Foreward: This is the first post of a multi-part series where we will analyze the rise of nationalism in Europe and Asia and its implications on international cooperation for digital identity and citizenship. We’ll explore why Europe and Asia have undue influence on multi-national initiatives, and lay the foundational argument for why current challenges of identity in the digital revolution are better solved with international cooperation rather than at the individual country level. And lastly, this series will conclude with understanding why the United States’ failure to establish a federal approach to data privacy, and inability of its institutions to lead the international community towards a unilateral infrastructure of interoperable and secure digital identities is prolonging these challenges.
Last week, the European Union (EU) announced that it had revoked the Privacy Shield, a transatlantic agreement that enabled the legal transfer of data between the EU and the United States (U.S.). This landmark case is the latest example of the EU’s prioritization of individual data privacy and its willingness to pressure other countries, including close allies, to comply with data privacy mandates as a requirement to conduct business.
And the EU is not alone in regulating operating companies in how they handle, process, and maintain data. According to the United Nations, 132 of 194, or roughly 66 percent, of countries around the world have put laws in place to protect their citizen’s data. South and East Asia (including China), is another region following the trend of increased data protection and sovereignty laws.
Southeast Asia is the most rapidly growing region, in terms of GDP, in the world. Countries in this region recognize how attractive their large customer bases are to foreign investment. As a result, China, Malaysia, Brunei, Indonesia and Vietnam have responded with data localization laws that prevent individual data from leaving their physical borders, and force companies to store data locally.
Additionally, countries in this region are also introducing personal data privacy regulations. In May of this year, for example, the National People’s Congress introduced a draft data privacy bill to parliament that seeks to bolster the country’s formal position on individual privacy rights and protect valuable consumer data from being misused by foreign companies.
This demand for individual privacy rights in China was fueled by a 2017 case where 42 people sued Amazon for wrongful damages associated with a data breach from earlier that year. Yanming, one of the lawsuit participants, lost 247,000 Yuan as part of an elaborate phishing scam that he fell victim to because assailants possessed his personal details. However, this lawsuit failed twice in Chinese courts because there was no precedent that established data privacy as a protected right.
As we are moving into a world where data privacy and sovereignty regulations are the new norm, our OWI analysis identified both the positive and negative implications of our new reality.
On one hand, the advent of increased governance over technology providers has potential benefits. Countries are exerting more defensive barriers to stimulate growth of local businesses, while forcing foreign companies to protect and secure the personal data of their citizens.
On the other hand, digital identity is a challenge that is best solved through collaboration. When I started at OWI three years ago, our digital identity thesis was that private-sector products and services had developed in silos. This unfortunate series of events resulted in industry-specific identity products and services that were, for all intents and purposes, the same underlying process and technology with product marketing nuances that drove a false sense of differentiation. Our mission, to this day, is to try and break down those figurative walls and support the community in building products that made digital services more accessible for more people and, hopefully, less confusing in the process.
The rise of nationalism, manifesting through data privacy regulations, has the potential to stifle the international community’s headway towards a unilateral approach to digital identity, and reinforcing a siloed approach that many experts have been fighting so hard to rectify in the private sector. Should the world prioritize individual data privacy as a fundamental human right and prevent big tech monopolies from taking advantage of an individual’s personal information? Or should we prioritize interoperable digital identity solutions at the network or application layer of the internet to facilitate efficient access to goods and services across borders? Maybe there is a balance between the two? Stay tuned.
We’ll unpack this conversation further in our first-ever Digital Roundtable, Build for Billions, with leaders from One World Identity (of course,) Google, Omidyar Network, ID Crowd heading up a unique discussion-centric event. Check out the agenda and secure your spot now.