Without common global frameworks, keeping up with varying data protection and privacy laws is likely to remain a challenge for TMT companies for years to come, especially as financial penalties and sanctions toughen. However, related risks and uncertainty may be tempered if European GDPR standards, continuing to inspire regulators globally, become a de facto global standard.
Geopolitics and technology are undeniably intertwined in today's geostrategic environment. Regulation of technology companies seems to be inevitable, irrespective of the nature of the political systems. TMT companies will continue to be challenged by a global patchwork of regulatory and legal requirements that may vary widely from country to country and among regions. While technology ecosystems are widely motivated by similar concerns, such as protecting individual privacy and checking monopolistic practice to pre-empt competition, fears of rising geopolitical tension and national security will further muddle the approach of TMT regulatory and legal risk.
A robust privacy program that treats personal data lawfully, transparently, and fairly can be a trust accelerator with individuals, clients, and regulators, and can become an innovation enabler and a competitive differentiator for organizations. Leading politicians often argue that tech sovereignty is needed to protect their culture and value and this extends to enforcing their own data protection and privacy laws. The uncertain direction of data protection, and privacy laws, and regulations is a prominent issue facing TMT companies. Regulation and legal exposures are spreading, as more countries seek to control the gathering and use of web content and personal data, while applying stiffer financial penalties for violations. At the same time, consumers are more attuned to privacy and data protection issues, fueling further regulation and consumer laws. We see the implication of geopolitical stresses on the regulation of TMT companies, examples such as 5G technology being banned in certain countries due to apparent fears for national security. These anti-trust concerns have been compounded by revelations regarding the use of data for profiling and targeting in political campaigns and concerns that commercially acquired data is being used to manipulate democratic processes. This increasing awareness and interest in privacy topics, by individuals and clients, poses a financial and reputational risk for organizations- but it also presents an opportunity.
The introduction of comprehensive privacy laws such as the EU’s General Data Protection Regulation (GDPR) are a starting point for a global standard robust privacy program. The EU actively promotes its human-centric vision for technology development and its role as a trusted standard-setter, market regulator, and advocate for democratic values. In Walter Mattli’s Journal of European Public Policy1 back in 2001 he argues that standard setting can be wielded as a geopolitical tool and a means to exert influence. As seen in ‘National cyber strategy 2022’2, global leadership from the UK and its influence over the strengthening and expanding of cyber regulations, continues to be a vital lever of national power and strategic advantage in 2022. Therefore, while GDPR is still widely seen as the global standard, it is no surprise that we see other countries develop their own GDPR-like laws; such as China which recently updated its data protection rules with the new Personal Protection Law, and California soon to be releasing its much-anticipated California Privacy Rights Act (CPRA) which significantly expands upon the existing California Consumer Privacy Act (CCPA) that took effect on January 1, 2020.
Across the globe we are clearly seeing a greater demand for further regulation and antitrust laws, paired with further regulation needed for larger tech companies. Following COVID-19 we have witnessed some nations retreating to a more protectionist stance. Political uses and abuses of technology have led to an anti-trust mentality and optimism that technology would enable democracy has been replaced by pessimism about technology-enabled authoritarianism. The World Economic Forum, in its latest Global Risks Report3, ranks the risk by Likelihood of ‘digital power concentration’ in sixth place.
Whistle-blower Frances Haugen recently revealed how a leading social media company knowingly used algorithms to target advertising at vulnerable children, and profit from disinformation and hateful content4. This has now become a pivoting point in the conversation around the need for more regulation in larger tech companies. Further to this, private sector spending is up to 4 times the amount of government spending for research and development (R&D)5. Given that the private tech players are investing huge sums in R&D, they are likely to chase uncontrolled growth and seek more profits by reaching out to different markets across the globe. These geopolitical compulsions have motivated a shared stance across states regarding the regulation of technology. China is seeking to regain control of ‘Chinese tech titans’, after years of being dormant in their own growth and oligopolistic practices. For the first time China’s monopolies watchdog, China’s State Administration for Market Regulation, has published a report6 proposing rules to prevent large Internet platforms stifling competition. In the U.S., there is a package of tech-focused antitrust bills that already has some bipartisan support out of the House of Representatives’ Judiciary committee7. The EU has been bringing in various rules to change the ways in which big tech firms operate, the most recent example being the approval of the digital services act by the EU parliament which targets big tech companies.
Given the growing strategic importance of emerging technologies, such as 5G, the Artificial Intelligence that will fuel them or the Internet of Things (IoT), the standardization of regulation is likely to become a priority. In particular, states will need international standards to align with their national strategies as much as possible and geopolitical tensions and national security concerns will continue to influence the laws and regulations affecting the TMT industry.
This article is based on content from our recently published document ‘Risks on the Horizon 2021’.
1 https://cris.unu.edu/sites/cris.unu.edu/files/PB-2019-8.pdf
2 https://www.gov.uk/government/publications/national-cyber-strategy-2022/national-cyber-security-strategy-2022
3 https://www.weforum.org/reports/the-global-risks-report-2021
4 “Big Tech braces for a year of regulatory pressure” - https://www.ft.com/content/825eca35-8bf1-47dd-814a-8e22f40e6761
5 https://www.economist.com/briefing/2021/01/16/the-case-for-more-state-spending-on-r-and-d
6 “China to tighten competition rules for internet groups” – https://www.ft.com/content/7ccf409d-489b-411a-8b4f-4b5d8b8ed0b1
7 House of Representatives’ Judiciary committee
Willis Towers Watson offers insurance-related services through its appropriately licensed and authorized companies in each country in which Willis Towers Watson operates. For further authorization and regulatory details about our Willis Towers Watson legal entities, operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.