Enforcing the law in the digital era – a key task for Europe

by Prof. Winfried Bausback

Increasingly, the forthcoming European Parliament elections in May are being described as a battle to decide Europe’s destiny. This is partly because Europe is often no longer regarded as a great achievement; instead, there are forces muscling into the European Parliament whose intention is none other than to destroy what Europe was once meant to be – an economic community and a community of shared values. The unbearably relentless wrangling about Brexit may have encouraged this alienation from Europe, but it would be far too simple to blame this shift first and foremost on the turmoil in the British House of Commons – because an achievement is always only as great as its perceived benefit to society. And, to overstate the argument somewhat, the acceptance of Europe will be decided not by major geopolitical issues like Brexit or by piecemeal regulations like the bans on lead pouring, drinking straws or cotton buds, but by how it handles the really important, socially relevant responsibilities and challenges.

One such challenge is to manage the effects and excesses of the digital transformation process.

In many areas of our lives, digitalisation is indispensable, and the same is true for a united Europe. It makes us what we are today: a modern information society. At the same time, however, the digital transformation can also represent an existential threat to this very society.

Looking at the last 12 months alone, data integrity has simply taken far too many blows. In March 2018 it was discovered that the meanwhile bankrupt company Cambridge Analytica had used what was supposedly an academic research app to unlawfully harvest the personal details of tens of millions of Facebook users to then manipulate voters with targeted messages during the US election campaign. In September 2018, a security breach allowed between 30 and 50 million Facebook profiles to be hacked. Then, at the beginning of this year, an individual perpetrator, barely more than a teenager, was able to decrypt hundreds of datasets, some highly personal, associated with politicians, performers and influencers. And in New Zealand recently, a terrorist committing a horrific act was able to misuse Facebook’s live streaming service to give his mass murder an unimaginably horrific impact. Although this act remains the responsibility of a repugnant individual acting alone, at the same time the ability to broadcast such a live stream, and the apparently almost limitless availability of the video, illustrate the failure of the security mechanisms of the internet platforms.

Even if the examples given are naturally not in any way comparable with one another in terms of their nature and significance, they are indicative of the recurring loss of control by the tech giants at increasingly shorter intervals.

At any rate, there’s absolutely no denying that the digital transformation process overall is undergoing a profound crisis of confidence. This is also a view held by the majority in Germany. According to a survey by Civey in October 2018, some 80% of Germans have little or absolutely no confidence in the security of their own data and they hold tech giants like Google, Facebook, Amazon or Apple responsible. The large volume of personal data stored by these companies, its high commercial value and the far-reaching surveillance potential of modern information technology are actually a fundamental threat to the private sphere of citizens. To take just one example: 94% of all Germans use the Google search engine for their online searches. As a result, anything that Google doesn’t rank, or ranks way down the list, due to its impenetrable algorithms, effectively doesn’t exist on the net. This makes Google the unrestrained virtual gatekeeper and potential manipulator, because not only can it steer our knowledge, it also knows what we want to know. This is why the American professor of mathematics Cathy O’Neil quite rightly warns that algorithms can be “mathematical weapons of mass destruction”.

Zuckerberg and cohorts are now promising to improve the encryption of data and above all tighten up their own guidelines. Although this might often sound a bit like a legislative measure, there is one crucial difference to government legislation: it is not in the public interest. And why would it be? These are giant companies out to make a profit and with the will to monopolise. Ominously, our data offers them the means to do so. In this context, mistrust is not just understandable but actually called for. Why should we trust corporations that for the most part are a black box for us and are also striving to have increasingly more power over our data, for example by merging the messenger services Facebook, WhatsApp and Instagram? It’s almost like allowing a cartel because they promise to look after their competitors.

The tech giants want to be the predefined breaking point in the framework of the rule of law, by preferably substituting, to the greatest possible extent, the regulatory force of government by their own self-imposed rules. So although it is certainly welcome that Facebook, for example, has now taken the dpa (German Press Agency) on board as a second German fact checker alongside research network Correctiv, because there are apparently major concerns that the European Parliament elections could in fact be massively influenced by “fake news”, it is also clear that Facebook is not acting selflessly. Ultimately, this is part of an image campaign to counteract the loss of trust described above. What sort of companies Facebook and the ilk really are is already evident from their retreat to European tax havens and their opposition to an EU digital tax. If this in the end fails spectacularly due to the resistance of countries like Ireland, because it offers the tech giants a haven that both sides make money from, this will at the same time destroy the trust of citizens in the capacity of European and national institutions to tackle socially relevant issues. And these do not just lie in a fairer taxation system but also, and above all, in functioning cyber security architecture that focuses on data security.

This is why it is so fundamental for the state itself to once again enforce the law more strongly in the digital sphere and to apply all its might to reclaiming our data security. In this context, the need for law also has a democratic dimension. National and supranational law is an expression of the principle of the sovereignty of the people. Facebook may invoke the consent of billions of users; however, in representative democracies the enforcement of law by the state is in fact democratically legitimised and above all controlled to make sure it is aligned to the “will of the people” not to a company’s self-interest.

Even though the need to enforce law in the digital sphere is also a matter for national governments, to an even greater extent it can and should become a key responsibility of Europe. Because the international and decentralised structure of the cyberspace and the digital giants that operate in it is too complex for national governments to be able to resolve the problems on their own. The challenges associated with the digital transformation can therefore offer Europe the opportunity to be the driver that restores regulatory power, order and responsibility.

In his work The Struggle for Law,the great legal scholar Rudolf von Jhering provided a very apt interpretation, also in the context of the issues being explored here, about what the law needs to do, using the example of the insignia of Lady Justice. He writes: “The sword without the scales is brute force, the scales without the sword is the impotence of law. They belong together!” Accordingly, the battle for more cyber security and better control of tech giants’ power calls for even more courage and rigour – but also for a sense of proportion. Consider the General Data Protection Regulation, for example, the general tenor of which is right but which pays too little attention to the major players. On the other hand, associations and SMEs are being needlessly unsettled and burdened. In this conjunction, improvements are necessary.

Also desirable – to name just one example – are international regulations, coordinated to the greatest possible extent, that would make it easier to impose appreciable fines on the digital giants if they are unable to prove that they had taken state-of-the-art technical and organisational protection measures in the event of hacker attacks. This also means an end to the “black box policies” of such companies. Clear punitive measures should also be possible, for example, if our data is handled negligently by these companies. Given the behaviours exhibited by the tech giants until now, it is only logical that Europe is considering the introduction of a digital tax no longer associated with the location of a company’s head office.

What can be established is that public trust in big tech has been lost. There is risk that this will drag in its wake the great achievements of the digital transformation and the ongoing development of artificial intelligence. However, if Europe manages to also and especially assert the rule of law against the major players, people will not only trust in the progress of digitalisation again but will also have more confidence and trust in Europe too. Both are indispensable for our future.

Prof. Winfried Bausback is member of the Parliament of Bavaria (Bayrischer Landtag) and former Minister of Justice of Bavaria.

The article was first published in FAZ (Frankfurter Allgemeine), 28th of March 2019.