WeChat? Maybe. But TikTok? That is the question. The question that makes the world tremble. In the midst of the digital hysteria, the Wall Street Journal reveals that TikTok tracked user data violating Google policies. President Trump orders ByteDance to divest from US TikTok business within 90 days. Meanwhile, France’s privacy regulator is investigating TikTok. Thus, many questions inevitably arise, as we all have a little TikTok in us.
What does an American ban imply? What consequences will it have on a global level? How is our data protected? What does it say of the state of our digital world today?
Jacques de Werra is a professor at the School of Law of the University of Geneva (for intellectual property law, contract law and Internet & digital law). He’s also the Director of the new Digital Law Center of its alma mater. He knows no rest and has organized a digital law summer school every year since 2014.
What stands out in the current digital dispute between the United States and China?
From a legal point of view, the US-China dispute about TikTok and WeChat is one of many examples of the geographic fragmentation of Internet, in other words, the opposition between the global reach of Internet platforms and local rule-makers deciding what should happen on their territory.
What is interesting in this case is not only the potential ban of TikTok from the United States but also the threat expressed by President Trump of a potential takeover of the platform by a US company. This is a sign of its massive financial value, which is evidenced by President Trump’s position saying that he wants the US government to have a financial return if the deal comes through. This is thus not only about a ban from the US, but also about trying to generate value for the United States.
What does this fragmentation of Internet imply?
Many facets with a potential legal impact. One is geographic fragmentation. Technology makes it possible to have a global reach, but at the same time, there are ways to locally fragment the Internet by making it impossible for example to connect to certain platforms or online services depending on the territory. Legal rules have been adopted to avoid this geographic fragmentation (anti-geo-blocking regulations).
The Internet is also divided geographically from a legal perspective (local laws apply only in their country). In addition to this territorial legal fragmentation, there is a less visible fragmentation which is the substantive legal fragmentation. The Internet raises many transversal issues which are not limited to one single area of the law. This may create conflicts between different types of legal rules. If you think about the flow of digital data and cyberattacks, legal issues can be raised under many different legal areas including personal data protection, but also cybersecurity law and criminal law, trade secrets and intellectual property that may not lead to the same legal solutions. This makes digital law so fascinating but also quite challenging.
And that is even more the case with data?
In our data-driven economy, data can be key to everything. If you control data, you can potentially control everything. Data is critical for companies, for governments as well as for individuals. There are conflicting views as to whether individuals and companies can or should have full control over the data that relate to them. In Europe especially, there is a strong perception that data is critical and that data should be protected, which is not necessarily the case all over the world. This geographic fragmentation makes it difficult to apply the local regulations and in this case the EU General Data Protection Regulation (GDPR) at a global level, although the GDPR has some extraterritorial effects.
What makes the GDPR special?
One important added value of the GDPR resides in the sanctions that it provides. If you do not comply with the GDPR, you face massive sanctions. This can force companies to comply with the GDPR.
Another aspect is that the GDPR is a local regulation which does not apply at the global level. In spite of this, the GDPR has had a significant global impact and has been used as a model in different parts of the world (as a kind of data protection gold standard). The GDPR also adopts an attractive regulatory approach in the digital ecosystem by relying on self-regulation mechanisms in certain circumstances.
What impact does this have on Internet governance?
If we look at Internet governance as a whole, one trend (which is perceptible in the GDPR) is the need of regulators to rely on the private sector in order to adopt and enforce the law in the digital world.
One example of this trend is the challenge of content moderation on Internet platforms. Who decides what remains available on the platform and what should be taken down? The Internet platforms get to decide as this was the case when Twitter chose to remove President Trump’s tweets. This makes sense as private companies have millions of decisions to make every second with respect to content that can be offensive, violent, or otherwise illegal. The platforms must react quickly but they cannot act in a legal vacuum: they need to be guided by overarching legal principles in order to manage the challenges of what I have called “Massive Online Micro Justice”. Applying the law in the digital environment requires close interactions and cooperation between the public sector and the private sector. This also applies to Internet governance as a whole.
The question for content moderation is: how can public regulators cooperate with the private sector and define guidelines for content moderation in a way that these guidelines can be applied by the private sector, whilst complying with the general principles of the law? There is a need to find new ways to cooperate that are unprecedented at such a massive scale. There is a need for new innovative digital regulatory systems.
In this debate, global digital policy hubs can play an important role. Geneva is one of them because Geneva has the privilege of hosting many strategic global digital policy players (international organizations and other institutional digital thought leaders). Geneva has established its key role in global digital policy debates in connection with various leading projects for instance with respect to the recent work of the UN high-level panel for Digital cooperation (co-chaired by Melinda Gates and Jack Ma). In a nutshell, the digital world calls for public-private digital policy regulatory partnerships and for hubs to foster these partnerships.
Can you give us a specific example?
We have been working on the design of dispute resolution mechanisms that shall be adapted to the digital world and to the challenges of “Massive Online Micro Justice”. This has materialized in different outputs, i.e. conferences, scientific publications and a digital policy project that ambitioned to address certain legal issues related to Internet and digital disputes. All these projects are inspired by existing mechanisms and try adapting them to the digital environment.
Our digital policy project was called the Geneva Internet Dispute Resolution Policy project. One of the aspects we have focused on was the definition of the circumstances under which a local court in a given country has legitimacy to decide on a dispute that is global because it is related to the Internet. Obviously, as soon as something illegal happens online, it is not possible for every court in every country to have jurisdiction. That would not be practicable. This is why there should be a sufficient connecting factor to legitimize a court in a country to decide the dispute. We have also worked on other topics relating to dispute resolution mechanisms (including immunity in the digital environment) and on other unrelated digital law and policy topics (including a recent project for the Canton of Geneva on cyberinsurances and another project on forced access to non-personal data (i.e. industrial data) for the Swiss Intellectual Property Office).
What would be the next steps in digital law to counter the effect of the fragmentation of Internet?
There are many potential next steps and no unique way forward. What could be done is to try and find innovative paths to overcome the geographic or substantive fragmentation and to think creatively about the best forms of digital law for the future including the best ways to resolve disputes in the digital world. As of today, we still live in a non-digital dispute resolution system. We still need to go to local courts that apply local law (it being noted that Covid-19 has boosted online justice).
We have to continue to develop mechanisms that are more aligned with the global reach of many of our digital activities. There is a long and strong tradition in Geneva and in Switzerland for global Alternative Dispute Resolution (ADR) mechanisms. This is something that we should continue exploring in the digital environment in a global and non-fragmented way. Certain types of disputes (like consumer disputes) can be resolved according to Online Dispute Resolutions systems (ODR). I believe that we should develop broader and transversal ODR solutions for all types of digital disputes, and particularly for disputes affecting not only consumers but more generally citizens and companies confronted with cases of violation of their data.