2021 Is the Year the Internet Gets Rewritten
As Silicon Valley flails to combat an insurrection at home, Europe is marching ahead with a plan to revise the web’s basic rulebook.
Big Tech’s post-insurrection backlash against U.S. President Donald Trump and the right-wing online incitement machine were unprecedented. Within days, Facebook and Twitter locked Trump’s accounts. Then Shopify, Twitch, Snapchat, and others followed suit. Stripe and PayPal cut off payment processing for Trump material. Google Play and Apple’s App Store removed the app Parler for its refusal to moderate its increasingly violent content. Amazon Web Services followed by kicking Parler off its data storage. The cascade eviscerated a big chunk of the far-right pro-Trump internet.
There are three conclusions to draw about this whiplash reaction. First, Big Tech’s raw power to redirect online discourse. Second, the opacity, capriciousness and inconstancy with which they wield that power. Third, that Big Tech companies—some of the world’s most astute political actors—are nervous that the rules governing internet capitalism are about to drastically change.
That perception is justified. In response to events in Washington, European Commissioner Thierry Breton called the Capitol siege “The 9/11 of social media,” and the European Union has already outlined its first response. 2021 could be the year that Europe rewrites the internet. Long in the making, the European Commission has begun rolling out a once-in-a-generation series of proposals—on data governance, content monitoring, artificial intelligence, transparency, disinformation, and market power—aimed to transform the way major platforms do business in Europe and globally. At its core is a legislative double helix—the Digital Services Act (DSA) and Digital Markets Act (DMA)—which aim to fundamentally restructure platform governance that has dominated since the techno-libertarianism of the late 1990s.
The DSA proposes a mix of hard and soft rules for online content. It preserves the core speech liability protections guaranteed in Europe’s equivalent of Section 230. But it significantly tightens the screws to bring greater transparency, oversight, and clarity. For illegal content, like violence incitement, terrorist content, and pushing counterfeit goods, rules for taking content down will be clear. The law aims to bring more transparency into targeted online advertising, the primary engine for large platforms’ business models. They would open tech company algorithms up to scrutiny from researchers, diminishing their opacity while preserving their propriety. The commission is creating a co-regulatory ecosystem between platforms’ terms of service, users, civil society-based trusted flaggers, European state coordinators, and a European Board of Digital Services, all backstopped by the European Commission, the EU’s executive arm. This allows for regulatory oversight to be constant, negotiated, and reputationally based.
The obligations for the big players are the greatest. The requirement for the largest platforms to take measures to mitigate risks includes potential usage of co-regulatory instruments to fight against disinformation. The terms of service remain in the hands of the platforms, but enforcing their self-imposed terms then becomes a public good. The DSA cleverly skirts the potential for Big Tech to shop for their favorite national regulator—say in Ireland—while avoiding a nationalist inclination to repatriate regulation. It does so by centralizing enforcement powers in Brussels. Taken together, the tenets of the DSA have all the makings of a “General Data Protection Regulation for content.”
The DMA, the EU’s first step to address market power beyond antitrust, defines online gatekeepers—whose market power, intermediation position, and stability as marketplace shapers makes them systemically relevant. The DMA would limit how they use data across services, regulate self-preferencing, empower their smaller business partners to get access to their data, and allow them to pull out of locked-in relationships. That would be a massive and democratizing power rebalance in favor of greater market dynamism with unclear consequences.
Together, the DSA and DMA seek to establish the graduated balance between size, risk, obligations, and consequences. Three points stand out in the EU’s efforts. First, the EU is not proposing to break up Big Tech, at least not yet. Rather, it creates the basis for proportionate oversight based in systemic importance. It looks to codify the Spider-Man Doctrine for the digital age: “With great power comes great responsibility.” The DSA targets platforms with over 45 million users, or 10 percent of the European population. The DMA has more dimensions to assess market dominance and lock in provisions. The greater the power, the greater the responsibility—to adhere to terms of service, to take down illegal content, to open up access to public data, to avoid self-preferencing. And the laws come with hefty potential penalties. The DSA can lead to fines of up to 6 percent of annual turnover. The DMA can fine up to 10 percent. Both are more than the General Data Protection Regulation’s eye-catching 4 percent.
