What are the effects of AI and data regulations on companies?

This article has been translated from Romanian with the help of Notion AI.

What are the effects of AI and data legislations on companies? To understand this, we need to start with American movies versus European movies 🙂 Who hasn’t seen one of those Marvel movies, of which there have been over (I believe) 30?

Action, explosions, noise, fantastic events, successes despite all adversities, and in the end, the good triumphs. In contrast to this picture, the European film is artistic, slow-paced, perhaps black and white, with sadness, complications, and not always a happy ending. The classic separation between Europe and America, American superiority versus European backwardness.

The same goes for technology. America is the country of Marvel, where everything is possible in terms of innovation and companies are mega successes, while Europe is the country of slow-paced films, companies that don’t innovate, and seem sad compared to their American counterparts. We hear these things quite often, and the main reason why European companies are seen this way is that there is not enough venture capital to encourage innovation. Oh, and there’s also the issue of regulation. Apparently, there are too many regulations that stifle innovation. Is it really true?

This is where we find ourselves with the dilemma, and this is what we want to investigate in this analysis. Specifically, we will explore the impact of new EU regulations on data and artificial intelligence on companies.

Why do we care?

  • If you work in a tech company and/or probably develop tech products, interesting times lie ahead. How do you prepare for that?
  • We often hear about European legislation and European bureaucracy versus the allure of investment and regulation climate in the US. Is it really that bad?

So what is it about?

  • We will discuss the main elements of European legislation regarding data and artificial intelligence
  • We will see the impact on companies and how or if the EU can help in other ways to reduce the impact.
  • We will conclude by discussing how you should prepare for a series of changes.

Let’s get started, then.


What is the EU up to this time?

What isn’t it doing? 🙂 That’s the question. We are approaching the end of the Von der Leyen Commission’s mandate, and there have been numerous regulations and reform proposals related to the digital space. Here are just a few of them, noting that you can see the entire universe here:

  • Legislation on artificial intelligence
  • Data legislations (data governance and data act)
  • Cybersecurity resilience act
  • Gigabit act
  • Digital identity legislation
  • Regulation of work on ride-sharing platforms
  • European chip act
  • Cybersecurity solidarity act
  • Digital services act
  • Digital markets act
  • Network and information systems directive 2

We have already discussed most of them on the website, but more from the perspective of their influence on Romania and its citizens. But what about the private sector? Is it really being strangled by cumbersome and hard-to-implement regulations? Some regulations apply to all companies (such as GDPR, which regulates data protection), others are sector-specific (the draft directive on platform work), and others focus more on consumer protection, impacting companies through consumer protection.

Let’s briefly look at some of them that have an impact on the IT sector as well as non-IT companies that are more advanced and have an impact:

  • AI Act
  • data legislations

effects of AI and data legislations on companies - AI Act

We have discussed the AI Act here, but let’s briefly review the main elements of the legislation to establish a foundation for the anticipated impact on companies. It has not yet come into effect but is expected to do so in 2024. The key points of the legislation are:

  • Definition of an AI system: a machine-based system that is designed to operate with varying levels of autonomy and can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions that influence physical or virtual environments.
  • Classification of AI systems into 4 risk categories:

Who has obligations?

The legislation classifies several types of actors involved in the development, commercialization, import, or distribution of AI systems, namely: suppliers, implementers, importers, distributors, and manufacturers of devices. The main obligations they have will only materialize IF any of these actors put high-risk systems on the market. According to some estimates, 30% of AI systems produced in the EU would fall into this category, but the EU’s impact assessment suggests that it is around 15%. The situation will only become clear after these high-risk systems are registered in the European database required by the legislation.

Let’s highlight some key points from the compromise text between the Parliament and the Council.

Suppliers must:

  • Conduct conformity assessments before placing high-risk systems on the market (these can be done internally or outsourced) in three areas: quality management system, technical documentation, and conformity assessment between technical documentation and the design and development process.
  • Ensure that individuals providing human oversight of AI systems are informed about the risk of confirmation bias (i.e., they should not rely solely on the output of the AI system in making decisions).
  • Provide specifications for the data used to train the AI system, including information about limitations and possible existing assumptions within the dataset. For example, if the data is predominantly from a specific geographic region, which could create limitations in using the systems in other regions.
  • Prepare technical documentation.
  • Take corrective actions to bring the system into conformity and inform the importer and implementer.

Attention! You become a supplier if you make substantial modifications to an AI system already on the market, whether it becomes high-risk or if you put your brand on an existing system.

Implementers of such systems must:

  • Ensure that they put the systems into operation in accordance with the instructions for use.
  • If they exercise control over the system, implement human oversight.
  • Ensure that individuals overseeing the system are „competent, qualified, and adequately trained and have the resources to ensure the supervision of the AI system.”
  • Monitor the implemented cybersecurity measures.
  • If they exercise control over the input data, ensure that the data is relevant and representative for the intended purpose of the system.
  • Inform the manufacturer, importer, distributor, and competent national authorities if the use of the system could entail risks to health, safety, or fundamental rights of individuals and suspend the use of the system if necessary.
  • Maintain a log automatically generated if they have access and control over it.
  • [in labour situations] Before putting a system to work, inform employee representatives and reach an agreement regarding its use. If necessary, conduct a data protection impact assessment.
  • Conduct an impact assessment in the intended context of use (with a few exceptions, such as safety systems in traffic management or utility provision).

Importers must ensure that:

  • The supplier has conducted a conformity assessment.
  • There are technical documentation and instructions for use.
  • The system bears the conformity marking.

If the system interacts with individuals, suppliers must inform users that they are interacting with an AI system. Users of deep-fake systems must also highlight that the content is falsified or artificially created.

Counterbalancing these obligations, from which I have listed only a part, is the inclusion of measures to stimulate innovation in this act. The main instrument is the „regulatory sandbox,” a tool for experimenting with products and testing innovations before they are brought to market under the supervision of competent authorities. This is not presented as an obligation of the Member States, but rather an option. Furthermore, the proposal states that startups and small providers should have priority access to such instruments.

Now, let’s look at the impact and complaints from the main actors targeted by this legislation. Let’s start with the perspective on sandboxes:

  • An organization representing EU startups states that the legislation on sandboxes should be clearer because startups often do not necessarily fit into a specific domain or may change their location.
  • Others are more pessimistic. A report by AI Austria shows that two-thirds of the surveyed startups believe that their activity would be slowed down due to the required adaptations. Approximately 30% of the included startups would classify their systems as high-risk, and the costs of adaptation could reach several hundred thousand euros.
  • Not to mention the venture capital climate. The same report indicates that venture capital funds could redirect their investments, considering the decreased interest in high-risk systems that would become more expensive.

So, how is it? Is there too much regulation? As we can see, most of the rules apply to high-risk AI systems, and the market for such systems is limited. At least for now. According to estimates by the Commission, up to 15% of systems would fall into the high-risk category. However, the estimates from the cited reports indicate that around 30% of systems would be affected. The AI market will continue to grow, especially after the explosion of generative AI, such as Chat-GPT, which will have different rules within this legislation. But let’s not digress now.

At first glance, there doesn’t seem to be a great balance between the regulations in the legislation and the proposed regulatory sandbox. Does this compensate for the exodus of venture capital from the EU? Perhaps not, but the funds made available at the EU level through programs like the Digital Europe Programme could help. The problem is that the pitch in front of a venture capitalist is very different from the funding application required to access such funds.

Let’s not forget about the Digital Innovation Hubs (DIHs), whose role is to support companies in testing solutions before bringing them to the market. The problem here is visibility, as confirmation bias, which the AI Act aims to reduce, is present in companies. Confirmation bias of the form „it’s easier with venture capital, I don’t bother because I don’t know what I gain here, etc.”

effects of AI and data legislations on companies - Data, data, data

There is no artificial intelligence without data. The Data Act and the Data Governance Act aim to facilitate access to data to stimulate innovation. More data, well-trained systems, better results, and so on. But wait, wasn’t there something about data protection and minimizing data collection? Yes, there is, but that pertains to the protection of personal data, and the principles can be found in these two regulations. Here, we mainly talk about non-personal data emitted by intelligent devices, for instance.

Speaking of which, Bard was confused when it comes to these two regulations:

Ce efecte au legislațiile pentru date și IA asupra companiilor / effects of AI and data regulations on companies

The idea is that the Data Act refers to who accesses and how data is accessed, who can benefit from it, while data governance creates the framework for companies to grant access to data or request access to data, including from the public sector, to create value from it.

As a company, you can find yourself in two situations here:

  • You may have data that others would need. Perhaps you have a series of devices that measure the energy efficiency of a building or data regarding the speed at which QA is performed on a production line. What do you do with this data? You might not want to give it away because it belongs to you. But what if you can gain something from it?
  • You may need data to develop a new product. Where do you get the data from? Do you directly test with a potential customer? Perhaps the datasets are too limited, or maybe you want to scale an existing product for a different industry and need access to data from another company in a different sector. Maybe you can obtain the data from a third-party organization that acts as a „data intermediary.”

This is where the two legislations come into play. What are the obligations and rights?

  • Users who generate data through the devices they use will be able to port their data to other companies. For example, users could transfer their usage data to a third-party repair service to fix a device without limitations from the original manufacturer.
  • Device manufacturers will need to provide information about the quantity of data generated, how users can access the data, and how users can request the transfer of data to third parties, among other details.
  • The transfer of data from data holders to data recipients will be done with reasonable compensation, with the only limitations being related to trade secrets.
  • The legislation includes provisions that limit unfair terms in contracts for data distribution, particularly with regard to small and medium-sized enterprises (SMEs). The legislation also introduces the concept of a „trade secret holder,” which allows companies to refuse access to data for legitimate competitive reasons.
  • it also introduces intermediaries that facilitate data transfers. If you are unsure where or to whom you should request data from, you could use such a service.
  • For certain situations of public interest and emergencies, public sector organizations can request companies access to their data.
  • The legislation introduces the concept of „data altruism,” which allows for the voluntary distribution of generated data by companies, not only upon request but also proactively.

What do the affected parties say about this?

