A Study of the European Union’s Path for Constructing Digital Governance Rules and the Logical Implications of the Path

Yan Guang

Shanghai Institute of American Studies

Tian Hongyu＊

Shanghai Academy of Social Sciences

Abstract: The European Union (EU) seeks to build a Europe fit for the digital age. For this purpose, the EU has accelerated the process of catching up with digital technology and issued a number of legal and regulatory documents to establish a digital governance rule regime with EU characteristics. This paper analyzes the EU’s path towards the construction of digital governance rules. This path is composed of three aspects, i.e., strict digital supervision, differentiation of the free market, and multi-stakeholder governance. This three-step path has intrinsic logical implications. That is, strict digital supervision is applied to defend the EU’s unified market and values; differentiation of the free market takes the principle of adequate protection as the core to make the EU an exporter of rules; multi-stakeholder governance brings multiple stakeholders together in the governance to deal with the ethical anomie that arises during the use of big data. By setting up a series of digital governance rules, the EU seeks to achieve rule dominance to gain regulatory power for global digital governance. However, due to multiple constraints, there is a long way to go, and there are obstacles in the way.

Keywords: the European Union; digital governance; rule construction; path investigation; logical implications

With the rapid development of digital technologies such as artificial intelligence and cloud computing, new business forms such as the digital economy have emerged one after another. On the one hand, the digital economy and digital technology, which are centered on data (a new production factor), have brought enormous economic benefits and technological innovations. According to statistics from the United Nations Conference on Trade and Development (UNCTAD), the export of digitally delivered services reached USD2.9 trillion in 2018, accounting for 50 percent of global service exports (UNCTAD, 2020). On the other hand, various issues such as the digital divide and network security have become increasingly prominent, making digital governance one of the critical issues of concern to the international community. At present, the United States (US) and China jointly present a dual dominance in technology and the market. In 2018, China and the US together accounted for 75 percent of global blockchain patents, 50 percent of the spending of the global Internet of Things, more than 75 percent of the global public cloud computing market, and 90 percent of the market capitalization of the 70 largest digital platforms in the world. Seven unicorncompany digital platforms, i.e., Microsoft, Apple, Amazon, Google, Facebook, Tencent, and Alibaba, take up two-thirds of the total market capitalization, while Europe’s market capitalization is only four percent of the total (UNCTAD, 2020). As an important role in today’s world, the European Union (EU) is unwilling to be left behind. In 2019, Ursula von der Leyen, the new President of the European Commission, suggested building a Europe fit for the digital age as one of the EU’s six policy The six policy priorities (Leyen, 2019). So the EU has accelerated the process of catching up with digital technologies. The EU also issued a number of legal and regulatory documents to build a digital governance rule regime with EU characteristics to achieve rule dominance through rule innovation. This paper investigates the EU’s path for constructing digital governance rules and the logical implications of the path. This paper is organized as follows: Section I provides a brief definition for digital governance; Section II analyzes the EU’s three-step path for constructing digital governance rules; Section III provides a general analysis on the logical implications of the three-step path; Section IV elaborates the constraints facing the EU to gain dominance of digital governance rules.

Definition of Digital Governance

Digital governance is a derivative concept in the digital age. This concept first appeared in the seminar entitled “Digital Governance: Digital Archives, Digital Library, and Research Informatization,” which was held in London on October 19, 2001. At present, there is no unified understanding of the concept of digital governance, which directly leads to the misuse and confusion of concepts such as digital governance, digital government, and data governance in some literature. Therefore, clarifying the concept of digital governance is the logical starting point for writing this paper. From the literal meaning of digital governance, “digital” and “governance” have the distinction of being active and being passive. That is, digital governance has dual connotations①Yan Jiahua and Wang Zhanghua believe that the concept of data governance should be defined from the perspectives of governance ideology and governance technology. From the perspective of governance ideology, data governance refers to data-based governance. From the perspective of governance technology, it refers to the governance of data.: governance through digital means and governance of digital objects (Yan & Wang, 2019). However, the current concept of digital governance basically tends to be defined as governance through digital means. Such a definition is becoming more and more mature and convergent. This definition considers digital governance equivalent to electronic governance (e-governance) or digital government.

