Roundtable Summary - Ex Post and Ex Ante Tools in the Regulatory Toolkit
Introduction
As society becomes increasingly datafied and platformised, regulators the world over are keen to address unequal bargaining power, and to promote fairer, healthier digital spaces. Australia’s News Media and Digital Platforms Mandatory Bargaining Code (NMBC) was one of the first attempts to query the fundamental business model of news media, and it inspired other governments to tackle gatekeepers and structural imbalances. Within the Asia-Pacific region, South Korea and China have launched antitrust investigations across industries. The European Union put forward the Digital Services Act (DSA) and Digital Markets Act (DMA), proposing ex ante regulatory tools that go beyond traditional (ex post) competition/antitrust law. This panel was held on July 21st as part of the 2022 ADM+S Symposium ‘Automated Societies: What do we need to know?’. It brings together experts from Australia, the European Commission, Korea and China to discuss diverse regulatory approaches, and their implications for innovation and consumer welfare, and the future of digital platforms.
A transcript and video recording is available on here. Our key speakers for the panel featured: James Meese, Senior Lecturer, RMIT University; Haksoo Ko, Professor of Law, Seoul National University School of Law; Karen Melchior, Member of European Parliament; and, Professor Haiqing Yu, RMIT University. This summary captures key themes, ideas, and policy recommendations made during the event.
Roundup
Australia
The Australian Competition and Consumer Commission’s Inquiry into Digital Platforms was one of the first key regulatory attempts in Australia to review the state of digital platforms. Since then, Australia has held a number of related reviews in subjects including Privacy, Misinformation and now the Media Code, which emerged from the initial inquiry.
Europe
The EU landscape consists of an oversight structure housed in the EU Commission as the primary regulator, with a centralised body to set standards and enforcement and a number of smaller agencies work on digital security. There is also a data supervisor that provides out advice and oversees the General Data Protection Board.
More recently, the EU has passed a twin set of legislation called the Digital Services Act (DSA) and Digital Markets Act (DMA) in 2022, which is expected to have significant implications to how large technology platform operate in Europe. Both pieces of legislation are underpinned by two priorities: first, to ensure that fundamental freedoms are not suppressed online and second, to avoid the use of excessive tools for enforcement of illegality.
The Digital Markets Act seeks to ensure market fairness and appropriate competition at all levels due to the “multivariate nature of activities from online sales of small consumer goods to large scale production and manufacturing.” It is designed to have a well-defined set of criteria, obligations and prohibitions for large businesses, ‘gatekeeper platforms’, to ensure that competition is not hamstrung for smaller business organisations.
On the other hand, the DSA seeks to ensure that platforms are appropriately reporting their obligations to the EU Commission to provide greater transparency and accountability. This includes a prohibition on ‘dark patterns’ in user interfaces, which are the manipulation of use choice through interface design. It also includes a ‘know your business customer’ obligation to ensure that platforms keep track of sellers that may be providing illegal or dangerous goods. Despite the DSA being applied to the European region, it is expected to have a global effect for all those selling services in Europe, akin to the GDPR, and compliance with EU legislation.
In addition, two further Acts are due by the end of 2022. The Media Freedom Act is expected to arrive later this year. It is intended to address power imbalances in the media market and ensure the diversity of media providers in Europe. This is followed by the General Product Safety Regulation to ensure the safety of goods put to market.
A key identified challenge is having the necessary talent base, as well as the required resources to staff and uphold enforcement while still achieving consistency of outcomes in enforcement across the whole European region.
Korea
From the discussion, the Korean regulatory landscape is characterised as a ‘patchwork of legislation’. A number of regulatory bodies have an interest in the regulation of platforms which has resulted in multiple proposals for legislation. For example, there were five legislative proposals from different regulatory agencies including from the Korean Communication Commission, which regulates the media industry who have proposed a set of regulations and the Ministry of Science and ICT which sees itself as a mediator amongst the different stakeholders.
Important to note are the dynamics involved in the Korean regulatory landscape. In addition to the usual tensions between the global technology companies and small and emerging startups, Korea also has its own large platform industry. Another challenge is that the media industry is becoming increasingly blurred due to the multifaceted feature and service set that platforms provide, which includes online shopping, payments, and financial banking. Where there was previously a clear distinction amongst different industries, these are starting to merge together.
China
In the past, China has focused on regulating access to the internet with borders through the Great Firewall and content censorship. Since 2017, this has moved from regulating content and access to regulating data flows across borders. It was observed that many of the laws from the EU and North-American context have been used as models by the Chinese government, for example, the GDPR.
Where China previously had a set of different ministeries regulating and governing internet spaces more than a decade ago, there is now one consolidated agency called the Cyberspace Administration of China (CAC) providing regulation. The CAC focuses on two major areas, which includes in anti-monopoly and in data (including data security and personal information protection laws). Since then, China has taken a proactive role in legislating the governance of digital platforms across competition and anti-monopoly, data, and AI-based algorithms.
The first anti-monopoly guidelines for platform economies were issued in 2008, these were updated in August 2022 to strengthen regulation with particular a focus on unfair market competition. China has taken an active approach. This includes imposing fines and levies for their own technology companies including Alibaba, Baidu, Tencent and Bytedance for the violation of antitrust laws; the restriction and intervention of company market listings abroad, which recently included the proposed sale of TikTok to US based companies; and, the levy of anti-monopoly fines against Didi, a Chinese ride-sharing company shortly after it was listed on the New York Stock exchange on the basis of data security.