  • DigitalEurope, an organization representing large technology companies in the EU, states that the Data Act is a „leap into the unknown” that does not clearly explain what data needs to be distributed and to whom.
  • The Alliance for Digital SMEs, which represents SMEs in Europe, emphasizes that SMEs should have more protection under this legislation but praises the explicit provisions regarding contractual terms for SMEs.
  • The International Road Transport Union, an organization representing companies in the transport and logistics sector, considers this legislation beneficial because they already had data distribution agreements and purchased devices to access data, such as fuel consumption data.
  • Siemens, on the other hand, suggests that such laws could jeopardize trade secrets, especially for companies that produce aftermarket parts.

So, what is the verdict? Is there too much regulation? It seems that the criticism is less about excessive regulation and more about the need to protect trade secrets. Data markets are crucial for the digital transformation of companies. It is not just about the products they create but also about the data they generate.


How companies "suffer"

The intentions of European regulations are to promote ethical values in the digital space, but they also consider market perspectives, especially considering the competitive landscape where the EU stands between the US and China.

What will be new for European companies?

  • For AI, there will be transparency obligations toward users regarding the AI systems they produce, distribute, import, or use, regardless of the risk category they fall into.
  • For AI, there will be conformity assessments for high-risk systems, resulting in a declaration of conformity and the famous CE marking.
  • For AI, there will be impact assessments regarding the fundamental rights of Europeans for high-risk AI systems.
  • Developers of AI applications will have the possibility to participate in regulatory sandboxes together with national authorities.
  • Implementers of AI systems will be required to designate a person responsible for overseeing the system if they exercise control

Always be prepared...

Finally, a non-exhaustive list of things to consider implementing when it comes to digitizing or digitally transforming your business.

What do you need to do to adapt to these new legislations?

  1. Get information. The regulations we discussed are in the final stages of adoption (those related to data are more advanced, the Data Governance Act is already adopted, and the Data Act is yet to be adopted, while the AI Act is still in the final negotiation stages). But that doesn’t mean we should wait for them to be applied to get up to speed with what needs to be done at the last minute.
  2. Analyze the state of your company in terms of data governance (what and how it is collected, where it resides, where it goes, what we don’t collect) – but not just for personal data. For that, we already have GDPR, and the provisions related to data in the new regulations complement aspects of the latter.
  3. A piece of advice also from EY regarding preparation for the AI Act – analyze the AI models you already use, but also consider what you plan to acquire. AI is expanding and it is trendy, but you need to consider what and where you will use it. Consult here (the list may evolve) the category of high-risk AI systems to know what kind of obligations you are heading towards, both as a developer and as a business user.
  4. Prepare your human resources to better use and understand how AI works, what confirmation bias is. Also, consider implementing human oversight of these systems, and don’t forget about transparency requirements. People – customers, employees – need to be informed if they will interact with an AI system.
  5. Start collecting data, standardize it, try to understand its value both for your business and as a value in a data market.


There has to be a better way. GovTech for digital public services

(for this introduction, please imagine a teleshopping ad context. Black and white images with apps of the Romanian state that don’t really work followed by frustrated users whose app has been blocked and cannot make payments. All very frustrating, and the copy would sound something like this

ROeID – an application intended to create a digital identity for us. Which is actually just one of the other national and European attempts to think of an „electronic” identity. The application has been recently launched – fanfare and trumpets, you know. With an video and audio identity check, all very nice. But it didn’t work, and my social media bubble was full of people whose identity checks were refused. Even if you manage to create an identity, you can’t really do anything with it. Yet.

The e-Romania portal (remember that?), the portal of „participatory democracy”, was supposed to bring everything together, from information about all the country’s localities to electronic public services. Fast-forward, 10 years later, the portal no longer exists, the money is gone.

I think I can fill whole pages with such examples of applications, programs, services, developed by or for the Romanian state, but that would not solve anything, except frustrate us by reminding us of the long line of failures. But let’s not forget that teleshopping always goes from black and white images to colorful ones and happy people. On the system: But wait, there’s got to be a better way! Yes, that’s right, and it’s called GovTech.

What is this all about?

  • I will paint an alternative portrait of the possibility of creating/improving digital public services offered to us as citizens through the GovTech sector.
  • I will describe some GovTech mechanisms that are currently working in Europe.
  • And, inevitably, I will address the possibility that these mechanisms exist/will be developed in Romania.

How does it help you?

  • you need to know that there are also variants of cooperation between the private and public sectors for public digital services that do NOT involve the development of a costly and extremely unfriendly application with citizens
  • there is room for involvement from citizens or small businesses if there is openness from the state.
  • it helps you to ask for something different from those who lead/want to lead us (naive, I know).

So let’s get started.


How does the state implement digital public services?

Let’s go back to the teleshopping image. What causes all those black and white images of angry and frustrated people with the services? Well, some poorly designed and executed products, based on too much trust in the ability to deliver things. Or the rush that, as we know, ruins things. Or, let’s not forget the Romanian case, the intention to spend a lot of money without responsibility and without a satisfactory result.

If we go back to theory, there are several „philosophies” related to how to create and deliver public services:

  • Classical governance – the state knows everything, does everything. So, the state is a large, bureaucratic apparatus and a consumer of resources.
  • New public management – the state is too big, it needs to be reorganized, it consumes too many resources, we need to introduce principles from the private sector into the functioning of the public sector, reduce costs, the private sector knows better. Technology here is the means to lower costs at any price.
  • Digital governance – which we have written about here before – it’s good to have a smaller state, with outsourcing to other private entities, but others should also participate in the creation and implementation of public services, and let’s not forget that technology is a tool for the benefit of citizens, and they should be involved in creating public policies.

It may be reductionist for those who have a more thorough knowledge of the phenomena, but it’s good for an overview of the possibilities to respond to challenges related to how the state provides digital public services.

The downsides of the first two approaches are clear – the state doesn’t always know everything or can do everything (especially if the resources it needs have been diminished under the umbrella of a „lean” state), and let’s not forget the example of Romania where outsourcing the implementation of a service to the private sector was done poorly, without taking into account the citizen’s experience to say the least.

What now? GovTech is now.



We’re not reinventing the wheel here, let’s get that straight. GovTech is described as an IT sector that deals with creating innovative technological solutions for public administrations at any level. Clearly, there’s nothing new under the sun. However, the way of creating these new solutions is different. It doesn’t start from the idea that the state doesn’t know how to make good services and only the private sector can, and we must transfer expertise directly there. It actually starts from the idea that the state needs collaboration to solve problems, and these collaboration perspectives are found in several places and in several ways, and solving a problem related to public administration is not just about acquiring software or an application. More is needed.

So let’s recap. GovTech is:

  • the partnership between public sector organizations and innovative startups and SMEs to solve societal problems (according to the definition provided by the JRC of the European Commission)
  • close cooperation between the state and young and innovative companies, such as startups, with the aim of delivering better public services (definition aggregated from the literature)
  • an integrated approach to modernizing the public sector, encompassing three aspects: citizen-centeredness, accessible public services, and an integrated approach to digital transformation (definition from the World Bank)

The literature also shows that there are two types of activities in which such initiatives can get involved:

  • corrective activities for the public sector. When it’s clear that something isn’t working well in terms of digital public service provision or there is this push towards digital transformation, as done by the EU. Like „how do we issue the tax certificate online?” Nothing out of the ordinary, but maybe things that others have already done.
  • innovation activities for the public sector. When there is a new challenge or when you can’t find a key solution on the market. Or maybe you can find it, but you don’t want to spend so much money on it and it can be done cheaper.

Many approaches, many definitions. What is clear is that it depends on the „think outside the box” mentality. What is also clear is that it is more than an IT sector that churns out applications for the state, but it is about the collaboration between the private and public sectors to solve a problem and it is not something that happens once and that’s it. It involves supporting this collaboration in the long term to be able to change the logic of digital public services. From the simple „how to enroll my child in school” to internal matters, such as budget simulation with the help of data. Still, I don’t think it’s clear yet how it works, and it’s best to look at the dynamics of the sector and a few examples from Europe.


GovTech in Europe

Several countries with better or worse rankings in the EU Digital Economy and Society Index have shown openness towards such initiatives and have established government or mixed programs to support the development of tech solutions for their public services. The map below shows just a few initiatives.

If you look at their names, you don’t always know if they are public entities or not. And that’s the point. Some are laboratories, some are competence centers, some are research centers, directly under the government (Scotland) or a government agency (Israel). Others are supported by a consortium, such as Accelerate Estonia (a consortium made up of the Tallinn city government, Tallinn University of Technology, and the government). What all these names have in common is that they are often places where you can experiment. And that’s also the point. European Commission research shows that most of these entities benefit from strong government or leadership support, which gives credibility to the initiative. But they are somewhat independent.


How does it work? One of the main characteristics is that the budget for such initiatives is limited, but suitable for thinking on a small scale of digital public service solutions, leaving room for scaling at the end. Anyway, there is room for experimentation, and that means failure is part of the activity. But research also shows that a delicate balance must be struck between experimentation and performance. Something’s gotta give.

What exactly are they doing? The European Commission identifies about 6 modes of operation:

  • „challenge” activities – the state comes up with a problem and offers a prize for solving it. The solution can be funded and tested directly in ministries or other corners of the public administration, and those who have innovated have a chance to use the public sector infrastructure. What’s good is that the solution is first validated before it is extended to its use
  • hackathons – for rapid mobilization of resources and energy and efficient cost-effective solution creation. Hackathons take place over several days, and the complete solution is only modeled, not actually realized, which can lead to the loss of the idea if no concrete intervention is made for its implementation
  • accelerator programs, structured training, mentoring, and support programs for developing solutions (usually tech), where teams participate for a limited period of time. At the end of this program, there is a „demo day”, a day when teams present their ideas to potential clients from the public space or investment funds. The problem is that these clients are not required to choose the winning solutions, and of course, for this approach to work, the government needs „a lot of maturity”
  • piloting – partnership with a specific company to test a program under well-defined conditions. It also needs openness from the state, but also legal framework for access from an external party. The advantage is that the two entities work closely together, and the exchange of information and collaboration is beneficial for the public authority
  • research and development scholarships – awarded by the state following a competition. Winning companies or teams have a limited time to work on a solution, needing to justify the spending of funds to some extent. However, research is often conducted outside a framework of collaboration with the state, and leadership cannot quickly exploit the results from a political perspective because research takes time.
  • last but not least – ecosystem creation – the meeting of several experts, companies, people from the public administration – who can offer guidance and expertise. It may be the hardest type of activity to quantify and justify, but it may also be the most significant. Why? Because such an initiative lays the foundation for more collaboration and exchange of ideas and does not focus solely on developing specific solutions but also on creating a much more open organizational culture that is so necessary for public institutions. Because it does not solve a specific problem or have direct results but requires financial resources, it can be difficult to justify.