According to the World Bank, digital governance (d-governance) or e-governance can be defined as the government’s use of information and communication technologies (ICTs) to provide high-quality information and services for citizens, enterprises, voluntary organizations, and other government bodies in an efficient, cost-effective, and convenient way, and achieve transparency and accountability in government operations to strengthen democracy. The United Nations defines it as the use of the Internet and the World Wide Web to provide citizens with government information and services. Digital governance is not simply about simplifying processes and improving services. It is about changing the government and innovating the way citizens participate in democracy. The US government believes that digital governance involves services and processes, including any interaction in government-to-government (G2G), government-to-person (G2P), and government-tobusiness (G2B) models (MSC, 2020). Patrick Dunleavy, a British scholar who first proposed and researched the theory of digital governance, called digital-era governance (DEG) a quasi-paradigm for governments on the Web. He pointed out that the toolkit for public administration reforms has shifted from new public management (NPM) towards DEG. The DEG approach focuses on the use of digital technology to promote the reorganization of the government bodies (do-it-yourself government) and the holism based on citizen demands, the reunification of government services from the client perspective instead of the perspective of business processes (Dunleavy, 2013). John A. O’Looney (2002) argues that the broad definition of digital governance is the application of information technology to government operations in order to strengthen the provisions of public services to citizens and other individuals and organizational consumers served by the government. Hemant Garg (2016) defines digital governance or E-governance can also be defined as the application of electronic means in (a) the interaction between government and citizens and government and businesses, as well as (b) in internal government operations to simplify and improve democratic, government and business aspects of Governance. Professor Han Zhaozhu believes that digital governance, in a broad sense, is not a simple application of ICTs in the field of public affairs, but a social-political organization and activity form related to the organization and utilization means of political and social powers. It refers to the comprehensive governance of economic and social resources, involving a series of activities that influence the government, legislature, and public administration process. In a narrow sense, digital governance refers to a governance model in which information technology is used in the interactions between the government and civil society, and between the government and the economic society represented by enterprises, as well as in the internal operation of the government, to simplify government administration and the processing procedures of public affairs, and improve democracy (Han & Ma, 2016). In a word, if digital governance takes the connotation of governance through digital means, then the government is the only governance subject. Digital technology, and its applications, are governance tools or means. The governance objects are citizens, public sectors, and enterprises, and the governance goal is to improve the quality of government services.

Although some scholars have conducted research from the perspective of governance of digital objects, the definition of digital governance under this perspective is very limited compared to the case of governance through digital means. According to Digital Data Curation Task Force (DDCTF), digital governance, though a relatively new field that is not yet stable, should include three key behaviors, i.e., curation, archiving, and preservation.①Joint Information Systems Committee. JISC Circular 6/03(Revised): An Invitation for Expressions of Interest to Establish a New Digital Curation Centre for Research into and Support of the Curation and Preservation of Digital Data and Publications. http://www.jisc.ac.uk/uploaded_documents/6-03%20Circular.doc.The Digital Curation Center (DCC) defines digital governance in a broad sense as the behaviors of maintaining and adding value to a large amount of credible digital information for current and future use.②Giaretta, D. DCC, Approach to Digital Curation. http://twiki.dcc.rl.ac.uk/bin/view/OLD/DCCApproachToCuration.Lisa Welchman, a pioneer and global expert in digital governance from the US, believes that digital governance is a framework in which accountability, roles, and decision-making powers are established for the digital presences (i.e., websites, mobile websites, social channels, and any other Internet and network-supported products and services) of organizations to clarify the accountability for digital strategies, policies, and standards. An effectively designed and implemented digital governance framework can help simplify digital development and reduce the disputes around digital channel ownership (Welchman, 2015). From the perspective of governance of digital objects, although different sectors or researchers have defined digital governance, their definitions are either too simple or too complicated, which is worthy of discussion. More importantly, none of them provide clear directions for the governance subjects, objects, means, and goals.

Therefore, this paper gives a definition from the perspective of governance of digital objects. That is, digital governance is a sum of various institutional arrangements such as strategies, guidelines, policies, and laws that are adopted by governance subjects to process and protect digital technologies and their products and applications. Data governance is the core of digital governance. Digital governance can be understood from the aspects of governance subjects, objects, means, and goals. First, governance subjects refer to the actors that govern digital objects, including state actors, substate actors, and supranational actors. Such actors can be international organizations, countries, and their functional departments and enterprises. Governance objects are the objects governed by the subjects, including digital technology and its applications. For example, the facial recognition system, which was developed based on big data and artificial intelligence technology, has been widely applied to everyday life. Governance means refer to the use of a series of regulatory methods such as policies and laws by governance subjects to regulate the operations of objects. Governance goals refer to the goals that subjects need to achieve by digital governance means. Digital governance in the EU is taken as an example here. In 2020, the European Commission released a long-term roadmap entitled Shaping Europe’s Digital Future. This roadmap stipulates that the internal goal is to develop digital technology that serves the people, creates a fairly competitive digital economic environment, and establishes an open, democratic, and sustainable society. This paper confines digital governance to the scope of this concept.

