The Third Way

There is a commonly held belief that there are basically three different approaches when it comes to data governance - the US, the Chinese and the European. But both the US and China leave regulation in the hands of technology companies - while the EU imposes regulations that these companies need to comply with. The middle path is the Indian techno-legal approach.

This article was first published in The Mint. You can read the original at this link.

Anu Bradford’s new book, Digital Empires, is about the imperial forces battling for control of the modern world. She posits that there are three distinct digital ecosystems fighting for dominance—the US (largely market-driven) system, the Chinese (state-driven) approach, and the European (rights-driven) model.All governments have to make hard trade-offs when determining how their digital economies should be regulated—between the extent to which innovation needs to be encouraged and the effect this will have on civil liberties, societal equality, and national security. The three digital empires that currently dominate the global landscape have each gone about making these trade-offs in significantly different ways.

The Three Empires

According to Bradford, the US approach was always guided by the “left-leaning techno-libertarians" who looked at the internet as a way to put the power back into the hands of individuals and communities at the expense of corporate and bureaucratic elite. As a result, the US, to this day, prioritises a self-regulatory approach allowing tech companies to decide how they themselves ought to behave.

This laissez-faire attitude is the key point of distinction between the American and European regulatory models. Unlike in the US, European governments have long favoured a rights-based approach, with the government—and not tech companies—deciding what behaviour is permissible online.

China has a different approach from both the US and Europe with the state exerting a far more direct say in how tech companies function. As a result, China’s state-driven model uses the domestic technology industry as a tool to aggressively preserve and extend the state’s political power.

Who Regulates?

While this explanation is certainly one way of looking at it, there could be another. I believe that the US and China are much more alike than either of them is willing to admit. They have both left the difficult job of governing the digital sphere to the companies that operate the digital ecosystems on which we all depend. The only difference is that while the US has left it to these companies to decide what should or should not be done, the Chinese state has forced them to operate under its strict supervision.

This is different from how Europe approaches the problem. The European Union has set out, in an increasingly detailed set of laws and regulations, precisely what technology companies can and cannot do—and it uses its robust enforcement machinery to ensure compliance. As a result, tech companies have to constantly reorient their operations to comply with each new regulatory restriction that is made applicable to them as well as new judicial pronouncement that offer different interpretations of what is permissible. Unlike in the US and China, it is regulation that determines how the digital ecosystem operates in Europe, not the technology companies that comprise it.

But neither approach is a complete answer. The European approach suffers from the fact that regulation lags so far behind technology that it is always playing catch-up. Despite the constant barrage of new regulation emanating from Europe, they are all reactions after the fact—attempts to mitigate harms already caused, sometimes months after they were first felt. On the other hand, our experience with leaving data governance in the hands of private companies is that the decisions they make tend to align with narrow interests (shareholders in the US and national security in China)—neither of which is what is best for society as a whole.We need a different approach. One that takes the European rights-based, human-centric approach and incorporates it into the technology infrastructures we’ve come to depend on tech companies to build. This way, we can adopt the European approach to data governance by embedding it directly into the code of the architecture of our digital lives.

The Third Way

In my latest book, The Third Way: India’s Revolutionary Approach to Data Governance, I argue that India’s digital public infrastructure conceals within it precisely this sort of data governance framework that offers policymakers new levers of regulation. By ensuring that the core protocols upon which this infrastructure has been built conforms to democratic principles—of openness, interoperability and consent-based data sharing—it ensures that applications built on top of this infrastructure are programatically constrained to comply with these democratic features.

As a concept, this is not new. In his book, Code and the Other Laws of Cyberspace, Professor Lawrence Lessig argued that as we become more digital, the code of our digital ecosystems will become the laws we are obliged to conform to. Two decades ago, we had an opportunity to ensure that what was written into code conformed to democratic values. Instead, regulators ceded control to private companies, allowing them to determine how cyberspace functions.

We have, by now, witnessed the problems with this approach. Yet, little is being done to fix it. The US is so enamoured with the benefits of a market-driven regulatory approach that it is unwilling to revisit it. And while governments in China and Europe are attempting to wrest back some control, neither has really succeeded. Regulators must be able to regulate technology with technology.

India’s digital public infrastructure approach gives them the tools with which to do that. This is the third way—a new approach to data governance.