All of this is already happening in Europe.

  • Poland – the laboratory has been operating since 2018, under the direct leadership of the prime minister, has managed to grow relatively quickly, and receives multi-year funding. The set goal was to increase the efficiency of the public sector and contribute to obtaining data on citizens’ needs. What are they doing? Challenges, hackathons, ecosystem creation. They aim to increase SMEs’ interest in creating tools for administration, create a digital marketplace for state solutions, or create a base for training investors.
  • Estonia – has been operating since 2019 as an association between the government, the municipality of Tallinn, and Tallinn University of Technology. The types of activities they carry out are ecosystem creation and contests with prizes for working on certain missions – such as mental health (yes, that is a public policy problem for them)
  • Scotland – CivTech has been operating since 2017, and its main activity is the challenge competition, catalogued in the Commission’s analysis as an example of good practice replicated in other laboratories. How does it work? The organization sets open challenges to which any organization, team, or even individual can apply with a possible solution. There is an evaluation process for applications, and successful ones go through an exploration phase where they are refined, and the best ones from here go into the accelerator phase, where they will actually be built. They promote themselves as helping to create companies because most of the challenges they publish are universal, beyond jurisdictions. Among the recent challenges: how can technology help identify and prioritize support for people in vulnerable situations, starting with those with energy-related problems? or how can technology help manage infrastructure used by commercial operations in isolated or rural areas?

These are national-level examples, but GovTech is of interest to the European Union, and it is enough to think only of the avalanche of regulations that are coming over us or that are already implemented and that are related to „connecting” different public services from several countries. The main project that will stimulate the growth of the GovTech sector refers to the future regulation for stimulating the development of interoperable services at the EU level. That is? We have a single digital market, being able to order online from another country without any other restrictions, we circulate and use the Internet subscription as if we were already in the country, we can open our Netflix when we are on a city break. Why not have a single space for digital public services (where Union competencies and policies permit, of course)?! Attention, not unique services at the European level, but national services that communicate with each other.

Moreover, just a few weeks ago, the European Commission launched the GovTech Incubator – a collaboration space between ministries, national agencies working for digitalization and digital transformation, the private sector, or research. In fact, it is a consortium made up of over 20 partners – which will develop pilot programs at a transnational level, two of which are focused on information security in cross-border data spaces and support for obtaining social benefits with the help of personal assistants.


What about Romania?

From what I managed to find online, Romania is not part of the GovTech4all association, but that does not mean that it will not be in the future. But, even so, are there any GovTech initiatives in Romania that we can talk about?

The World Bank has an index called the GovTech Maturity Index which places Romania in group B of countries with a „significant focus” on GovTech, but the index focuses more on the use of technology in public administration, looking at questions like – if there is a data protection authority or if there are online forms for tax payment or if there is a portal for public procurement. Although interesting, the index does not necessarily apply to the discussion of encouraging innovation in public administration. It is good that, globally, we are significantly focused on GovTech, while DESI shows us at the bottom of the ranking 🙂 Another perspective: Ukraine is in group A of GovTech leaders 🙂

Returning… I will briefly list here a few GovTech initiatives according to the definitions and conceptualizations mentioned above, which I have seen in Romania:

  • TechBridge hackathon – May 2023 – a hackathon organized jointly by our Ministry of Digitalization and the Electronic Governance Agency of the Republic of Moldova. The winning solutions are here. The Commission’s research shows that the downside of such activities is that they can be abandoned quite quickly if there is no framework to support their development. Indeed, I have not seen a word about prizes or next steps for product development following this event. Also, the parallel Moldovan press release shows that these solutions can already be integrated with their services, but we cannot say the same about this thing back in Romania. Not yet.
  • Of course, Ion – „the first AI governmental advisor” – an exercise of cooperation between public institutions, universities and private companies – who have outlined a system that collects data about Romanians. For now, it only collects data – it would be interesting to develop a system like CivicTech Scotland with challenges to exploit the collected data. It is not clear Ion’s exploitation program, for now, it seems like an exercise to familiarize citizens with technology through the Ion caravan throughout the country. With the change of leadership in the ministry, the future is uncertain.
  • GovITHub – a truly GovTech project from Romania, which gathered fellows (a kind of scholars) who have managed to create a series of tech solutions for the governmental sector. Like any good thing, it ended quite quickly. It falls under GovTech, being similar to the research and development scholarships identified by the European Commission. Unfortunately, it is no longer active.
  • eBay and Romanian Post – a partnership for the development of a platform for „increasing the online exports of Romanian business products”. Practically a space where companies can register to ship products worldwide. The site is here. By the way, as the Commission said, GovTech is often reserved for large companies.

There are similar initiatives between companies and local public authorities, such as the development of a chatbot at the local authority level, but what is generally missing is coordination and the institutional and structural framework that allows innovation. Is that what is missing? Well, it’s hard to verbalize, but the spirit of experimentation characteristic of an innovation laboratory is what is missing. Maybe because most of the sought-after actions are corrective, maybe because we are concerned with achieving urgent, basic things.



Finally, I will mention a few barriers identified by the European Commission in the development of such initiatives, with the caveat that this is still a growing field due to the need for interoperability at the European level. And to reflect on why we do not have such an activity in Romania:

  • (problem for companies) expectations related to growth in a limited market space – often there is only one buyer, and if you move to another state, there are additional costs and services need to be adapted
  • (problem for the sector) there is domination by large integrators of services, companies that are all-service and often buy out smaller competitors and this leaves the GovTech sector without great prospects of truly growing as a diversified sector
  • (problem for state) we are dealing with a traditionally discouraging public procurement process, for example, the specifications require figures that startups cannot cover. Or they are too complex in terms of requirements – multi-year aspects
  • (problem for state) the bureaucratic culture of the state, profoundly different from that of a startup



The Good and The Bad in Digital Policy in 2022

Disclaimer: This post has been translated to English with the help of the Notion AI Assistant, currently in alpha testing. What I noticed:

  •  sometimes it translated to Spanish rather than Romanian
  • other times, it stopped before the end of the paragraph, which was weird.
  • one time, it kept translating the same paragraph for 5-6 times and it would have continued had I not stopped it
  • the translation is sometimes quite well done and correct, other times it misses the mark in terms of choice of word and tense (sometimes it uses the Present Perfect, sometimes the Past Simple for the same context). It changes the pronoun of the author from WE to I. Some examples of this in italics below. I find this fascinating also because I have worked as a translator for several years.
  • abbreviations specific to the Romanian language are not adapted
  • of course, It does not catch my idiosyncracies and very personal way of expressing myself.
  • otherwise, the text is AS IS. I have not made any changes.

This post started with an idea in mind, namely to present what awaits us in 2023, but as I was writing I realized that the idea that it is a new year and that we forget what happened last year creates this blank slate mentality where we may forget to apply the lessons from the previous year.

What awaits us in 2023 in terms of digital policies? A new year, new resolutions. We all know how it is. We fill up the gyms in the first days, buy agendas to turn them into journals and decide to not use social media as much. But how much of what we set out to do do we actually manage to do? And, more importantly, how do we manage to do it? I created DigitalPolicy rather to answer the second question in terms of strategies, vision, plans regarding the integration of digital technology in all aspects of our lives. With this question I want to start the 2023 posts on this platform: what has gone well or wrong in terms of digital transformation? Usually, we do the balance at the end of the year, expecting to take some lessons for the next year. But we forget one thing: often, in our minds we think of a new year as a „blank slate”, that is a blank page where we can take things from scratch. But what about the lessons from the previous year then? Do we take things from scratch or at least start from 1?

The European Level

What went well at the European level in terms of digital transformation?​

Non-exhaustive list. I am very open to other suggestions 🙂

  • (Digital Services Act and Digital Markets Act) new rules governing platform activity were adopted – with a near-direct bullseye at BigTech companies. What does this mean for us? Starting this year, we should get rid of those annoying cookie banners, be able to find out what’s behind a simple online search, i.e. how algorithms decide the content we see online, get to know why we were targeted by a certain ad, and big platforms should undergo risk assessments, give broader access to researchers who want to „look under the hood” of the system. We’ve written more about this here and here.

As an aside: I recently read a book, Network Propaganda, which very scientifically traces the course of misinformation from 2016-2018 in the US. Although the authors do not agree that ONLY social networks influenced the American elections (being very convincing in their argument), they are calling for less restricted access to the usage data held by social networks in order to be able to more closely investigate their effects. And they have made this call since 2018. It hasn’t happened in the US yet, but on the EU level it’s about to happen.

