In this blog, our guest authors Randeep Sudan and Yamin Oo talk about the pervasiveness of the Digital Economy, and the key trends that will determine its future trajectory. “That the world in 2030 will be very different from today is obvious. We may, however, be surprised by the extent and sweep of the change ahead of us.”
The Digital Economy – a term first coined by Don Tapscott in 1994 – is not easy to define or measure. At one end, it is limited to the production and consumption of digital goods and services. On the other end, according to the European Parliament, “The digital economy is increasingly interwoven with the physical or offline economy making it more and more difficult to clearly delineate the digital economy“. We are, however, witnessing the Digital Economy transitioning to an economy that is digital.
Given the pervasiveness of the Digital Economy, its future will be determined by the complex interplay of several trends. Some of the trends that illustrate the future trajectory of the Digital Economy are:
Technology
We will see AI becoming ubiquitous as it is leveraged in every sector and sphere of activity. According to one estimate, AI is estimated to contribute USD 15.7 trillion to the global economy by 2030, which is more than the current GDP of China and India combined! We are also likely to see rapid progress in technologies related to Extended Reality (XR) in the coming years. COVID-19 is accelerating this trend, as we can see from the offerings of companies like Spatial and MeetinVR that facilitate virtual business meetings. The analog world’s rendering into its digital twin will see us moving towards a metaverse – a virtual shared space imagined in Neal Stephenson’s novel Snowcrash. Some of the biggest names in the tech industry – Apple (Apple glass), Facebook (Oculus), Sony (Playstation) – are assiduously working towards this direction.
Given the importance of telecom infrastructure to the Digital Economy, 5G networks are being rolled out in countries worldwide (Figure 1). However, even as 5G is being deployed, the buzz around 6G is getting louder. 6G may transmit data 100 times faster than 5G and may see deployment by 2030 given the decadal cycles for telecom: 1G in the 80s, 2G in the 90s, 3G in the decade following 2000, 4G in the decade starting 2010, and 5G beginning in the 2020s.
The availability of high bandwidth, low latency networks could lead to newer applications and further breakthroughs in innovative technologies.
The Future of Work
With the rapid growth in automation and AI, we are likely to see significant labour market disruptions. Moreover, COVID-19 has been a watershed for the global economy – its impacts will continue to be felt for many years to come. According to the International Labor Organization, 495 million full-time jobs were lost in the first two quarters of 2020 due to COVID-19. Lower and middle-income countries have suffered the most, with an estimated 23.3% drop in working hours – equivalent to 240 million jobs.
A recent report from the World Economic Forum estimates that by 2025, 85 million jobs may be displaced due to automation and AI, while 97 million new roles may emerge. We will see significant changes and turbulence in labour markets across multiple industries and geographies in the years ahead. If we look at how the top ten skills required by the top 10 US companies have been changing over time, we get an indication of the Future of Work. Companies are more focused on “soft” skills, that are not easily addressed by AI & Automation.
We are also likely to see a shift from humans adapting to technology to technologies adapting to humans. For example, the acceleration in digital twins combined with advancements in XR could allow unskilled workers to do skilled jobs. AR could guide a worker to repair a piece of mechanical equipment without long years of previous training. Similarly, the emergence of ‘Low Code No Code’ (LCNC) applications will allow ordinary individuals to do tasks that previously required specialised training.
Climate Change
Scientists have long focused our attention to limit the carbon dioxide in the atmosphere to 450 parts per million to avoid catastrophic climate change. In 2016, the World Meteorological Organization reported this concentration had crossed 400 parts per million, leaving us with a shorter runway to prevent calamitous climate change. We are, therefore, likely to see increased efforts to tackle climate change in the decade ahead.
Digital technologies can impact the global climate agenda in multiple ways: smart grids, smart buildings, smart appliances, intelligent transport systems, shared mobility, and 3D printing, to name a few. Digital technologies will also allow new sources of renewable energy to be tapped. For example, the molten core of the earth is over 6,000°C. “Just 0.1% of the heat content of Earth could supply humanity’s total energy needs for 2 million years,” according to AltaRock Energy. Advances in the use of digital technologies that allow for precise directional drilling will allow for advanced geothermal systems to be established as reliable power sources.