Construction of Digital Governance Rules in the EU

In the process of digital development, negative externalities such as data security problems arise. China and the US together show a dual dominance in terms of technology and the market. To cope with such issues, the EU has developed a regulatory path with EU characteristics. This path consists of three aspects, i.e., strict digital supervision, differentiation of the free market, and multi-stakeholder governance. First, the EU has gradually improved and upgraded digital protection laws and implemented various regulatory measures. Additionally, the EU has established a number of powerful and efficient functional departments. In this manner, the law enforcement mechanism is strengthened to achieve strict digital supervision. Second, the creation of an internal single digital market in the EU is an inherent requirement for European integration. The principle of adequate protection for third parties is the unique system design for the EU’s output of digital governance rules. Finally, diverse and multi-level governance subjects such as citizens, enterprises, and governments participate in the digital governance process for digital co-governance, which improves the effectiveness of governance and the enthusiasm of subjects.

Strict Digital Supervision

A Shift from Soft Constraints to Hard Regulations

The EU’s data protection policies have gone through three stages, from the conventions to directives and then to regulations. This implies the shift of the EU’s data protection from soft constraints to hard regulations (Fang, 2019). A convention①The conventions here are limited to conventions reached by EU member states, but not international conventions.is a common code of conduct agreed by the member states of the EU and is not legally binding on member states. Directives and regulations are official legislative documents of the EU. Directives have no comprehensive binding force and are only binding on the member states to which they are issued in terms of their goals. However, the means and methods are to be decided by the national authorities. Specific member states are required to convert the contents of directives into domestic legislation through domestic procedures to fulfill the legislative documents that stipulate their treaty obligations. Regulations are fully legally binding. This is not only reflected in the specific results required to be obtained, but also in various aspects such as the methods and measures to be taken to obtain the specific results. Once the regulations are promulgated, they will come into force in the EU and apply to all EU member states (European Commission, 2008).

In 1981, the European Community promulgated the epoch-making Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (European Treaty Series No. 108, hereinafter referred to as the Convention) (European Commission, 1981). The Convention is the world’s first regulatory document on the protection of the transborder flow of personal data in a true sense. Personal data, automated data files, controllers of the files, and automatic processing were clearly defined for the first time under Article 2 of Chapter I of the Convention. The most important thing is that the concept of equivalent protection was proposed, i.e., a party, when involving certain categories of personal data, shall not initiate transborder flows unless the other party provides equivalent protection. However, theConventionis not directly binding on member states.

In 1995, the EU promulgated the Data Protection Directive (officially Directive 95/46/EC, hereinafter referred to as Directive 95) (European Commission, 1995). According to Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms, everyone has the right to protect his or her personal information, especially the right to privacy. Directive 95 then incorporated the right to privacy and further expanded it based on the Convention. In terms of transborder data flows, the EU believed that the equivalent protection mentioned in the Convention was not sufficient to protect the explosively growing data. Therefore, the EU put forward three principles for transborder data flows. First, when member states attempt to transfer personal data to a third country, the European Commission shall assess whether the third country provides an adequate level of protection for the data based on all the circumstances of the data transfer business. Second, if the third country does not provide an adequate level of protection recognized by the European Commission, there can be general exception clauses, such as the data subject’s explicit consent to data transfer, to stop losses. Third, if the third country cannot provide an adequate level of protection, member states can also authorize the transfer of data to a third country, but this process should comply with the related contract terms.

In 2012, the EU issued the draft of the General Data Protection Regulation (GDPR), which was passed in 2016. In 2018, GDPR (European Commission, 2016) came into effect, replacing Directive 95. GDPR is a revised and upgraded version of Directive 95. In terms of data protection, it inherits the principle of adequate protection proposed in Directive 95. However, a single set of regulations, long-arm jurisdiction, and high fines are its unique labels. The single set of regulations means that GDPR is directly applicable to the EU member states once it comes into force. Long-arm jurisdiction is explained under Article 3 of GDPR. That is, even if the data controller or processor does not establish a physical entity within the EU, it will be subject to EU supervision as long as it involves EU businesses (Liu & Cheng, 2020). Article 83 of the GDPR stipulates that the EU will impose an administrative fine of up to EUR20 million on violators, or in the case of an undertaking, up to four percent of the total worldwide annual turnover of the preceding financial year, whichever is higher.①As stipulated in Article 83 (4) of GDPR, violators will, in accordance with Article 83 (2), be given an administrative fine of up to 10,000,000 EUR, or in the case of an undertaking, up to 2 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher. In Article 83 (5) and (6), violators will, in accordance with Article 83 (2), be given an administrative fine of up to 20,000,000 EUR, or in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher.This article is also known as the strictest clause in history.

