The regulator’s puzzle
All industries are subject to general legislation - to criminal law, securities law, workplace safety law and so on. But some industries are important enough and complicated enough to get their own specific laws, and their own regulatory agency to manage and enforce that - hence food, aircraft, banks or oil refining are ‘regulated industries’. It’s very clear that technology companies are moving much deeper into this regulated sphere - technology is becoming a regulated industry. This means lawyers and civil servants taking decisions (or at the very least, deciding not to take decisions) in complex ongoing arguments around everything from content moderation to app store competition to encrypted messaging.
These are all interesting problems in their own right, but from a regulator’s perspective, one of the problems to address is just how many problems there are. ‘Tech’ is a very diverse, widely-spread industry that touches on all sorts of different issues, and indeed lots of other industries, some of which have their own regulation. These issues generally need detailed analysis to understand, and they tend to change in months, not decades. Regulators have to decide what they think about encryption, but first they need to decide who decides, and what happens when different regulators disagree, and how quickly they can decide, and in which countries, and, perhaps, which problems to put off until after the election.
So, is payday lending online a matter for a financial or consumer regulator, or a digital regulator? Probably financial. But if the financial regulator worries about AI bias in mortgage approvals, should it build its own expertise, or look to a central ‘digital’ resource? What happens if the competition regulator orders Facebook to make it easy to export your friends and all of their interests and activity, and the privacy regulator says that’s illegal? Should the people who assessed a supermarket merger last month decide what APIs Apple should add to iOS? What if their decision gives the ‘cyber’ agency a heart attack, or comes out as the equivalent of ordering General Motors to solve parking in central London?
One answer to complexity is to Do The Work - to dig right into the analysis, data and dynamics of a problem (and, perhaps, bury the other side in PDFs). But absolutely everyone agrees we need to avoid a repeat of the EU case on Google Shopping, which started in 2010, related to actions that began in 2004, and was not concluded until 2017. Companies were born, married and died while that case was going on. Regulators now talk about this problem a lot, and hence about the need to move faster, and probably to have some ex ante rather than ex post regimes. But we also want to avoid the fiascos of California’s AB5, which aimed to make Uber drivers employees but was so hasty that it accidentally banned all freelance work, and CCPA, which aimed to regulate user data but which was so vague that no-one in the industry knew how to comply. So how do you move fast, but not too fast, and how do you do that if you have not one or two cases but fifty or a hundred?
This tends to take us to a desire for some intermediate level of rules - narrow enough to cover new problems specific to tech, but general enough that you don’t have to open 150 different market studies and can cut straight to ‘that’s against the rules’. This is how I’d categorise Elizabeth Warren’s formulation ‘if you run the platform you can’t compete on it’. Unfortunately, though there is certainly scope for concern in how some platform companies treat people in their sandbox, this particular idea is a rerun of AB5: it’s a great slogan, until you realise you’ve just banned Google Maps from Android, and indeed banned Apple and Google from making any apps at all for iOS or Android… or owning app stores.
That doesn’t of itself invalidate the approach, though - for example, there's a EU suggestion that if you operate a platform in which you control someone’s business, banning them should have due process. One could imagine a right of appeal that covered Airbnb, Amazon Marketplace and Apple’s App Store. Even so, you'd need quite a lot of these 'general' rules - a right of appeal wouldn’t cover Google’s self-preferencing of Meet over Zoom, and a self-preferencing rule would struggle to cover Amazon drone deliveries.
This will cost a lot of money, on all sides. This autumn’s US Congress report on ‘big tech’ very obviously suffered from a lack of resource: it claimed, for example, that tech startup creation has collapsed in the last decade, which it based on a data set that ended in 2011, while standard industry data shows that startup investment rounds have actually risen at least 4x since then. This is what happens when a handful of staffers are asked to boil the ocean overnight. Hence, California’s recent privacy ballot initiative included provision for a permanent enforcement body, and part of the UK CMA’s proposal for managing competition in search and online advertising includes a new dedicated department. You'll need institutional capability and institutional knowledge. This is what we do for financial services, airlines, or medicine - it's part of regulation (not that regulators there necessarily have covered themselves with glory recently).
Meanwhile, the more rules that are set, the more compliance people you need to hire to make sure you’re following them. Regulation tends to privilege incumbents in general, because it’s a regressive tax, because incumbents work the system, and because regulation tends to define and hence channel new models into old patterns. The ongoing and drawn-out US arguments over whether a cryptocurrency is a ‘security’ reflect this - if you make it fit into the ‘security’ bucket then you may remove half the (genuine) reasons to use crypto in the first place. Of course, this is a trade-off in itself: regulation trades off costs and flexility (or at least one set thereof) for other objectives such as, say, safer food or air travel, reduced pollution or other social externalities. One of the challenges in debates about tech at the moment is the lingering belief that we can have everything. That’s not how policy works - everything is trade-offs, and 'to govern is to choose'.