  • (Digital Governance Act) the data governance regulation proposal was adopted. Data is a significant element in the preparation of AI systems, for example. It can help you get to know citizens better and make better decisions. But what if all data from public and private sectors is walled off or „stored” in so-called „silos”? In short, each with its own data. The regulation aims to ease data circulation, but respect the privacy and rights of data subjects (i.e. ours), so we may wake up in the near future with requests for us to distribute anonymized data for the development of new products. Not a bad thing, but we need informed citizens who know how and why this is happening and we don’t need paranoia and misinformation here. We’ve written more about this regulation here.
  • The European Commission has launched and the member states have approved the European Declaration of Digital Rights and Principles. This document should be the basis of any public policy initiative at the national level and starts from five main points: people-centred digital transformation, solidarity and inclusion, freedom of choice, participation in the digital public space and security, security and capacity for action. You can read it here.
  • The Commission has also launched and member states, reluctantly, have approved the Digital Decade Governance program with responsibilities for achieving the 2030 targets. In short: how the European institutions will work with the Member States and how this will push them to work and report what they have done to achieve European targets, such as 100% digital public services, by 2030. I say reluctantly, because the Member States didn’t want to accept a mechanism proposed by the European Commission whereby it could ask for explanations and corrective measures if the Member States didn’t do their job properly. So convergence is back. This time digital.
  • The Commission has launched some at least interesting proposals for regulations. The Chips Act is among them, a European effort to stimulate domestic chip production, those tiny things that sit at the heart of any electronic device, from laptop to washing machine or car. The Interoperable Europe Act is another interesting proposal that will be in negotiations starting this year, because it takes on the challenge of creating obligations of thinking of public services directly interoperable with the European level from the get-go.
  • The launch of the Digital Skills Assessment Platform. Try it, it’s very OK!
  • Many complaints and fines for BigTech companies regarding the granting of consent for the collection of personal data. Among the most important are the appearance of the consent form with ACCEPT and REJECT cookies for large platforms such as Google. Details here.

Why are these things good? First of all, they are good for the European level. Most of the recently proposed legislation on digital transformation is in the form of a regulation, i.e. directly applicable, a sign that we are dealing with more European integration on this level of digital policies. At the same time, this means that Member States negotiate longer on a regulation proposal because it is applied directly and they do not have as much room to maneuver to customize in national legislation. This also means that the provisions are diluted to suit everyone, in the pursuit of the lowest common denominator.

Secondly, we find aspects that directly target the citizen level. Rights in the online space, more state action towards the advancement of digital technology through the implementation of national recovery resilience programs and the assumption of the European joint effort to improve the lives of Europeans.

Finally, it is about that European vision of digital transformation, the main thing that can make a difference internationally. Exporting values and rules for the online space. The influence of European rules internationally. The Americans are looking with envy, as we have written.

What has not gone well at the European level in terms of digital transformation?

Non-exhaustive list. Again, I am very open to other suggestions 🙂

  • As GDPR implementation advances, we are realizing that the enforcement regime may not be working quite OK. The interesting case is that of the Irish authority, which is the first violin in the verification of GDPR compliance for major platforms with their European headquarters in Ireland. Often this authority seems to be in tune with the companies in some of the decisions it takes. Example here or here.
  • Dilution of some regulatory proposals due to lack of consensus on the vision for the digital economy, as described above.
  • Delay in the implementation of national plans for digital convergence, i.e. exactly what the Member States will do to achieve the Digital Compass targets. This was due to the lack of consensus among states about how the governance mechanism should work.
  • Proposal for legislation to set standards for the prevention and combating of sexual abuse of children. It applies both offline and online, but digital rights organizations have raised alarm bells about the fact that the regulation may allow for extended surveillance of citizens’ online communications for scanning for such illegal content. More details here.

What went well at the national level

I don’t even know where to start here. Many new things were done, discussed, approved, but so far nothing in direct implementation. Many launches, pilot programs. It seems that 2022 was a year of approvals, I hope that 2023 will be the year of implementations. Not to mention the adoption of laws and strategies just to tick off PNRR milestones and targets, but which were achieved with little public debate in this regard. Oh, wait, we are talking about good things. Non-exhaustive list:

  • (this is also with European and local beat) approval of operational programs, in particular POCIDIF and PORs for each region in particular. The latter will be managed at the regional level and will contain measures for the digitalization of the public system (some say digitalization, others say digital transformation), for smart city, and POCIDIF targets things with a national beat, such as operationalizing an excellence center for artificial intelligence. I have listed more here. The pool of money is already showing its ugly face. We will have work in the coming years to monitor the waste of money on technology that has not brought anything good in addition.
  • realization of the evaluation of the digital competences of public officials. Yes, it was done! We don’t know the results, or they don’t want us to know them yet, but I guess they could be put in the „what didn’t go well”.
  • the law on interoperability and the government cloud. I put them together because they are thought of as a package. These are examples of things that, if done well, will form the basis of the transformation of our public services. With two conditions: officials to be trained and held accountable to understand and apply (those tested last year whose results we don’t know). We are doing things that other countries have done 5-6-7 years ago.
  • speaking of which, the law that prohibits the request for copies, the taxation of xerox and the like. Sad that we need a law for such a thing.
  • ITU-PP, which took place in Bucharest in the fall of 2022. I didn’t write about it at the time, but such a conference of an international organization with a global beat has brought visibility to Romania in terms of digital technology, with an emphasis on telecommunications. Context: ITU = International Telecommunications Union, it is an organization where states agree on some telecommunications standards for the benefit of all. For example, the JPEG standard for digital images was agreed upon within ITU in the early 90s.
  • the digitalization caravan. A good idea, I say. To go to the grass roots and explain to them there in their environment what and how can be done. So far, in pilot system
  • launch of the PNRR call for digitalization of SMEs. Projects can be submitted even in 2023, the conditions are OK or weird, depending on how you look at them. If I understood correctly, you are asked to certify an IT auditor to increase the digital intensity score for your company. And that IT auditor must come from a list approved by ADR, and that list is quite short. And the digital intensity score implies both investments, such as the purchase of ERP platforms or the development of a website or social media presence. Ok, it also implies the integration of AI solutions. But, given the extremely low score of digital technology integration in Romanian companies, such a requirement seems at least misplaced. With such a mixed result, let’s move on to what didn’t go well. Many here too.

What didn't go well at the national level?

Ok, where do we start? The order is totally random and the list is non-exhaustive:

  • The call for digitalization of universities through PNRR funds – launched, sent projects, decided projects in less than a month. It was good that this call asked for digitalization strategies of universities, but which some universities had not had and did so quickly – beforehand. I wrote about it here. Isn’t it still too little time to put such a big and strategic project on paper for any university?
  • The institutional ping-pong that affects the progress of digital transformation. We do not have a clear prioritization of this field, high-level support and a „push” of this field. Let’s be clear, European examples show that digital transformation works when it is close to the center of power. All the more valid in Romania, where the distance from power, according to the Hofstede index, shows us that we value centralization of power and accept hierarchical structures and work well in such conditions.
  • The Law on Cybersecurity and Defense of Romania. Formal public consultation, disinformation combated with the help of SRI, which disinformation becomes a threat to Romania’s security, and other at least debatable provisions. Context here.
  • The quasi-nonexistence of the National Council for Digital Transformation, an advisory body that should be very present and involved. With an approximate number of 300 members, according to ADR, it was relaunched last year, but without too much public activity. As a result, on its page, in the events section it reads like this: There are no upcoming evenimente.


What we had to learn for 2023

On the other hand, there are upcoming events regarding digital transformation for 2023. We will look ahead to next year, but we must recap the lessons of 2022 and start from this blank slate:

  • One is what you write on paper, the other can be in implementation. It’s no use achieving milestones if these results are challenged by those who know and by civil society (see government cloud, cyber security law)
  • We have money for the national and European level, but let’s not forget the much-loved convergence. The way we spend money from European funds and from the PNRR must justify the achievement of country targets for the Digital Decade.
  • And for the EU, 2023 seems to be a decisive year for implementation. The DSA and DMA provisions will come to the fore, and Member States must prepare because they will have national responsibilities, such as representatives in the European body for digital services, which have not yet been appointed 🙂 Let’s not forget about data governance, about which almost nothing has been written in the public space. Let’s prepare for citizens confused by data distribution requests.

Europenii reglementează BigTech, americanii se uită cu jind

Una din cele mai repetate afirmații din relațiile internaționale, printre primele pe care le-am învățat și la facultate, a fost că SUA sunt singura superputere din lume sau că sunt cel mai puternic stat din lume din toate punctele de vedere – politic, economic, militar, tehnologic, chiar și cultural.

Mirajul american nu ni se arată doar la facultate pentru cei care studiază relațiile internaționale, ci și din filme și cultura care ne înconjoară în așa fel încât există cercetări care susțin că deschiderea unui McDonalds într-o țară face parte din drumul său spre democratizare. Deci, ne uităm cu jind la americani și pe bună dreptate: SUA au dat foarte mult lumii și asta doar dacă mă uit la partea de tehnologii: becul, curentul electric, calculatorul, procesorul, Internetul (nu și WWW) și acum și platformele de comunicare, dar și cele mai accesibile servicii de stocare în cloud (scriu postarea asta dintr-un program care îmi găzduiește informațiile în Amazon Web Services).

Mixul de libertate și îmbrățișare a riscului și a potențialului de eșec sunt doar câteva din motivele asociate succesului american. O explicație din acest registru vine din cartea Inovația scrisă de Matt Ridley, unde autorul explică faptul că oamenii au nevoie de libertate de acțiune și de experimentare pentru a inova și de multe ori nu sunt conștienți de potențialul adevărat al descoperirilor lor. Să fi știut Mark Zuckerberg că serviciul său de socializare pornit dintr-o cameră de cămin va fi utilizat pentru a răsturna regimuri politice sau pentru diplomație digitală? Mă îndoiesc. Nu știu dacă această perspectivă e valabilă și pentru cei de la Google, cărora le datorăm catalogarea informației de pe web. Altă explicație vine dinspre Darren Acemoglu și James Robinson – ei pun succesul american pe seama competiției continue dintre stat și societate. Statul are tendința de a deveni tot mai autoritar, reușind în același timp să spargă unele norme care dictează mersul lucrurilor, dar societatea intervine, se organizează, își cere drepturile și libertățile. Ei numesc acest dans Efectul Regina Roșie. Dacă societatea e liberă, are posibilitatea să experimenteze , iar oportunitățile de dezvoltare sunt mult mai largi. Mixul acesta există în SUA și este lăudat de către cei doi autori ca fiind una din sursele succesului american.

Se pare că marile inovații tech au putut apărea în SUA pentru că au avut posiblitatea de experimentare, au avut acces la capital de risc și nu au fost constrânse prin obligații și reglementări. Acesta este și principalul argument în spatele căruia companiile BigTech se ascund când spun că reglementările sunt periculoase pentru că le-ar afecta capacitatea de a inova. Asta e una din marile diferențe dintre SUA și UE pe partea de politici digitale. Ciudat, având în vedere scopul articolului de azi, pentru că ambele recunosc că există probleme grave în spațiul online care au dus și la degradarea democrației. Numai una dintre ele face ceva în privința asta: Uniunea Europeană. În cealaltă, știrea tech a lunii e că un miliardar a cumpărat una din cele mai influente platforme din lume, anume Twitter.