A Top-Down Implementation Mechanism That Coordinates Inside and Outside of the EU

In the EU, a complete top-down implementation mechanism has been formed, from the institutional triangle (i.e., European Parliament, Council of the European Union, and European Commission) to the European Data Protection Board (EDPB) and then to the European Data Protection Supervisor (EDPS). The institutional triangle formulates and promulgates digital governance policies and laws that are applicable throughout the EU. The EDPB was established in accordance with the GDPR and is composed of representatives of the data protection authorities of each member state and the EDPS. The EDPB is committed to applying data protection rules in a coordinated manner throughout the EU and promoting cooperation between the data protection authorities in the EU. The EDPB aims to ensure the consistent application of the GDPR and the European Law Enforcement Directive in the EU. The EDPB can adopt general guidance to clarify the terms of European data protection laws, giving stakeholders a consistent interpretation of their rights and obligations. It can also make binding decisions towards the supervisory authorities of each member state.②EDPB. https://edpb.europa.eu/about-edpb/about-edpb_en.The EDPS is the independent data protection authority of the EU. Essentially as the permanent secretariat of the EDPB, the EDPS is responsible for strengthening EU data protection and privacy standards in terms of law and practice. The general mission of the EDPS is primarily as follows: (1) to monitor and ensure the protection of personal data and privacy; (2) to advise EU institutions and bodies on all matters relating to the processing of personal data upon request or on its own initiative (in particular, to provide legislative advice to the European Commission); (3) to monitor new technologies that may affect the protection of personal information.③EDPS. https://edps.europa.eu/about/about-us_en.The Memorandum of Understanding between the EDPB and EDPS (European Commission, 2018) stipulates that the EDPS is independent in accomplishing its mission and executing powers, and is not subject to the EDPB’s intervention so that it can provide the highest level of data supervision and privacy protection.

At the international level, the EU uses multiple international multilateral conferences to export its own digital protection concepts and rules in order to create a safe peripheral environment. The Internet Governance Forum (IGF) has been held in Europe for four consecutive sessions from 2017 to 2021.④Due to the COVID-19 epidemic, the Internet Governance Forum (IGF) was held online in 2020, and the no-host country was designated.In 2018, the IGF was held in Paris, France. French President Macron launched the Paris Call for Trust and Security in Cyberspace, calling for the establishment of an Internet supervisory framework. He also called for further expansion of the use of GDPR internationally (IGF, 2018). In addition to the IGF, the EU also initiated the European Dialogue on Internet Governance (Euro DIG). Euro DIG was first organized by several organizations, government representatives, and experts in 2008. It aimed to exchange opinions on the Internet and its governance methods. It holds an annual meeting in different cities in Europe every year.①Euro DIG. https://www.eurodig.org/An important background for the launch of Euro DIG is that in view of the remarkable results achieved by IGF, European interest groups and the European Commission supported the idea of launching Euro DIG to bring European experience to IGF. Therefore, Euro DIG can be said to be a preparatory or warm-up dialogue meeting for Europe in the IGF.

Differentiation of the Free Market

Inside the EU: Single Digital Market

A Digital Agenda for Europe was issued by the European Commission in 2010. This Agenda aims to promote the European economy by providing sustainable economic and social benefits through the single digital market (European Commission, 2010). In 2015, the European Commission issued the Single Digital Market Strategy for Europe (European Commission, 2015), which aimed to establish a market that ensured the free flow of goods, people, services, and capital. Individuals and enterprises can seamlessly access and carry out online activities in the case of fair competition and high-level protection of consumer and personal data. The single digital market will maintain Europe’s leading role in the global digital economy and help European companies achieve global growth. In addition, three pillars have been established: (1) Consumers and companies across Europe can better obtain online goods and services, breaking barriers to transborder online activities; (2) Suitable conditions and a fair, competitive environment are created for the prosperity of digital networks and services; (3) The investment in ICT infrastructure and technology maximize the growth potential of the European digital economy.

