We live in an increasingly automated, data-driven world where choices and decisions are made for us, and sometimes, against us, and in which we are being subconsciously manipulated, based on the data trail we leave behind us. As a consequence, increasingly humanity is losing agency in favour of globally operating technology and media companies, who are building empires based on big data, data mining, and artificial intelligence. Their wealth and power stems from targeted advertising, but increasingly rests on the wealth of data and profiles of individuals which can be packaged and re-packaged to be sold to the highest bidder. The data collected is not just used for advertising, but also for surveillance, differential pricing, influencing elections, targeted misinformation, predicting sentiments in investment markets, and selling the data for managing corporate risk to the detriment of the consumer, particularly in respect of credit and insurance. Likewise, cybercrime uses techniques of profiling and exploitation of the vulnerable. The global data-driven economy is wide-ranging, has many benefits, but equally, high risks.
“Surely, the task of making the data-driven economy safe is one for lawyers. How, then, does the law regulate?”
The key question is whether the law can come to the rescue and prevent unfair exploitation. You might ask whether laws addressing cybercrime, data protection laws, electoral laws, consumer protection, and competition laws address these problems sufficiently. Surely, the task of making the data-driven economy safe is one for lawyers. How, then, does the law regulate? Internet regulation is not limited to the infrastructure but applies to all the layers of technology that have come with the internet, ranging from beneficial tools such as search engines, social media, and cloud computing (which can be used for nefarious purposes), to heinous tools enabling cybercrime, such as botnets, malware, and illegal marketplaces. Targeted online fraud, online gambling addiction, online privacy intrusions, and misinformation on social media have only increased during the COVID-19 pandemic and all cry out for better internet regulation.
The issue of jurisdiction
The uncomfortable truth of internet regulation, which no government likes to admit openly, is encapsulated by one of the fundamental concepts of the law: jurisdiction. Jurisdiction is a multi-faceted concept, used in many different legal contexts, where it has different meanings. These meanings range from the competence of a national legislator to pass a new law on cybercrime, to a national court’s competence to hear and decide a legal dispute about an international privacy intrusion on a social media platform; the power of a national police force to request investigative data from a foreign-based social media company concerning incitement to terrorism, to the power of a national consumer protection authority to issue a fine in respect of fraudulent influencer investment advice on Twitter.
Essentially, jurisdiction is about the legal authority of state actors to act and that legal authority is limited to the population and territory of the state. It ends at the national border. Since this power of a state agent to act is limited to the territory of that state, but the internet’s reach is not so limited, jurisdiction is the fundamental legal concept behind many, if not most, of the troubles of effectively regulating the global internet. National police forces do not (normally) cross international borders.
“…jurisdiction is the fundamental legal concept behind many, if not most, of the troubles of effectively regulating the global internet.”
If the legal concept of jurisdiction challenges effective policing of the internet, you may ask, why can’t we simply change this old legal concept to something more suitable? The problem lies not in the law but in the international political system of governance by nation states, a political system closely tied to national identities, culture, and geo-political realities. This system of governance has slowly evolved over hundreds of years and can be contrasted with innovation in technology whose evolution can be measured in years, not centenaries.
Can the law prevent unfair exploitation of the data-driven economy?
Returning to the question asked at the beginning of this post about the risks posed by big data, data mining, and artificial intelligence and the loss of human agency: can the law come to the rescue?
There are several answers to this key question. But the law is only a small part of the rescue plan.
One of the legal answers put forward is private self-regulation by the technology companies themselves. While technology companies have a role to play in regulation (for example, setting standards as to what people may post on social media platforms) they themselves will not address the greater risks emanating from the data economy, simply because it is not in their interest. The self-interest of powerful media and technology companies stands in the way of fair and democratic regulation. An example for this is the recent copyright spat between social media companies and the Australian government who wants social media companies to pay for the news content they reuse on their platforms without a license.
The second answer lies in international law and international co-operation between states. What the jurisdictional challenge has demonstrated more than anything else is the recognition that international co-operation is vital to deal with the challenges arising from technology. But states tend to act in self-interest and, again, progress is very slow, measured in decades rather than years. Furthermore, moral, cultural, and legal standards vary enormously between states, which makes law approximation undesirable.
“Regulation is not only legal (in the sense of legal compliance), more importantly it is about active, political citizenship.”
Therefore, the third answer is that lawyers have to pass the buck back to politics, and to some extent to computer scientists developing defensive technologies, such as better privacy enhancing and privacy preserving technologies. It is only through greater political awareness of the users of technologies, and active citizenship that these risks can be addressed. This awareness goes far beyond (passive) media literacy and education. Users need to recognize the pitfalls of using technology in particular ways and need to change behaviour in order to regain their agency. Regulation is not only legal (in the sense of legal compliance), more importantly it is about active, political citizenship. The concept of jurisdiction explains why the law cannot be the ultimate answer to regulating the data-driven world of the global internet.
If you would like to learn more about the jurisdictional challenge of the internet, Queen Mary University of London will be hosting a free roundtable event at 3PM (GMT) on Friday 26 March to celebrate the publication of Internet Jurisdiction Law and Practice. Find out more and register here.
Featured image by TheDigitalArtist