Subiectul acestui articol se referă la această paralelă dintre SUA și UE în ceea ce privește reglementarea spațiului digital, în special a BigTech. De ce? Pentru că e fascinant că una e sursa inovației, cealaltă e sursa reglementărilor și parcă fiecare ar vrea să fie în locul celeilalte, cel puțin declarativ.

Ce vei citi mai jos?

  • Care sunt principalele probleme ale spațiului digital în viziunea SUA și UE?
  • Care sunt soluțiile propuse? Ce fac fiecare dintre cele două?

Care-i problema?

Nu e doar una, desigur. Le enumăr pe scurt, cu câteva exemple și evenimente care ilustrează gravitatea situației pe filiere americane și europene.

Abuzul de putere competitivă

Corporațiile BigTech și-au făcut un obicei de a cumpăra sau sufoca pe oricine încearcă să concureze cu ele. Facebook a cumpărat Instagram și Whatsapp pentru a-și consolida statutul de platforme de comunicare, a introdus funcții noi pentru Facebook „inspirate” din Snapchat și TikTtok – Stories și Reels. Amazon este sub investigație în UE pentru că se folosește de datele din marketplace pentru a concura cu jucătorii din marketplace. Americanii au pus FB sub investigație anul trecut pentru practici anticompetitive.

Blocarea utilizatorului într-un ecosistem

Nici asta poate nu ți se pare așa mare problemă. FB deja instalat pe Androiul tău, necesitatea unui cont Google pentru accesarea serviciilor lor și tot așa. Mâna sus cine și-a făcut N adrese de Gmail că i s-a cerut la un moment dat, a uitat parola, apoi a făcut altul pentru Android și tot așa. Dacă stăm bine să ne uităm, e vorba de interoperabilitate în termeni tehnici. În termeni umani, e vorba despre alegere.

Reclame intruzive și țintite

Asta poate nu e o problemă pentru tine, poate-ți convine ca retailerii să știe exact ce vrei. Alții ar spune că, de fapt, îți știrbește din experiența online pentru că ești băgat în cutiuța de profil și nu mai ai chiar un drept de liberă alegere. Oricum, putem să cădem de acord că reclamele intruzive sunt enervante și nici nu știi pe unde îți ajung datele. Nu trec doar de la FB la compania care face reclamă, ci ajung la brokeri de date care adună din mai multe surse pentru a te ținti. Episodul din Last Week Tonight al lui John Oliver ilustrează aceste practici, ia-ți 20 minute și uită-te. E viziunea americană. De asemenea, e bine să treci prin setările de confidențialitate ale conturilor tale de social media, vei vedea acolo câteva companii anonime care au avut acces la datele tale.

Lipsa unui contact

Când ți se blochează un cont, poate pe nedreptate, adesea nu te poți plânge cuiva direct. Poți raporta ceva inadecvat pe site, dar adesea nu te bagă nimeni în seamă. Eu am raportat de zeci de ori și nu mi-a zis nimeni nici da, nici ba. Deci, vorbești cu pereții. E valabil mai ales pentru piețele mai mici care nu sunt semnificative pentru ei.

Controlul prea mare asupra mediului informațional + Dezinformare

Companiile BigTech se pretind a fi campioanele libertății de exprimare. Elon Musk a declarat răspicat că a cumpărat Twitter pentru a-l face un bastion al liberei exprimări, Zuckerberg se mândrește cu sistemele de AI care întrețin un mediu liber de comunicare. Dar, dacă stăm drept și privim strâmb, ele tot aleg ce vede fiecare în feedul lor, în funcție de cum și-au setat algoritmul. Da, nu putem vedea chiar tot ce e pe net pentru că e practic imposibil, la cantitatea de informații disponibile, dar nici nu putem alege chiar noi ce vedem. Nu e vorba doar de confortul nostru informațional, ci de „puterea politică a platformelor BigTech”, conform președintei Von der Leyen. Americanii au puternica reglementare Section 230, care scoate platformele de sub responsabilitatea conținutului păstrat pe platformele lor, având în vedere că nu este conținutul lor, dar au tot apărut voci care cer revizuirea acestei legi. Printre vocile astea – atât Trump, cât și Biden.

Conținut ilegal

Mantra UE – ce e ilegal offline ar trebui să fie ilegal și în online. De la produse ilegale și contrafăcute, la discurs care instigă la ură și este interzis de legislație. În acest context, platformele au avut o abordare mai relaxată, profitând de ideea că ei sunt doar în umbra conversațiilor și tranzacțiilor în online. Dar dacă ne gândim la dezvăluirile americanei Frances Haugen despre Facebook conform cărora FB a fost folosit și pentru a intermedia traficul de persoane, nu prea putem să spunem că ele nu poartă o răspundere pentru ceea ce se întâmplă. Un fapt important de reținut, dezinformarea nu este conținut ilegal.

Degradarea democrației

Un interes pe care și l-a asumat Obama în perioada recentă. Aceasta poate fi considerată the ultimate problem, cauzată cumva de toate problemele de mai sus, dar și de alți factori. Oricum, americanii au fost cei care au organizat Summitul Democrației acum recent, iar europenii au spus aproape pe șleau că și companiile BigTech au putere politică prea mare și interese private care nu merg neapărat in direcția bună.

Și ce facem?

Acuma dupa ce te-am copleșit cu toate problemele din lume, să vedem ce fac UE și SUA Începem cu declarația pentru viitorul Internetului…glumesc, această declarație nu face prea multe, deocamdată.

Încep cu europenii care tocmai au finalizat negocierile pe pachetul cel mai cuprinzător de legislație care reglementează spațiul online: Digital Services Act și Digital Markets Act. O să încerc să vin cu soluțiile pentru problemele semnalate mai sus. Am mai vorbit aici despre asta, oricum, plus o să detaliez la final cum anume ne afectează pe noi aceste schimbări.

  • abuz de putere competitivă și blocarea în ecosistem – obligația serviciilor de mesagerie să comunice între ele, interzicerea preferinței pentru produsele proprii pe marketplaces, interzicerea pre-instalării unor aplicații (prin Digital Markets Act)
  • reclame intruzive și țintite – interzicerea țintirii cu reclame pe criterii politice, religioase, de orientare sexuală și interzicerea reclamelor țintite pentru minori (prin Digital Services Act)
  • blocarea utilizatorului în ecosistem – obligații de explicare a sistemelor de recomandare a conținutului (deci vom vedea o fărâmă din cum funcționează algoritmii), iar platformele foarte mari va trebui să îți ofere o variantă generică a platformei fără sisteme de recomandare (prin Digital Services Act)
  • lipsa contactelor – obligația existenței unui punct de contact pentru serviciile care au utilizatori din UE, adică să ai unde să te plângi când crezi că ți s-a făcut o nedreptate (prin Digital Services Act)
  • conținut ilegal – obligația de a elimina conținutul ilegal de pe platformă de îndată ce au fost informate despre existența acestuia (prin Digital Services Act)
  • degradarea democrației și controlul prea mare asupra mediului informațional – companiile social media vor fi obligate să deschidă (parțial) „capota” ca să putem vedea cum funcționează. Va trebui să realizeze evaluări de risc pentru amenințări, cum ar fi dezinformarea sau va trebui să impună măsuri speciale în situații de criză, cum ar fi războaie sau pandemii. Vor fi supuse unui control mai strict la nivel european, va exista un serviciu al Comisiei Europene care se va ocupa de asta, serviciu plătit din banii platformelor foarte mari (cele peste 45 milioane de utilizatori) (prin Digital Services Act)


Ce fac americanii?

Apropo de clișeul de mai sus, trebuie să recunoaștem că avem nevoie de implicarea americanilor dacă vrem schimbare cu adevărat în acest ecosistem. De ce? Păi, sunt țara din care aceste servicii sunt originare. Sunt una din cele mai importante piețe digitale din lume. Sunt afectați de aceleași probleme, motiv pentru care au pornit această cooperare strânsă cu UE prin Trade and Technology Council și au semnat declarația privind viitorul Internetului.

Bun, bun, dar ce fac? În primul rând, deocamdată…se uită la europeni. Hillary Clinton a postat pe Twitter în ziua aprobării compromisului dintre instituțiile europene. Nicio mențiune aici despre ce se întâmplă la americani.


Sursă foto: Captură Twitter -

Apoi, presa americană a scris destul de extins pe tema asta făcând comparație cu cât de înapoiați sunt ei față de europeni (de aici a și venit ideea acestui articol):

  • NY Times – „Mișcarea [europenilor] contrastează cu lipsa acțiunii în Statele Unite. În timp ce autoritățile de reglementare au deschis investigații antitrust împotriva Google și Meta, nu a aprobat nicio lege care să se ocupe de puterea companiilor tech. […] O fi SUA inventatorul IPhone-ului, dar leadershipul global al reglementărilor în domeniul tehnologiei se află la 3000 de mile de Washington, unde lideri europeni ce reprezintă 27 de națiuni cu 24 de limbi oficiale au reușit totuși să cadă de acord cu privire la protecția online a peste 450 milioane de cetățeni”
  • Senatoarea Amy Klobouchar, autoarea unui proiect de lege antitrust, citată în același articol NYTimes: Ei [companiile tech] lasă Europa să seteze agenda pe reglementarea internetului. Măcar noi am ascultat îngrijorările tuturor și am modificat proiectul de lege”. S-a referit că BigTech au sărit cu reclame exagerate prin care spuneau că vor fi obligate să-și închidă din servicii dacă intră în vigoare legea propusă
  • Obama, citat de Washington Post: în calitate de cea mai importantă democrație a lumii, trebuie să dăm exemplu. Ar trebui să fim în avangarda acestor discuții la nivel internațional, nu să stăm pe tușă”
  • Apar, de asemenea, întrebări prin editorialele americane cu privire la libertatea de exprimare promisă de Musk pe Twitter. Cum se va împăca viziunea promisă de Musk cu reglementările europene cu privire la dezinformare sau conținut ilegal? (întrebare retorică)

