The UK’s regulators with overlapping jurisdiction on ‘all things digital’, the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), telecom regulator Ofcom and the Financial Conduct Authority (FCA), come together in a Digital Regulation Co-operation Forum (DRCF). The DRCF has recently released a 2021-2022 Workplan.
Who’s who in the UK digital regulatory jungle?
Formation of the DRCF is a recognition that business and consumers alike face a lack of regulatory coherence when trying to understand the interplay between competition, data, content and consumer issues. Just look at the digital advertising space in the UK:
- The ICO has a mandate under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) to keep personal data secure. They have an ad tech investigation into real-time bidding and oversee the Age Appropriate Design Code, setting out 15 standards that online services should follow to protect children. For example, switching off geo-location that can reveal a child’s location to the world; not using nudge techniques and notifications prompting children to give up more personal data and high by default privacy settings.
- The CMA published a digital advertising market study in July 2020 recommending that the UK government establish a Digital Markets Unit (DMU) to assess the market power of tech companies and increase competition. For example, powers to increase interoperability and access to data, increase consumer choice and break-up platforms where necessary. In January 2021, the CMA also launched a Privacy Sandbox investigation which is assessing whether Google’s proposals to disable third party cookies could reinforce Google’s market power.
- Ofcom has powers to regulate video-sharing platforms (VSPs) since November 2020. UK-established VSPs must comply with new rules around protecting users from harmful content. The UK Government has also selected Ofcom to enforce the UK government's new duty of care to ensure companies take responsibility for the online safety of consumers.
- The FCA leads new policy approaches to fintech regulation and open banking, and the FCA is concerned about aggressive online credit and loan services which are pushed through sophisticated AdTech targeting.
How will the DRCF bring order to this alphabet soup of regulators?
The DRCF hopes to provide clarity and transparency for businesses as they engage with digital regulation, equip various regulators to strategically respond to technological developments and regulatory gaps, and enable regulators to share expertise and operational capabilities. For example, developing secondments between regulators, co-recruitment initiatives and establishing Memoranda of Understanding to facilitate multilateral joint projects in online regulation.
The DRCF is also exploring statutory support for cooperation and changes to information sharing arrangements.
What’s on the DRCF’s agenda?
The 2021-2022 workplan for strategic joint work identifies four priority areas:
- Design frameworks: a fairness by design architecture would encourage informed consumer choice, complement existing data protection by design and minimise online harms. There has been much focus in the UK on so called ‘dark patterns’ which try to exploit deep-seated behavioural responses;
- Algorithmic processing: Algorithms are increasingly sophisticated and often undetectable by consumers. Smart homes and other ambient computing mean more consumers interact on a daily basis with applications reliant on algorithmic processing and AI. The CMA has already published a paper on algorithms' effect on competition, ICO and Ofcom have done work on the use of AI in online content moderation and the FCA has launched the AI Public Private Forum to facilitate dialogue on AI in financial services. The DRCF aims to reduce regulatory duplication and identify common practical approaches and share expertise;
- Digital advertising technologies: The DRCF aims to assess digital advertising technologies to develop a plan for coordinated work to address potential competition, consumer and privacy harms; and
- End-to-end encryption: End to end encryption may reduce the interoperability of different services and affect consumer choice switching to other services and reduce competition. Ofcom is already working on online messaging and calling and the ICO is investigating privacy issues.
A model to follow?
Any measures which reduce jurisdictional overlaps and inconsistencies between regulators is obviously welcome. But there are also bigger issues at stake here.
First, each regulator has a specific mandate or set of objectives for which it is responsible, which sometimes can be in tension on digital issues: e.g. competition law may prefer sharing of data while privacy law may restrict it. Efforts to iron out the bureaucratic clashes should not result in dilution of the respective statutory principles which govern each regulator’s decision making: i.e. by developing some broad, ill-defined principle that attempts to straddle the different jurisdictions, such as an elastic principle of ‘fairness’.
Second, digital transformation impacts the broad sweep of Government decision making, reaching far beyond the agencies forming part of DRCF: e.g. medical device and medicines authorities such as Australia's Therapeutic Goods Administration are now at the forefront of digital transformation. These agencies appear to be under-resourced and under skilled to manage these issues. So, while initiatives like the DRCF are a good step, the larger and more urgent issue is up-skilling Government decision making as whole to manage accelerating change being driven by digital transformation.
Authors: Sunny Lee and Peter Waters.