Europe sailing towards conflict over China 5G

Germany is drafting rules to allow Chinese companies to participate in the 5G bonanza, while the European Commission is thinking of banning them. Something’s got to give.

In terms of collective political influence and economic power, the European Union could consider itself more or less on par with the US and China. Considering the Union represents the societal, political and economic interests of 28 nations, more than 500 million people and roughly $23 trillion in GDP, it is certainly a powerful concept. But the China issue is just one example of how its neatly stitched patchwork could unravel very quickly.

China is a very tricky equation to balance right now. On side, you have an incredibly powerful economy, a massive and increasingly wealthy population and technological advancements which could benefit almost every society. However, to access these riches you have to deal with a government which ideologically conflicts with a lot of what Europe stands for.

But this is where a potentially significant conflict lies. The European Commission is reportedly looking at how it could create a de facto ban for Chinese technology and kit in communications infrastructure, conflicting with some of its member states positions. The Commission is supposed to represent the interests of all its member states, creating a common framework which sits above national policies, but if these policies are a contradiction of opinions of some member states the perfect storm could be brewing on the horizon.

Germany is not talking the anti-China rhetoric

The most recent reports echoing out of Berlin will not have the US government jumping for joy. Local newspaper Handelsblatt is suggesting the German government is doing everything it can to write security protections into new regulation, however, the rules will be written in a manner which will not exclude Chinese companies.

The reports have not been confirmed by any official government spokespeople as of yet, though this does follow on from the Federal Office for Information Security (BSI) made in December.

“For such serious decisions like a ban, you need proof,” said Arne Schoenbohm, President of BSI.

The US will not be happy about developments here, a delegation is currently undertaking a European lobby tour to turn officials against China, though neither will the European Commission. There are several instances which indicate the European Commission is taking a similar stance against China, suggesting a bloc-wide ban could be on the cards before too long.

Aside from recent reports the European Commission is rewriting cybersecurity rules to effectively ban Chinese companies from providing technology for communications infrastructure, one of its Commissioners has also fuelled the anti-China rhetoric.

“I think we have to be worried about these companies,” Commissioner for Digital Single Market Andrus Ansip told reporters in December. Ansip was referring to companies such as Huawei and ZTE, while this statement implies the Commission believes there are strong ties between multi-national corporations and the Chinese government.

The United States of Europe argument emerging again?

With Germany seemingly working to ensure collaboration with Chinese companies remains possible, the UK creating monitoring mechanisms to enable Huawei’s work and Italy denying reports it is considering its own ban, the European Commission appears to be working in direct contradiction to some of its largest member states.

To be fair, the role of the European Commission is to serve all the states not just the big ones, but the point of the bureaucracy is to create a common framework which all agree on, not rules which are forced onto member states. Cynics of the Commission and Union in general will suggest this is perhaps more evidence of Juncker and co. attempting to create a United States of Europe, where the desires of the member states are secondary to that of the ruling party.

Although many of these conspiracy theories are generally relegated to the comment boards of the Daily Mail, the Commission might well be heading towards a monumental conflict. Any rules which are written at European Commission level would potentially render national regulations redundant, a scenario those member states would not be happy with.

Considering the shoddy state of affairs Brexit has been creating, perhaps the European Commission should attempt to create an image of co-operation and collaboration. Antagonising leading member states is not a sensible idea, while a ‘state v. Europe’ conflict over security is not something which will reflect favourably on the agency.

Is politics anything more than arguing with shiny teeth?

Caught on the fringes of this conflict and the constant political seesawing are the telcos. Governments often tell the telco industry they are there to help and enable innovation, but it seems most of the time politicians are nothing but a hindrance attempting to score PR points by pandering to buzzwords and public opinion.

With governments aiming to ban Huawei and ZTE from connectivity plans, several telcos have stepped into the fray to give their own opinion. The message seems to be relatively consistent; heighten security requirements if you must but banning a vendor in an incredibly top-heavy market will not be a good idea.

“Clearly, if there were a complete ban at radio level, then it would be a huge issue for us, but it would be a huge issue for the whole European telco sector,” Vodafone CEO Nick Read said during the latest earnings call. “Huawei probably has 35% of the market share through the whole of Europe.”

