In April, the Austrian government announced that in the near future (2020) they will introduce a so-called "digital anonymity ban". The new law - "Diligence and Responsibility on the Web" - will mandate that to post a comment on the internet users will have to provide their first name, last name and address to platform operators.
“The legal requirements that are valid in the analog world must also be valid in the digital world” Media Minister Gernot Blümel (ÖVP) said.
V/I asked four young experts from the V4 if this move was a step in the right direction? Do we have the right to know whether we are dealing with a real person or a bot? How important is transparency in such matters?
Małgorzata Fraser – digital privacy analyst and educator, technology journalist
It remains unclear if the Austrian concept is compliant with European Union law. The European Court of Justice in 2016 said (through the paired rulings of C-203/15 and C-698/15) that the member states cannot impose a general obligation of data retention on telecommunication providers and operators (and this is the case in Blumel’s proposal).
Citizens’ ability to remain anonymous on the web is critically important for maintaining a healthy democratic society, for preserving democracy itself.
Whistleblowers that use the internet would not be able to act under the pressure of institutional or governmental surveillance. The freezing effect on media, NGOs and other actors devoted to keeping the balance of powers in the right place is inevitable if such ideas are to be entertained.
Botond Felady – lawyer, foreign policy expert and commentator
This is a real dilemma: it is possible in principle to extend the use of MAC-address like solutions for natural persons or their electronic belongings, which would mean a personal unique ID for each hardware item linked to an individual.
It could be also possible that an IT tool which has online access shall be first registered with biometric national IDs. That would completely take away the anonymity of the internet.
Here the old narrative of the “Wild West” internet clashes strongly with a regulated and transparent internet.
It is difficult to weigh the impacts on the long term: could such regulations force the empowerment of the dark net? Or will biometric identification be unavoidable? How can we assure the safety of digital identities as much as we do with plastic ID cards and paper passports?
Maria Staszkiewicz – digital economy expert, CEO of the Czech Fintech Association
Wherever possible and leading to the same result, it should be a rule of a thumb that what applies in the physical world should also be relevant to the digital one.
First, we need to know whether our interlocutor is a human or a computer program. Ethics guidelines for trustworthy artificial intelligence recently presented by the EU High-Level Expert Group on AI, put it as one of their seven rules: “AI systems and their decisions should be explained in a manner adapted to the stakeholder concerned. Humans need to be aware that they are interacting with an AI system, and must be informed of the system’s capabilities and limitations.”
Problems begin however at the implementation level when the physical world has to link the virtual one in the process of user identification and authorisation. One cannot require a digital platform or an internet service provider to physically identify each one of their consumers. There are of course various online identity services, some of which already make online onboarding a frictionless experience thanks to e.g. biometric recognition.
Financial services could provide some regulatory insights into the debate, as there already exists rules created to limit money laundering and the financing of terrorism.
This work should be continued; however, it does not lead to the conclusion that everyone should have the right to know everyone on the internet. On the contrary, concepts such as self-sovereign identity have to be put in practice with tools such as distributed ledger technologies. The idea is that the user is central to the administration of their identity features (from age, medical condition to preferences and experiences) and only proves to the controller that they meet a specific criteria (majority, qualification). This strengthens privacy and security in the digital world.
Dávid Tvrdoň – product manager for online news & technology correspondent at SME.sk
The Austrian “digital anonymity ban” is an exact example of what happens when laws for the digital world are being made without thinking of side-effects and without much consultation with digital experts.
The official spin sounds good, though we have to look beyond appearances. Any law that transfers such a major burden to companies and digital platforms is at best dubious. Also, it goes against the main thesis of the law submitters – valid legal requirements both for analog and digital world.
In the real (analog) world, companies and service operators rely on a government issued ID, no one told them to figure out a validation process. This whole debate comes at the time when politicians are looking to score easy points with legislation on digital rights and at the same time not understanding the dynamics of the web. It is easy to break things with sloppy laws, it’s much harder to come up with legislation that has the user’s rights, privacy and security in the forefront.
The article was compiled and edited by Gabriela Rogowska.
This questionnaire is part of the #DemocraCE project organised by Visegrad/Insight.