Regulating digital technologies: Lessons from the GDPR

The Issue – regulating digital technologies

Regulators are increasingly enacting laws and putting forward policy guidelines and regulatory proposals for digital markets and the European Union plays a key role in setting these global standards. The European Parliament has also just agreed to establish new rules for competition and consumer rights in the Digital Markets Act (DMA) and the Digital Services Act (DSA), which are likely to come into force in 2024. Similarly, a roadmap for the regulation of Artificial Intelligence is on the way.

Why it’s important

The DMA establishes competition rules for dominant platforms by imposing interoperability (the ability of a system to work with or use the parts or equipment of another system), with smaller platforms including new rules on how personal data can be used for advertising. The DSA’s main focus is consumer protection and putting in place the rules or the security of online platforms from removing  illegal content and informing users how content is recommended to banning the manipulation of users’ choices through `dark patterns’.

The Roadmap for AI sets out policy recommendations for 2030 on the regulatory framework, single market, sustainability, talent, research, e-governance, health, industrial strategy, law enforcement, cybersecurity, and military use of AI.

At an international level, the new rules underline the importance of the role the EU has to play as a standard-setter on the global stage. They also demonstrate the political will to foster the competitiveness of the European tech scene and to ensure the EU can shape the international standards with its values.

What our professor has to say:

HEC Lausanne’s Christian Peukert, author of the recently published paper Regulatory Spillovers and Data Governance Evidence from the GDPR with three other co-authors, believes that there are similarities between the GDPR and the upcoming regulation of digital markets which can provide valuable insight. GDPR has had an impact outside of the EU and for non-EU citizens.  It has also increased the market share of Google, the dominant firm in web tracking.

“Similarly, the draft Digital Markets Act and Digital Service Act would apply to services offered to users located in the EU, regardless of the service provider’s location. This means that the EU will effectively regulate the world,” says Christian.

Like GDPR, the draft of the AI Act has a hefty sanctions regime for non-compliance (EUR 30 million or 6% of the global annual turnover – whichever is higher). And, it will include the introduction of a very strict, if not a stricter, set of rules for the governance of AI technologies worldwide.

Conclusion

Professor Peukert’s research is a timely reminder of the complex and unpredictable interrelationships between regulation and competition in the digital economy including efforts to rein in big tech. It also suggests that the new EU measures may have implications for the rest of the world – demonstrating that protecting consumer rights and competition policy go hand-in-hand – important lessons from the GDPR that every policymaker in this area should note.

Featured image by: © One Photo | Dreamstime.com