Key Takeaways

Contents

Key Takeaways. 1

Introduction. 3

The History of American Digital Policy Leadership. 4

Clinton Administration Actions. 5

Noteworthy Laws. 5

Telecommunications Act of 1996. 5

Section 230 of the Communications Decency Act. 6

Digital Millennium Copyright Act. 7

Internet Tax Freedom Act. 8

International Cooperation. 9

A Multistakeholder Approach. 10

The New Status Quo. 10

American Leadership Failures. 11

European Overregulation and Regulatory Imperialism.. 12

Rise of Digital Protectionism.. 15

Democracy Under Threat. 18

Restoring American Leadership. 19

Recent Efforts. 19

Recommendations. 20

Endnotes. 23

Introduction

Policy matters. The United States emerged as a global leader in digital policy in the 1990s by moving early on key policy issues and adopting a light-touch, pro-innovation regulatory regime. As a result, the early Internet was largely built on American values of democracy and freedom and the United States gained a new, important source of soft power. Additionally, many of the world’s most successful digital firms came out of the United States—household names such as Google, Apple, Microsoft, Amazon, and Meta—to the enormous benefit of the U.S. economy and U.S. competitiveness. Seeing America’s success, other countries followed its lead with similar regimes, further cementing America’s leadership status.

However, since the late-2000s, the tone of digital policy has shifted. Many policymakers, activists, and pundits decided that digital technologies and companies were a problem in need of heavy-handed regulation. Today's policy discussions are marked by both opposition to the technological innovation that drives the U.S. economy and criticism of the same large tech companies that once represented U.S. success.[1] These beliefs have gained a foothold not only in American policy discussions but also around the world, influencing regulations that both stifle innovation by imposing onerous restrictions on digital companies and harm U.S. economic leadership.

In part due to this “techlash,” and in part due to multiple U.S. administrations’ failure to prioritize digital policy issues, the United States has lost its once-unambiguous status as the foremost leader in digital policy. Among democratic nations, the EU has become the standard setter, exporting its flawed strategy of overregulation on issues such as privacy, competition, and emerging tech. And no wonder, as the United States is mostly on the sidelines, failing to explain why its light-touch approach is the key to digital success.

Meanwhile, thanks to China’s unfair trade practices and the inaction of the United States and its allies, China has gained ground as a digital leader as well.

With a rise of digital protectionism around the world threatening the free flow of data, a rise in authoritarianism threatening democracy, and the rise of China threatening U.S. competitiveness, there is no time like the present for the United States to recommit to global digital policy leadership—not by aping the anti-innovation regime of Europe, but by resurrecting and modernizing America's original digital policy framework that led to economic success and consumer benefit. To do this, presidential administrations will have to make up their mind: Do they want to import an EU-style digital regulatory approach, which will have the result of damaging U.S. digital leadership and eroding U.S. soft power, or do they want to unambiguously endorse a light-touch, pro-innovation digital agenda?

This report recommends several steps the U.S. government can take to respond to these threats and correct its recent failures:

▪ The White House should make U.S. global leadership on digital policy a top priority within the current administration’s mission to restore America’s global standing, rejecting the heavy-handed European approach to digital policy, and making it clear that the American approach of light-touch regulation and targeted pro-innovation policies wins every time.

▪ The administration should forcefully push back against digital narratives and policies that hurt U.S. businesses and workers, including from allies such as the EU.

▪ The U.S. government should establish forums for multistakeholder participation in digital policy issues.

▪ The U.S. government should continue to cooperate with its allies against digital authoritarianism and seek out additional opportunities to do so.

▪ The State Department should lead a global narrative promoting the United States’ pro-innovation approach to digital policy and why that approach, as opposed to China’s or the EU’s, is the key to digital-economy success in other nations.

▪ The State Department should push back against the United Nations Commission on Trade and Development’s (UNCTAD’s) “digital victims” narrative and explain why digital innovation in higher-income nations is key to driving development in lower-income nations.

▪ The State Department should stop funding organizations that misleadingly paint U.S. digital policy and performance in a bad light.

▪ The International Trade Administration (ITA) should expand its Digital Attaché Program.

▪ The U.S. Trade Representative (USTR) should push for more countries to sign onto the Information Technology Agreement.

▪ USTR should collaborate with America’s allies on agreements and initiatives that facilitate cross-border data flows.

▪ The U.S. International Trade Commission (ITC) should better analyze digital protectionism by other countries and the U.S. Department of Commerce and USTR should develop a strategy to fight it.

▪ The National Institute of Standards and Technology (NIST) should take on a greater global leadership role in setting international standards and best practices.

▪ Congress and the Department of Justice should lead on addressing concrete online harms such as revenge pornography, data breaches, cybercrime, and intellectual property (IP) theft domestically.

▪ Congress should maintain a pro-innovation approach to regulating digital policy issues.

The History of American Digital Policy Leadership

By taking the lead on important and emerging issues, including digital policy, the federal government in the United States can more effectively promote American interests, which would increase U.S. competitiveness and ultimately strengthen the U.S. economy. Global leadership on digital policy also allows the United States to spread American values, including innovation, democracy, independence, equality, individualism, and meritocracy.[2]

The U.S. system is built on these values, which have produced world-leading digital firms and a thriving digital sector that creates jobs and wealth for millions of Americans and boosts overall U.S. competitiveness on a global scale. According to the Bureau of Economic Analysis, in 2021, the U.S. digital economy was responsible for 10.3 percent of U.S. gross domestic product (GDP) and 8 million jobs.[3]

This success would not have been possible without the pro-innovation policies of the late 1990s that encouraged growth and investment into the then-burgeoning digital economy and formed the foundation of U.S. digital policy.

Clinton Administration Actions

The White House set the tone of U.S. digital policy in the 1990s, largely guided by President Bill Clinton’s chief policy advisor, Ira Magaziner. Magaziner drafted the Clinton administration’s “Framework for Global Electronic Commerce,” released in July 1997, which outlined five principles for American digital policy to facilitate the growth of the digital economy:

1. The private sector should lead.

2. Governments should avoid undue restrictions on electronic commerce.

3. Where governmental involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent, and simple legal environment for commerce.