Deutsche Telekom is another who foresees any Huawei ban being nothing but problematic. The German telco has previously stated a ban on Huawei would set its 5G ambitions back two years. Several telcos are considering scaling back work with Huawei, but this is perhaps directed more towards the uncertain political climate than any outright worry regarding the security credentials of Huawei equipment.

European telcos are not dependent on Huawei equipment to function effectively, but they are somewhat reliant on it. There aren’t enough suppliers, or good-enough suppliers, to strike Huawei out of the mix. US telcos are not having to deal with this headache as their operations adapted to a lack of Huawei and ZTE years ago, Europe is struggling with the political seesawing and story of uncertainty. Any business leader will tell you, a consolidated, cohesive and concrete regulatory landscape is critical for success.

Huawei stuck between a rock and a hard place

Huawei is a company which now has no control over its own fate.

With the US parading around political offices spreading its anti-China message without the burden of evidence, Huawei can’t do anything. Numerous governments are asking the vendor to prove its security credentials, but this will mean little is there is still suspicion. The case against Huawei is not based on evidence, but one which is based on a political and economic power struggle.

With a lack of evidence to substantiate any accusations against the firm, Huawei is being asked to do something which has been accepted as almost impossible; prove a negative. All of the questions and queries being directed at the firm have a single aim, to demonstrate there are no ties between the organization and the Chinese government, as well as its intelligence agencies.

It’s an almost impossible task, especially when you take into account the powerful influence of the US and the fact most of these decisions are being made on hearsay, circumstantial evidence and emotion. Whatever Huawei says, however much evidence is put on the table, we suspect opinions have already been made.

An issue of consistency and contradiction

In a single signature, the European Commission could throw the bloc into disarray. If the rumours evolve into reality, the European Commission could impose its own rules, contradicting the hopes and ambitions of some member states. Such a scenario would question how much control the member states have over their own society, undermining the concept of sovereignty.

Any fundamental changes would certainly have to be greenlit by all member states, but the European approach to China on the whole, and Huawei specifically, has not been entirely consistent. One question which might be worth considering is whether the European Commission is overstepping its remit.

We are almost certain Germany will not be happy being told to ban Huawei considering it seemingly wants to ensure Chinese participation in the upcoming 5G bonanza. Conflict is on the horizon, potentially pitting the European Commission against the biggest financial contributor to the bloc.

Cisco calls for US GDPR rollout

In a move which might make the networking giant quite unpopular on the US side of the pond, Cisco’s Chief Legal and Compliance Officer Mark Chandler has called for a US version of GDPR.

Having been implemented during May 2018, Europe’s General Data Protection Regulation (GDPR) is starting to make waves in the technology world. The first complaints were filed as the ink was drying on May 25, though with the first rulings started to be announced eight months later, the implications and dangers are starting to become clear. Unless Silicon Valley wins the opening legal skirmishes, precedent will be set and disruption to the data sharing economy will be very apparent.

Considering the massive potential for disruption in the digital ecosystem, Chandler will not be making any friends in Silicon Valley by pushing the case for more focused protections on data protection and privacy. Commenting to the Financial Times, Chandler stated he believes the new regulations have worked out well and after some tweaking, the same rules should be applied in the US as well.

Of course, a legal executive from a networking company stirring the pot is unlikely to turn heads right now, the rules would not necessarily have any monumental impact on the networking infrastructure giant, but there might be a few upset individuals in Silicon Valley. For years, the internet players have effectively been able to do what they want, but GDPR sought to end this reign of freedom.

Although GDPR is an incredibly complex set of rules with more nuances than a teenage philosophers diary, the overall aim is pretty simple. Firstly, the user has more control over his/her personal data, and secondly, internet companies have to demonstrate a need to collect and process data, while also improving securities around these processes. And of course, there are the fines as well.

This is perhaps one of the biggest concerns of the internet giants as they can now be held accountable. Prior to GDPR, fines were feeble. For any normal company, they would be horrid, but considering the size and profitability of the likes of Facebook, Google, Amazon and Apple, any punishments dished out would take a matter of minutes or hours to pay off. GDPR allows regulators to assign fines which are relative to the size of the organization, therefore companies can now be held accountable.