Splinternet
Tech bloggers like Doc Searls and Stephen Lewis had begun to theorise about a Splinternet as early as 2008. There was a danger of governments carving the world into geopolitical blocks and creating technology barriers. China’s Great Firewall and the US’s recent responses under the Trump administration are likely to hurtle us in the direction of a fractured internet. We may end up with the US dominating the western internet and China dominating a competing block of countries. The Digital Economy’s evolution would fracture into different camps, making it very different from what it is today.
Tech Regulation
The most valuable companies in the world today are in tech. Seven of the top ten companies in the world by market cap in 2020 are tech companies.
The recent investigation into competition in digital markets undertaken by the US House Judiciary Committee observed: “Over the past decade, the digital economy has become highly concentrated and prone to monopolisation. Several markets investigated by the Subcommittee – such as social networking, general online search, and online advertising – are dominated by just one or two firms. The companies investigated by the Subcommittee – Amazon, Apple, Facebook, and Google – have captured control over key channels of distribution and have come to function as gatekeepers. Just a decade into the future, 30% of the world’s gross economic output may lie with these firms, and just a handful of others.“
We have also witnessed the rapid diversification of data monopolies into other sectors. See, for example, the diversification of VC investments by Alibaba’s Ant Group over time. In 2015 they were investing in 5 areas, which has doubled in the last 5 years.
The call for the regulation of big tech will gain momentum in the coming years. The European Union is likely to lead here, just the way just it did in the case of its General Data Protection Regulation.
Governments will also require data monopolies to share data. China mandates its automakers to share data generated by electric vehicles with a government research institute. This data is essential for public safety and planning battery-recharging stations. The Australian Government promotes the concept of sharing “designated datasets” that could include data held by the private sector that has significant community benefits. Similarly, France’s Law for a Digital Republic requires the sharing data by certain categories of the private sector. Such blurring of boundaries between public and private data will become more important.
We will also see the growing importance of data trusts. These are structures where data is placed in the custody of a “Board of Trustees” who have a fiduciary responsibility to look after the interests of data owners. Such data trusts might give individuals better control over their data.
Every aspect of the economy is being digitalised today. In the next decade we are likely to witness foundational shifts in how the Digital or Data Economy is structured. It will also see increasing risks as cyber threats grow exponentially from cybercriminals and state actors. That the world in 2030 will be very different from today is obvious. We may, however, be surprised by the extent and sweep of the change ahead of us.
Singapore FinTech Festival 2020: Economic Summit
For more insights, attend the Singapore FinTech Festival 2020: Economic Summit which will cover topics tied to the state of the economy, path to recovery and re-framing the new financial services landscape
The Hamburg State Commissioner for Data Protection and Freedom of Information (HmbBfDI) imposed a fine of USD 41.3 million on Swedish MNC, Hennes & Mauritz (H&M) for illegal surveillance of employees in H&M Germany’s service centre at Nuremberg.
The data privacy violations reportedly began in 2014 when the company started collecting employee data including their personal information, holidays, medical records, informal chats and other private details. It was found that the information was unlawfully recorded and stored; and was further opened to managers. The violations were discovered in October 2019 when due to a computing error the data became accessible company-wide for a short span.
Ecosystm Principal Analyst Claus Mortensen says. “This is one of those cases that are so blatant that you cannot really say it is setting a precedent for future cases. All the factors that would constitute a breach of the GDPR are here: it involves several types of data that shouldn’t be collected; poorly managed storage and access control; and to finish it all off, a data leak. So even though the fine is relatively high, H&M should probably be happy that it was not bigger – the GDPR authorises fines of up to 4% of a company’s global annual turnover.”
Mortensen adds, “It should also be said that H&M has handled the aftermath well by accepting full blame and by offering compensation to all affected employees. It is possible that these intentions were considered by the HmbBfDI and prevented an even higher fine.”
The penalty on the Swedish retailer is the highest in Germany linked to the General Data Protection Regulation (GDPR) legislation since it came into effect in 2018 and the second highest throughout the continent. Last year, France’s data protection watchdog fined Google USD 58.7 million for not appropriately disclosing data collection practices to users across its services to personalise advertising.