Second, the EU is starting to examine new management models for regulation. In the past, an industrial revolution’s burst of innovative energy was matched with a reinvention of the state’s role. In the late 19th century, it came with the social welfare state, trade unions, labor laws, product safety standards, and new international coordinating governance like the International Telecommunication Union. Tom Wheeler, Gene Kimmelman, and Phil Verveer argue that the management model of regulation must reflect the technology it aims to oversee. Industrial capitalism was highly regimented with the engineering-oriented, stable technologies of the factory floor. Internet capitalism is agile, intermediated, and behavior-oriented. But regulation has not kept pace. A mismatch has arisen, one that has allowed agile Big Tech companies to run circles around this type of static industrial oversight. Together, the DSA and DMA create a co-regulatory ecosystem, a dense thicket of relationships, responsibilities, and oversight that could create better early warning systems for blind spots as they arise.
Finally, even as the EU moves, there are signals from elsewhere in the world pointing in similar directions. In the United Kingdom, the Johnson government has unsheathed new tools in the form of the Digital Markets Unit to work nimbly to address digital market power and asymmetries borrowing on critiques levied by former Obama administration economic advisor Jason Furman.
In the United States, the debate rages over Big Tech’s market, data, and free speech—a discourse with similarities to that in Brussels and London but at risk of becoming a casualty to Washington’s political acrimony. The Capitol siege has ignited a much larger debate around Section 230 reform and consideration about digital market power concentration. A House of Representatives antitrust subcommittee report noted that platforms can serve as a “gatekeeper over a key channel of distribution,” controlling market access and using it to expand their dominance. Democratic control in Washington might offer an opportunity for trans-Atlantic convergence on Big Tech governance, even as the Department of Justice and states use the antitrust instruments on the books to investigate Google on search and advertising tech. Others are examining whether Facebook should be severed from its affiliated wingmen, Instagram and WhatsApp.
Even China wants in on the action (for the wrong reasons). It has signaled a greater desire to enforce antitrust provisions and data governance against its own indigenous Big Tech, an odd choice given that China has long shielded its homegrown tech companies from outside competition and coopted them to operate as data processing back offices for Chinese national security services.
The EU’s proposals will still take time—perhaps more than two years—to negotiate through Brussels’s tangle of interests and veto points. But the French will be taking over the EU presidency in 2022, and French President Emmanuel Macron will be laser-focused on implementing the proposal as a core element of Europe’s quest for digital sovereignty. France’s turn at the EU’s helm also coincides with the country’s presidential election cycle, where Macron is expected to seek a second term.
Even as it considers these laws, the EU—and its partners—must be clear-eyed about the complicated, often gut-wrenching trade-offs. While clearly late in all cases, Big Tech’s chokeholds also have the potential to drastically reduce areas of radicalization, conspiracy, and incitement to violence. When responsible, they can be gatekeepers for good. It is unclear what the consequences of a more atomized information space would be. After all, the rise of Parler, Gab, and MeWe could be just the first step toward a more fragmented social media landscape that actually fortifies filter bubbles and accelerates radicalization. The prospect of other parallel elements of the tech stack developing—app stores, operating systems, and data storage centers—is possible.
The bottom line is that public authorities have been lumbering, and Big Tech dropped the ball on playing by the rules. On privacy, their cavalier attitude toward protecting user data has had a searing effect on European user trust and has been a deep source of European-American tension. In the one-two punch of the 2013 Edward Snowden revelations and 2017 Cambridge Analytica scandal, Brussels saw the cynical and blatant disregard for both public and private data protection rules. On content monitoring, too, companies like Facebook and Twitter have been patchy, inconsistent, and selective about implementing their own terms of service. Only in 2020 did they begin to impose consequences for those breaking the rules—and, largely, only in the United States. But that has not extended to other corners of the globe. For instance, the leading proponent of Germany’s far-right siege of the Reichstag in August 2020, Attila Hildmann, remains on Twitter. Company oversight structures are defanged when they run up against the business model. As evelyn douek (Evelyn spells her name using lowercase letters)put it bluntly, despite the governance window dressing, “the platforms do what they want.”
When launching the platform package, the EU’s tech maven, Margrethe Vestager, said this was an attempt to “bring order to the chaos.” The Capitol siege adds just one more data point showing that its time has come.