On 25 April, India and the European Union (EU) issued a joint press release on the launch of the EU-India Business and Technology Council. Broadly speaking, the Council stands ready to help intensify cooperation between the two jurisdictions on issues located at the intersection of trade, reliable technology and security. This is a welcome agreement, as it could pave the way for greater market access for Indian technology companies in the EU. It may also prompt the entry of European values into Indian rule-making on technology. For example, greater emphasis on ethics is highly desirable in emerging technology.
However, with Europeans finding some middle ground on rule-making, India should not blindly follow their playbook. While it is important to place values at the heart of law making, the devil lies in the details. The way Europeans have channeled their core values into technology policy could be detrimental to Indian businesses.
Take, for example, the significant value of personal privacy and its realization in the European Union’s General Data Protection Regulation (GDPR). GDPR puts data subjects (or users) at the center of its focus. Its substantive provisions, including processing of data for a purpose expressly stated and restricting the collection of data to the extent that such purpose is performed, are subject to the user’s consent to act. Theoretically, a consent-based framework prioritizes the well-being of the user, and is based on practices prevalent in medical ethics. However, in reality, it inconveniences users while not necessarily leaving them more empowered. This simultaneously increases the compliance burden on technology businesses.
A 2019 study found that the GDPR prompted high rates of fatigue among European users on consent notices and encouraged the rise of digital applications to block such banners. In fact, the same study concludes that users are so fed up with privacy notices that, when looking at a binary option, they choose to separately approve the use of data tracking software by different companies tracking them. Would love the app.
The handling of the Indian Personal Data Protection Bill, largely based on the GDPR, has surprisingly been mired in controversy. The GDPR is undoubtedly an exemplary attempt at rulemaking as it is the first of its kind framework to emphasize personal privacy online. However, it is a complex law that represents the lowest common denominator among the 27 countries. Should have already had GDPR 2.0 in the works. However, this is proving to be a complicated task even for a continent that specializes in rule-making. India is better off with a better approach to digital governance that targets specific pitfalls rather than a catch-all framework.
Another value that is central to EU technology regulation is fair competition. European Commission President Ursula von der Leyen in her speech at this year’s Raisina Dialogue linked it with core values such as democracy. However, when the ideal of fair competition is put into practice by the EU, it is anti-scale. Historically, European competition policy has focused on placing restrictions on firms in dominant market conditions. These restrictions typically include prohibiting such entities from engaging in business conduct that may “obstruct or distort competition”. Thus, business strategies that are perfectly legal in the context of a small firm are rendered illegal when carried out by a large one.
The recently adopted Digital Markets Act (DMA) of the European Union reflects the anti-majority sentiment of the European Competition Regulation. This piece of legislation primarily targets large technology companies looking to support the aspirations of small businesses and developers. The DMA seeks to regulate the “gatekeeper power of the largest Internet companies” by placing interoperability and data sharing requirements on them.
The European Union has weaponized the vital value of fair competition for narrow and protectionist purposes. This approach is inconsistent and short-sighted. For example, the European Union does not have any major social media platforms like Facebook or Twitter, and is therefore discussing possible mandates for such companies to be interoperable with each other. Such measures seek to undermine the position of US tech majors in Europe, which is essentially industrial policy that operates under the guise of fair competition. Similar approaches can easily target Indian digital products that want access to EU markets in the future. Furthermore, it is difficult to imagine how interoperability would work in a more decentralized Internet, in which myriad metaverses are likely to arise, and where India, with its software-engineering prowess, has the potential to have an edge over Europe.
India’s interest therefore lies in leveraging the EU-India Business and Technology Council for two specific purposes. The first is to ensure that our businesses are able to navigate a low-penetration European market, which currently accounts for about 15% of Indian software services exports. The second is to ensure that we reaffirm our commitment to common values, while ensuring that their application is not rearranged into trade barriers. This is perhaps easiest to do in the context of emerging technologies such as artificial intelligence, where the European Union is an uncontested thought-leader. Let us take the best that Europe has to offer, filtering out all the hypocrisy.
These are the personal views of the authors.
Meghna Bal and Vivaan Sharan are technology policy experts associated with Esya Centre, New Delhi