While GDPR does seem to be forcing many companies to act more responsibly, the saving grace for Silicon Valley is that it is limited to Europe. The lobbyists will be fighting hard to make sure such rules do not find sympathetic ears in Washington DC, though governments do seem to be welcoming.

In India, the government is considering new rules which would tighten up protections around personal information, while the Japanese government has signed a new treaty with the European Union which extends GDPR protections of European citizens to Japan. These are two examples, though as more complaints are filed and more Judge’s opinions released to the public, interest in these rules will almost certainly increase.

What you always have to consider when you read such comments is that Cisco is a B2B firm. The privacy rules are geared towards empowering the consumer and therefore would have minimal impact here. In public, many of the internet giants are calling for a revamp of privacy rules, its just good PR form, but they will be privately terrified of a GDPR replicant.

What is also worth bearing in mind is that the US is not as sensitive to privacy issues as Europeans are. Of course, legislators will have an eye on privacy and it will be a worry, but Europe is much more aware and condemning of the slippery practises of Silicon Valley. For years, the Californian lawyers have revelled in technology outpacing regulation, identifying grey areas and loop holes galore. However, the European regulators are attempting to make life difficult.

Facebook can’t seem to keep itself out of trouble

Facebook has apparently been paying customers $20 each to trade away their privacy to install a VPN which analyses usage, sidestepping Apple’s App Store policies.

The research initiative is similar to Onavo Protect, which was effectively banned by Apple last year, rewarding teenagers and adults to download the app to give the social media giant root access to network traffic which most likely would have been decrypted otherwise. According to TechCrunch, this is a violation of the App Store policies.

While $20 per user might seem like a huge amount, the data which is collected is incredibly valuable. Not only will it be able to identify usage habits, it will also contribute to competitor research. In theory, Facebook would be able to build a much more detailed competitor landscape, identifying potential threats to its business. The UK government has already unveiled documents which confirm Facebook uses the platform to inhibit competitive threats, so this type of data collection simply adds another nefarious cog to the devious machine.

According to the TechCrunch investigation, if Facebook makes full use of the freedoms granted through this app it would be able to access private messages from social media and other messaging apps, photos and videos, emails, web browsing activity and location information. What is worth noting is that is has not been confirmed whether this is the case, though Facebook could be heading for another privacy debacle.

This is of course not the first time Facebook has ventured into the murky world of surveillance. Back in 2014, the increasingly suspect social media giant acquired Onavo for $120 million. This VPN allowed users to minimize data leakage and improve the effectiveness of tariffs, but it also allowed Facebook to access deep analytics about what other apps they were using. This insight reportedly gave Facebook the confidence to make such a significant bet on WhatsApp.

The app came under pressure when it was revealed Facebook was stepping across the line, collecting information when the screen was off for example. Apple changed the App Store policies to ensure apps could only collect information which was critical to functionality, though by this point Facebook had a huge amount of competitive intelligence, and seemingly lit the fires of ambition.

One question which you really have to ask is how many lives Facebook has left. The last 12 months have been a carousel of scandal, saga and suspicion. Whether it is Cambridge Analytica, Friendly Fraud, fake news, influencing elections, violating privacy or snooping on customers, Facebook has poked and prodded the confidence and trust of the digital society. How much longer can this go on for?

Every time a new headline emerges about some nefarious or suspect activity from Facebook, the world much be getting closer to taking disruptive action. More and more people distrust the brand, but due to its influence in and penetration through digital society, usage of its applications have not been damaged much. You have to wonder how many more of these headlines the business can take; maybe it won’t be long before the Facebook empire is broken up.

GDPR net starting to get very wide

Eight months after the introduction of GDPR decisions are starting to emerge from the first complaints. The breadth and depth of the complaints is starting to look revolutionary for the digital economy.

For years, the internet effectively did whatever it wanted. Bureaucrats attempted to regulate the industry, though mostly built ineffective rules on shaky foundations. Regulators were seemingly unable to out-manoeuvre Silicon Valley’s slippery legal beagles, experts at discovering grey areas, but then Europe’s General Data Protection Regulation (GDPR) was created.