4. Governments should recognize the unique qualities of the Internet.

5. Electronic commerce over the Internet should be facilitated on a global basis.[4]

Guided by these principles, it is no wonder that the early days of American digital policy were marked by light-touch regulation and a pro-innovation mindset. Congress followed the administration’s lead, recognizing the benefits of this approach. The text of Section 230 of the Communications Decency Act (CDA), one of the most influential Internet laws passed during the Clinton administration years, explicitly states Congress’s finding: “The Internet and other interactive computer services have flourished, to the benefit of all Americans, with a minimum of government regulation.”[5]

As indicated by the fifth principle, the United States also engaged in some multistakeholder and international cooperation on certain areas of Internet policy. The “Framework for Global Electronic Commerce” singled out nine areas where international agreement would be especially important, including taxation, electronic payments, e-commerce, IP, privacy, cybersecurity, telecommunications (telecom) infrastructure, content, and technical standards.[6]

Noteworthy Laws

During the Clinton administration, Congress passed several laws that laid the groundwork for the U.S. approach to digital policy at home and abroad. Four of these—the Telecommunications Act of 1996, Section 230 of the CDA, the Digital Millennium Copyright Act (DMCA), and the Internet Tax Freedom Act (ITFA)—remain key pillars of American digital policy and have shaped the modern Internet.

Telecommunications Act of 1996

The Telecommunications Act of 1996 amends the Communications Act of 1934, the previous regulatory framework covering telecom and broadcasting, which was passed during the “Golden Age” of radio when television was still an emerging technology.[7] During the more than 60 years between the passage of the Communications Act and the Telecommunications Act, telecom technology changed considerably. Radio technology had improved, television had become ubiquitous, and by 1995, 18 million American homes had modem-equipped computers with access to the Internet, according to Pew Research Center.[8]

The Telecommunications Act’s stated purpose was to promote competition and reduce regulation in the rapidly developing telecom industry, with the aim of increasing the quality and decreasing the cost of services American consumers had access to, as well as encouraging the development of new technologies. Notable provisions included requiring telecom carriers (not including broadband networks) to interconnect their networks, preempting state or local regulations that would serve as barriers to entry for telecom carriers to provide service, and expanding the Communications Act’s principle of universal service—providing telephone service to all Americans at reasonable and affordable rates—to include broadband.[9]

Research conducted by the Brookings Institute in 2016 evaluated the success of the Telecommunications Act after 20 years, concluding that despite an increase in concentration in the telecom industry in the first 5 years following the law’s passage, it had achieved its goal of driving investment in new technologies and expanding broadband access and competition.[10] Information Technology and Innovation Foundation (ITIF) research likewise reflects the great strides the United States had made toward universal service: 98 percent of Americans had access to a fixed connection at broadband speeds and 85 percent had a choice between at least two providers, with the country ranking 10th in affordability, in 2022.[11]

Section 230 of the Communications Decency Act

Also in 1996, Congress passed the CDA, which was included as Title V of the Telecommunications Act. The CDA was an attempt to regulate pornographic material on the Internet, criminalizing sending or displaying obscene or indecent content to known minors.[12] A little more than a year after the law’s passage, in Reno v. American Civil Liberties Union (1997), the Supreme Court Case struck down the CDA’s anti-obscenity and anti-indecency provisions on First Amendment grounds.[13]

Parts of the CDA remain, including Section 230, the law governing online intermediary liability—the extent to which a third party is responsible for the online speech of others—in the United States.[14] Then-representatives Chris Cox (R-CA) and Ron Wyden (D-OR) wrote Section 230 in response to recent legal precedent on online intermediary liability.

According to the decisions in two separate court cases, Cubby v. CompuServe (1991) and Stratton Oakmont v. Prodigy (1995), online services that exercised no control over what users posted on their platforms—including potentially unlawful or abusive content—were not liable for that content, since the service merely distributed the content.[15] However, online services that exercised good faith efforts to moderate content and remove potentially unlawful or abusive material could be liable because, according to the court, they had exercised “editorial control” over that content and were therefore viewed as publishers rather than distributors.[16]

In passing the CDA, Congress wanted to incentivize content moderation, so it included Section 230 to remove the fear of liability and encourage the development of new online services and technologies that would give users control over the information they received.[17] The law contains two main provisions to accomplish this. First, Section 230(c)(1) states that online services and their users are not liable for third-party content, with exceptions for content that violates copyright or sex trafficking law. Second, Section 230(c)(2) states that online services are not liable for their good faith efforts to remove offensive third-party content.[18]

In addition to removing obstacles to content moderation, Section 230 also protects free speech online by curtailing “collateral censorship,” a form of self-censorship that occurs “when A censors B out of fear that the government will hold A liable for the effects of B’s speech.”[19] This protection is particularly important for online political discourse and marginalized communities online.

Section 230 has enabled a variety of business models that rely on user-generated content, including knowledge-sharing websites, online marketplaces, social media platforms, websites that host product and business reviews, websites with comment sections, and countless blogs and forums. By keeping frivolous lawsuits at bay, thereby keeping legal costs down, Section 230 makes it easier for these business models to operate, promoting innovation and competition in these spaces in a way that ultimately benefits consumers.[20]

Compared with the rest of the world, the United States was an early mover on codifying its approach to online intermediary liability, giving it a competitive advantage in the burgeoning digital economy and setting a global norm reflected in the similar approaches many other countries later took in their own laws.[21] The language of Section 230 is also present in two of the United States’ trade agreements: the U.S.-Japan Digital Trade Agreement, signed in 2019, and the United States-Mexico-Canada Agreement, which replaced the North American Free Trade Agreement in 2020.[22]

Particularly in recent years, Section 230 has drawn criticism from both Republicans and Democrats as a result of the ongoing techlash and partisan disagreement on how to move forward on issues related to political speech online.[23] Regardless, the law remains one of the cornerstones of U.S. digital policy, and will likely continue to play an important role with the introduction and growth of emerging technologies such as artificial intelligence (AI) and augmented reality and virtual reality (AR/VR).[24]

Digital Millennium Copyright Act

In 1998, just two years after passing the Telecommunications Act and Section 230, Congress passed the DMCA, which implemented the World Intellectual Property Organization (WIPO) Copyright Treaty (WCT) and Performances and Phonograms Treaty (WPPT).[25] WIPO is an agency of the United Nations created to promote and protect IP. Signatories of the WCT and WPPT agreed to protect the rights of copyright holders in the digital environment, with the WCT protecting authors and the WPPT protecting performers and producers of phonograms (a legal term encompassing recordings of music, spoken words, and sounds). Both treaties were concluded in 1996 and entered into force in 2002.[26]

In order to implement these treaties and effectively protect rightsholders, the DMCA includes provisions that outlaw circumventing technological measures that control access to a copyrighted work or distributing tools that would enable circumvention. The DMCA also establishes a safe harbor for online services against liability for copyright infringement, which is similar in principle to Section 230 but differs in its execution.