The GDPR has promoted the single digital market in terms of protecting consumers’ personal information and data and regulating digital platforms through high fines. A European Strategy for Data (European Commission, 2020) suggests creating a single European data space, i.e., a truly single data market, to increase the use and demand of data and data-driven products and services in the entire single market. In 2020, the EU passed the Digital Markets Act (European Commission, 2020) and the Digital Services Act (European Commission, 2020), which was a big step forward for the single digital market. The Digital Markets Act aims to solve the most prominent unfair practices and vicious competition incidents at the EU level so that users and enterprises can obtain all the benefits of the platform economy and the entire digital economy in a competitive and fair environment. The Digital Markets Act mainly focuses on the supervision of gatekeepers②The EU’s Digital Markets Act clearly defines a gatekeeper as the provider of a core platform that has a significant influence on the EU’s internal market, operates one or more important customer gateways, and enjoys or is expected to enjoy a solid and lasting position in its operations business. Source: Regulation On Contestable and Fair Markets in the Digital Sector (Digital Markets Act), THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Brussels, 15.12.2020. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020PC0842&from=en.to create a fair, competitive market environment inside the EU. The Digital Services Act focuses on regulating the operating behavior of core digital platforms, emphasizing that platforms take more responsibility and protect consumers’ rights and interests.

Third Countries: the Principle of Adequate Protection

According to Directive 95, if the member states of the European Community transfer personal data to a third country, the European Commission must assess whether the third country has an adequate level of protection for the data based on all the circumstances of the data transfer business; if the third country does not provide an adequate level of protection recognized by the European Commission, there may be general exception clauses, such as the data subject’s explicit consent to data transfer, or the transfer of data to a third country in accordance with a contract, to stop losses. For the EU, the principle of adequate protection can prevent the EU from becoming an island in the digital age, and cleverly ensures rule exporting. It is conceivable that the EU is an important power in the current multipolar world. As long as countries across the world continue to maintain economic and trade exchanges with the EU, they will have to improve their personal data protection status in accordance with EU standards to obtain data from the EU. The future global protection rules for personal data will more reflect the will of the EU (Feng, 2018). For third countries that fail to provide an adequate level of protection recognized by the EU, the EU can transfer data to third countries in accordance with exception clauses. Typical cases are the Safe Harbor Agreement (European Commission, 2000) in 2000 and the Privacy Shield Agreement①US Department of Commerce. Privacy Shield. https://www.privacyshield.gov/eu-us-framework.in 2016 between the US and the EU after arduous negotiations and mutual compromise. According to the Safe Harbor Agreement, US companies that have requirements for EU data can request data from the US Department of Commerce on a voluntary basis. Companies certified by the US Department of Commerce will be deemed to provide adequate protection for personal data so that personal data can be transferred from the EU to the US without hindrance. However, after the Prism Gate incident, the EU believed that the US did not provide adequate protection for EU data. In 2015, the Court of Justice of the European Union (CJEU) ruled that the Safe Harbor Agreement was invalid. The two parties signed the Privacy Shield Agreement in 2016. Although the latter has been further improved compared to the former, the EU doubted it a lot because the US had failed to fundamentally achieve the adequate level of protection required by the EU. In July 2020, the CJEU once again ruled that the Privacy Shield Agreement was invalid.

Multi-Stakeholder Governance

For the EU, digital governance subjects show a characteristic of diversity and multiple levels. The institutional triangle and the governments, enterprises, and citizens of all member states are involved in governance. Therefore, governance subjects range from the supranational level to the state level and to the sub-state level. The EU is a typical supranational actor. Multi-level governance①The term “multi-level governance” was first proposed by the European Committee of the Regions (COR) in 2009. It outlines the European Commission’s goal of building Europe through partnership and an inclusive European decision-making process. Source: Committee of the Regions, The White paper on multilevel governance, The EU’s Assembly of Regional and Local Representatives. https://op.europa.eu/en/publication-detail/-/publication/3cba79fd-2fcd-4fc4-94b9-677bbc53916b/language-en. According to Peng Dandan, multi-level governance refers to a process in which state actors and sub-state actors, as parts of the EU political and economic system, work together due to common values and goals and the same decision-making style to undertake task-specific activities in the formulation and implementation of EU policies and laws. In the activities, the EU (i.e., a supranational actor), its member states (i.e., state actors), and the local governments, social groups, stakeholders, and even the general public (i.e., sub-state actors) participated in completing the task, and finally achieved the goals. Source: Peng Dandan, The Theory, and Practice of Multi-level Governance of EU Digital Copyright, A Vast View on Publishing, No. 16 (2019) in 346.demonstrates the local applicability of governance concepts in the EU. It also forms a flat power structure that combines the government’s institutional power, enterprises’ technical power, and citizens’ rights. At the EU level, the institutional triangle provides all member states with codes of conduct or legislative documents in the form of conventions, directives, and regulations. At the state level, governments dispatch personnel to the European Council and EDPB and implement the policies and regulations of the EU and their own countries. At the sub-state level, enterprises, as innovation subjects of digital technology, providers of digital platforms, and data controllers, are partners in the EU’s public-private partnership (PPP)②PPP is a form of cooperation in which the public sector and enterprises participate in and coordinate governance. Source: European Commission, Communication from the Commission to the European Parliament, the Council, the European Economic, and Social Committee and the Committee of the Regions: Towards a thriving data-driven economy. https://ec.europa.eu/digital-single-market/en/news/ communication-data-driven-economy.schemes. Citizens are not only data subjects but also participants and consumers of digital platforms. In the EU, the protection of personal information security is a basic human right, giving citizens strong powers of supervision and decision-making powers in handling personal information and data.

