The Silver Lining Of Internet Regulation: A Regulatory Impact Assessment
from the will-this-regulation-harm-the-internet? dept
To design better regulation for the Internet, it is important to understand two things: the first one is that today's Internet, despite how much it has evolved, still continues to depend on its original architecture; and, the second relates to how preserving this design is important for drafting regulation that is fit for purpose. On top of this, the Internet invites a certain way of networking – let's call it the Internet way of networking. There are many types of networking out there, but the Internet way ensures interoperability and global reach, operates on building blocks that are agile, while its decentralized management and general purpose further ensure its resilience and flexibility. Rationalizing this, however, can be daunting because the Internet is multifaceted, which makes its regulation complicated. The entire regulatory process involves the reconciliation of a complex mix of technology and social rules that can be incompatible and, in some cases, irreconcilable. Policy makers, therefore, are frequently required to make tough choices, which often manage to strike the desired balance, while, other times, they lead to a series of unintended consequences.
Europe's General Data Protection Regulation (GDPR) is a good example. The purpose of the regulation was simple: fix privacy by providing a framework that would allow users to understand how their data is being used, while forcing businesses to alter the way they treat the data of their customers. The GDPR was set to create much-needed standards for privacy in the Internet and, despite continuous enforcement and compliance challenges, this has majorly been achieved. But, when it comes to the effect it has had on the Internet, the GDPR has posed some challenges. Almost two months after going into effect, it was reported that more than 1000 websites were affected, becoming unavailable to European users. And, even now, two years after, fragmentation continues to be an issue.
So, what is there to do? How can policy makers strike a balance between addressing social harms online and policies that do not harm the Internet?
A starting point is to perform a regulatory impact assessment for the Internet. It a tested method of policy analysis, intended to assist policy makers in the design, implementation and monitoring of improvements to the regulatory system; it provides the methodology for producing high quality regulation, which can, in turn, allow for sustainable development, market growth and constant innovation. A regulatory impact assessment constitutes a tool that ensures regulation is proportional (appropriate to the size of the problem it seeks to address), targeted (focused and without causing any unintended consequences), predictable (it creates legal certainty), accountable (in terms of actions and outcomes) and, transparent (on how decisions are made).
This type of thinking can work to the advantage of the Internet. The Internet is an intricate system of interconnected networks that operates according to certain rules. It consists of a set of fundamental properties that contribute to its flexible and agile character, while ensuring its continuous relevance and constant ability to support emerging technologies; it is self-perpetuating in the sense that it systematically evolves while its foundation remains intact. Understanding and preserving the idiosyncrasy of the Internet should be key in understanding how best to approach regulation.
In general, determining the context, scope and breadth of Internet regulation is important to determine whether regulation is needed and the impact it may have. Asking questions that under normal circumstances policy makers contemplate when seeking to make informed choices is the first step. These include: Does the proposed new rule solve the problem and achieve the desired outcome? Does it balance problem reduction with other concerns, such as costs? Does it result in a fair distribution of the costs and benefits across segments of society? Is it legitimate, credible and, trustworthy? But, there should be an additional question: Does the regulation create any consequences for the Internet?
Actively seeking answers to these questions is vital because regulation is generally risky, and risks arise from acting as well as from not acting. To appreciate this, imagine if the choices made in the early days of the Internet dictated a high regulatory regime in the deployment of advanced telecommunications and information technologies. The Internet would, most certainly, not be able to evolve the way it has and, equally the quality of regulation would suffer.
In this context, the scope of regulation is important. The fundamental problem with much of the current Internet regulation is that it seeks to fix social problems by interfering with the underlying technology of the Internet. Across a wide range of policymaking, we know that solely technical fixes rarely fix social problems. It is important that governments do not regulate aspects of the Internet that could be seen as compromising network interoperability, to solve societal problems. This is a "category error" or, more elaborately, a misunderstanding of the technical design and boundaries of the Internet. Such a misunderstanding tends to confuse the salient similarities and differences between the problem and where this problem occurs; it not only fails to tackle the root of the problem but causes damage to the networks we all rely on. Take, for instance, data localization rules, which seek to force data to remain within certain geographical boundaries. Various countries, most recently India, are trying to forcibly localize data, and risk impeding the openness and accessibility of the global Internet. Data will not be able to flow uninterrupted on the basis of network efficiency; rather, special arrangements will need to be put in place in order for that data to stay within the confines of a jurisdiction. The result will be increased barriers to entry, to the detriment of users, businesses and governments seeking to access the Internet. Ultimately, forced data localization makes the Internet less resilient, less global, more costly, and less valuable.
This is where a regulatory risk impact analysis can come in handy. Generally, what the introduction of a risk impact analysis does is that it shows how policy makers can make informed choices about how some of the regulatory claims can or cannot possibly be true. This would require a shift in the behavior of policy makers from solely focusing on process to a more performance-oriented and result-based approach.
This sounds more difficult than it actually is. Jurisdictions around the world are accustomed to performing regulatory impact assessments which has successfully been integrated in many governments' policy making process for more than 35 years. So, why can't it be part of Internet regulation?
Dr. Konstantinos Komaitis is the Senior Director, Policy Strategy and Development at the Internet Society.
Filed Under: do no harm, impact assessment, internet regulation