Techlash and tech policy trends in 2020

With the very real prospect of lawmakers and regulators taking a firm stance on how to control the genie that tech has unleashed, lawmakers and policymakers globally will unleash on big tech what is coined as techlash (technology+backlash) resulting in some heavy policy decisions or regulations that will cause legal disruptions in the tech industry.

McMillan dictionary defines techlash as the strong reaction against the major technology companies, as a result of concerns about their power, users’ privacy, the possibility of political manipulation, etc. 

This list is intended as a guideline for technology leaders on brining awareness and perhaps taking advantage of the impeding legal predicaments up ahead in 2020. Trends are sampled from Access Partnership, a public policy consultancy in the UK, which has released their second annual Top 10 list of the public policy trends tech leaders should be paying attention to. 

AI regulation is coming 

European Commission president Ursula von der Leyen said she would propose artificial intelligence (AI) regulation in her first 100 days of taking office. This makes February the month to watch for what this will entail. 

The US also is looking into AI regulation but has not set a timetable. These regulations may include efforts to rein in AI-generated content like deepfakes and tighter technology export controls. 

The EU’s digital services act builds on GDPR 

The newly-seated European Commission is looking to hold ‘digital companies’ more accountable for what their users do. While the DSA is unlikely to come to pass in 2020, it is something all tech companies need to watch. 

Access Partnership calls it the ‘defining digital regulation of the decade, as it tackles subjects such as the rights of consumers, censorship, the free market, and the responsibility of online platforms’.

EU protectionism takes root 

The Europeans are concerned they have become overly reliant on technology developed by other nations. As such, they are working to promote home-grown solutions to counter this perceived threat and to bolster the European tech industry. 

According to Access Partnership they will take a three-pronged approach: Regulating ‘big tech’ in order to control it; reassessing the EU’s reliance on non-EU developed tech for critical services; and greater control over personal data (digital sovereignty). 

A possible workaround for Sri Lankan companies on this new wave of digital sovereignty and data protectionism is to setup virtual companies taking advantage of Estonian Digital Citizenship and corporate citizenship initiatives. 

Data sharing regulation gains traction

Digital platforms collect and share mountains of data about their customers in order to do things like conduct targeted advertising based on the websites they have recently visited. Combined with the massive personal data breaches of the past few years, this has pushed the EU and other nations to regulate how data is shared. 

The EU Commission is working on its ePrivacy Regulation. Australia will be implementing its Consumer Data Right rules in July 2020. Japan has ‘information banks’ designed to encourage data sharing. Singapore launched its ‘Trusted Data Sharing Framework’ in 2019. Expectation is that more countries to follow suit. 

5G security takes centre stage

As 5G gets ready for widespread global adoption, the massive amounts of sensitive, critical data (think self-driving cars talking to one another) expect to traverse these networks will require them to be free from hacking. 

This increased need for security will spur regulators, telecoms, mobile operators, and governments to begin the process of exploring the various ways they deploy to enhance network security.

IoT gets increased attention

Given the industry’s poor track record of device-level security, IoT device regulation is already on the radar of many governments and regulators. 

California’s IoT regulation, SB-327, regarding the security of connected devices went into effect on 1 January of this year; the US Senate has introduced the Federal IoT Cybersecurity Improvement Bill; the European Electronic Communications Code may impact the rules regarding licensing, portability, and quality of services of IoT devices; and Brazil has launched its National IoT Plan. 

Given the proliferation of use cases and wide-spread adoption of these emerging technologies, expect more IoT regulation to come.

Software supply chain security SBOM 

Look for more highly-regulated industries to begin demanding a software bill of materials (SBOM) in 2020. 

With so much of the world running on open source software that is often not secure, regulators in the US are encouraging the big companies that do business with the federal government to track the different software elements of the platforms, systems, and applications they deploy.

Spectrum sharing gets a fresh look 

With the demand for ever-more radio spectrum growing yearly, regulators in the US are looking more favourably on the idea of spectrum sharing, where the white spaces, once kept in place to keep TV signals from interfering with each other, are pressed into service. 

According to the US National Institutes of Standards and Technology (NIST), “[s]pectrum sharing is necessary because growing demand is crowding the airwaves. Smartphones, the Internet of Things, military and public safety radios, wearable devices, smart vehicles, and countless other devices all depend on the same wireless bands of the electromagnetic spectrum to share data, voice and images.”

The “greening” of ICT 

Responsible for much of the CO2 emitted yearly, the Information and Communication Technologies (ICT) industry is getting fresh scrutiny from the International Technology Union (ITU). 

According to Access Partnership, given the increased usage and environmental impact of ICT technologies, “[t]he ITU’s secretary-general has made it clear that low carbon and a more circular economy are of the highest priority, and so we can expect to see these issues form a key trend in 2020.” 

Along with its new environmental agenda outlines at the 2019 COP25 conference in Madrid, the ITU plans to work with the ICT industry, and regulators around the world to create a “low carbon and a more circular economy.”

US privacy law take shape

Although unlikely to pass this year, the US Congress is finally taking seriously the idea of national privacy law. Spurred to action by California’s Consumer Privacy Act, which goes into effect in July 2020, draft legislation—the Consumer Online Privacy Rights Act and US Consumer Data Privacy Act—are before the Senate Commerce Committee the House Energy and Commerce Committee. 

Although there is disagreement among Republican and Democratic approaches, both sides appear to favour some sort of action. The early part of 2020 should give some indication of which way these legislative winds will blow.

Trends in Sri Lanka for 2020

Sri Lanka in 2016 became the first South Asian country to sign the ‘European Convention on Cyber Crime,’ also known as the ‘Budapest Convention,’ despite these strides made, Sri Lanka is yet to update some of its own polices and legislations including the aging ‘Computer Crimes Act No. 24 of 2007’ to reflect more modern cybercrimes such as Ransomware and cross-border Cyber Attacks.   

Although heavily touted by the previous regime as being ready to be passed in Parliament in 2019, we are yet to see legislation passed for in the form of the Cybersecurity Bill and Data Protection Bill. Additionally under the auspices of President Gotabaya Rajapaksa, ICTA in 2020 will announce its National Digital Policy.

(The writer, @aselawaid, is a thought leader and advocate of cybersecurity in Sri Lanka.)