The Good and The Bad in Digital Policy in 2022

Disclaimer: This post has been translated to English with the help of the Notion AI Assistant, currently in alpha testing. What I noticed:

  •  sometimes it translated to Spanish rather than Romanian
  • other times, it stopped before the end of the paragraph, which was weird.
  • one time, it kept translating the same paragraph for 5-6 times and it would have continued had I not stopped it
  • the translation is sometimes quite well done and correct, other times it misses the mark in terms of choice of word and tense (sometimes it uses the Present Perfect, sometimes the Past Simple for the same context). It changes the pronoun of the author from WE to I. Some examples of this in italics below. I find this fascinating also because I have worked as a translator for several years.
  • abbreviations specific to the Romanian language are not adapted
  • of course, It does not catch my idiosyncracies and very personal way of expressing myself.
  • otherwise, the text is AS IS. I have not made any changes.

This post started with an idea in mind, namely to present what awaits us in 2023, but as I was writing I realized that the idea that it is a new year and that we forget what happened last year creates this blank slate mentality where we may forget to apply the lessons from the previous year.

What awaits us in 2023 in terms of digital policies? A new year, new resolutions. We all know how it is. We fill up the gyms in the first days, buy agendas to turn them into journals and decide to not use social media as much. But how much of what we set out to do do we actually manage to do? And, more importantly, how do we manage to do it? I created DigitalPolicy rather to answer the second question in terms of strategies, vision, plans regarding the integration of digital technology in all aspects of our lives. With this question I want to start the 2023 posts on this platform: what has gone well or wrong in terms of digital transformation? Usually, we do the balance at the end of the year, expecting to take some lessons for the next year. But we forget one thing: often, in our minds we think of a new year as a „blank slate”, that is a blank page where we can take things from scratch. But what about the lessons from the previous year then? Do we take things from scratch or at least start from 1?

The European Level

What went well at the European level in terms of digital transformation?​

Non-exhaustive list. I am very open to other suggestions 🙂

  • (Digital Services Act and Digital Markets Act) new rules governing platform activity were adopted – with a near-direct bullseye at BigTech companies. What does this mean for us? Starting this year, we should get rid of those annoying cookie banners, be able to find out what’s behind a simple online search, i.e. how algorithms decide the content we see online, get to know why we were targeted by a certain ad, and big platforms should undergo risk assessments, give broader access to researchers who want to „look under the hood” of the system. We’ve written more about this here and here.

As an aside: I recently read a book, Network Propaganda, which very scientifically traces the course of misinformation from 2016-2018 in the US. Although the authors do not agree that ONLY social networks influenced the American elections (being very convincing in their argument), they are calling for less restricted access to the usage data held by social networks in order to be able to more closely investigate their effects. And they have made this call since 2018. It hasn’t happened in the US yet, but on the EU level it’s about to happen.

  • (Digital Governance Act) the data governance regulation proposal was adopted. Data is a significant element in the preparation of AI systems, for example. It can help you get to know citizens better and make better decisions. But what if all data from public and private sectors is walled off or „stored” in so-called „silos”? In short, each with its own data. The regulation aims to ease data circulation, but respect the privacy and rights of data subjects (i.e. ours), so we may wake up in the near future with requests for us to distribute anonymized data for the development of new products. Not a bad thing, but we need informed citizens who know how and why this is happening and we don’t need paranoia and misinformation here. We’ve written more about this regulation here.
  • The European Commission has launched and the member states have approved the European Declaration of Digital Rights and Principles. This document should be the basis of any public policy initiative at the national level and starts from five main points: people-centred digital transformation, solidarity and inclusion, freedom of choice, participation in the digital public space and security, security and capacity for action. You can read it here.
  • The Commission has also launched and member states, reluctantly, have approved the Digital Decade Governance program with responsibilities for achieving the 2030 targets. In short: how the European institutions will work with the Member States and how this will push them to work and report what they have done to achieve European targets, such as 100% digital public services, by 2030. I say reluctantly, because the Member States didn’t want to accept a mechanism proposed by the European Commission whereby it could ask for explanations and corrective measures if the Member States didn’t do their job properly. So convergence is back. This time digital.
  • The Commission has launched some at least interesting proposals for regulations. The Chips Act is among them, a European effort to stimulate domestic chip production, those tiny things that sit at the heart of any electronic device, from laptop to washing machine or car. The Interoperable Europe Act is another interesting proposal that will be in negotiations starting this year, because it takes on the challenge of creating obligations of thinking of public services directly interoperable with the European level from the get-go.
  • The launch of the Digital Skills Assessment Platform. Try it, it’s very OK!
  • Many complaints and fines for BigTech companies regarding the granting of consent for the collection of personal data. Among the most important are the appearance of the consent form with ACCEPT and REJECT cookies for large platforms such as Google. Details here.

Why are these things good? First of all, they are good for the European level. Most of the recently proposed legislation on digital transformation is in the form of a regulation, i.e. directly applicable, a sign that we are dealing with more European integration on this level of digital policies. At the same time, this means that Member States negotiate longer on a regulation proposal because it is applied directly and they do not have as much room to maneuver to customize in national legislation. This also means that the provisions are diluted to suit everyone, in the pursuit of the lowest common denominator.

Secondly, we find aspects that directly target the citizen level. Rights in the online space, more state action towards the advancement of digital technology through the implementation of national recovery resilience programs and the assumption of the European joint effort to improve the lives of Europeans.

Finally, it is about that European vision of digital transformation, the main thing that can make a difference internationally. Exporting values and rules for the online space. The influence of European rules internationally. The Americans are looking with envy, as we have written.

What has not gone well at the European level in terms of digital transformation?

