is to work harder to align regulations globally across trading and economic partners. This option allows regulators to do what they do best but to do it hand-in-hand with global friends and allies so they can reap the benefits of technological deployment and adoption that come with providing technology companies with the opportunities for scale. This is slow work and hard going.
The third option is the hardest for regulators: regulatory humility. That means, instead of seeing big tech as the bad guy and its CEOs as modern Bond villains, taking a hard look at whether regulations both on the books and in train actually drive progress and innovation or stifle it. It means examining whether regulatory action designed to inflict harm on a basket of five highly successful West Coast companies incidentally raises barriers to market entry for new competitors that could drive down price and drive-up choice for consumers.
Better, higher quality choices and lower prices are foundational elements of Fair Tech.
- Covid-19: Stay safe and GDPR-compliant (opens in new tab)
- Tech companies will need to innovate technologically to find new ways to avoid increasingly complex data regulation. These innovations will aim to comply with requirements such as data localization, while remaining cost- and energy-efficient.
- Regulators can stop pushing companies to “off-shore” or “off-planet” data by exercising “regulatory humility” and taking a more globally coordinated approach to data rules.
- Here are the best VPN services (opens in new tab) today
Michael A. Clauser, Data & Trust, Access Partnership (opens in new tab)