The months leading up to the May 25 ‘doomsday’ were a nightmare for many companies around the world, such is the weight of potential fines. As soon as the ink was dry in the rulebook, the complaints started to get filed. Eight months later, the first decisions are emerging, and the threat of disruption is starting to look big, broad and beastly.

Over the last few weeks, French regulator CNIL has fined Google for not being explicit enough when collecting consent, a decision the search giant is challenging. Privacy Advocate Max Schrems’ non-profit, None of Your Business (NYOB) is taking eight internet companies to court in Austria for ‘Right to Access’ violations. NYOB is also challenging Google’s Android as well as Facebook’s Instagram and WhatsApp on the grounds of forced consent. Privacy International is also pointing the GDPR finger at Facebook. Private browser Brave and the Open Rights Group are tackling Google and marketing agency IAB on ‘Real-time bidding’ for hyper-personalised advertising.

Looking at the final case, this is an interesting one as it is not a practise which has been widely connected with GDPR. Real-time bidding platforms allow companies to collect in-depth and wide-ranging troves of information on individuals. This behavioural data is then ‘is broadcast to tens or hundreds of companies’ in order to attract potential advertisers’ bids. Brave and the Open Rights Group believe this is a violation of GDPR as the ‘broadcast’ fails to protect these intimate data against unauthorized access.

Article 5, paragraph one of GDPR states data should be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss’. As there is no control over the data once it has been broadcast, Brave and the Open Rights Group state this is a violation of privacy rights.

The marketing and advertising industry certainly would have been aware of the threat to this segment, however it is not the type of data application which has hit the headlines in a major fashion broadly. This is the current risk the internet industry is facing; privacy advocates are getting creative with how they are applying GDPR, widening the net of accusation, ensuring lawyers are fighting the regulation on multiple fronts.

In the first couple of months, you can almost guarantee every court decision will be challenged by at least one of the internet giants. This is the gravity of the situation; fundamental and revolutionary changes could be on the way is the privacy win. The internet will change due to the interpretation of GDPR. The threat of red-tape choking off the steady flow of billions is look very real.

Worryingly for the internet giants is the emergence of class-action suits as well. Although this type of proceeding is quite common across the pond, such cases are rare occurrences in Europe. Across the legal community there have been mutterings, suggesting the regulation could open the door on the bloc. Perhaps it would not evolve to the same scale as class-action suits in the US, but the threat of such a trend should be very worrying for those who are currently ducking and diving swipes from the GDPR stick.

Today is Data Privacy Day, so perhaps it is fate that it appears the data privacy campaigners have the upper hand over Silicon Valley right now. The first decision from the courts has gone against the internet industry, the implications could have a significant knock-on effect to Terms of Service agreements, and you can guarantee Google will throw everything it can against the CNIL and its €50 million fine.

The money means nothing to the ‘Do no Eviler’, but the potential disruption to the internet economy could be seismic. We all knew GDPR could be very damaging to the data-sharing industry, but now it is starting to get very real.

Facebook CEO’s plea for understanding gets very few likes

Mark Zuckerberg got a self-justifying op-ed published in the WSJ but reaction to it has been negative.

He didn’t get off to a great start by publishing a piece that opened with the following statement behind a paywall. “If we’re committed to serving everyone, then we need a service that is affordable to everyone. The best way to do that is to offer services for free, which ads enable us to do.”

Zuck then commenced with a fairly generic summary of the ad-funded internet model, which seemed at best redundant but could easily be interpreted a witheringly patronising. It was as if he was saying: ‘since you clearly still don’t get it, here it is once more for the people at the back.’

The Electronic Frontier Foundation went for the latter view in a piece headlined In WSJ Op-Ed, Mark Zuckerberg Speaks Down to Users and Misses the Point. It questions the necessity of gathering private data in order to target advertising. The piece also attacks Facebook’s repeated claim that it doesn’t sell user data but pointing out that that it does monetise that data so this is really just semantics.

Recode thinks this piece was written in anticipation of looming regulatory pressure. Likely to compound that are Facebook’s apparent plans to merge the messaging features of Facebook and Instagram with WhatsApp. Although all three are already owned by Facebook (the latter two by acquisition), taking perceived choice out of the messaging market is likely to attract the attention of regulators.