Under the DMCA, online services are not liable for third-party content that violates copyright law as long as they “expeditiously” remove or disable access to the content upon becoming aware of it. There are three conditions that trigger this removal requirement: First, an online service has “actual knowledge” of infringing content; second, an online service is aware of “facts or circumstances from which infringing activity is apparent” (commonly referred to as “red flag knowledge”); or third, an online service receives a valid notice from a copyright owner alerting the service to infringing content.[27]

The DMCA has received some criticism, including over abuses of the notice and takedown system, though there are protections in place to minimize the potential for abuse.[28] Individuals who post content an online service removes due to a takedown notice can file a counter-notice that the content is not infringing, which then obligates the online service to restore access to the content.[29]

Widespread piracy would limit the ability of content producers to create legitimate business models for selling digital content, hinder U.S. competitiveness in content industries, and hurt law-abiding consumers who must pay higher prices for content or have access limited to less or lower-quality content. The toll of piracy is already significant, representing billions of dollars in lost revenue for the creators, publishers, and distributors of movies, TV programs, music, books, and software.[30] Strong copyright protections benefit the economy by creating revenue and jobs in these and other industries.

Like Section 230, the DMCA and related IP issues will likely be even more important with the emergence of AI and the metaverse, raising new challenges for lawmakers to consider.[31]

Internet Tax Freedom Act

Also in 1998, Congress passed the ITFA, establishing a three-year moratorium on Internet-specific taxes, including on Internet access or multiple or discriminatory taxes on electronic commerce (e-commerce).[32]

A multiple tax occurs when multiple jurisdictions at the same level of government—for example, multiple states—charge tax on the same e-commerce transaction. Thus, under the ITFA, if a consumer living in one state purchases a product online from a business located in another state, only one of those states can charge tax on the purchase. Meanwhile, the ITFA’s ban on discriminatory taxes forbids jurisdictions from levying additional taxes or a different tax rate for e-commerce transactions compared with similar transactions that occur in person or via other means, such as over the phone.

Without the ITFA, consumers would pay more taxes for goods and services purchased online than they would if they purchased those same goods and services in person. This would create an unnecessary barrier to e-commerce, to the detriment of consumers who benefit from the larger variety and increased convenience of shopping online. Businesses also benefit from e-commerce in many ways, from gaining access to new customers to reducing overhead costs by opening online storefronts instead of physical ones. In turn, e-commerce benefits the entire economy through increased efficiency and productivity.[33]

The ITFA was instrumental not only in the growth of e-commerce, but also in broadband adoption. Taxing Internet access would create another unnecessary barrier for consumers, but unlike multiple or discriminatory taxes, this barrier would not only affect e-commerce. Considering how the Internet has become a key enabler of commerce, education, government services, and civic participation, consumers would suffer on multiple fronts. Internet access is also a fundamental component of increasing productivity and growth in the digital economy. Under the ITFA, American tax policy reflects that Internet access is not merely a consumer good but rather also a tool used by producers to increase economic efficiency and lower the cost of production.

The ITFA’s initial three-year moratorium was extended multiple times and eventually became permanent when Congress passed the Trade Facilitation and Trade Enforcement Act of 2015, signed into law by President Obama in 2016. In addition, the ITFA’s grandfather clause, which allowed states that had already implemented a tax on Internet access before the law’s passage to keep those taxes in place, expired in 2020, removing another barrier to broadband adoption.[34]

International Cooperation

In addition to its successful, pro-innovation approach to digital policy domestically, the United States collaborated with other nations on multiple initiatives in the 1990s and early 2000s, establishing its position as a global digital policy leader. The United States took an active role in leading negotiations of global agreements on important issues such as IP and cybercrime.

For example, the United States was one of the leading countries to push for an international approach to IP via WIPO treaties, the WCT, and WPPT. This was in part because the United States’ domestic copyright proposals had met resistance in Congress and acting on an international stage produced faster results.[35]

Likewise, the United States lobbied within the World Trade Organization (WTO) for the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). The resulting TRIPS Agreement entered into force in 1995 and was the first multilateral trade agreement to address IP.[36] TRIPS requires all WTO members to protect and enforce IP rights in a way that promotes innovation and the dissemination of technology. The agreement includes specific enforcement mechanisms, remedies, and dispute resolution processes countries must use for copyright. TRIPS also includes an enforcement mechanism for holding countries accountable for violations of the agreement via the WTO’s dispute settlement procedures.[37] The United States also uses its trade agreements with other nations to advance IP rights through trade.[38]

Additionally, the United States actively participates in the Council of Europe’s adoption of the Budapest Convention on Cybercrime, the first international treaty that addresses cybercrime. The Budapest Convention provides a common approach for signatories to take regarding cybercrime, including copyright infringement, fraud, child sexual abuse material, hate crimes, and hacking. It also enables signatories to cooperate with one another to investigate and prosecute cybercrime. The treaty was opened for signing in 2001 and went into effect in 2004. To date, 68 countries have signed and ratified the treaty, including the United States.[39]

Leading on international digital policy efforts enables the United States to spread values of democracy and innovation beyond its borders. It also helps the country maintain its competitive edge in IT. For example, advancing global IP rights allows American companies to compete in international markets where they might otherwise have to compete with counterfeit and pirated goods and services.

A Multistakeholder Approach

The final hallmark of America’s early approach to digital policy was a multistakeholder approach that encourages cooperation and consensus-building between academic researchers, nonprofits, businesses, and government when setting standards and making policy for the Internet. The U.S. government has encouraged a multistakeholder approach, even when doing so involved giving up some of its own direct control over the Internet, to build a more inclusive and transparent governance process.

While the details of digital policy can vary from country to country, there are key issues that require standardization for the Internet to function. One of these issues is the matter of Internet Protocol (IP) addresses and domain names. An IP address is a unique string of numbers that identifies each device connected to a network, enabling devices to communicate with each other. Meanwhile, a domain name is a unique string of text that corresponds to a website. For example, itif.org is the domain name that corresponds to ITIF’s website.