Lang Ping, a researcher from the Chinese Academy of Social Sciences, believes that the global digital world has begun to pivot around three poles: China, the US, and Europe (Lang, 2021). This highlights the importance and representativeness of China, the US, and Europe in the field of digital development and digital governance. China takes the government as the governance subject, emphasizes top-level design and unified leadership, and highlights information security and data protection. The US takes enterprises as the subjects and uses economic benefits to create digital regulations. Different from China and the US, the EU adopts a multi-subject co-governance model that combines supervision and freedom. Ingrid Schneider, a professor in the Department of Informatics, Ethics in Information Technology at the University of Hamburg, Germany, pointed out that the European model is expected to cultivate the positive potential of digitalization, digital competitiveness, and maintain related social contracts. GDPR, anti-monopoly laws, artificial intelligence ethics, and the fight against international tax evasion have shown their power and set an example for other countries to promote the innovation of international governance approaches (Schneider, 2020). The EU believes that the digital economy requires new laws and regulations because it poses new challenges to both consumers and enterprises. In particular, potential concerns about the data security of citizens, the role of platforms in connecting buyers and sellers, and the harmful content on social media websites have stimulated the EU to design a comprehensive supervisory system for the online world.

Logical Implications: Rule Dominance

The EU’s three-step path has logical implications. Strict digital supervision is applied to restrict and weaken the monopolistic position of foreign digital companies (especially US digital companies) in the EU market to defend the unified market and values of the EU. Differentiation of the free market, with the principle of adequate protection as the core, is adopted to make the EU an exporter of rules. Multi-stakeholder governance brings multiple stakeholders together in governance to deal with the ethical anomie that arises during the use of big data. By establishing a series of complete digital governance rules, the EU seeks to achieve rule dominance to form rule power and demonstration effects around the world (Figure 1).

Fig.1 Intrinsic Goals of the EU’s Digital Governance Path Note: Fig. 1 is drafted by the authors.

First, the goal of strict digital supervision is to defend the EU’s unified market and its values. In 2018, China and the US together accounted for 90 percent of the market capitalization of the world’s 70 largest digital platforms, while Europe took up only four percent (UNCTAD, 2020). In 2019, the US digital economy reached USD13.07 trillion. China came in second place with USD5.2 trillion. The digital economy of Germany and France, the two pillars of the EU, reached USD2.44 trillion and USD1.76 trillion, respectively (CAICT, 2020). As of December 2019, the market share of the Android smartphone operating system in the EU was 64 percent. Google occupied an absolutely dominant position in the European market, with a market share of 90 percent (Schneider, 2020). Therefore, from the perspective of the EU, Europe has a huge digital divide with the US and China. In view of this, the EU has built a strict digital supervision regime, from the European Treaty Series No. 108 to GDPR and from the institutional triangle to EDPS, to strengthen supervision and protection for itself. Ursula von der Leyen believes that the values of the EU are under threat. Europe must double down to shape our digital transformation according to our own rules and values. To protect European democracies and support their values, the European Commission will continue to develop and implement innovative and commensurate rules for a trustworthy digital society. The EU will remain open to anyone who is willing to act in accordance with EU rules (European Commission, 2020).

Second, differentiation of the free market is leveraged to make the EU an exporter of rules. Market openings and transborder interactions are indispensable for the development of the digital field in the EU. Otherwise, simply emphasizing strict digital supervision will go to the other extreme, that is, digital islands. Therefore, the EU is engaged in the construction of an internal single digital market to promote a higher level of integration within the EU in the digital age. In addition, the principle of adequate protection and general exception clauses are the unique characteristics of the EU’s strict legal design. The principle of adequate protection is essentially a flexible clause, leaving room for the opening of the digital market and transborder interactions. It sets conditions for the flow of data within the EU to third countries. Third countries can freely import EU data as long as they satisfy the conditions. The Single Digital Market Strategy for Europe mentions that “in the single digital market, standardization plays a vital role in improving the interoperability of new technologies. We need to make more efforts to ensure that the standard output keeps up with technological changes.” Anu Bradford, a professor from Columbia University, called it the Brussels Effect. That is, the EU is exercising unprecedented global powers through its legal system and standards. Without resorting to international institutions or seeking cooperation with other countries, the EU can promulgate regulations that are entrenched in the legal framework of developed and developing markets, leading to the Europeanization of important aspects of global business. Facts have shown that the Brussels Effect has begun to bear fruit. As of March 2021, 12 countries, including Japan and Canada, have obtained the EU’s certification for adequate protection. By the end of 2019, 66 percent of countries around the world have passed legislation to protect online data and privacy. From the perspective of contents, the data protection legislation of many countries has been affected by the relevant legislation of the EU.

