Is self-regulation and government oversight enough to ensure data security and user privacy online, or does the infrastructure underpinning the internet need to be revamped?
That was the argument that tech industry experts and executives had at a forum this week at the World Economic Forum’s Annual Meeting of the New Champions in Dalian, also known as “Summer Davos.”
“The currently proposed solutions, either for the social media companies to self-regulate or for the government to step in and make tough regulations, are all necessary, but they are not sufficient, and perhaps not very efficient as well,” said Chen Lei, CEO of Xunlei, a Nasdaq-listed Chinese company that specializes in data transmission and is also involved in blockchain.
“The problems caused by technology (are) best solved with technology,” Chen said Tuesday at a Caixin debate session called The Real Cost of User Data. “I think it is entirely possible … to build the rules of data protection and the rules about credibility of information into the very fabric of internet,” Chen said. “What blockchain has told us is that you can devise and implement unbreakable rules over the otherwise chaotic internet. So that’s one possible solution.”
He also pointed out that centralized servers are at high risk of being attacked, and there can be devastating consequences if they are hacked. In contrast, distributed computing — such as that used in blockchain — largely reduces that risk with more devices in the system, which means more security for the data.
Besides the rules of the internet, rules created by governments were also up for discussion, especially last year’s General Data Protection Regulation (GDPR) by the EU. The so-called “most rigid set of rules in history for data protection” went into effect on May 25, 2018, under which violators can be fined as much as 4% of their annual global revenue or 20 million euros ($22.57 million).
“Having these proposed laws is a big movement forward, but how we make that law understandable in our day-to-day environment is something we’re working on.” said Marsha Ma, head of China operations for Netherlands-based Booking.com, one of the world’s biggest online travel agencies.
Besides holding themselves to the higher standards of the GDPR, Ma added that her company actually has to abide by all the rules from all the countries it operates in. The company has more than 180 offices around the globe. Ma wished that rules posed by different governments could be more consistent, as upholding the different standards has been costly for global companies like Booking.com.
“Something I learnt yesterday, (is that) a big chunk of the cost tech companies put into data protection around the globe is the cost paid to the lawyers,” she said. “How ironic. You would wish the biggest investment is in technology, but it goes to the lawyers.”
Ma argued that the absence of a consistent data protection framework for the globe can hurt emerging companies even more, as they may not be able to afford expensive legal consultation fees. A global framework and consistent data security regulations would benefit companies that operate across borders, and such a framework calls for multinational companies and national regulators to work together, she said.
But Joanna Bryson from the department of computer science at the University of Bath in the U.K. doubted the feasibility of a unified global regulation. “We cannot have one global regulation because every country has different problems, neighbors and resources. The tradeoffs they make will be different,” said Bryson, who is also an expert in machine learning and artificial intelligence ethics.
“On the other hand, in some way, we all have common problems because we do have global markets. And because we have global markets, we have single companies who acquire a huge amount of wealth and influence,” she added.
Data protection can be costly for companies, and it can also come at a high cost for society. For Chen, government scrutiny might not necessarily be effective, as tightened enforcement could disrupt legitimate business and place an extra burden on companies. Governments should step in, but that’s not the best solution, nor the only one, he suggested.
Bryson stressed the urgency of addressing data security issues. “Government is a mechanism by which we coordinate our activity and solve a problem when there is a mutual interest,” she said. “Security is our mutual interest.”
Lin Jinbing contributed to this report.
Contact reporter Isabelle Li (firstname.lastname@example.org)
You’ve accessed an article available only to subscribers