The Internet Assigned Numbers Authority (IANA), officially established in 1988 but informally existing since the 1970s, oversees IP address allocation and domain names, among other necessary functions. Originally this task fell to one man, “numbering czar” Jon Postel, a computer scientist and researcher at the University of Southern California. But as the Internet grew, the Department of Commerce recognized the need for a new organization.[40]

In 1998, the National Telecommunications and Information Administration (NTIA) issued a proposed rule on “Improvement of Technical Management of Internet Names and Addresses,” informally known as the “Green Paper.”[41] As a result, the Internet Corporation for Assigned Names and Numbers (ICANN) was incorporated in California as a nonprofit and took over IANA’s functions, handling issues such as cybersquatting—the practice of registering domain names with the intent of profiting off someone else’s trademark—and conflicts over domain names.[42]

Since 2009, the U.S. Department of Commerce no longer supervises ICANN.[43] Today, ICANN’s board of directors includes members from around the world and its governmental advisory committee has representatives from 181 governments, including the United States.[44]

A similar example of the United States promoting a multistakeholder approach is the Internet Engineering Task Force (IETF). The organization, founded in 1986, makes voluntary standards for Internet users, network operators, and equipment vendors, including the technical standards for the communication protocols used in the Internet. This standards-setting process involves IETF producing requests for comments (RFCs) and turning those RFCs into standards, with participation from researchers and implementation by software developers, hardware manufacturers, and network operators.[45]

The New Status Quo

Despite successfully establishing its digital policy leadership in the 1990s and early 2000s with pro-innovation policies, an active role in multilateral forums, and a multistakeholder approach, the United States has faltered in recent years, due in part to a lack of interest in digital policy and rising antitech sentiment. Meanwhile, other countries have stepped in to fill the void, either by spreading their own global influence on digital policy or turning inward and taking a nationalist approach. This new dynamic threatens American and democratic values and U.S. competitiveness.

American Leadership Failures

U.S. digital policy leadership has been declining over the past two decades, which have been marked by multiple failures from recent administrations and Congress. In particular, growing partisanship, antitech sentiment, and lack of interest have stalled progress on digital policy in the United States, creating a vacuum of power the EU has begun to fill with policies that fail to prioritize innovation and China has taken advantage of to increase its influence.

America’s digital policy woes started at the top. After the Clinton administration’s strong focus on technology, subsequent administrations largely failed to follow up. Early on in the George W. Bush administration, digital policy issues took a backseat following the events of September 11, 2001, which shifted the government’s focus to the wars in Afghanistan and Iraq and the global war on terror.[46]

President Obama gained a reputation as a tech-savvy president, taking advantage of social media to expand his bully pulpit to a new medium. His administration saw some digital policy successes as the Federal Communications Commission (FCC) developed its National Broadband Plan to expand Americans’ access to high-speed Internet and, later, established guidelines for 5G.[47] But the White House pressured then-FCC chairman Tom Wheeler to take a vastly over-regulatory approach to net neutrality that was not needed and only incited partisan bickering.[48]

The FCC net neutrality regulations passed during the Obama administration were rightly scrapped during the Trump administration. But this regulatory back and forth created uncertainty for businesses and highlighted the need for net neutrality legislation, which still does not exist.[49] President Trump withdrew from the Trans-Pacific Partnership (TPP), a trade agreement President Obama spearheaded between 12 trans-Pacific countries that, among other benefits, would have protected global data flows by prohibiting data localization policies that confine data to within a country’s borders.[50]

Finally, President Biden’s digital policy has reflected the current techlash, calling on Republicans and Democrats to unite against “Big Tech” in a Wall Street Journal op-ed calling for federal privacy legislation, changes to Section 230, and stronger enforcement of antitrust law.[51] This size-based approach to regulation fails to recognize that harm can occur on any online service of any size. Moreover, large tech companies benefit the U.S. economy by creating exports, innovation, and high-wage jobs with good benefits.[52]

The Biden administration also launched the Declaration for the Future of the Internet, a nonbinding statement signed by 61 countries, including the United States and all EU member states. The goal of the statement is to promote universal Internet access, data privacy and security, fair economic competition, secure and interoperable digital infrastructure, freedom of expression, and sustainability.[53] However, the signatory countries are unlikely to reach an agreement on all these issues—and if they do, they may end up letting the strongest regulator (the EU) impose its regime on everyone else, which would essentially mean exporting European overregulation around the world.[54]

Outside the White House, and particularly in recent years, increased partisanship within the Federal Trade Commission (FTC) has blocked progress on digital policy and other issues.[55] Antitech sentiment has also taken hold within the agency. FTC’s chair, Lina Khan—nominated by President Biden in 2021—has long expressed criticism of Big Tech companies such as Apple, Amazon, Meta, and Google.[56] Under Khan, FTC has taken a new, populist approach to antitrust, particularly targeting Big Tech companies, that fails to prioritize consumers and innovation.[57]

At the same time, when more moderate voices in the administration attempt to push back against egregious EU actions in order to protect U.S. firms and workers, they are kept on a short leash and criticized. This was the case when seven progressive members of Congress criticized Secretary of Commerce Gina Raimondo’s efforts to negotiate new digital trade rules in the Indo Pacific Economic Framework that would extend nondiscrimination principles, which prohibit countries from enacting policies that purposely discriminate against a firm from another country, to digital commerce. The members argued that these nondiscrimination provisions would undermine progressive competition and antitrust goals.[58] This argument amounts to sacrificing global market share for U.S. tech firms—which improves the U.S. trade balance, spurs growth, and supports good jobs—in the name of attacking large American firms.[59] The U.S. government also failed to release an official position on the EU’s AI Act, instead only circulating an “unofficial” position to European government officials pushing for changes to the proposed legislation.[60]

Congress has also dropped the ball on spectrum policy in recent years. America used to lead the world as the first to auction spectrum licenses, which drove the development of the wireless economy. However, American leadership in this area is now at risk. In 2023, Congress let the FCC’s auction authority lapse and failed to create incentives to repurpose federal spectrum for more productive commercial uses. If Congress does not reinstate the FCC’s auction authority, it could reduce America’s access to next-generation wireless technologies and applications.[61]

European Overregulation and Regulatory Imperialism

The European approach to digital policy, though marked by some shared values with the United States and other democratic countries, differs from the U.S. approach. The U.S. approach is pro-innovation, marked by minimal regulation, which has enabled U.S. firms to emerge as leaders in the digital space and boosted U.S. economic competitiveness. On the other hand, Europe takes a precautionary approach, marked by overregulation and skepticism of new technology, which limits innovation and growth.[62] Moreover, U.S. policy is based on a tradition of free speech (while the EU restricts some forms of speech that are legal in the United States) and the EU antitrust approach is based on protecting competitors (while the U.S. approach is based on protecting consumers).

No law exemplifies the European approach to digital policy better than the EU’s General Data Protection Regulation (GDPR), adopted in 2016 and implemented in 2018. The GDPR is a comprehensive data privacy law touted by the EU as “the toughest privacy and security law in the world.”[63] It applies to data controllers and processors either established in the EU or that process Europeans’ personal data and enshrines certain rights of users and responsibilities of data controllers and processors.