Those were two of the more gentle critiques, however. TechCrunch decided to lean heavily on appeal to emotions with a lengthy diatribe that started by questioning the moral foundations of the site and highlighting a recent tragedy in which social media is suspected of being a complicating factor. The piece then degenerated into accusations of ‘mansplaining’ and making repeated calls for censorship that are surprising from a journalistic organisation.

And then we have the NYT’s veteran tech commentator offering to Fix That Op-Ed You Wrote. It uses the well-established mechanism of copying chunks what was written and then interpreting their underlying meaning, but does so in such a puerile way that it’s easy to assume that the writer out-sourced the whole thing to someone doing work experience. Regardless, the piece is unambiguous about the disdain in which it holds Zuck’s piece.

The fact that some writers got a bit carried away doesn’t detract from the underlying point, however, that this was a weak piece. Once you get past the ‘how the internet works’ bits, you get to ominous statements of censorious intent such as “The only reason bad content remains is because the people and artificial-intelligence systems we use to review it are not perfect.”

If you assume Recode is right, and this piece was written specifically for the attention of regulators, then it does seem to get some stuff right. It makes the point that Facebook does empower individuals and small businesses to communicate with the rest of the world in ways that were previously unavailable and hints at the delicate balance it needs to strike between freedom and safety. The problem is nobody seems to think it’s getting that balance right, regardless of their priorities.

Court rules companies can be sued for collecting biometric data without consent

A reminder of how quickly the technology world evolves; it’s not only regulations which need to catch-up, but business practices too, as a Supreme Court opens the door for privacy lawsuits.

In an interesting case, the Supreme Court of Illinois has set precedent for its Biometric Information Privacy Act (BIPA). Companies who have not appropriately obtained consent from individuals before storing biometric data can now be sued under the BIPA without said individual being damaged, fraud for example, by the scenario. The ruling makes BIPA a dangerous piece of paper, as effective use of the Freedom of Information Act could put a few in precarious positions.

This case, Rosenbach versus Six Flags, has pinned a 14-year-old against the amusement park for collection and storage of thumbprint data without informed consent. The BIPA prohibits companies from gathering, using, or sharing biometric information without informed opt-in consent, though the issue which the Supreme Court has been considering is whether there are grounds for a lawsuit without damage being inflicted to the user.

“Contrary to the appellate court’s view, an individual need not allege some actual injury or adverse effect, beyond violation of his or her rights under the Act, in order to qualify as an ‘aggrieved’ person and be entitled to seek liquidated damages and injunctive relief pursuant to the Act,” stated Chief Justice Lloyd Karmeier in his decision.

But why is this a dangerous decision for businesses locating or operating in Illinois? Because business practises are not keeping up with the tsunami of data which emerging, and many companies do not have fully visibility into the data which they hold.

One of the problems we saw in the build up to General Data Protection Regulation (GDPR) in Europe was an understanding of what data companies actually had their hands on. With the 21st century’s version of a land-grab seeing companies scrap for as much information as possible through the last decade, few companies actually managed to effectively store and categorize.

Before any company can consider calling themselves complaint (under GDPR, BIPA or any new data-orientated regulations) a full data audit would have to be completed; this discovery process was a critical step in the process. In conversations over coffee, a few consultants told us this was a significant issue for UK companies. During the audit, some were finding they were holding onto sensitive data, which they had no idea existed, and were in violation of data privacy and protection regulations.

BIPA is a no-where near as wide-ranging as some data protection and privacy regulations, though we suspect there will certainly be numerous companies who are now non-compliant under this new ruling and precedent. This is the issue with technology; it’s moving so much faster than the red-tape bureaucrats. Technology is implemented before regulations governing the usage, or business practises to ensure compliance, can be deployed. It creates a dangerous position where companies could be non-compliant without even realising.

In Illinois, as there no-longer needs to be proof of damages to individuals anymore, effectively placed Freedom of Information Acts could see similar cases brought in-front of the courts. In the rush to remain relevant through embracing technology, few have considered the boring aspect of regulation. Who would, considering how long it takes the courts to catch-up? But this is a case where being cutting-edge technology is a two-edged sword.