Third, multi-stakeholder governance brings together multiple stakeholders in governance. Multiple stakeholders are those actors that should participate in the governance process, including the state, the private sector, non-governmental organizations, and other members of civil society.①Pi Environmental Consulting, Multi-stakeholder governance: A brief guide. Retrieved from http://wwf. panda.org/wwf_news/?19095/Multi-Stakeholder-Governance-A-Brief-Guide.Its greatest feature is inclusiveness (Schleifer, 2018). All stakeholders participate in the governance process to give play to their relative advantages. In this process, coordinated and effective communications between various stakeholders are ensured to maximize the interests of each stakeholder and their resultant force. The term “digital” itself is neither good nor bad. Digital ethical problems occur due to the weakening of human subjectivity and the loss of ethical and moral boundaries (Wang, 2015). Therefore, digital ethics regulations are a type of cohesion and self-regulation among different people and their aggregates. The process of digital ethics governance is no longer just based on the administrative power of the government, but a consensus reached through coordination among multiple parties (Chen, 2020).

The ultimate goals of the EU’s path for constructing digital governance rules are to achieve rule dominance to form rule power and demonstration effects around the world so as to build a normative power in global digital governance and gain a competitive advantage that is different from the dual dominance in digital technology and market in China and the US. To achieve the goal of winning by rules through the creation of rules is the embodiment of the EU’s normative power tradition in the digital age. According to Ursula von der Leyen, the EU, for the purpose of complete success of digital transformation in Europe, needs to create the right supervisory framework to ensure reliable technology and give enterprises confidence, capabilities, and digital means. Coordinating the efforts of the EU and its member states, regions, civil society, and the private sector is the key to achieving this goal and strengthening Europe’s digital leadership. Europe can have this kind of digital transformation and set global standards. More importantly, Europe can do this while ensuring that everyone is inclusive and respected. Digital transformation can only work if it is effective for everyone, not just for the minority. This will be a truly European project (i.e., a digital society based on European values and European rules) that can truly inspire the rest of the world.

Prospect Assessment: Multiple Challenges Facing the EU

It is no easy task for the EU to constitute a global normative power. Under various restrictions and constraints, the EU still has a long way to go to achieve rule dominance.

First, there is a digital divide and divergence of positions within the EU. On the one hand, the digital divide within Europe is continuing to widen. From a realistic point of view, the digital divide between EU member states has nothing to do with their size or strength. Alicia Richart, a digital expert from the EU, emphasized that some of Europe’s largest and wealthiest countries (e.g., Germany and France) lagged in constructing digital infrastructure, while Lithuania and Greece were among the best. Besides, there is also a huge digital divide between states, cities, and rural areas within the EU member countries. The existence of the huge digital divide has become a potential obstacle for the EU to promote the integration of the digital market. The digital divide also threatens European sovereignty and overall resilience. The COVID-19 pandemic further proves the importance of powerful digital technology and digital infrastructure in helping countries maintain their operational capabilities and overall response capabilities against the epidemic. Due to the imbalance between the development of digital technology and infrastructure, different digital policies should be adopted among EU member states. On the other hand, the lack of a common position on tax policy issues among EU member states has actually hindered the creation of common rules. In the EU, the Netherlands and France are the most active countries in imposing digital taxes and using digital taxes to regulate non-EU digital giants (Zhao & Dong, 2021). In 2018, France first proposed to the EU to establish a digital service tax, but the proposal failed due to opposition from some low-tax member states, including Ireland, Sweden, and Denmark. Subsequently, France responded to the failure of the EU-level proposal by imposing a digital service tax at the state level, which took effect in January 2020. In particular, France imposed a three percent tax on the total turnover of digital platforms that provide advertisements (e.g., Facebook or Google), intermediate sales of services (e.g., Uber or Airbnb), or sales user data. However, the European headquarters of digital giants, such as Apple and Facebook, are located in Ireland. For the sake of protecting the economic interests of the headquarters, Ireland doubted the EU’s digital tax and believed that it might damage the market attractiveness of Ireland. Meanwhile, low-tax European countries such as Ireland, Luxembourg, and other offshore centers, such as Bermuda, are tax havens for multinational digital companies, including Amazon and Google, which greatly restricts the implementation and supervision efficiency of EU digital taxes.