Notable rights in the GDPR include the right of users to access, port, delete, or rectify their personal data. Responsibilities of data controllers and processors include retaining data protection officers, completing impact assessments, obtaining opt-in consent from users to process their personal data, and notifying users when their data is compromised. The GDPR also mandates transparency in data collection practices, data minimization (collecting no more data than is necessary to meet specific needs), purpose specification (disclosing the purpose of data collection to users and only using data for those purposes), and privacy by design.[64]

Several of the GDPR’s provisions impose high costs on data controllers and processors and even translate to high costs to the EU economy in the form of less productivity and innovation. For example, obtaining opt-in consent from users is significantly costlier than providing users the ability to opt-out and results in far fewer users giving their consent, which leads to less data and therefore fewer beneficial uses of data.[65] Less data also reduces the effectiveness of targeted advertising, an important source of revenue for many businesses.[66]

Additionally, data minimization and purpose specification limit beneficial uses of data. Data minimization limits organizations’ ability to analyze data in the development of new products and services, and purpose specification restricts organizations from reusing collected data for new purposes or applying data analytics to collected data. Both of these provisions limit the potential for future innovation.

Evidence about the effects of the GDPR following its implementation demonstrates the economic consequences of European overregulation. A 2019 report by ITIF’s Center for Data Innovation finds that, in its first year, the GDPR negatively affected the EU economy and businesses, drained company resources, hurt European tech start-ups, reduced competition in digital advertising, strained regulatory resources, negatively impacted users’ online access, presented difficult or impossible implementation and compliance challenges for businesses or entire countries, and failed at its objective of increasing consumer trust.[67]

The GDPR has also inflicted major harm on businesses and consumers in non-EU countries, including the United States. Researchers from the University of Oxford found in 2022, from a sample of companies across 61 countries and 34 industries, that firms affected by GDPR experienced an 8 percent reduction of profits and 2 percent reduction of sales after enforcement of the law began. Notably, small firms—those with fewer than 500 employees—saw a greater reduction in profits and sales than did larger firms, though firms of all sizes suffered.[68] According to the National Bureau of Economic Research, the GDPR also led to a reduction of innovative apps by over one-third, while the entry of new apps fell by one-half.[69]

Additionally, the European Court of Justice decided in July 2020 in Schrems II that the EU-U.S. Privacy Shield—a transatlantic legal framework for data protection that made it easier for organizations to manage and transfer data in a way that complied with the GDPR—was not sufficient to protect Europeans’ personal data.[70] The demise of the Privacy Shield affected more than 5,000 firms in the United States and Europe.[71]

Despite these consequences, the EU has continued its precautionary approach with more recent legislation. It adopted the Digital Services Act package, including the Digital Services Act (DSA) and Digital Markets Act (DMA), in 2022, with covered entities required to comply by 2024. The DSA replaces and updates the E-Commerce Directive (2000) governing online intermediary liability, while the DMA is meant to increase competition in digital markets and governs “gatekeepers,” certain large online platforms that serve as intermediaries between users and businesses.[72]

The E-Commerce Directive protected online services from intermediary liability if they provided caching or hosting services or acted as “mere conduits” of information, meaning they did not create or modify the information or select its recipient.[73] The DSA contains similar wording but adds a number of other obligations for online services. Namely, it requires online services to take measures to counter illegal content and activity, allow users to challenge content moderation decisions, and provide transparency into algorithms used for recommendations. It also bans advertisements that target children or use certain categories of personal data to target users and creates additional obligations for large online services, including independent audits, risk management, codes of conduct, and giving researchers and authorities access to data.[74]

Meanwhile, the DMA creates obligations for “gatekeepers” related to their treatment of businesses that use the gatekeeper platform to connect with users and consumers who use the gatekeeper platform to connect with businesses. These obligations arbitrarily apply to certain companies and give an unfair advantage to those companies’ competitors—and are therefore likely to deter innovation. Additionally, by providing EU member states with enforcement powers, the DMA also increases regulatory fragmentation in Europe, which makes it difficult for companies to scale across multiple countries.[75]

Moreover, the DSA and DMA disproportionately target American firms, despite being European laws. European regulators singled out 19 platforms as large online services subject to additional obligations in the DSA. Of these 19 platforms, 15 are American, 2 are Chinese, and only 2 are European.[76] American companies are also likely to dominate the ranks of gatekeeper platforms subject to the DMA: platforms with EU turnover of over €7.5 billion in the last three fiscal years or fair market value of at least €75 billion in the last fiscal year, more than 45 million monthly active users in the EU, and more than 10,000 yearly active business users in the EU, along with a few other qualifiers.[77] This is part of a larger trend of Europe unfairly attacking U.S. tech firms while still expecting to retain access to and continue to benefit from the services these firms offer.[78]

As a final example of European overregulation, the AI Act is a proposed regulation that would serve as the EU’s legal framework for AI. It categorizes AI applications into three categories based on risk: those that create an unacceptable risk and are banned, those that are high-risk and are regulated, and those that are low-risk and are unregulated. Applications create an unacceptable risk if they violate fundamental rights or EU values, with specific examples including AI-based social scoring by public authorities and real-time remote biometric identification systems for law enforcement. Applications create a high risk if they would risk the health and safety or fundamental rights of individuals, with specific examples including biometric identification and categorization, management and operation of critical infrastructure, education and vocational training, employment, access to essential services, law enforcement, migration and border control, and administration of justice and democratic processes.[79]

Driven by fears—both founded and unfounded—of AI’s potential impact on society, the AI Act risks deterring research and investment in AI due to the high compliance costs associated with high-risk applications, including conformity assessments, transparency requirements, and post-market monitoring obligations. The AI Act also fails to achieve the EU’s goal of technology-neutral regulation in that it regulates certain AI applications more strictly than other technologies that could create similar risks. A truly technology-neutral approach would focus on the novel risks posed by AI.[80]

Proponents of the European approach to digital policy call it “values based,” and compare it favorably to the U.S. approach, which they see as driven by corporate interests and greed.[81] But the U.S. approach is equally based on values, though not necessarily the same ones. The United States more highly values innovation, progress, and growth, and this is reflected in its approach to digital policy.

If the European approach were as effective as proponents claim, the EU would not need to unfairly target U.S. tech firms with its laws, in effect punishing the United States for the success of its pro-innovation approach. By comparison, Europe has failed to produce world-leading digital firms and has lost market share, especially to China.[82] Clearly the United States is more effective at producing innovative, globally competitive firms, and the EU would do better to emulate the U.S. approach rather than double down on overregulation, which will only continue to undermine European competitiveness.

Unfortunately, despite its flaws, the European approach has had an outsize influence on other countries, a phenomenon known as the “Brussels effect.” This is in part due to a lack of American action and leadership on digital policy in recent years, but also due to the EU’s extraterritorial regulation, exemplified by the GDPR, DSA, and DMA.[83]

The GDPR is a prime example of this process. Not only does the GDPR apply to many non-EU data controllers and processors—effectively giving the EU the power to regulate non-EU companies—but since its adoption, it has also influenced many non-EU jurisdictions’ privacy laws. Notably, the California Consumer Privacy Act (CCPA), the first state-level comprehensive data privacy law passed in the United States, drew inspiration from the GDPR. In turn, since its passage in 2018, the CCPA has inspired other state-level privacy laws in the United States.

