Labour MP Chi Onwurah has called for a new framework to regulate tech companies but there is little consensus on the form it could take, whether new government regulation or self-regulation would be the better option, or if the existing setup works as it is.
The 2017 Conservative manifesto contained a pledge to "establish a regulatory framework in law to underpin our digital charter and to ensure that digital companies, social media platforms and content providers abide by these principles" but Onwurah is unimpressed by their efforts to turn proposals into policy.
"There isn't a current regulatory regime for big tech," Onwurah told Techworld. "That's a problem."
The Shadow Minister for Industrial Strategy, Science and Innovation wants to introduce a new regulatory framework for the digital age. The process would begin with a review of the issues involving the tech sector and the general public that incorporates a new digital "bill of rights" - as previously proposed by Labour.
"That's something iconic that we can have a debate and review around, looking at what are the emerging technology trends, what are the implications for consumers for civil rights, for security and safety - that is a big one - and then set out what kind of regulatory principles," she said.
Arguments against regulation
Onwurah's desire for new tech regulation is not shared by all.
Opponents of new regulation argue that new laws could inhibit innovation and the existing data protection, antitrust and ecommerce rules are sufficient, as Sue McLean, a technology partner at law firm Baker McKenzie, explained to Techworld.
"We have regulation," McKenzie said. "We have data protection laws that have just been renewed, we've had quite longstanding ecommerce regulation that is there, we have competition laws that everyone every so often looks at again at European level and asks are they fit for purpose? And up to now, the conclusion has been yes, the rules are there, they can be enforced.
"I think certainly when talking to technology clients and talking to stakeholders in the community, there is a query as to whether we really do need regulation or whether this just a response to the latest headline or the latest pressure rather than it coming from a market failure which requires new thought, because with regulation you don't typically want to inhibit innovation by bringing in regulation too early.
"We see this particularly around things like AI and blockchain where there isn't lots of new regulation being suggested because we need to let it play out a bit and figure out where there are the gaps and organisations like the Law Commission are exploring the use of things like smart contracts and blockchain to see if there are gaps that we need to fill."
Regulation can also have unintended consequences. Germany recently introduced legislation that requires social media platforms to remove "manifestly unlawful" content within 24 hours of receiving a complaint or face a fine of up to €50 million, which critics claim has led companies to pursue excessive censorship.
"Governments and the public have valid concerns about the proliferation of illegal or abusive content online, but the new German law is fundamentally flawed," said Wenzel Michalski, Germany director at Human Rights Watch. "It is vague, overbroad, and turns private companies into overzealous censors to avoid steep fines, leaving users with no judicial oversight or right to appeal."
Even among those who agree that current regulation is inadequate, there is little consensus on the best way to replace it.
One option is to regulate tech firms as utilities. In a recent YouGov survey, three-quarters of Britons said they couldn't live without the internet, which suggests that it could require the same regulation as other public utilities.
At a House of Lords inquiry into internet regulation, Katie O'Donovan, public policy manager for Google UK, argued that the existing range of competitors, the low barriers to entry, and the ease with which consumers can switch to alternatives make tech companies incomparable to utilities.
"I don't think we do see ourselves as utility providers because there's a real choice every time people go online," she said. "There are rival search engines that have grown phenomenally over recent years ... operating in a different way."
Critics argue that Google's wealth and power has helped it gain an overwhelming majority of the search engine market that no one can compete with, but the company can claim this dominance is justified by the quality of the service.
The argument in favour of regulating tech companies as utilities would better apply to the internet, as this is provided by telecoms company with their own statutory duties. The tech giants that are the target of most demands for regulation all provide their own services underpinned by various technologies that serve different purposes. This makes them difficult to regulate collectively.
"If you don't need new laws, don't bring them in, but if you are going to bring in new laws, be very careful about how you design them," said McClean. "Because we have seen - not necessarily in the UK but in other countries - there's a rush to regulate certain areas of technology too soon and it has really inhibited or it's just not been helpful and hasn't achieved what they thought it would achieve."
Regulation as a business opportunity
Others argue that regulation can create new business opportunities rather than reduce them.
The US state of Wyoming introduced new legislation in March that exempts blockchain businesses from specific taxes and liabilities in an attempt to attract startups from the sector to build their businesses in a supportive jurisdiction.
"We've seen that with places like Malta and Gibraltar, where they've said they want to give clarity on the regulation around initial coin offerings and cryptocurrency, and that has attracted people to go and do business there because they think at least they know what the rules are there," said Onwurah.
"So there may be cases where things like more regulatory guidance is useful to give that encouragement to grow tech companies in particular sectors and I think even the UK having clearer guidance from the FCA around things like cryptocurrencies and token sales might be useful, but in other areas I'm slightly cautious as to what tech regulations they've got in mind and if they would be useful or counter-productive."
In the UK, the Treasury Select Committee concluded that crypto-assets should be regulated to make cryptocurrencies a part of mainstream finance and thereby boost the domestic growth of the sector.
Nigel Green, founder and CEO of deVere Group, which launched an exchange app called deVere Crypto earlier this year, believes this could protect consumers and benefit businesses.
"As such, I welcome the Treasury Select Committee's proactive and progressive approach, which could be the first step to providing regulations to protect consumers and prevent illicit activity," he said.
