The first mover advantage is well established in the commercial marketplace. The same concept works in the regulatory marketplace: Whoever gets there first has the upper hand to define what follows.
Unfortunately, while other liberal democracies race to define the digital future, the United States is AWOL. The nation whose governmental support helped establish American technological leadership now stands immobile when it comes to national governance and public interest oversight of that technology. When the Congress finally does get around to online oversight, the odds are high that since the policies already implemented in the European Union (EU) and United Kingdom (U.K.) will be the international standards the U.S. will have to follow.
I recently met with senior officials of the multiple British regulators that, under new legislation, will be charged with overseeing the activities of the major online platforms. I walked away with the conclusion that while the U.K. government’s long-promised, but undelivered legislation lags the EU, the U.K. is ahead in the preparation to implement digital oversight—even though Parliament has yet to enact the necessary legislation.
LONDON AND BRUSSELS STEP TO THE FRONT
“Because there is a belief digital platform companies have failed to sufficiently exercise their Duty of Care, however, the governments are stepping in.”
DUTY OF CARE AND RISK-BASED REGULATION
Both the U.K. and EU initiatives are grounded in the common law, “Duty of Care” that holds providers of goods and services have the responsibility to anticipate the adverse effects of their offerings and take steps to mitigate those effects. The tort of negligence is rooted in the Duty of Care.
“What is happening in London and Brussels is the creation of a de facto global digital risk management standard.”
Such risk-based systems are different from old industrial era regulatory micromanagement. Rather than top-down, “this is how you will run your business” regulation, risk-based oversight involves government making the effort to work with companies to identify harms and mitigation strategies. Companies’ failure to voluntarily do this is what has triggered government intervention.
DIFFERENT PROCESSES, HOPEFULLY COMPATIBLE RESULTS
While the goal of risk identification and mitigation may be similar, the U.K. and EU have dissimilar processes to reach such results.
The risk of such different approaches is that they could produce different outcomes. This is particularly worrisome in the interconnected world where, if the outcome of such different processes were to yield different requirements, incompatible results would be highly disruptive to both consumers and companies. There appears to be a heightened awareness that it does not serve anyone to have major substantive differences between the EU and U.K. policies. As one U.K. official told me, “When faced with the same evidence as the EU sees, it is not unreasonable to expect similar solutions.” Similarly, he observed, the U.K. and EU are not operating unaware of each other, and there is an expectation of significant amounts of cross-fertilization.
PARTICIPATORY REGULATION
In the U.K., both Ofcom and the DMU plan to pursue what they describe as “participatory regulation.” This means that regulators will work one-on-one with target companies to develop behavioral expectations that can be regulatorily enforced.
In the case of Ofcom’s content moderation oversight, the companies will be expected to conduct their own Duty of Care analysis and share the conclusions with the regulator. The agency then will provide guidance on the validity of the assessment. Once a risk is identified, the parties work together to develop a behavioral code.