Via the Brussels effect, the EU has taken a global lead on certain digital policy issues, exporting its precautionary approach outside its borders, including to the United States. If America does not step back up to its role as a digital policy leader to advance a pro-innovation agenda, it will continue to lose its competitive edge, which is crucial not only for U.S. economic growth but also for balancing against the growing Chinese influence. Stepping up does not mean mimicking European-style regulations, but rather promoting and defending the type of light-touch digital regulations that have led to many of America’s economic successes in the digital economy.

Rise of Digital Protectionism

In the Internet’s early days, its more idealistic proponents believed that the Internet would break down national barriers by facilitating worldwide communication and the spread of information. The Internet has certainly revolutionized society in many positive ways, but national barriers remain as relevant as ever, and countries have asserted those barriers in the digital space as much as they do in the physical realm, including by establishing and enforcing policies that restrict digital free trade and cross-border data flows.

Many of these policies fall under the category of data localization. Data localization policies include restricting the transfer of certain types of data outside a country’s borders, restricting the transfer of broad categories of data deemed “sensitive,” and de facto localization policies that make data transfers so cumbersome that firms have no real option but to store data locally. These policies are increasingly popular. According to ITIF research, 62 countries had implemented data localization policies in 2021, compared with 35 in 2017.[84]

This recent trend toward economic nationalism threatens innovation and economic growth worldwide. The digital economy depends on the free flow of data, and given the increasing importance of the digital economy to countries’ overall economic well-being, it is no surprise that restricting data flows has an overall negative impact on a country’s economy, including by reducing the volume of trade, lowering productivity, and increasing prices for industries that rely on data.[85]

Despite the costs, countries have multiple justifications for their digital protectionism. Some cite data privacy and security concerns and the need for law enforcement and regulatory oversight of data.[86] Others are more open about their protectionism, albeit using different terms. For example, European officials call for “digital sovereignty,” or “taking back control” from foreign (usually U.S.-based) firms and trading partners, similar to the EU’s justification for its regulations, such as the DSA and DMA, that disproportionately target American firms.[87] Developing countries frame the issue in a similar way, portraying data localization policies as fighting against “digital colonialism” by the United States.[88]

Unsurprisingly, authoritarian countries are frequently among the top offenders when it comes to data localization, as requiring foreign firms to store data locally allows for greater censorship and surveillance. China and Russia both have numerous local data storage requirements.[89] Unfortunately, these and other authoritarian countries are far from the only offenders. Multiple democratic nations have their own data localization laws dating back at least a decade. Australia prohibited the overseas storage of electronic health records in 2013, Germany included local data storage requirements in a 2016 telecommunications law, and India’s central bank enacted data localization requirements for payment data in 2018, to name a few.[90]

Other forms of digital protectionism and “innovation mercantilism”—the strategy of using protectionist policies to expand domestic production and exports of high-tech goods and services—take the form of local content requirements or mandates that a certain percentage of goods and services sold in a country be produced with local content. Such requirements exist in Russia (for pharmaceutical production), Uruguay (for wind farms), and Nigeria (for information, communications, and technology products), to name a few.[91]

Local content requirements may boost affected domestic industries in the short term, but they come with multiple long-term detrimental effects. Most obviously, they ensure that consumers predominately have access to lower-quality goods and services. If an industry produced high-quality goods and services, it would not require protectionist intervention. Local content requirements instead give an unfair advantage to domestic industries that would otherwise fail to compete with higher-quality foreign goods and services.

Beyond the immediate effect on consumers, local content requirements create and exacerbate inefficiencies in the affected industries because domestic firms have little incentive to innovate in order to outperform their foreign competitors. Local content requirements are also detrimental to unaffected sectors of the economy. Research from the Organization for Economic Co-operation and Development (OECD) finds that countries with local content requirements experience a decrease in exports from nonaffected sectors as the country’s economic activity becomes increasingly concentrated on the affected industries.[92]

Some countries, including the United States, have enacted government procurement policies that favor goods and services produced domestically. Proponents of this “Buy American”—or “Buy European,” or whatever the case may be—approach often cite national security concerns, boosting competitiveness of a domestic industry, job creation, or a combination of the three as their justification. But in some cases, these policies are based on flawed analysis and would not produce their desired results. For example, the Build America Buy America Act, part of the 2021 Infrastructure Investment and Jobs Act, may require the federal government to maximize its use of domestically produced information technology (IT) in infrastructure projects. This is likely to raise costs and reduce infrastructure build, which would run contrary to the law’s purpose.[93]

Finally, some countries enact digital protectionist policies under the guise of trying to revive struggling industries. These frequently take the form of “tech pays” proposals, which require major tech companies—once again, disproportionately U.S.-based firms—to pay for news content, entertainment media, or broadband.

Proposals to make news aggregators pay publishers for content typically target Google News and Facebook. Such proposals, which have cropped up in Belgium, Germany, Spain, France, Australia, and Canada with mixed results, stem from concerns over the decline of local journalism and failure of some publishers to adapt to changes in how news is delivered and consumed in the Internet age. However, the truth is news aggregators drive traffic to publishers in ways that were previously impossible. This leads to more clicks on news stories and more advertising and subscription revenue for publishers. On the flip side, many attempts to force news aggregators to pay for content has resulted in aggregators limiting or removing news content in those countries, less traffic and revenue to publishers, and decreased access to news for residents of those countries.[94]

Similarly, Canada passed a law in 2023, the Online Streaming Act, that will require streaming services such as Netflix, Disney+, and Spotify to pay for and promote Canadian content. The law is designed to bolster Canada’s creative industries—and once again, American companies must foot the bill.[95] Australia also has announced plans to impose local content quotas on international streaming services starting in 2024 as part of the government’s five-year “Revive” National Cultural Policy.[96]

Finally, telecom companies in multiple jurisdictions, including the EU and South Korea, have pushed for tech pays proposals for broadband. Such a framework would force large digital firms such as Google, Netflix, Meta, Apple, Amazon, and Microsoft—all American companies—to pay fees toward telecom infrastructure in order to fund 5G and fiber networks. The justification behind these proposed fees is that these companies generate a large amount of Internet traffic.[97] But ultimately these fees are likely to be passed onto consumers. Otherwise, if companies foot the bills, the quality of their services is likely to decline.