Google challenges France’s first swing of the GDPR stick

Google has stated it will appeal the French regulator’s decision to dish out a €50 million fine for not being forthright enough with how it collects, stores and processes user’s personal data.

For Google, this is not about the money. €50 million for Google is nothing. This is a company which generated $33.7 billion over the final quarter of 2018. It would take a matter of minutes for the team to pay off this fine. However, should this ruling be allowed to stand Google would have to alter its business model, as would the rest of the data-sharing economy, causing a very unwelcomed, and potentially costly, disruption.

“The 50 million euro fine issued by the CNIL on 21 January 2019 significantly impacts Google as it directly challenges its business model based on the processing of personal data,” said Sonia Cissé, Head of TMT Practice of law firm Linklaters in Paris.

“Considering the seriousness of the CNIL’s findings and the broad publicity of this case, a potential appeal by Google is no surprise and makes perfect sense from a legal-strategy perspective.”

On Monday, France’s National Data Protection Commission (CNIL) dished out the fine for two violations of Europe’s General Data Protection Regulation (GDPR). Firstly, the search giant was not specific enough when requesting consent from users. Secondly, for users who wanted to dig deeper into the Google data practices, the company made it unnecessarily difficult to see the entire picture. Google was being too vague and not accessible enough.

“Users are not able to fully understand the extent of the processing operations carried out by Google,” the CNIL said in a statement.

This is the first time a regulator has used GDPR to hold one of the internet giants accountable, but there are plenty of other cases in the pipeline. Google is of course not the only target, as various different privacy advocates across the bloc lodge their complaints against the likes of Spotify, Amazon and Apple, just to name a few others.

In appealing this case, Google is making itself the tip of the spear for the entire internet ecosystem. There will be multiple appeals against the various rulings over the coming months because of how important precedent in this saga. If Google was to just let this ruling stand, it is effectively validating its opinion potentially undermining its own business model. If similar ruling start to appear across the continent the disruption to the data-sharing economy would be massive.

“In all likelihood, Google will challenge the CNIL’s decision on two main grounds: (i) procedural aspects (i.e., the competence of the CNIL); and (ii) the content of the case (i.e., challenging the facts),” said Cissé.

“Should Google be able to demonstrate that Google Ireland Limited was its main establishment in the European Union (EU) at the time of the CNIL’s investigations, then the competence of the CNIL could be validly challenged.

“Second, the content of the decision is another ground for action, and it will be up to the French administrative judges to determine, in light of the circumstances at stake, whether the transparency requirements under GDPR were met or not.”

GDPR is an incredibly complicated set of rules mainly because there are so many different definitions and clauses, but also certain exemptions. In most cases, companies would have to obtain consent from users to use data for explicit purposes, retaining the data only until these purposes have been satisfied. However, companies do not have to obtain consent when it is necessary to comply with another law, or there are ‘legitimate interests’. It paints a complicated picture.

Of course, for those who are more privacy sensitive, such rules and grey areas are a bounty of riches. The rules have created amble opportunity to challenge the internet giants’ business models, as well as the influence they have over the world. One of those is privacy campaigner Max Schrems.

“We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law,” Schrems said following the CNIL ruling.

“Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products. It is important that the authorities make it clear that simply claiming to be compliant is not enough.”

Schrems’ firm, None of Your Business (NYOB), has filed several complaints against other internet businesses on the grounds of accessibility. Those who will come under the scrutiny of Austrian courts include Apple, DAZN, Filmmit, Netflix and Amazon. More specifically, these complaints suggest the companies violated GDPR’s ‘right to access’, enshrined in Article 15 GDPR and Article 8(2) of the Chart of Fundamental Rights.

All of these cases will dictate how the internet economy will function over the coming years, but this battle between the CNIL and Google could prove to be a critical one, such is the power of precedent in the legal world.

“In a nutshell, it is highly difficult to identify certainties regarding the outcome of Google’s appeal,” said Cissé.

“Since data protection is a field of law particularly subject to interpretation and grey areas, one cannot exclude the possibility that Google could be successful in appealing the CNIL’s decision before the French Administrative Supreme Court. In any event, the ruling of the French administrative judges will be closely monitored by all the tech companies.”