Second, an imbalance exists between digital technology and digital rules. The EU has repeatedly emphasized that European digitalization based on rules and technology should reflect the best of Europe, that is, an open, free, fair, diverse, democratic, and more confident Europe. However, this is challenging. In the digitalization process, the EU has overstressed the cultivation of the capability of rules, which weakens the investment and attention to technology. As a result, Europe, which lacks technology, will never be able to achieve the true Brussels Effect. It is very risky for the EU to attach too much emphasis on the importance of rules because it weakens technological investment and technological progress. Relying only on this approach, the EU cannot realize its geopolitical ambitions to form global normative influence. This approach will make the EU a global leader in technology regulation, but it will not help advance the technology and narrow the digital divide between the EU, China, and the US. The EU expects to truly defend its value and interests in the digital field, obtain economic benefits from emerging digital technologies, and protect Europeans from so-called false information and cyber attacks. For this purpose, the EU needs to shift from a rule-led pattern to a technology-led pattern. Innovating and upgrading products and technological processes are the only ways to maintain the competitive advantage of an industry (Porter, 2012). Europe has so far been more concerned with “drawing rules of the game” rather than “playing the game.” As advocated by some researchers, the EU must supplement its regulatory influence by investing heavily in digital infrastructure, digital skills, and industries to become a digital player on its own strength.

Third, a transatlantic trust deficit has grown. Digital issues are critical to the healthy development of transatlantic partnerships. However, from the perspective of the current interactions between the US and Europe, the two sides have a serious trust deficit in the process of building a transatlantic digital partnership, and this trust deficit is bidirectional. The EU’s ambition to become a global leader in technology regulation will undoubtedly trigger further tensions with the US. Additionally, the dominant digital companies in Europe are from the US, indicating that regulation will have geopolitical consequences. The increasing number of technical regulations promulgated by the EU has led to the regulatory gap between the EU and the US. This has raised barriers to transatlantic trade and investment, and ultimately weakened the potential of transatlantic economic relations. On the one hand, Europe does not trust the US. In 2013, the exposure of the Prism Gate incident undoubtedly increased the distrust of EU member states in the level of data protection provided by the US. Consequently, in 2015, the CJEU ruled that the Safe Harbor Agreement was invalid. During the COVID-19 pandemic, there were specific frictions between the US and Europe regarding contact tracking apps. On the other hand, the US also has a distrust of the EU. In 2019, when France approved a three percent tax on the income of the largest digital multinational companies operating in its domestic market (mainly US companies), US former President Trump, in response, directed his trade representative to investigate France’s digital tax. Soon, the Office of the United States Trade Representative issued a report showing that France’s digital service tax was discriminatory and was aimed to punish specific US technology companies (US Trade Representative, 2019).

Conclusions

The three-step path is the normative driving force for the EU to achieve digital transformation. It is also the standard that the EU should comply with when making innovations in digital governance rules. Through analysis, this paper believes that the three-step path has deeper logical implications. That is, the EU hopes to shape and influence the international supervisory framework by formulating standards and rules. The EU also aims to provide a foundation for the booming market based on the interoperability of technologies and reduce transaction costs in the domestic markets, to ultimately achieve dominance of digital governance rules. In addition, the EU’s laws and regulations will also strengthen its geopolitical power through spillover effects in the policy framework of other countries, thereby shaping its own standards and preferences on a regional and global scale. Although the EU is striding forward in accordance with its grand vision, it has a long way to go, and there are obstacles in the way. The digital divide within the EU is continuing to widen, and member states still hold different positions. The imbalance between digital technology and digital rules will not help the EU to fundamentally solve the so-called digital vulnerability. The transatlantic partnership between the US and Europe is facing a severe trust deficit, which will undoubtedly hinder the realization of the EU’s goals. In particular, the outbreak of the COVID-19 epidemic in late 2019 highlighted the importance of digital technology and platforms in economic and health recovery. While the global economy has declined sharply and the traditional real economy has suffered severe setbacks, the digital service industry and the platform economy have bucked the trend. Besides, digital technologies such as big data have played a huge role in the fight against the COVID-19 epidemic in many countries. A strong digital infrastructure is critical to a nation’s ability to manage the lockdown and overall response during the epidemic.