Panel Debates Best Framework for Enforcing Digital Regulations
With digital legislation proliferating, a key question is how different regulatory approaches can work together, speakers said during an Atlantic Council webcast Monday. They strongly agreed that regulation is necessary in privacy/data protection, digital competition and online content moderation, but the issue is how best to coordinate regulatory regimes, said Mark MacCarthy, Brookings Institution, Center for Technology Innovation nonresident senior fellow. Approaches include a single agency or voluntary cooperation among relevant authorities, as in the U.K., panelists said.
The U.S. needs a single regulator, possibly the FTC, MacCarthy argued. There is a lot of regulatory overlap within the three policy areas, but also clashes. For example, encryption promotes online privacy, yet it blinds companies to online child abuse. A systemic intersection of the policy areas requires institutional recognition of synergies, he said. The U.K. has gone farthest in this approach, creating the Digital Regulatory Cooperation Forum (DRCF), but it lacks teeth because member agencies retain their own enforcement powers.
The DRCF gathers Britain's competition, privacy, communications and financial regulators, who jointly address complex problems, said Chief Executive Officer Kate Jones. The U.K. has a long-standing history of creating statutory schemes for industry regulation with independent agencies handling rules and enforcement. The U.K. doesn't want a single super-regulator for digital issues, she said: It prefers harvesting existing regulators' expertise and boosting their power.
The EU has enacted extensive legislation, most of which will be in force by 2025, said Atlantic Council Distinguished Fellow, Europe Center Fran Burwell. This includes the Digital Markets Act, Digital Services Act and AI Act. Traditionally, the EU relied on members to implement and enforce its rules, with countries creating their own regulatory bodies. However, this is not the case in the digital sphere. Indeed, a big question is whether relying on member nations' regulatory regimes remains the way to go.
Most EU legislation requires national governments to designate agencies as competent authorities for handling particular regulation, but it's unclear whether countries will pick the same sorts of agencies, Burwell said. Under the EU general data protection regulation, for instance, national authorities meet in the European Data Protection Board. The EDPB has highlighted the different ways EU states implement and enforce the GDPR, leading to venue-shopping and uneven compliance. Moreover, she said, some EU governments lack the necessary enforcement capabilities: Finding technologists to address all the EU's digital rules is a challenge.
Another item is that in some cases the European Commission, not member states, ensure compliance, such as with the Digital Markets Act, Burwell said. But the EC is a political body that proposes legislation and lobbies the European Parliament and national governments. Burwell questioned whether the EC can shift to become a neutral arbiter of the new digital measures. She called for a separate agency that can consider conflicting issues from a distance, and that industry and nongovernmental organizations would perceive as more neutral.