40 execs sign a pledge to make the internet a nice place

Industry lobby group the GSMA has launched its ‘digital declaration’, signed by executives from 40 technology firms and telcos, aiming to make the digital economy a safer place, accessible to all.

With the likes of Bharti Airtel, China Mobile, Sharp, SK Telecom and Vodafone signing the deal, the GSMA is embracing its hippy calling of peace, love and digitisation. The declaration pins the hopes and dreams of the industry onto several different principles, which theoretically should lead to a warm and embracing internet.

“Social, technological, political and economic currents are combining to create a perfect storm of disruption across all industries,” said Mats Granryd, Director General of the GSMA. “A new form of responsible leadership is needed to successfully navigate this era.

“We are on the cusp of the 5G era, which will spark exciting new possibilities for consumers and promises to transform the shape of virtually every business. In the face of this disruption, those that embrace the principles of the Digital Declaration will strive for business success in ways that seek a better future for their consumers and societies. Those that do not change can expect to suffer increasing scrutiny from shareholders, regulators and consumers.”

Looking at the principles themselves, they are relatively simple. Respect the privacy of digital citizens; handle personal data securely and transparently; take meaningful steps to mitigate cyber threats; and ensure everyone can participate in the digital economy as it develops whilst combatting online harassment. Its broad enough to allow wiggle room, but accurate enough to ensure all the right buzzwords are ticked off the list. You can have a look at the full declaration here.

While it is certainly a step in the right direction to get these organizations to sign a document recognising the importance of often ignored concepts such as inclusion and security, perhaps the next step should be to engage governments and regulators.

The CEOs of these technology and telco giants will certainly play an influential role in the success of the internet, though these are companies which will be playing within the rules set by higher powers. Policy, regulation, legislation and public funding will play an incredibly powerful part, though with such varied political regimes across the world, getting them to at least acknowledge these constant principles should be a priority.

Another interesting omission from the list are the powerful and influential internet players. The likes of Google, Amazon and Facebook will perhaps play a more significant role than the telcos and technology vendors who have already signed the document as they slip into the grey areas of regulation. The OTTs have been effectively doing what they like to date, such is the difficulty in matching regulation with the pace of change in this segment, and while such a document is little more than a PR ploy, it would at least demonstrate some accountability.

All data-roads lead to Tokyo after EU’s thumbs up

The European Commission has given its nod of approval for data protection rules drawn up in Japan, effectively extending GDPR protections for European citizens to the Asian country.

On top of the current data protection regulations in Japan, an additional set of rules have been created adding safeguards to guarantee that data transferred from the EU will be subject to the same protection as European standards. The supplementary rules will be binding on Japanese companies importing data from the EU and enforceable by the Japanese regulator and courts.

“This adequacy decision creates the world’s largest area of safe data flows,” said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality.

“Europeans’ data will benefit from high privacy standards when their data is transferred to Japan. Our companies will also benefit from a privileged access to a 127 million consumers’ market. Investing in privacy pays off; this arrangement will serve as an example for future partnerships in this key area and help setting global standards.”

Starting with the rules, new conditions will be set into play regarding the protection of data, the rights of European citizens to request further information on usage, as well as further requirements dictating what data can be transferred out of Japan to other nations. Protections have also been put in place with regard to how intelligence and law enforcement agencies can use or retain data, while a complaint-handling mechanism has also been introduced.

With these new rules the road to Tokyo is now open, allowing data to freely transfer between Japan and all members of the European Economic Area (EEA), Iceland, Liechtenstein and Norway. It’s a win for the bureaucrats which have been looking to develop deeper relationships, creating a trading bloc which can provide more competition for the likes of the US and China.

“This is the first time that such a recognition takes place under the GDPR and in a reciprocal manner. As of today, Japan has adopted an equivalent decision for data transferred to the EEA,” said Tanguy Van Overstraeten, TMT Partner and Global Head of Data Protection at law firm Linklaters.

“This major milestone puts both Japan and the EU in a unique position, strengthening the recently adopted Economic Partnership Agreement (EPA) between the EU and Japan. The EPA will enter into effect on 1 February 2019, creating an open trading area covering over 600 million people and almost one third of the world’s GDP.”