Non-exhaustive list. Again, I am very open to other suggestions 🙂

  • As GDPR implementation advances, we are realizing that the enforcement regime may not be working quite OK. The interesting case is that of the Irish authority, which is the first violin in the verification of GDPR compliance for major platforms with their European headquarters in Ireland. Often this authority seems to be in tune with the companies in some of the decisions it takes. Example here or here.
  • Dilution of some regulatory proposals due to lack of consensus on the vision for the digital economy, as described above.
  • Delay in the implementation of national plans for digital convergence, i.e. exactly what the Member States will do to achieve the Digital Compass targets. This was due to the lack of consensus among states about how the governance mechanism should work.
  • Proposal for legislation to set standards for the prevention and combating of sexual abuse of children. It applies both offline and online, but digital rights organizations have raised alarm bells about the fact that the regulation may allow for extended surveillance of citizens’ online communications for scanning for such illegal content. More details here.

What went well at the national level

I don’t even know where to start here. Many new things were done, discussed, approved, but so far nothing in direct implementation. Many launches, pilot programs. It seems that 2022 was a year of approvals, I hope that 2023 will be the year of implementations. Not to mention the adoption of laws and strategies just to tick off PNRR milestones and targets, but which were achieved with little public debate in this regard. Oh, wait, we are talking about good things. Non-exhaustive list:

  • (this is also with European and local beat) approval of operational programs, in particular POCIDIF and PORs for each region in particular. The latter will be managed at the regional level and will contain measures for the digitalization of the public system (some say digitalization, others say digital transformation), for smart city, and POCIDIF targets things with a national beat, such as operationalizing an excellence center for artificial intelligence. I have listed more here. The pool of money is already showing its ugly face. We will have work in the coming years to monitor the waste of money on technology that has not brought anything good in addition.
  • realization of the evaluation of the digital competences of public officials. Yes, it was done! We don’t know the results, or they don’t want us to know them yet, but I guess they could be put in the „what didn’t go well”.
  • the law on interoperability and the government cloud. I put them together because they are thought of as a package. These are examples of things that, if done well, will form the basis of the transformation of our public services. With two conditions: officials to be trained and held accountable to understand and apply (those tested last year whose results we don’t know). We are doing things that other countries have done 5-6-7 years ago.
  • speaking of which, the law that prohibits the request for copies, the taxation of xerox and the like. Sad that we need a law for such a thing.
  • ITU-PP, which took place in Bucharest in the fall of 2022. I didn’t write about it at the time, but such a conference of an international organization with a global beat has brought visibility to Romania in terms of digital technology, with an emphasis on telecommunications. Context: ITU = International Telecommunications Union, it is an organization where states agree on some telecommunications standards for the benefit of all. For example, the JPEG standard for digital images was agreed upon within ITU in the early 90s.
  • the digitalization caravan. A good idea, I say. To go to the grass roots and explain to them there in their environment what and how can be done. So far, in pilot system
  • launch of the PNRR call for digitalization of SMEs. Projects can be submitted even in 2023, the conditions are OK or weird, depending on how you look at them. If I understood correctly, you are asked to certify an IT auditor to increase the digital intensity score for your company. And that IT auditor must come from a list approved by ADR, and that list is quite short. And the digital intensity score implies both investments, such as the purchase of ERP platforms or the development of a website or social media presence. Ok, it also implies the integration of AI solutions. But, given the extremely low score of digital technology integration in Romanian companies, such a requirement seems at least misplaced. With such a mixed result, let’s move on to what didn’t go well. Many here too.

What didn't go well at the national level?

Ok, where do we start? The order is totally random and the list is non-exhaustive:

  • The call for digitalization of universities through PNRR funds – launched, sent projects, decided projects in less than a month. It was good that this call asked for digitalization strategies of universities, but which some universities had not had and did so quickly – beforehand. I wrote about it here. Isn’t it still too little time to put such a big and strategic project on paper for any university?
  • The institutional ping-pong that affects the progress of digital transformation. We do not have a clear prioritization of this field, high-level support and a „push” of this field. Let’s be clear, European examples show that digital transformation works when it is close to the center of power. All the more valid in Romania, where the distance from power, according to the Hofstede index, shows us that we value centralization of power and accept hierarchical structures and work well in such conditions.
  • The Law on Cybersecurity and Defense of Romania. Formal public consultation, disinformation combated with the help of SRI, which disinformation becomes a threat to Romania’s security, and other at least debatable provisions. Context here.
  • The quasi-nonexistence of the National Council for Digital Transformation, an advisory body that should be very present and involved. With an approximate number of 300 members, according to ADR, it was relaunched last year, but without too much public activity. As a result, on its page, in the events section it reads like this: There are no upcoming evenimente.


What we had to learn for 2023

On the other hand, there are upcoming events regarding digital transformation for 2023. We will look ahead to next year, but we must recap the lessons of 2022 and start from this blank slate:

  • One is what you write on paper, the other can be in implementation. It’s no use achieving milestones if these results are challenged by those who know and by civil society (see government cloud, cyber security law)
  • We have money for the national and European level, but let’s not forget the much-loved convergence. The way we spend money from European funds and from the PNRR must justify the achievement of country targets for the Digital Decade.
  • And for the EU, 2023 seems to be a decisive year for implementation. The DSA and DMA provisions will come to the fore, and Member States must prepare because they will have national responsibilities, such as representatives in the European body for digital services, which have not yet been appointed 🙂 Let’s not forget about data governance, about which almost nothing has been written in the public space. Let’s prepare for citizens confused by data distribution requests.

Adaugă comentariu


Digital Policy este o platformă de analize de politici publice digitale, axată pe nivelurile european, național și local.