A digital divide is opening up in the way data are regulated in emerging and advanced economies. Two developments this week, one in China and one in India, have exposed the challenges posed when technology outpaces privacy and data protection. As the gold rush for consumer data intensifies, the need for a more even playing field for technology companies across multiple markets is becoming clearer. So too is the imperative to protect consumers in the developing world.
It emerged this week that China is developing a system to predict crimes before they happen by tracking the behaviour of its citizens and using facial recognition, mostly on CCTV, to identify their whereabouts. Four provinces already shame jaywalkers by projecting CCTV footage and personal details on to public screens, underlining China’s march towards an omnipresent surveillance state. While the state is unconstrained, a new data protection law does, however, limit some intrusion by private companies.
Meanwhile, in India, the government has argued that privacy is not a fundamental right, in a case before the Supreme Court that stemmed from the national biometric ID system. Concerns that personal data are being centralised were fuelled when the government started using the ID system to transfer benefits while simultaneously creating a payment system that allows transactions using fingerprints.
By contrast, in the US and EU, both state and private companies face much higher hurdles, designed to safeguard privacy. The French constitutional court, for example, set strict limits on the use of national IDs for law enforcement and the UK abandoned its national ID card programme partly due to privacy concerns. In the US, a lawsuit led Google to change the way it accesses emails. The company also faced a $22.5m fine in 2012 for violating the privacy of Apple users.
Even putting aside principled arguments, there are clear dangers inherent in lax privacy and data protection laws in some emerging markets. One is the risk that reams of personal data are compromised through leaks. The collection of more information increases both the likelihood and cost of a hack. Meanwhile for western technology companies, the different regulatory regimes create an uneven playing field.
Confidence in strong security often encourages the amassing of troughs of personal data. This confidence can be misplaced. On Monday, Sweden, which has robust data protection laws, faced a serious breach exposing details on defence and witness protection programmes. In 2015, a breach at the US Office of Personnel Management affected 21.5m federal employees. The more information there is in any database, the more tempting a target it becomes. Collecting the minimum necessary information serves both privacy and safety concerns.
The challenge the digital regulation divide poses to western companies is highlighted by the Chinese social media platform WeChat’s expansion into Europe. If some companies can hone predictive algorithms on richer data supplied by lax privacy laws, they will gain an advantage over those hamstrung by better regulatory oversight.
Data is the most valuable currency of the digital economy. The gulf opening up in the way emerging and advanced economies regulate it threatens to erode the competitiveness of companies in the latter. At the same time, in too many emerging economies, states have been slow to entertain the privacy concerns of citizens. To bridge this chasm and head off trouble, it is time to consider a multilateral approach with minimum global standards.