These examples prove that few, if any, countries are innocent of digital protectionism and innovation mercantilism. However, China is by far the most flagrant and frequent offender. As of 2021, China had the most regulations on data—including data localization and de facto localization policies—of any country in the world, according to ITIF research. In fact, with 29 regulations, China had more than twice as many regulations as India, in second place with 12.[98] China also imposes local content requirements on government procurement, in violation of the WTO’s Agreement on Government Procurement (GPA), although China is not a party to, and therefore not currently bound by, the GPA.[99]

Innovation mercantilism is a hallmark of Chinese digital policy. The Chinese government limits foreign firms’ access to the Chinese market and thus their global market share. Meanwhile, Chinese firms benefit from tax incentives, subsidies, low-cost financing, forced technology transfers, and IP theft. This dynamic impacts not only countries with otherwise successful firms that compete with Chinese firms but also the global economy as less innovative Chinese firms unfairly outcompete more innovative foreign firms, leading to less global innovation.[100]

The global trend of digital protectionism, and particularly China’s innovation mercantilism, represents a growing threat to innovation, free trade, and U.S. competitiveness. This trend is likely to continue without a strong response from the United States and its allies, including a commitment to digital free trade and pressure for China to abide by the global, rules-based trading system.

Democracy Under Threat

Just as the United States has been able to leverage its digital policy leadership to spread American and democratic values, authoritarian countries have turned to digital policy as a means of achieving their ends. As many democratic nations have turned away from global cooperation and toward digital protectionism in their digital policy, China and Russia have exerted more control over their respective spheres of influence. Meanwhile, the United States and its allies have neglected to properly respond to this growing threat.

The Western democratic approach to digital policy prioritizes free speech, personal privacy, and individual freedom online. But China and Russia have taken the opposite approach: digital authoritarianism, which is marked by censorship, surveillance, and state control.

Western media often exaggerates the sophistication and extent of China’s surveillance. Much of this misinformation centers around an alleged social credit system in China that gathers data about citizens’ behavior from mass surveillance, collects and ranks that information using AI algorithms, and assigns each citizen a social score that determines their place in society, with rewards for high scores and punishments for low scores. However, the reality of social credit in China is that the system is far more disorganized, less widespread, and lower tech than its portrayal in Western media.[101]

The myth of China’s social credit system obscures the reality of surveillance in the country. Much of this surveillance takes place in the Chinese province of Xinjiang, where the government holds up to 1 million of the ethnic Uyghur people in “political reeducation” camps. Human Rights Watch reverse-engineered an app the police and other officials in Xinjiang use to collect residents’ personal information, report on “suspicious” activities, and investigate people flagged as “problematic,” with examples of activities deemed suspicious including use of virtual private networks (VPNs) or encrypted online services, engaging in Islamic religious activities, and any activity that deviates from an individual’s normal behavior. The Chinese government justifies this surveillance as a means to combat extremism and terrorism.[102]

The Chinese government also heavily censors the Internet within its borders, blocking access to many websites, including Facebook, Twitter, and Instagram.[103] In the first quarter of 2023, the Cyberspace Administration of China, the country’s Internet regulator, shut down 4,200 websites, removed 55 apps from app stores, and ordered the administrators of 2,200 websites to rectify their content for offenses such as providing unauthorized news content and failing to stop the spread of “harmful content.” The government also deletes individual accounts that spread misinformation or politically liberal ideology, and has blocked many VPNs that would allow Chinese residents to access banned content. Collectively, these government actions make up the country’s “Great Firewall,” which sections off the Chinese Internet from the global Internet.[104]

Russia engages in similar censorship with an Internet blacklist created in 2012 that allows Roskomnadzor, the country’s media regulator, to block any website for any reason, without oversight. The list includes independent news sites and websites run by political opposition leaders. Meanwhile, Russian antiterrorist law requires IT companies to retain copies of all user communications for six months and communications metadata for three years, and companies must turn this data over to the authorities upon request. Like China, Russia also restricts residents’ access to VPNs.[105]

Both China and Russia prop up domestic tech companies that are willing to accede to government surveillance and censorship, replacing the foreign online services that are popular in other countries. Russia refers to this strategy as establishing a “sovereign Russian Internet.”[106] The Chinese and Russian approach present attractive models for other authoritarian regimes, which could lead to a global rise in digital authoritarianism, especially without a strong, unified response from the United States and its allies.

Restoring American Leadership

In the face of European overregulation, rising digital protectionism, and digital threats to democracy, it is more important than ever for the United States to step back up as a global digital policy leader. From a leadership position, the United States can promote a pro-innovation, pro-democracy, and pro-free trade agenda. A few of the United States’ more recent efforts demonstrate that America is still capable of stepping up if it makes global digital policy leadership a top government priority and engages with its allies.

Recent Efforts

The 21st century has not been solely marked by American digital policy leadership failures. A few key policies from the past two decades demonstrate that the United States is still capable of acting as a global leader on digital policy if it maintains a pro-innovation approach and commitment to international and multistakeholder cooperation.

One area where the United States has led is on 5G development and deployment. Toward the end of the Obama administration in 2016, the FCC adopted guidelines for the development of 5G, the fifth generation of wireless cellular technology and the successor to 4G. These guidelines opened up spectrum for 5G networks, making the United States the first country to do so.[107] Under Chairman Ajit Pai, who served from 2017 to 2021, the FCC pursued a strategy of allocating additional spectrum for 5G, updating infrastructure policy, and modernizing regulations to encourage investment in 5G, called the 5G FAST Plan.[108]

The FCC established its 5G Fund for Rural America in 2020, making $9 billion available to make 5G wireless service available in rural areas.[109] Additionally, Congress passed and the FCC implemented the Secure and Trusted Communications Network Act of 2019, which aims to ensure supply chain integrity by establishing a $1.9 billion reimbursement program tor telecom carriers with 10 million or fewer subscribers to “rip and replace” equipment from suppliers that pose “unacceptable risk” to U.S. national security, including Chinese companies Huawei and ZTE.[110]

A second recent digital policy success came out of Congress in 2022: the CHIPS and Science Act. In an effort to strengthen American manufacturing, create jobs, bolster supply chains, and compete with China, the Act provides $76 billion in funding for U.S. semiconductor research and development, manufacturing, and investment. It also provides $81 billion for the National Science Foundation (NSF) over five years for scientific research and STEM (science, technology, engineering, and mathematics) education, nearly $10 billion for NIST for manufacturing, an increase in funding for the Department of Energy, and $10 billion over five years for 20 geographically distributed regional technology and innovation hubs. Additionally, the Act created 25 percent investment tax credits for manufacturing semiconductors and related equipment.[111]