Talking about the growing significance of fines for data breaches, Ecosystm Principal Advisor Andrew Milroy says, “To be effective, GDPR needs to be enforced consistently across the board and have a significant impact. It is too easy to ‘corner cut’ data protection activities. Some breaches may not have an operational impact. For this reason, the cost of being caught needs to be sufficiently large so that it makes commercial sense to comply.”
According to Milroy, “The sizeable fine meted out to H&M together with the publicity it has generated shows that the regulators are serious about GDPR and enforcing it. Other regulators around the world need to make sure that their jurisdictions don’t become ‘soft touches’ for malicious actors.”
EU Proposing New Data Sharing Rules
We are also seeing the European Union (EU) make moves to regulate digital services and customer data use by technology providers, as part of the European Union Digital Strategy. The EU is drafting new rules under the Digital Services Act to force larger technology providers to share their customer data across the industry, to create an even playing field for smaller providers and SMEs. The aim is to make the data available to all for both commercial use and innovation. This is being driven by the EU’s antitrust arm, aimed to reduce the competitive edge tech giants have over their competition and they may be banned from preferential treatment of their own services on their sites or platforms. The law, which is expected to be formalised later this year, is also expected to prohibit technology providers from pre-installing applications or exclusive services on smartphones, laptops or devices. The measures will support users to move between platforms without losing access to their data.
The Malaysia Digital Economy Corporation (MDEC) has estimated that the country’s Digital Economy is worth USD3 trillion. Several initiatives have been introduced to promote the vision of a Digital Economy including: creating the Malaysia Tech Entrepreneur Programme (MTEP) aimed at tech founders who want to make Malaysia their base; the Malaysia Innovation Policy Council for industry collaboration on digital technology initiatives and streamlining policy/regulatory issues to support innovation; and the National eCommerce Roadmap aimed at small and medium enterprises (SMEs) to promote cross-border eCommerce.
Data Protection Laws for a Digital Economy
However, any country that aspires to be a Digital Economy, must have robust data protection laws that safeguards its citizens’ data. Malaysia’s Personal Data Protection Act 2010 (PDPA), was passed by the Malaysian Parliament in 2010 and came into force in late 2013. While the PDPA does provide guidelines for personal data protection to some extent, in light of technological advances, newer laws such as GDPR that are shaping the industry, and to keep up with the aspirations of creating a Digital Economy, there is a need for more comprehensive privacy laws.
“Growing the Digital Economy is a key agenda for Malaysia and a revised PDPA is a key component in ensuring trust and transparency,” says Shamir Amanullah, Principal Advisor Ecosystm. “The increasing and complex use of data and the proliferation of devices pose serious challenges which the data protection laws have to address. The recent US Federal Trade Commission’s hefty fines on Facebook and Equifax highlight the need to protect data of consumers and businesses alike.”
The PDPA is clearly a work in progress where while fast-growing areas such as electronic marketing and online privacy are mentioned in the act, there are no specific provisions to deal with breaches in these areas.
Updating the PDPA
In the last few years, Malaysia has realised that the PDPA fails to cover some areas. As an example, it does not take into consideration the proliferation of biometric data. The national ID card (MyKad) stores data using biometrics (thumbprints) and there is a clear rise in use of facial recognition technology in the country. Grab partnered with the Ministry of Transport last year, to use facial recognition technology to protect their drivers.
Malaysia is committed to their Digital Economy vision and is looking to update the PDPA, to make it more appropriate for contemporary needs and technology. The Government is consulting its citizens on possible ways to improve the PDPA. Between 14-28 February, the public can provide feedback on their thoughts and requirements on data privacy, through the Ministry of Communications and Multimedia’s web portal.
Some of the areas that have been found lacking and where feedback is being sought are expanding applications of the PDPA to data processors, making it compulsory to notify data breaches and simplifying cross-border personal data transfer.
Speaking about the areas that are likely to be addressed, Amanullah notes, “The review of the PDPA and the ongoing public consultation will deliberate extending the PDPA to non-commercial transactions. The existing PDPA does not cover non-commercial transactions involving charities, religious activities and even social media. The EU, Japan and – closer home – the Philippines have data protection acts which regulate both commercial and non-commercial transactions.”
