Faculty of law blogs / UNIVERSITY OF OXFORD

Regulation is Coming for the Digital Transformation


David S. Evans
Chairman at Global Economics Group, Boston


Time to read

5 Minutes

Over the coming months, years, and decades the digital transformation will raise questions as to whether we need new laws and regulations, should modify existing ones, or do nothing at all.  Much of the work to be done will be more nuanced, and diverse, than the current drive to regulate Big Tech. As I explain in my recent article ‘Tech Reg: Rules for the Digital Economy’ society will want to consider different approaches depending on the business models, technologies, competitive landscape, and other factors.

Regulatory Choices for the Digital Transformation

  • No Regs, No Need. There may be no reason to do anything at all. That is the default position for market economies. We generally rely on markets and intervene only with good cause. Digital businesses may engage in practices that are novel but do not raise any apparent concerns and should just be left alone. Economics strongly advises to deviate from this default only after identifying a market failure, based on empirical evidence, and having a targeted remedy that can do more good than harm.
  • Old Regs for New Bodies. The adage, however, that ‘if it ain’t broke, don’t fix it’ also applies. Existing laws and regulations may be sensible whether applied to an old, boring, traditional business or a new, sexy, digital one. Workplace safety is just as important at an Amazon warehouse as it is on the BMW factory floor.
  • Old Regs, But Let’s Wait and See. Experience has taught us that, whatever their merits, regulations are costly for firms to comply with and can impede innovation. Imposing regulations that make sense for mature traditional businesses on new entrepreneurial ones runs the risk of choking off innovation. One solution, particularly when new businesses don’t account for much economic activity, is to wait and see how things develop, the path the United Kingdom has taken with regulatory sandboxes for neo-banks and FinTechs.
  • Old Regs, But Don’t Fit. Regulations that made sense, at one time, for traditional businesses may not be sensible interventions for digital ones. Digital businesses could have some special characteristics that render regulation unnecessary. That was the argument for treating digital platforms for third-party content differently than traditional media companies when it came to the enforcement of libel and intellectual property laws.
  • New Regs for New Problems. The digital transformation can result in new market failures that either lack analogues in the traditional economy or magnify problems that, while present in the traditional economy, don’t merit intervention there. This is likely to become a major focus of tech regulation in the decades to come as new technologies, business models, and who knows what come into being. For example, misinformation is hardly new: it is spread through traditional media, and by friends and family connected through traditional communication channels. The new concern is that digital social networks are far more powerful in spreading misinformation than traditional mechanisms and thus more harmful.
  • Private Regs for New or Old Problems. A key difference between the digital and physical economy is the prominence of platforms that have their own ‘laws and regulations’ for their communities. They have incentives to address problems—from breach of contract to hate speech—that reduce the value of platform to those participants overall and thereby the platform’s profits. Private regulation may limit the scope for public regulation. It could also raise issues concerning the proper locus (private vs public) of some forms of regulation, such as of speech.  Still, regulators may leverage platform regulatory systems to achieve their goals to deter bad behavior.   

Regulatory Barriers to Innovation

There’s a lot of talk about regulating tech firms, particularly BigTech, but not enough about when to shield tech firms from traditional laws and regulations. Two examples highlight the need to take down regulatory barriers in some cases, but also the risks of suspending tried-and-trued regulations in the name of innovation.

Telemedicine enables medical professionals to help patients through virtual visits. In principle, the doctor and patients could be anywhere. The provision of medical services could be helped by the distribution of internet-connected diagnostic equipment. It is also possible to conduct robotic surgery where the surgeon is in one location and the patient in another, particularly with the deployment of 5G technologies with low latency. The spread of telemedicine could result in substantial health improvements: bringing health care to older people who have trouble getting to the doctor, people who live in remote areas, or those who lack local health care providers.

In the United States, most states require licenses to practice medicine in that state. During the pandemic many states allowed out-of-state doctors to treat in-state patients virtually. That provided a boon to telemedicine as patients benefited from saving the time and expense of going to a health care facility as well as the health risk. States have since suspended those emergency measures.

Of course, the experiment showed both the benefits of telemedicine, which are hardly confined to the need for social distancing, and the obstacles that state licensing laws pose for innovation and competition from telemedicine. In the US, regulations that bar consumers from widespread access to health care through digital technologies should be modified or dismantled. At the same time telemedicine may require new laws or regulations to protect consumers from other problems that could arise from this new technology and business model for delivering health care.

Then there’s the now infamous Section 230, of the Communications Decency Act. It illustrates the perils of exempting new tech firms from traditional rules. In 1996, a couple of years after the launch of the commercial internet, the US Congress decided to shield internet platforms from liability for third-party content on their sites. Legislators, and the President who signed the bill, had concluded that making these platforms face  liability under the laws and court rulings that applied to traditional business would deter innovation based on the new technology. It appears they did this on their own and not from lobbying by the dotcoms or their investors. The legislation also protected the internet platforms from liability from self-regulating content provisions. ‘Old regs, don’t fit’ was the path followed.

Section 230, and similar protections adopted in other jurisdictions, stimulated the formation and growth of internet platforms whose business models were based on third-party content. Private regulation enabled these platforms to discipline content when it was in their self-interests, such as by jeopardizing ad revenues. But did not require them to do so when it was in the public interest, the object of the laws to which they were not held.

Many current policy concerns involve platforms, and behaviors, that were, in effect, subsidized by Section 230. That includes the spread of misinformation, hate speech, and terrorism. By promoting internet platforms that rely on third-party content Section 230 likely also encouraged the growth of online advertising or at least online advertising based on third-party content. Those platforms are at the center of the debate over regulation of privacy, personal data, and the viability of traditional journalism.

It is possible that Section 230 was a good tradeoff at the time. The internet boomed and consumers benefited from third-party content, such as social networks, and customer reviews. Now policymakers can reign in some of excesses. It is also possible—and seems more likely—that Section 230 was a huge mistake. In the counterfactual, faced with liability for third-party content investment and innovation would have been steered to other areas.  Content platforms could have adopted different business models or practices to limit their exposure to liability. The problems we see today would have been lessened. Now it may be too hard to put the cat back in the bag.

What appears certain is that Section 230 was well-meaning but had unintended consequences that have been harmful. And not from imposing new regulations, but from suspending existing ones, for digital businesses.  It is a powerful lesson that society should be cautious when exempting tech firms from traditional regulations that have a sound basis and track record of success.

Tech Reg for Long Haul

The digital transformation will likely take many decades to work its way through the economy. After a quarter century, e-commerce accounts for only 13 percent of retail sales in the US and less in many highly developed countries. It will take time for startups to seize opportunities in new areas and time for new innovations to reach fruition. As with other general-purpose technologies, such as electricity and the combustion engine, the full effects of the digital transformation will occur over many more decades. Society will need thoughtful analysis of laws and regulation as most parts of the economy are touched and avoid romanticizing or demonizing the tech innovators.


David S. Evans is Chairman at Global Economics Group, Boston, Mass, Co-Executive Director at Jevons Institute for Competition Law and Economics and Visiting Professor at the University College London.


With the support of