În al doilea rând, așa cum le place americanilor, au făcut show pe tema asta. Președinții companiilor mari tech au fost chemați pe rând și au fost certați de membrii Congresului că nu fac nimic pe tema dezinformării sau că îngrădesc libertatea de exprimare a conservatorilor, că i-au dat portavoce lui Trump. Dar a fost un dialog al surzilor, așa cum adesea se întâmplă la americanii. Fiecare a venit cu partitura sa pentru a cânta publicului său. Democrații, respectiv republicanii au făcut scandal pe temele lor politice în așa fel încât să ajungă la știri și să se viralizeze pe rețelele sociale pe care le critică. Capii platformelor au venit cu același speech: facem tot ce putem, ne trebuie mai multă inteligență artificială, susținem libertatea de exprimare

În al treilea rând, trebuie menționat că există totuși niște chestii începute de americani. Investigații antitrust asupra Meta și Google sau acest proiect de lege menționat mai sus. Acesta va împiedica companiile mari tech să își favorizeze propriile produse pe marketplaces și magazine de aplicații. Cel mai interesant e nivelul statal, unde au apărut deja mai multe reglementări. De exemplu, California și Colorado au propriile reglementări de confidențialitate a datelor, în lipsa unei legi federale de protecție a datelor. Texas a introdus o reglementare cu privire la sancționarea platformelor care cenzurează puncte de vedere conservatoare. Axios vorbește și despre alte proiecte de lege la nivel statal care ar limita selectarea algoritmică a conținutului sau „ar cere obligații de transparență”. Tot Axios vorbește de modul (pervers) al companiilor tech care se mută cu lobby-ul pentru a influența legislația statală.


Regina Roşie în acţiune

Oricum, interesantă mișcarea, merge chiar în sens invers mișcării europene. Europenii au realizat că reglementările naționale ar produce fragmentare și pierderi economice și se mută cu legislația la nivel european. În acest timp, statele americane sunt frustrate de lipsa de acțiune la nivel federal și acționează la nivelul lor.

Dacă e să revin la metafora Reginei Roșii de mai sus, exemplul american ilustrează coagularea societății atunci când statul este absent și asta cauzează probleme, în timp ce exemplul european ilustrează consolidarea „statală” a entității numite Uniunea Europeană. Am pus statal în ghilimele să nu mi-o iau cu critici naţionaliste, dar ceea ce vreau să spun că e trendul de consolidare a capacităţii Uniunii Europene în raport cu statele. UE trage către ea, statele către ele. Câteodată căştigă ele, dar altădată câştigă UE.

Tragem și noi niște concluzii?

Americanii se uită oarecum cu jind la europeni că le iau locul în ceea ce privește reglementarea spațiului digital și mai cu seamă a platformelor create exact în SUA. N-am văzut neapărat comentarii cu privire la faptul că UE limitează puterea acestor giganți americani, ci mai ales că SUA nu este ea prima care face asta, în calitate de, așa cum zicea Obama, „world’s leading democracy”. Asta duce iarăși la ideea că și americanii sunt conștienți că aceste companii au făcut cât au făcut capital statului american, dar, de la un punct încolo, beneficiile aduse nu mai sunt superioare problemelor cauzate. Și problemele nu mai sunt abstracte, de genul vai, FB mă profilează, ci au fost live la TV pe 6 ianuarie 2021.

Controlling the Internet. What are states cooking?

Our lives are moving to the digital space. This is a new conundrum both for individuals and for society. We must think of new rules with regards to things that we could have not imagined 15 years. 15 years ago we were thrilled to share photos, to comments on each other’s posts and to have fun online.

Things are not the same anymore. I find myself being sick of social media because of the toxic content, but also because of the way in which social media has become synonymous with the Internet. And the new and sometimes weird questions that we have to answer now. Are we entitled to ask companies to take down stuff about us? How do we hunt online predators? Does anybody have the right to say anything without any repercussions? Can the platforms block us with no apparent reason?

These apparent unanswerable questions have been addressed in various parts of the globe, not only in the EU or Romania. Our former minister in charge of digitalization floated a potential obligation that Facebook open a local office, considering its arbitrary decisions to block accounts and take down posts. In Romania, the discussion has stopped. Other states have gone further and even further in their attempts to control this digital space, which is often times a threat to the state.

The Freedom on the Net report monitors these developments on a yearly basis and, this year, I thought I would take a look at what states are cooking  nowadays to control the Internet.

So, what’s it all about?

  • examples of laws that regulate content, social media activity, the digital space etc

Why do we need to read about this?

  • because we need to take a look at others to see what models we should take over and what models we absolutely shouldn’t

Source? Freedom on the Net, 2021

India (online space - partially free)

Rules for Information Technology are the new regulations for platforms acting as intermediaries. They entail obligations, such as a mechanism of grievances by which users can complain directly to these companies. The law applies to social media platforms with more than 5 million users, which must have an in-country office and local officers. The required time for the answer to notice to eliminate content is 36 hours, while the Chief Compliance Officer can be held personally liable and can even end up in jail for up to seven years.

Indian users have the right to be notified when their content is eliminated and must receive a clear justification for the decision. The issue is that these notices to eliminate content are based on a vague definition (the qualification done by Freedom House) of what forbidden content means, such as expressions that undermine public order, decency, morality or question the sovereignty of the state.

Australia (online space - free)

Online Safety Act is the Australian attempt to regulate the digital space, which fights against cyberbullying and aims to protect kids online.

Users can make official complaints, and the Online Safety Commissioner will investigate and issue notices to eliminate the reported content. The targeted platforms have 24 hours at their disposal to eliminate the content once they have received the notice. The Commissioner can also issue an order for ISPs to block certain violent websites for a 3-month period, but the officer can extend this order indefinitely. Freedom House observes that the officer’s powers are quite large, considering that he/she does not need to offer an official reason for notices to eliminate content.

There’s another law that caused uproar in Australia and around the world. It’s called News Media and Digital Platforms Bargaining Code and it stipulates that digital platforms (a term not actually defined by the law) must negotiate a fee to be paid to mass media services in exchange for sharing their news stories. Actually, they must enter a mediation to set some tariffs across the industry.

Mass media services must register to be able to participate. Australia’s score in the composite index Freedom on the Net actually went down a point in diversity and reliability because, for a week in February 2021, Facebook blocked the Australian news as a response to this law, managing to block also NGOs or even the Australian weather service. With this move, they managed to obtain a series of favourable amendments to this law. Google sat quietly and respected the law.

Brazil (online space - partially free)

(I know, you’re expecting some bad things from this one, but I’ll start with the good). Brazil launched a defence and strategic communications satellite in 2017, which has been also used to supply Internet to rural and remote areas. Three thousand schools enrolled in the program in 2019, reaching a number of 11,000 in 2020.

And now the bad stuff. Two laws are especially problematic. The first regards the renewal of a national security law, whose amendments have been seen as threats to free speech and association, because they basically criminalize deceitful mass communications. Generally, this law is used to threaten journalists and bloggers.

The second bill tackles the fake news phenomenon. The punishments are aimed at those who generate and distribute content that would undermine vague ideas, such as social peace or the established economic order. Moreover, the use of manipulated content to poke fun of political candidates is punishable by a fine up to 2 million dollars to be paid to the affected candidate by the one that may have benefited from the joke. One question here: WHAT? A satirical tweet by a journalist aimed at some pastors led to a fine of 2000 dollars paid to one of the targets.

Turkey (online space - not free)

Turkey is so close to Europe, yet so far away… This year, it drove up the price of communication devices and services by raising taxes on such goods, in a move meant to limit the capacity of citizens to afford an Internet subscription (and, consequently, to potentially say damaging things about the regime).

Turkish authorities recognize “the right to be forgotten”, but they changed the stipulation so as to allow politicians to request the elimination of damaging content. Moreover, a new law, Social Media Regulations Law asks social media platforms to have an in-country representative that needs to answer to notices of content elimination in 48 hours’ time. All platforms with more than 1 million daily users must open a local office, and the large platforms conformed to the decision only after they were issued fined. Speaking of platforms, streaming services are obligated to obtain a license and Netflix and Amazon Prime also conformed.

Blocking content is done in an opaque manner and it is done mostly by the regulation authority and not by the courts. Even when courts ask for content to be taken down, they don’t offer a reason, which makes the appeal process useless.

The surveillance of the online space is not done only by laws. The Anti Cyber Riot Squad is a group of experts and IT engineers tasked to guard the “Digital Fatherland”. Also, the Cyber Crescent is another unit working to combat cybercrime, how ever it might be defined. Note the nationalist tone in both names.

The United States (online space - free)

I will end this series with the best country in the world, the land of the free, and so on.

So free that angry citizens entered the Capitol to stop the validation of the election. This is actually the starting point of the Freedom on the Net report, along with the reports of surveillance, harassment, and arrests coming from some anti-racist protesters. But, to be honest, reading the US report has been a profoundly different experience than the ones mentioned above.

What the US is cooking online is not much actually, because the traditional mentality has been that the online space remains unregulated (what, some might say, led to the Capitol riots in the first place). They even have a regulation called Restoring Internet Freedom Order, which actually eliminates the net neutrality principles that state that all traffic should travel at equal speeds. Practically, with this regulation, the ISPs can increase or decrease the speed of some traffic in their infrastructure, depending on their interests. This order was actually issued under Trump, but Biden has not come around to repeal it yet. The funny thing is that  net neutrality rules represent the true freedom on the Internet, according to the actual people who helped create the Internet.

The attempt to block WeChat and TikTok is also a major focus in the US report. It’s an attempt because a federal judge blocked the order on account of protecting freedom of expression. Biden eliminated this order anyways, but has called for measures to evaluate potential national security risks stemming from some apps that might be under the influence of foreign adversaries.

Generally, the problem with the US online space is the sheer concentration of services along the entire chain that creates the Americans’ online experience, from ISPs that keep merging to the social media giants.

What is cooking?

When looking at these examples, the tendency is to localize services, to materialize tech giants in a space confined by borders so that they can be regulated.

The local representative and the obligation to maintain in-country officers for compliance are measures that can be found in almost all of the examples presented here. The US is the exception, the source of tech giants.

The main conclusion of the Freedom on the Net report is that there is a veritable struggle between tech giants and the states with regards to Internet regulation. This is also clear in these examples, but I think the reasons are much more profound and not necessarily limited to the idea that authoritarian regimes are on the rise and they aim to control freedom of expression. Essentially, the free, cross-border, digital space that is expansing is threatening the 150-year old existence of the nation state. On this backdrop, tech giants represent the materialization of this tendency. The mere fact that Facebook blocked content from Australia and obtained concessions to a law is a testament to the idea that tech giants are veritable actors that threaten states. In other areas, companies respect the rules and are complacent, but only to a certain extent, since their target is to become global, not national. They join forces with states, but it’s like the fable of the scorpion and the toad

Ultimately, it’s the citizens that suffer, as their digital identities and selves are very different from what was proclaimed in the famous declaration of independence of cyberspace: Ours is a world that is both everywhere and nowhere, but it is not where bodies live. We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth [..] Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion.

State of the union. Three things about digital policy

For EU geeks, September is a long-awaited month. The State of the Union speech. No, not the American one, the European one. We listen to the priorities of the Commission for the next period, but also the day when we should be more emotionally involved in this project. Because, of course, the purpose of such a speech is also to wake a shred of European spirit in ourselves. The speech is thus not dry and bureaucratic, but it is a combination of priorities and stories meant to awake this European spirit and the leadership that Europe aims to assume.  This year’s impressive story? A young woman from Italy who, 119 days after being discharged from the hospital with a grim prognosis, won the gold medal in the Paralympic Games. Her message? If it seems impossible, then it can be done. This should be the motto of the EU 🙂

Considering the solemnity of the speech and the prioritization of digital policies in general, my endeavour today is to provide an overview with regards to digital from the State of the European Union speech.

What are going to read today?

  • An overview of the significant aspects on digital policies mentioned in the speech
  • What was missing from the speech, if you ask me
  • What these priorities mean for us, citizens

What did the President of the Commission say about digital?

I will start this section with some sound bites that will help me reconstruct the main elements of the speech.

“Digital is the make or break issue”.

Digital (apparently it has become a noun now) is the essential element for the EU’s economic competitiveness. The NextGenerationEU instrument (transposed nationally with our long awaited RRP) will guarantee an acceleration of the digital transformation, especially because, according to Von der Leyen, the Member States are in consensus that we must spend more and better on this. The truth is that she is right, there have been no major issues among the Member States and they are content that they can spend a lot of money on nationally established priorities, instead of the ideas directed from Brussels (but yes, pending the final approval from the Commission)

Like last year, digital has remained the essence of European reconstruction. But it makes no sense to invest in tech and not focus on the human component. So, Von der Leyen advanced the idea that digital skills are as important as 5G or connectivity or artificial intelligence. A sign that digital skills is a priority is the fact that the Commission will jump-start a dialogue in order to create consensus at Member State level towards the prioritization of digital skills. Why can’t it do more? Well, because it does not have the power to do so, as education is a national competence, where the EU plays a supporting role. The treaty says so, not me,

”We are entering a new era of hyper-competitiveness”.

A competition in which the Union wilfully entered and in which it will surely play as the biggest single market in the world. In digital policy, the competition is not only played in artificial intelligence (which wasn’t really mentioned in the speech), but other things are at stake. The things that make the digital space exist: chips and semiconductors.  Because breaking news: cyberspace is rooted in something palpable!

Semiconductors are essential for the phone on which you mindlessly scroll, but are also essential for entire economic or strategic sectors (Dacia slowed down its production because they didn’t have semiconductors in stock) No semiconductors, no chips, no phone, no car. Europe’s weak spot is here and the Commission aims to fix this, namely to increase its presence along the entire supply chain, from research into semiconductors to European production of the stuff. It aims to do so with the European Chips Act.

What does this hypercompetitiveness mean for Europe? The chance to do something on its own, where it can prove (or not) its self-proclaimed capacities through such speeches. When talking about digital, it has done stuff on its own, such as its own data protection system that has started a global conversation on the subject. Of course, failure also exists. But I don’t think the prize is necessarily to be first in semiconductors or the first in artificial intelligence (whatever this might mean). The long-term prize is the chance to do something on its own and to do it right, not only as regards digital policy, but overall as regards European integration.

”If everything is connected, everything can be hacked.”

Last, but not least. A great deal of the speech was dedicated to European defence on many levels, from intelligence sharing to a Defence Union. Beyond the obvious reasons for needing such a defence approach, the emphasis was on transforming the EU into a leader in cybersecurity, by creating a common cyber-defence policy and the creation of common standards for cybersecurity and cyber-defence. Why? The reason is in the sound bite. If everything is connected, everything can be hacked, not only your Facebook account where your password is “password”, but also the electric power grip, for instance.

However, such a statement goes both wars, because it can also make Europe accountable (which is necessary), but it can also create a cyber arms race. This remains to be seen, indeed.

What was missing?

Compared to last year, digital was not that much into focus. Maybe because NextGenEU was launched then and digital priorities were at the top of the instrument. Sometimes also other policy areas need to be in the spotlight 🙂

Even if she brought up digital skills before any other digital policy area, I was expecting a development of the subject, but this was missing. Maybe a new initiative. Even a revamped one would have sufficed. What happened to the digital opportunity traineeships dedicated to youngsters? Especially considering that the speech was mostly dedicated to the youngsters, the true next generation.

Digital sovereignty appeared only once in the speech, even though its spirit was felt when the President talked about bringing some industries back home. I was also expecting a projection of the European digital society model in the presentation of global priorities. This was also missing.

What does all this mean?

Ok, I hope you managed to read down to here because it’s time we asked ourselves what all of this means. Will any of it affect you? At first sight, this is high politics stuff that may never reach you. Or will they?

Firstly, it means that Europe is truly starting to close ranks and continues its commitment to shape the digital space. The intent to bring back semiconductor production to Europe or to produce more stuff in Europe can mean only good things for the citizens – because there will be investment in research, factories. This means more jobs here (and yes, probably more expensive phones). How this will affect us depends also on the Romanian leadership. (Oh, wait…).  Or any Member State for that matter.

Secondly, if Europe closes ranks in order to create defence capabilities, so should you. Two-step authentication, change of password, browsing through the data collected about you, all of this are your responsibility. And they are also things you can do and they don’t cost a thing. Why should you do them? Because if everything is connected, everything can be hacked.

Thirdly, we will see at least a declarative advance on the whole “development of digital skills” thing, but nobody is saying how to do it. Extending the definition of digital skills, media education courses corroborated with tech skills, adapting curricula, testing. These are just some of the proposals.

A global digital rulebook?

(disclaimer: this article is a public-friendly version of a presentation delivered at the first edition of EUXGLOB, organized by the Faculty of European Studies at Babeș-Bolyai University, Cluj-Napoca). The academic version is available here.

„It was the best of times, it was the worst of times”. Charles Dickens’ opening line from „A Tale of Two Cities” certainly characterizes the times that we live in. It’s the best of times if we think of how much technology we have at our disposal and how this has made our lives easier, from ordering crazy stuff online to data science that can help in the fight against COVID-19. Speaking of COVID-19, it’s also the worst of times and suffice it to think about the ideas perpetrated online that 5G makes you sick or that the vaccine will implant a chip in you. That’s disinformation, pure conspiracy theories that travel six times faster than the truth that vaccines work.

We take technology for granted, but we also take it as it is, with its highs and lows without considering that there might be a different way of doing things. We are complacent and shrug at fake news, as it would be an inevitable side effect of online communication. We are trapped in the platform ecosystems because it is easier for us and because this is presented as the best convenience for us.

Is there another way of doing things? The European Union’s answer is „a set of rules based on our values: human rights and pluralism, inclusion and the protection of privacy„. A Global Digital Rulebook. By crystallizing these rules, the idea is to create a common foundation for today and tomorrow’s digital society and economy to be shared by a critical mass of actors – especially the EU and the US. What does this have to do with digital technology, social media, e-commerce or fake news or with the things that we experience online on a daily basis?

Although it might seem as a political discussion or at least a very abstract one, this conversation really regards you and me and should not be only left to the domain of high-politics. Why? Because you and I use social media on a daily basis, we organize our lives on the Internet and our lives are shaped by AI, data etc. Will we lose our jobs in the next couple of years? How will we communicate? These are just some of the questions that this rulebook might help with. Nevertheless, they can only find their answer in the domain of high politics.

So, first things first. This article will:

  • detail what the rulebook is
  • how the EU and US stand on policy fields where this digital rulebook would apply
  • assess whether it actually has a chance to function and to be applied
  • also talk about you and me 🙂

What is the global digital rulebook?

Basically, it’s an invitation that the EU has extended to the US to shape the digital space together, to work together, to make sure that human rights, privacy, transparency, freedom of speech… all these are respected online.

You see..the development of the digital space has seen its fair share of craziness – from tracking and mass surveillance of people to unethical use of technology and let’s not forget the influence in elections. The purely positive narrative about digital technology, i.e. that will help solve humanity’s problems, is long gone.

All this craziness has taken away the veil of naivety and has exposed the fact that the free space that we call cyberspace still needs to function by some rules, not technical ones, but more generally accepted principles. Those principles should be set not by private entities, but by ones whose purpose should be to protect the citizens. Aiming to secure a „pole position” in these issues, the EU has invited its American friends to join this initiative.

A set of general principles supported by the world’s technological leader, the US, and the world’s policy factory, the EU, would go a long way in protecting citizens. The EU made the first move for this rulebook, but did so internally, as it has spent years working on and developing its digital single market and consumer protection regimes. Despite having experience in regulating internally, things are not that easy when you aim for a global regime, because one must deal with different actors and different agendas.