"The conclusion made by the Committee about cryptocurrencies puts them on the right side of history. Its findings that these assets should be brought into a regulatory framework demonstrates once again that they are now a part of mainstream finance … Regulation of cryptocurrencies will give investors even more protection and, therefore, confidence in the burgeoning market is likely to drive prices higher."
Different rules for different tech
Rather than regulating big tech as a whole, it may be useful to focus on strengthening the rules on specific technologies, as some have called for controlling the impact of AI.
The House of Lords Select Committee on Artificial Intelligence recommended that a cross-sector AI code of conduct is promptly drawn up to guide organisations developing or adopting AI, which could provide the basis for any future statutory regulation.
"Blanket AI-specific regulation, at this stage, would be inappropriate," it reads. "We believe that existing sector-specific regulators are best placed to consider the impact on their sectors of any subsequent regulation which may be needed.
"We welcome that the Data Protection Bill and GDPR appear to address many of the concerns of our witnesses regarding the handling of personal data, which is key to the development of AI.
"The Government Office for AI, with the Centre for Data Ethics and Innovation, needs to identify the gaps, if any, where existing regulation may not be adequate. The Government Office for AI must also ensure that the existing regulators' expertise is utilised in informing any potential regulation that may be required in the future and we welcome the introduction of the Regulator's Pioneer Fund."
In the US, a public interest group called Public Knowledge recently released a white paper calling for a new federal authority in the US that would work with existing regulators on issues around AI but rejected the arguments for an entirely new regulatory body.
"To be clear, this does not mean a new overarching regulator that would replace existing agencies, as sector-specific regulation of autonomous systems will almost certainly continue," it read. "Nor do we propose the immediate creation of a sweeping new rulemaking regime. Instead, the new authority would build and provide expertise and experience in AI for the rest of the government."
Phrasee CEO Parry Malm gave evidence to the All-Party Parliamentary Group on Artificial Intelligence in 2017 arguing that blanket regulation wouldn't work for a technology used for such varied applications.
"There's a bunch of people there saying okay we need to regulate AI like we do cars and airplanes, but the thing is, a car, for example, has a singular job," he said. "You start at A and get to B. Since it has a singular function you need a singular set of regulations. AI though, because there's so many different applications of it, what you need to do is actually regulate it in domain-specific ways.
"Let's say with AI for health, you have a machine vision app that scans x-rays and then can point out tumours. There are actual products that do that. Well clearly, just for liability reasons, that needs to be regulated and regulated heavily, because it's a life or death situation. Now with something like us, we're creating better marketing copy. If it doesn't work, no one is going to die, so the government probably doesn't need to regulate that."
As international rules vary, it is difficult to regulate tech that crosses borders.
Box CEO Aaron Levie would prefer global data protection law based on an international agreement on privacy standards and use of data.
An international agreement would ensure that conflicting national interests don't threaten the global internet as it exists today. If global platforms struggle to adhere to the different laws in the locations they serve, this could 'Balkanise' the internet, Levie fears, especially if websites respond by offering diverging services in different locations.
The reaction to GDPR suggests that he may have a point.
Companies in the US from the LA Times to email unsubscribing service Unroll.Me blocked EU users from their websites to avoid breaching GDPR, while online reputation service Klout was shut down entirely on the day the regulation was enforced.
"There are a lot of core ideas and principles that GDPR offers that I think make sense for any country, or globally in an ideal world, where we'd have global standards around how we think about data privacy and data protection," said Levie.
Looking to the future
Onwurah believes that a forward-thinking review is essential to ensure the resulting regulation can keep up with developments in tech rather than having to regularly put a new regulatory framework in place.
When Labour Lord Puttnam led a 2002 public consultation into the proposed Communications Bill, he attempted to envision the regulation that would be required for the future convergence of communications. Onwurah feels that his efforts were largely successful, and that this approach has been neglected by the current government.
"The 2015 review of data and technology is the most important review that we never had," she said.
The MP for Newcastle Central MP worked in both technology and regulation prior to embarking on a career in politics, as an employee of a TV mobile chip vendor, broadband wireless provider and telecommunications consultancy and then as the head of telecoms technology at Ofcom. She worked at the regulator from 2004-2010, as the tech giants of today were rising to extraordinary power.
"There was a real effort by Ofcom as the nearest responsible regulator not to regulate the internet, and not to regulate emerging businesses and emerging sectors," Onwurah recalled.
"There's a whole theory of competition regulation that says you don't regulate nascent industries, you try and let the market sort it out, and I think the problem was that that allowed a consolidation and consumer harm to grow … I've been calling for more forward-looking regulation since before I was in Parliament, I was calling for that when I was at Ofcom, to protect and empower consumers.
"I would say that they are Ofcom are slowly crawling to the position of regulating the present, but they're still not looking forward to the future and that is what we need to do."
New regulation will inevitably to keep up with developments in technology to protect the public while supporting innovation and businesses, but Onwurah argues that the alternative is far worse.
"The opposite of regulation is not no regulation, it is bad regulation," said Onwurah. "And unless there's a proper meaningful debate and discussion about the right kind of regulation we are going to need in the future, forward-looking, there will just be bad regulation, because ultimately governments - even this light touch, market-will-resolve-it government - cannot stand by while there is significant consumer hurt and anti-competitive practices."