Malaysia’s Communications & Multimedia Minister, Gobind Singh Deo, has from the start spoken about the need to update and bring the PDPA up to speed. “The goal of the Digital Economy is to take Malaysian enterprises beyond the country to Southeast Asian and global markets,” says Amanullah. “The EU GDPR is recognised as a leading global framework for data protection and is set to play a big role in the revised PDPA, to ensure that Malaysian companies adhere to the same data protection standards as global organisations.”
“The appointment of Data Protection Officers will be a major move to ensure that companies that hold sensitive private data have the necessary skills, processes and technology in place to comply with data protection laws.”
It’s been a tough couple of years for British Airways (BA). 2017 saw an IT failure that resulted in 726 flights getting cancelled and 75,000 passengers being stranded on a busy holiday weekend. The fallout from this incident was around GDP 80 million in compensation paid to passengers and an almost immediate 4% drop in the share price.
Then, in 2018, the British carrier fell victim to a security breach in which around 500,000 people had their personal data, including their credit card details, stolen by hackers.
It is this breach that British Airways is now told that it will be fined 183 million British Pounds for. The fine was announced by the British Information Commissioner’s Office (ICO), and if it stands, it will be the biggest fine ever imposed for a data breach in the UK or elsewhere in Europe. In fact, the fine dwarfs previous fines issued up until now.
The biggest fines issued by the ICO in the UK were to Facebook and Equifax – both of whom were fined GBP 500,000.
Facebook’s fine was for the notorious Cambridge Analytica data scandal, where the information of 87 million Facebook users was shared with the political consultancy through a quiz app that collected data from participants as well as their friends without their consent.
Equifax Ltd. fine was for something more similar to the British Airways case: In May 2017, hackers stole personal data including names, dates of birth, addresses, passwords, driving licences and financial details of 15 million UK customers. In its ruling, the ICO said that Equifax had failed to take appropriate steps to ensure the protection of this sensitive data despite warnings from the US government.
But these fines were all from before the General Data Protection Regulation (GDPR) came into effect. Now, under the new rules, fines can be as high as EUR 10,000,000 or 2% of total global annual turnover for the previous year (whichever is higher) for lesser data breach incidents. For significant data breaches and non-compliance, the fines can be double that: EUR 20,000,000 or 4% of total global annual turnover (whichever is higher).
British Airways’ GBP 183 million fine is the equivalent of 1.5% of its turnover in 2017. Had the ICO gone for the maximum limit, the fine could have been as much as GBP 489 million.
A lot can still happen before the fine is finally issued, and BA is likely to dispute the decision in court (Willie Walsh, the CEO of BA’s parent company, IAG, has said they will). But even if the fine ends up being significantly lower, there are obvious lessons to be learned from this case:
- “People’s personal data is just that—personal.” These were the words spoken by Elizabeth Denham, the ICO Information Commissioner, in response to media enquiries on the fine. In other words: companies will need to take data privacy extremely seriously from now on or expect very hefty fines.
- Attitude matters. British Airways chairman and chief executive, Alex Cruz, said in a statement that BA was “…surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused.”
Although we can’t know this for certain, the response may reflect what could be described as an “attitude problem” in how BA has been dealing with the ICO: a whiff of arrogance, blaming the breach on criminal hackers and failing to accept any blame or real responsibility for the incident.
We know from other GDPR cases in other countries that any failure to cooperate with the authorities may result in larger fines. Full transparency, full cooperation and accepting responsibility are the way to go. If it’s your data, then the buck stops with you.
- The risks associated with IT cutbacks just went through the roof. The operating losses following the financial crises of 2008 made the carrier slash back its IT budgets (as well as other “expenditures”). Airlines, in general, are notorious for under-spending on IT, but when combining that with further cutbacks on IT expenditure, disaster may ensue. BA’s recent IT related woes may or may not be a direct result of under-spending on IT, but in the court of public opinion, this connection has been made.
In any case, with the new fine regime under the GDPR, the risks associated with under-spending on IT – and on IT security in particular – have now gotten substantially bigger.
More than ever, the notion that IT is an expenditure that can be cut back on is a false economy.