Beyond Fragmentation: Policy Options for Digital Harmonization

The best solutions to seemingly intractable problems often lie in pragmatism and embracing the art of what is possible.

Many business leaders believe this is the case for regulating the global digital economy. The fragmentation of digital trade rules and regulations is already a problem, one that figures to get bigger and more complicated in the near future.

Currently, there are three distinct approaches to regulating digital commerce:

• the complex and prescriptive matrix of rules in place in the European Union;
• the laissez-faire approach of the United States, which lacks federal laws on data privacy protection, digital content, and platform competition;
• China’s draconian approach, where freedom of expression and the flow of data are greatly restricted.

For the moment at least, the Chinese approach has been rejected by most democratic governments on the grounds that it stifles freedom of speech and expression. The debate has instead centered on finding common ground between the U.S. and EU regulatory models.

At a recent gathering of leaders from tech companies, governments, and international organizations (sponsored by the Konrad Adenauer Stiftung and the Wahba Initiative for Strategic Competition (WISC) of New York University’s Development Research Institute), there was general agreement on the importance of regulations for data protection and privacy. Such regulations build trust among consumers, companies, and governments. Likewise, most of those who attended shared the view that international cooperation was important in areas such as cybersecurity, fighting terrorism, and drug trafficking, as well as on the need for export controls of the most strategically sensitive technologies.

But a deeper dive into how this should be done and who should do it reveals the depth of the problem in overcoming digital fragmentation.

For nearly a decade, the U.S. and the EU have argued over the extent to which governments should constrain data companies in their operations. Detailed EU rules limit the extent to which market-dominant companies can flex their muscles vis-à-vis their competitors, restrict the content that can be posted on tech platforms, and require strict adherence to rules on the protection of consumers’ data.

While many in the US support the basic EU objectives of customer protection and maintaining a level playing field to encourage new entrants to the market, there is the a feeling that Brussels wields a heavy hand in enforcing its rules. The situation is exacerbated by the fact that while the rules may be European, virtually all the major players in the market are American. This has led to accusations of targeting U.S. companies and has even morphed into byzantine arguments about the extent of European countries’ support for free speech. Transatlantic relations have further soured following the trade policies of the Trump administration, which were poorly received in Europe, particularly in countries with a strong manufacturing base. Most of the participants in the discussion regretted how these complex negotiations have been politicized and some fear that perceptions may harden into policy cul-de-sacs.

Others expressed the view that as important as the U.S.-EU relationship is (in the digital context and in others), the issue of data flows was a global matter best handled by multilateral organizations. The question is, which organization? On this there was no consensus.

Negotiations on rules for electronic commerce have been ongoing at the World Trade Organization since 1998, but to date have produced only a promise by the 166 WTO members to refrain from applying duties to e-commerce data transmissions. Efforts by almost half (82 members) of the WTO membership to draft rules for e-commerce produced a detailed text on the acceptance of digital documents, signatures, and invoices, as well as recognizing the importance of consumer protections, open government data, and the preservation on the moratorium on duties applied to transmissions. What the text does not include is any reference to cross-border data flows, limits on data localization, or prohibitions on forced transfer of source code. Additionally, there is a strong chance that the moratorium will expire in March thanks to opposition from India and South Africa, which reject all elements of the e-commerce text.

Some participants expressed frustration at the meandering pace of WTO negotiations at digital rulemaking and suggested that other forums offer greater promise for an agreement. The Framework for Securing the Digital Economy, agreed to by the 21 members of the Asia Pacific Economic Cooperation (APEC) organization, was suggested as an alternative that might provide useful guidelines for achieving harmonization and interoperability.

One participant suggested treating interoperability as a common objective which trusted partners could pursue through a “club good” where members would agree to share technology via a framework of rules mandating reciprocity and safeguards on the transfer of this technology to those outside the “club.”

The framework focuses on four key principles that could lead to greater regulatory convergence: awareness, responsibility, cooperation, and privacy. APEC members agreed that digital security risk management, personal data security, and strengthened collaboration were pathways to achieving greater harmonization. This framework was agreed to in 2019 during the first Trump administration, which may indicate White House openness to expanding or bolstering the guidelines. But some cautioned that what was policy in the first Trump administration may not be endorsed this time around.

The 38-member Organization for Economic Cooperation and Development (OECD) agreed in 2021 that its member governments should “demonstrate leadership and commitment to protection of data and the free flow of information.” The agreement further calls upon OECD members to “support the development of international arrangements that promote interoperability among privacy frameworks that give practical effect to these Guidelines.”

Once again, the guidelines are voluntary, and members pledge their best efforts at implementing the recommendations.

Even the WTO’s e-commerce agreement is largely a best-endeavor accord, with the pledge to retain the moratorium on e-commerce duties being the only provision which might conceivably lead members to seek legal redress were it to be violated.

The EU-U.S. Data Privacy Framework is unique among transatlantic bilateral commercial agreements in that it is overseen by the U.S. Department of Commerce. U.S.-based companies are permitted to self-certify that they meet the terms of the agreement. The decision to self-certify is voluntary, but once a company certifies it is legally obligated to adhere to the terms of the agreement. These commitments are enforceable under U.S. laws, and the Commerce Department has committed its best efforts to resolving any complaints brought against U.S. companies.

The United Nations Economic Commission for Europe (UNECE) does not regulate tech companies but has since 1958 played a major role in setting regulations, standards and norms for motor vehicles. Its agreements, which were updated in 1997 and 1998, are largely oriented to safety and environmental standards, but are designed to allow carmakers to introduce innovations. So while the focus has traditionally been on tires, headlights and braking systems, the UNECE has also established the Working Party on Automated/Autonomous and Connected Vehicles. Private carmakers are extremely active in transmitting developments in their industry to the UNECE. Such an approach could be emulated with the tech industry.

The common theme across these various agreements is that they are more flexible and agile in their construction than traditional trade agreements. Each may offer clues on how regulating tech might be undertaken. Governments are more likely to accept a set of international guidelines if they are not legally bound to implement them. Free from the threat of legal jeopardy, governments could view the guidelines more positively and accept them more readily.

Such public-private partnerships would not be universally popular. Many in civil society would object to big tech companies having a seat at the table in drafting the regulations that many stakeholders believe should be designed to keep them in check. It is unlikey such an arrangement would have been acceptable to the Biden administration. Complaints of this nature have been lodged before at the WTO and the UNECE. Governments might also flinch at playing two roles that could be in conflict—that of regulator and that of partner. This is a real concern.

But if the circle of participating businesses is drawn wide enough, peer pressure could form a potent deterrent to any deviation from the agreed-upon guidelines. Businesses have always had a role in drafting the global, regional, or national rules that apply to them; this is likely to continue. The risk of corporate capture can be mitigated by transparency that would generate pressure from civil society and from peers.

There is no need to re-invent the wheel. Several sets of agreed-upon guidelines are already in place that could form the basis of a future regulatory framework. Many who spoke at the event suggested there is little alternative to greater participation of tech companies in their own oversight. Technology just moves too quickly, and the technical specifications are too often beyond the expertise of anyone who is not active in their development.

A less binding, industry-driven approach to regulating the digital economy may have its flaws. But the current stalemate in creating wider rules for digital trade has created a far more worrisome outcome—a disparate regulatory landscape that fosters uncertainty, hampers trade, and depresses future investment.

In partnership with: