The capabilities of technology are always expanding and, with them, the digital landscape. Entrepreneurs and companies that have digitized their operations benefit from this growth, often finding that they can reach more consumers and better streamline their production and marketing processes. But the more digitized a business becomes, the more it exposes itself to cyber risk. Onboarding general and user data, customer profiles, administration processes, and digital identities onto the internet makes them more accessible to cybercriminals. This is where regulation comes in.
Several private and government regulators have risen up to provide legal and operational frameworks for digital platforms. These regulations are designed to protect consumer data and prevent or punish fraudulent online activities. And because technology is always changing, the frameworks are often updated to conform to the latest innovations and consumer needs. Here is a look at some of the regulations that exist in the digital sector and how they protect consumers and businesses.
The Digital Markets Act (DMA)
The Digital Markets Act (DMA) is an EU legal framework for online businesses. It promotes healthy competition in the European digital space by preventing large companies, otherwise called gatekeepers, from using their influence to keep new players out of the market.
The obligations set out by the DMA prevent gatekeepers from combining data from two different services they own, such as Facebook AND Instagram, or using self-preferencing methods to promote their products. A good example of this is Google Search ranking Google products higher. Additionally, the DMA stipulates protections for publishers, advertisers, and other business users and limits the publication of articles by gatekeepers on the pre-installation of their services.
The DMA targets gatekeepers, who while unnamed, are said to include Microsoft, Apple, Meta, Amazon, and Alphabet, among others. Affected companies will have to comply by 6 March 2024.
The Digital Service Act (DSA)
Another EU regulation, the DSA is a framework for online businesses. It covers everything from e-commerce platforms and digital banks to e-learning portals and online casinos. Through the DMA, the EU ensures that online service providers do not misuse consumer data.
For instance, if you sign up for an online casino regulated by the DSA framework, you can play poker, blackjack, and other casino games with the assurance that your personal data will not be shared illegally. This is especially important for online gambling because the activity involves real money. If you are affected, you can find out more about online pokies in Australia here as well as how your data will be protected by any Australian online casino you join.
The DSA was proposed in 2019 by Ursula von der Leyen and covers illegal content and the transfer of user data to intermediaries. It bands, for instance, the use of sensitive consumer data like data on children or health matters for profiling and advertising. As the DSA was designed to modernize the 2000 e-Commerce Directive, it also stipulates legislation on disinformation and transparent marketing.
Data Protection: The GDPR
The GDPR is an international legal framework for data security and privacy. Passed in 2018, it requires that service providers targeting EU residents secure the personal data of their users and protect data privacy rights. The fact that the GDPR is a regulation means that it is directly applicable and binding but can be adjusted to meet the needs of individual jurisdictions.
In fact, multiple states have used the GDPR as a model for their data privacy laws. These include Argentina, South Africa, Kenya, South Korea, Brazil, Chile, Turkey, Japan, and Mauritius. The UK also has a similar law despite exiting the EU. In the US, the California Consumer Privacy Act (CCPA) is very similar to the GDPR as it was modeled against it.
With over 10 chapters, the GDPR sets provisions for user rights, provider duties, the transfer of user data to other states, cooperation among member states, and legal penalties for breaches.
Digital Transactions: BaFin, AML5, and Sepblac
Several frameworks have also been set to protect consumer assets with regard to digital transactions. In the EU, the AML5 directive was passed in 2020 to update the AML4. Also called the Anti-Money Laundering Directive, the AML5 regulates how companies handle consumers and their data during digital transactions and online identification processes. Similar directives include BaFin in Germany and Sepblac in Spain. The goal of these directives is to prevent monetary offenses and money laundering related to financial terrorism and cyberattacks.
Wrapping Up: Fragmented Policies
These are just some of the regulatory policies actively used in the digital market to regulate the use of data and protect consumers and companies. Because the digital age is still at a fast-growing stage, these regulations change a lot, often having to conform to new threats, loopholes, and markets.
And because digital markets operate differently across jurisdictions, the available regulatory frameworks are often implemented differently. This has left the regulatory landscape highly fragmented. Even internationally-recognized frameworks like international human rights have not been adopted evenly.
It might take some time until consumers enjoy the same protections everywhere. But, in the meantime, it is comforting to see all the efforts being put into data protection.