China has also passed two sets of legislation with regard to data: the Data Security Law and the Personal Information Protection Law which extends a previous 2017 cybersecurity legislation (which originally focused on data localisation, which is a common practice worldwide). While the 2017 legislation states that a business operating in China must store Chinese citizen data in China, the new Data Security Law and the Personal Information Protection Law expands the data localisation and data transfer rules to impose harsher penalties in the event that these regulations are violated. Companies must now ensure that all data gathered within China is stored within the country and all data handlers are prohibited from providing data stored in China to foreign government agencies without approval from Chinese government authorities, notwithstanding the level of data security or where the data was originally collected. Observed by some commentators, this was seen to be a countermeasure to the 2018 Cloud Act passed by the United States, which gives power to US law enforcement agencies the legal right to demand access to electronic data, no matter where the country is stored, used or collected. Additionally, the Personal Information Protection Law could be understood to be modeled upon the EU’s GDPR as China’s first comprehensive data protection law which covers personal data collection, and transfer, by public and private companies.
Following the Algorithm Regulation Law issued in March 2022, the Chinese government issued the 2022 Algorithm Comprehensive Governance as part of what may be considered the world’s most ambitious effort to regulate artificial intelligence. In addition to prohibiting pricing discrimination, the piece addresses a range of topics including algorithms that may lead to addiction or excessive consumption, synthetic or fake news information for the protection of the elderly, as well as providing relevant provisions on gig workers. Under these new rules, companies must notify users when algorithms are being used when dynamic pricing algorithms are being used and be able to opt-out. In addition, companies are prohibited from using personal information to offer algorithmic price adjustments for the same products or services. There is however, an onus on the company to enforce this regulation but the disincentives for companies include fines, the restriction of new user sign ups, restricted business licenses, and the shutting down of websites and applications.
Ex-ante and Ex-post Discussion
The panel also discussed ex-ante and ex-post regulation. In some cases, ex-ante regulations were seen to have the advantage of starting from first principles.
A key emphasis on ex-ante regulations is that the dialogue surrounding the creation of legislation and regulations can be based on principles, rather than “having policy discussions influenced by stakeholder groups and their own interests”.
It was noted that it may be a more difficult dialogue to engage in, as it requires “some sort of sacrifice in return for some sort of gains for everyone else.” Ex-ante made laws and regulations however, are much broader in scope and arguably vague in nature.
A key disadvantage is the that ex-ante laws may not keep up with the ever-changing market environment or respond effectively to unexpected circumstances, such as COVID-19 which may derail the effective formulation of these laws.
From the Korean perspective, there was significant controversy with the regulations surrounding mobility services, ride-sharing and taxis. Before the COVID-19 pandemic, Haksoo mentions that “the controversy was so severe that at the time, the government, the ministry in charge, Minister of Transport, just sided with traditional taxi businesses.” While taxi services diminished during the pandemic, post-COVID the demand is much greater and yet there are now not many taxi cabs to service this demand. As a result is a large government push to introduce more sharing and on-demand services.
“So now the question is, a few years back, why didn't we consider this kind of possibilities? Why couldn't we be more proactive and prospective?”
This leads into the discussion regarding ex-post regulations, which importantly on the other hand provide the benefit of being more ‘concrete’ and enable more specificity in the law, as well as an anchor for discussion amongst stakeholders.
This type of regulation is created in scenarios where is where some kind of harm has already been evidenced and there has been a shift in the market, with enforcement following after the fact. For example, there is a reflexiveness to how different stakeholders engage in dialogue, as well as political dialogue in a changing environment whereby it is difficult to make projections given the dynamic rate of change. For example, “Taxi drivers, who used to be taxi drivers…[are] now in the business of delivery, not of people, but delivery of overnight food items and the like”. It was noted by the panel however that, particularly applied to algorithms this may be difficult to enforce given the uncertain and obscured nature of algorithmic effects.
Legislation watch
Upcoming inquiries, laws, regulations and legislation:
General Product Safety Regulation (forthcoming, EU)
Media Freedom Act (forthcoming, Fall, EU)
Artificial Intelligence Act (forthcoming, EU)
Data Act (forthcoming, fall EU)
Key inquiries, laws, regulations and legislation referred to:
Digital Services Act (EU)
Digital Markets Act (EU)
P2B Regulation (EU)
GDPR (EU)
Digital Platforms Inquiry (AUS)
Media Code (AUS)
Data Security Law (CN)
Personal Information Protection Law (CN)
Algorithm Regulation Law (CN)
Algorithm Comprehensive Governance (CN)
Final words:
Platform regulation is a global trend, with most companies having passed data protection laws impacting the operation of companies across global borders and global markets. Yet, there is still clarification needed on the definition of a ‘platform’: “you can look at a platform as a business, as a market, you can look at it as technological infrastructure, you can look at that, as a digital utility, public facility, and digital infrastructure.”
Increasingly, platform governance is focused on data security and data sovereignty which both concern the governance and regulation of data and its attendant digital infrastructure. Moreover, the discussion surrounding data sovereignty is now mixed with the name of personal data protection as a counterpoint to new emerging perspectives on ‘data colonialism’. Finally, it is worthwhile restating, because technologies are evolving so quickly, the governance regime has to keep up and/or stay ahead.
Platform Futures, a project by Digital Asia Hub, convenes a network of academics and experts to create a space for dialogue on opportunities, challenges, and governance best practices across the Asia-Pacific region.