For Japan enthusiasts, this announcement will come as great news, especially ahead of the EU-Japan trade agreement which is set to come into force next month. This tie up will create an open trading zone covering 635 million people and almost one third of the world’s total GDP, and the first ever bilateral framework agreement between the two parties.

As part of the new relationship the vast majority of the €1 billion of duties paid annually by EU companies exporting to Japan will be removed, as well as regulatory barriers inhibiting some trade, for example on car exports.

The European Commission might have its critics throughout the world, but this doesn’t look like anything aside from a good bit of business.

Lobbying on the up as Silicon Valley feels the regulatory squeeze

The internet giants have started filing their lobbying reports with the Center for Responsive Politics with records being shattered all over the place.

Each quarter US companies are legally required to disclose to Congress how much has been spend on political lobbying. Although the figures we are about to discuss are only for the US market, international players will certainly spend substantially more, it gives a good idea of the pressure which the internet players are facing. Governments are attempting to exert more control and Silicon Valley doesn’t like it.

Looking at the filings, having spent $4.9 million in the final three months, Google managed to total $21.2 million across the whole of 2018, a new high for the firm. This compares to $18.3 million spent across 2017.

Facebook is another which saw its lobby bill increase. In its latest filing, Facebook reported just over $3 million for Q4, and totalled almost $13 million across the year. In the Facebook case it should hardly be surprising to see a massive leap considering the scale and the depth of the Cambridge Analytica scandal which it has not been able to shake off.

More filings will be due over the next couple of days, the deadline for the fourth quarter period was January 22, though the database search tool is awful. What is worth noting is this is set to be the biggest year for internet lobby spend, however it is still nothing compared to the vast swathes which are spend elsewhere.

Lobby tableIn total, the internet industry might have spent a whopping $68.7 million on lobbying Washington over 2017 (2018 data is still not complete), but that is nothing compared to more mature industries. The Oil and Gas segment spent $126 million, while Insurance pumped $162 million into the lobbyists pockets, but the winner by a long was the pharmaceutical industry spending an eye-watering $279 million on lobbyists across the year (see image for full list).

As you can see, the ceiling has been set very high for lobbying and it will almost certainly increase over the next couple of years. All around the world governments and regulators are attempting to exert more control over the internet industry, and while the lobbying process isn’t necessarily attempting to block these new rules, the aim will be to get the best deal possible.

In comparison to other industries, the internet specifically and technology on the whole is relatively new. You have to take into account the internet as a mass market tool is only in its teen years and is demonstrating the same rebellious tendencies as young adults do. New ideas are being explored and boundaries are being pushed; with some breakthroughs rules do not exist, while the emergence of new business models means companies fall into the grey areas of regulation. The internet has been operating relatively untethered over the last few years, though this is changing.

2018 was a year where it all started to hit home. Countless data breaches demonstrated the digital world is one where security has not been nailed, while data privacy scandals have shown how dated some regulations are. It doesn’t help that Silicon Valley seems to operate behind a curtain which only the privileged few are allowed to peak behind, but even if this barrier was thrown open, only a small percentage of the world would actually understand what was going on or how to regulate it effectively.

GDPR was a step in the right direction in handing control of personal information back to the user, but this only applies to European citizens. Other countries, such as India, are learning from these regulations with the ambition of creating their own, but it is still very early days. The rules and regulations of the digital economy are being shaped and the internet giants will certainly want to influence proceedings to ensure they can still continue to hoover up profits in the manner which they have become accustomed to.

Looking at where money has been spent, data privacy and security concerns is a common theme with all the internet players who want to protect their standing in the sharing economy, though mobile location privacy issues is another shared concern. With data getting cheaper, more people will be connected all the time, opening the door for more location-based services and data collection. This could be big business for the internet giants, though it has been targeted by privacy advocates looking to curb the influence of Silicon Valley. Other issues have included tax reforms, antitrust and artificial intelligence.

So yes, a remarkable amount of cash is being spent by the likes of Google and Facebook at the moment, but this will only grow in time as regulators and legislators become more familiar with the business of the internet and, more importantly, how to govern it.