The CHIPS and Science Act spurred an immediate increase in investment in the semiconductor industry. By December 2022, just months after the Act was signed into law, companies had announced more than 50 new semiconductor ecosystem projects in the United States, over $210 billion in private investments in 20 states, and 44,000 new jobs.[112]

Finally, a major forthcoming success for American digital policy leadership will be the Global Cross-Border Privacy Rules (CBPR). The Global CBPR borrows from Asia-Pacific Economic Cooperation’s (APEC’s) CBPR system, a government-backed privacy certification developed by APEC’s 21 member countries. The system enables the free flow of data between participating countries—currently Australia, Canada, Japan, South Korea, Mexico, the Philippines, Singapore, Taiwan, and the United States—as those governments have a guarantee that data from CBPR-certified companies complies with international data privacy standards.[113] Though China endorsed the system in 2011, it has never joined.[114]

Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States came together in 2022 to establish the Global CBPR Forum, which will develop a certification system similar to APEC’s CBPR, periodically review members’ privacy standards, and foster cross-border data flows and interoperability.[115] The Global CBPR regime represents a more realistic data transfer mechanism for countries from around the world to sign up to, as opposed to the EU’s top-down drive for harmonization with the GDPR.

The federal government needs to build on these modest successes and turbocharge its pro-innovation digital policy engagement.

Recommendations

Restoring U.S. global leadership on digital policy requires leveraging America’s strengths, strengthening America’s alliances, and maintaining America’s pro-innovation approach. There are a number of actions the federal government can take to correct past leadership failures and respond to the threats of overregulation, digital protectionism, and the authoritarian influence of China and Russia.

▪ The White House should make U.S. global leadership on digital policy a top priority, expanding on the Biden administration’s stated mission to restore America’s global standing and setting the tone for the rest of the federal government.[116] In doing so, the White House should reject the heavy-handed European approach to digital policy and make it clear that the American approach of light-touch regulation and targeted pro-innovation policies is more beneficial for consumers, businesses, and the economy.

▪ The administration should push back against digital narratives and policies that hurt U.S. businesses and workers, including from allies such as the EU. For example, the administration should add European “digital sovereignty” via data localization and the DSA’s and the DMA’s disproportionate targeting of U.S. firms to its current and future trade discussions with the EU and its member states. Ultimately, if the EU persists in restricting U.S. firms from processing data about Europeans, the U.S. government should respond in kind by creating a reciprocal policy regarding Americans’ data held by EU companies. The administration should commit to taking public positions on influential foreign legislative proposals that would hurt U.S. companies and consumers, including the EU AI Act, Canada’s Online News Act, and the United Kingdom’s Online Safety Bill.

▪ The U.S. government should establish forums for multistakeholder participation on digital policy issues, particularly among democratic nations that share many of the same values. For example, one such forum should develop a set of voluntary, consensus-based guidelines for social media companies to follow when moderating online political speech.[117]

▪ The U.S. government should continue to cooperate with its allies against digital authoritarianism and should seek out additional opportunities to do so. Specifically, the United States and its allies should work together to combat China’s and Russia’s efforts to expand their influence in the digital sphere and exert more control over other countries’ digital policy decisions in ways that run counter to U.S. and democratic values.

▪ The State Department should lead on a global narrative arguing why the United States’ pro-innovation approach to digital policy is best for countries hoping to thrive in the digital economy and compete with China. This narrative should include debunking the “harm gap” between EU and U.S. approaches—the argument that the EU’s “values based” approach is significantly more effective than the U.S. approach at protecting consumers from online harm. There is indeed a “third way” between Chinese digital authoritarianism and European statist regulation and the U.S. government needs to actively educate other nations on this reality.

▪ The State Department should push back against the UNCTAD narrative that developing countries are victims of foreign firms, and therefore they are justified to enact protectionist measures, including data localization, to protect their interests in the digital economy.[118] This should include much more engagement by the U.S. government and other groups such as think tanks in UN-related forums to counter this anti-American narrative and explain why digital innovation in higher-income nations is key to driving development in lower-income nations.

▪ The State Department should stop funding organizations that misleadingly paint U.S. digital policy and performance in a bad light, including the advocacy group Freedom House’s annual Freedom on the Net report, which takes a highly subjective, ideological approach to analyzing Internet freedom.[119]

▪ The State Department should identify and work with a group of small to mid-sized countries that want to increase their competitiveness in the global digital economy and become digital leaders, such as Estonia, Slovenia, and the Kyrgyz Republic. These and other countries are desperate for guidance and support on how to drive digital innovation in their nations. The United States should fill that role. The goal of cooperation should be to advance a pro-innovation, pro-democracy approach to digital policy and champion it on a global stage.

▪ ITA should expand its Digital Attaché Program, a network of digital trade officers in U.S. embassies currently in 16 markets who help U.S. firms increase their global online market access and navigate regulatory and digital policy challenges.[120] It should also expand the program into new markets in order to continue promoting U.S. firms’ global competitiveness.

▪ USTR should push for more countries to sign onto the ITA, a WTO agreement with 82 signatory countries that have agreed to fully eliminate tariffs on hundreds of IT products. Joining the ITA generates positive economic growth in developing countries and signals to the global community that these countries are open for trade and investment.[121]

▪ USTR should collaborate with America’s allies on agreements and initiatives that facilitate cross-border data flows, such as the renegotiated EU-U.S. Data Privacy Framework that replaced Privacy Shield.[122] These types of frameworks make it easier for organizations to manage and transfer data across borders and thus benefit the digital economy.

▪ ITC should develop a strategy to define digital protectionist actions by foreign countries, investigate these actions, and take action against offenders when appropriate. The Department of Commerce and USTR should simultaneously enact policies that advance digital free trade.

▪ NIST should take on a greater global leadership role when it comes to setting voluntary standards and best practices for businesses. It should begin by leveraging its Cybersecurity Framework and AI Risk Management Framework as examples of robust technical standards companies from all countries benefit from following.[123]

▪ Congress and the Department of Justice should lead on addressing concrete online harms domestically to protect businesses and consumers and set an international example. Congress should outlaw nonconsensual or revenge pornography and establish both a uniform federal standard for data breach notification and a clear regulator for cryptocurrencies and nonfungible tokens (NFTs).[124] Meanwhile, the Department of Justice should continue to pursue perpetrators of cyber and intellectual property crime.

▪ Congress should maintain the pro-innovation approach to regulating digital policy issues that paved the way for American global leadership in the 1990s. This should include preserving the strong online intermediary protections in Section 230, passing comprehensive data privacy legislation that preempts state laws while promoting digital innovation, and keeping consumer welfare at the heart of antitrust jurisprudence.

Endnotes