EU’s drive to protect data, now the way

The European Union (EU) has moved closer to legislation that intends to regulate digital platforms on the principle that legality is the same in the real and virtual world. This is eminently logical. EU lawmakers have agreed on the scope of the Digital Services Act (DSA) which aims to tackle a wide range of misuse ranging from user profiling to fake news and illegal goods. Once the law is enacted, companies will have 15 months to comply with the new rules or face fines of up to 6% of their global revenue. Big tech companies will have to comply sooner and pay a fee for EU policing. Along with the Digital Markets Act (DMA), legislation intended to curb the monopolistic behavior of Big Tech, the EU is pushing jurisdictional limits on large parts of the internet. Its General Data Protection Regulation (GDPR) laws have set the model for privacy protection, including for India’s data privacy law.

But extending jurisdiction is one thing, maintaining order is another. Stiff fines are not easily imposed on giant tech companies that operate from less intrusive jurisdictions like the United States. The argument that it makes sense for tech companies to follow stricter rules globally clashes with business models that depend on practices outlawed by the EU. Unless rules are harmonized globally, online businesses face the prospect of market fragmentation. This goes against the basic idea of ​​the Internet. So three distinct approaches to jurisdiction in the US, EU and China are at stake with few signs of reconciliation on something as fundamental as privacy. Most innovations coming from the US, the EU or, for that matter, China, will always lag behind in regulation.

To the extent that the EU presents a vision of how the Internet should interact with society, its legislative strength is commendable. But just like its other contributions to the world – democracy and capitalism – the rule of law on the internet will remain a matter of interpretation.

Comments are closed.