Speaking of, where and how would this rulebook apply? Since digital technology is everywhere nowadays, it is difficult to pinpoint the exact domains where it might work. To be concise, I selected some policy domains that target the major layers of the digital space:

  • its foundations – security of infrastructures
  • rights – data protection and transparency of algorithms
  • economic layer – digital markets, taxation, competition
  • social layer – disinformation
  • future developments and research – AI

The simplest way to explain the need for a rulebook is to refer to AI. Its potential to replace human decision-making, but also its potential to influence people’s lives due to its decision-making, certainly require some generally accepted principles or, at least, some red lines that should not be crossed. Would you want a private company with an opaque AI algorithm to decide whether you would qualify for a job or a bank loan? Don’t think so. AI is a domain where the EU has just revealed its proposed rules, aimed at boosting innovation, but also at protecting citizens and giving them means to trust these new technologies. The US has not been particularly keen on doing the same, focusing rather on the competitive edge that AI can give it against China. While the US sees competition, the EU sees the need to build trust. These are different views, not necessarily resembling a strategic partnership. So what about the other areas?

How do the US and the EU stand? Is there room for a rulebook?

The answer for the second question is, declaratively, yes. From Ursula von der Leyen’s statement that „Europe stands ready” to Biden’s „We are back”, statements are promising. Let’s dig deeper.

On security of infrastructure, the two are seemingly on the same page, since they share the same foes – China and Russia. Speaking of China, Huawei started the whole debate on the security of 5G infrastructure since it has been suspected of espionage for the Chinese government. The Trump administration banned the company from doing business in the US and lobbied the EU and the Member States to basically do the same. With the launch of the EU Cybersecurity Toolbox, the Commission urged the Member States to exclude companies that might be suspected agents of foreign governments from 5G procurement. That’s basically a rule tailor-made for Huawei. So, it seems that, on this subject, the US and EU are in sync, but the US is the first violin.

On digital markets and competition, things are a bit more complicated. The EU is a „policy factory” and, of course, it’s in its DNA to regulate, since it needed to create a single market that would unify its national markets. The regulations in recent years have definitely crystallized the Digital Single Market – from roaming to portability of online content. Besides these building blocks, recent years have seen additional regulatory requirements for tech companies, everything from the copyright legislation to transparency requirements in the new Digital Services Act and Digital Markets Act. Additionally, competition is also something that gives the EU its edge. Since the Digital Single Market cannot properly function without proper enforcement of competition policy, various antitrust investigations have targeted and fined BigTech platforms.

The US has had a different approach, by providing a framework of self-regulation that has probably allowed tech giants the space to flourish, expand and buy their competitors. Why? Well, a powerful Google also translates into a powerful US overseas, of course. Nevertheless, things are apparently changing, since we have seen antitrust investigations against Facebook and parades of tech CEOs in front of Congress or even calls to break up BigTech.

On rights, the EU has the upper hand here as well. I think I just have to mention the GDPR and that would be enough, especially since the US does not have a federal data protection law. I do have to mention also the „Brussels effect” – the idea that the level of data protection is so high in Europe that companies have extended the application of this regime even worldwide.

Privacy is a whole other question in the US. The aftermath of 9/11 saw an emphasis on expanded surveillance and the Edward Snowden revelations have certainly showed this. The whole Privacy Shield debate shows that the US has a lower privacy regime, as well as other interests. Cooperation on a privacy regime or other enforced consumer protection rights would seem problematic, from this standpoint.

On social media and disinformation, times are definitely rough both for BigTech, but much more rough for democracies, which have started to hit back at them for the environment that they have helped foster on their platforms. Since the current legal context practically shields them from assuming responsibility for the content they help propagate, EU aims to change this and demands more accountability and transparency from these companies. No wonder that the von der Leyen has criticized the very business model of these companies.

What about the US, the land of BigTech? Well, since the propagation of alternative facts, the claims of fake elections, and the Capital riot, there is definitely groundwork for rethinking the responsibilities that social media companies have. Section 230, the law regulating the intermediary role of platforms or the 26 words that created the Internet, will probably be under review, even if social media companies have opposed this quite a lot. But, aside from parades in front of Congress, there are no official signals in the US about how BigTech might have more accountability.

Different fields, different interests, one rulebook?

Does this partnership have any chance to function?

The short answer is yes, because the main components of this proposed rulebook regard democratic values and, of course, the two share them (more or less). But others relate to cultural preferences and traditions, such as the choice between protecting privacy versus achieving security. This leads me to the long and probably complicated answer, which is maybe. Why? Well, first, when talking about norms and principles, we automatically know that they are non-binding and whenever the preferences or the conditions shift, they may be left aside for some period (of course, I’m talking about a pandemic here).

Nevertheless, the partnership may be boosted by China. Both the US and the EU have completely different views than China. They both want to deter its expansion on the global stage, since it offers another model for digital society and economy – a controlled digital society with an economy serving the interests of the Communist Party.

What else can bring the US and EU together? Definitely the need to reign in BigTech. Both actors have started internal discussions about updating the current system of rules so that BigTech can be more accountable. While the EU is more advanced, since it has already proposed a new set of rules for digital platforms, the US is a bit timid so far.

Finally, their „insides” may play a part in the organization of this digital rulebook. While partisanship will definitely shape the debates on how to handle digital platforms as well as AI in the US, EU member states have their own interests. For instance, Ireland has opposed the idea of this digital tax, since it’s the European headquarters of major tech companies.

Bottom line: the rulebook is declarative so far, but what matters are the varying interests and behaviors of both actors varying from one issue to another.

What about you and me?

I said in the beginning that the discussion is about you and me, since we interact with digital technology on a daily basis and digital tech, as it is now, has a massive impact on the way in which we lead our life. We get ourselves trapped in doom scrolling, we are targeted with massive amounts of information and we don’t have time to go through all of it, so we make snap decisions that may be true or false. And they might have serious consequences.

How would this rulebook improve OUR lives? We will continue to be able to speak freely online. Will we? We might be better informed about what happens with our data. But will we be able to truly control what happens to it? We might know more about how social media works, how it influences us and we might be able to signal bad and illegal behaviors faster and also change our behavior and quit the doom scrolling. But will we?


Big cities – London, Amsterdam, Barcelona, New York and Tokyo – are the stars of academic studies and the smart city industry. But what about small cities? Small cities cannot match the performance of financial, technological, touristic centers of the world, hence they do not possess the budget or the resources of even the human capital necessary for digital transformation. Or do they?!

The smart city industry is a cash cow and the pandemic will definitely accelerate this trend. But what about the people?

I found out about Darmstadt from a German university professor in the fall of 2018. “Germany’s first digital city”, he told me at a conference and aroused my interest about what exactly this meant. The initial impression after preliminary research was that of a futuristic city in the style of the Jetsons. So, the non-academic reaction was: wow, so cool! Then, I was lucky enough to have some initial conversations with people in charge of the project, but also to study within a research stay so that I could see for myself how a small and digital city looks like
Principles of the Digital City. Source:
Now, a few words about Darmstadt, a city the size of Oradea, an Art-Nouveau city, just like Oradea. It is a strong university city with a young and multicultural population, the headquarters of a European organization – EUMETSAT, as well as the headquarters of one of the oldest science and technology companies in Germany, Merck (established in 1668).

The differences are obvious, but both are small cities and are somehow in the shadow of other more developed, more tech-friendly cities. I felt this when talking to the people involved in the digital strategy of Darmstadt, as they could not dare compare themselves with Frankfurt or other big cities and asked me what I found so interesting about their small city.

This is what I wanted to find out in Darmstadt: how a local administration sensitive to the dangers of technology and to the needs of the people addresses digital transformation.

Cities are truly the closes political entities to the individuals, and this is even more obvious for smaller cities. Individuals can be put at the center of a smart city strategy by means of this closeness. There is one condition, though: the existence of a local administration focused on improving citizens’ lives. This is what I wanted to find out in Darmstadt: how a local administration sensitive to the dangers of technology and to the needs of the people addresses digital transformation
Coming back to Darmstadt. As I said, I managed to spend almost 4 months in the digital city. I didn’t live in a sci-fi town, I didn’t feel watched by millions of sensors and by Big Brother and nor did I have a digital identity. Each technological innovation put forward centered around the community with ideas of apps to encourage the circular economy by which people could lend their tools to one another or ride together to Frankfurt in one car. The Digital City strategy also entails free digital and media education courses for the elderly, but also free education modules for cybersecurity (Bleib wachsam, Darmstadt – stay alert, Darmstadt). Yes, there are sensors and a lot of data flying around, but they are generated with the LORAWAN protocol, a cheaper one that can be better controlled by the local administration. The interventions are targeted towards the community.

The biggest fear of people was to not be overcome and overwhelmed by technology.

Actually, the local administration organizes regular meetings with the citizens, where they can talk about the projects and where the local administration collects feedback. This is how the strategy began, by inviting people to an event where they could, among others, list their main fears related to digitization. The biggest fear of people was to not be overcome and overwhelmed by technology.

And by the way, the management of the Digital City has a series of committees that push forward and oversee the idea of tech for the people. According to them, they are among the few in Europe with an ethics committee, which has drawn up a series of ethical principles that should guide the local administration in the adoption of new technologies. As a matter of fact, this is the reason why they turned down a series of “black box” tech solutions offered to them, as they did not want to use technologies that could not be explained and opened up to the citizens,

Life in Germany’s first digital city is somehow the same even after they won this title, thus showing that digital transformation is a long-term effort and also an iterative exercise of governance. People ride their bikes, but they can also rent a bike from the bike sharing service administered by the local transport company. The administration functioned quite well during the lockdown. They are currently working on the city’s data platform, so that they can connect different sources of data in order to improve mobility, for instance. So, if pollution sensors report increases in values, this mostly likely means that traffic is high and several adjustments to the traffic management system can be made in order to lower pollution levels. And just to round the circle, the administration will open up the data platform partly to the citizens for so-called “citizen-science” project. Does this happen in a big city? Does this happen in Romania?
I deem these questions rhetorical, but I can offer certain ideas on how we can think differently about small and smart cities. The steps below are just one of the results of my research financed by the Deutscher Akademischer Austauchdienst (DAAD).


Digital Policy este o platformă de analize de politici publice digitale, axată pe nivelurile european, național și local.