It is axiomatic that the United States leads the world in Internet infrastructure. Our data centers fill fastest, our wholesale prices are lowest, and our economy is said to foster innovation better than any others. As the Internet matures, it is not realistic to expect the gap between the US and the rest of the world to remain as large. However, broadening Internet penetration into the world’s business culture may be changing the nature of what leads to success for Internet businesses.
Factors that facilitated Internet growth in the US, for example, our hands-off approach to regulation, may be ill suited to respond to the issues presented by widespread acceptance of Internet business. Interestingly, the thoughtful and contemplative approach generally preferred in Europe may actually be better suited to the next phase of Internet growth. While I tend to prefer the US view based on my cultural bias, it is useful to look to the European approach to the Internet as an instructive avenue to address issues that may slow down the further growth of the Internet.
The European view of privacy regulation is rapidly becoming the world standard. While the sectorial approach to privacy used in the US may actually lead to greater privacy for data, it is an increasingly unworkable approach. Infrastructure providers in the US must now tailor their privacy practices and networks based on target markets and customers. Those targeting the health care sector must comply with increasingly complex and difficult to parse HIPAA / HITECH regulations. Those interested in customers participating in the sale of securities must comply with Gramm-Leach-Bliley.
Contrast this with the forthcoming EU privacy directives which will, by and large, create a pan-EU privacy regime. Any uniform regulatory standard generally makes it easier to do business. Furthermore, one set of regulations helps calm the apprehensions consumers, and increasingly businesses, have about uses of their data by removing confusing, and often inapplicable, regulatory silos that make it difficult for non-lawyers to determine which privacy regulations apply to similar sets of data.
The US and most members of the EU have very different contract formation processes. Most EU countries have commercial codes that read into contracts certain contract provisions. For example, Dutch law includes provisions that essentially read into contracts a right to termination for repeated SLA violations. Not only does this create confidence in the Internet as a whole, it fosters positive competition so that Internet businesses can rely on the statements made in contracts. It also removes the possibility that Internet businesses will engage in marketing practices in which they essentially promise the moon and the stars and through their contract eliminate any remedies for their failure to deliver.
This ability to create Internet marketplace confidence extends to security. As with privacy, the US has pursued a sectorial, and state-by-state, approach. This approach has led to a patchwork of security laws that make it almost impossible for all but the largest infrastructure provider to create a breach compliance plan that meets the requirements of all states and applicable regulatory agencies. Contrast this with the EU’s baseline breach notification standard. This standard allows creation of EU wide compliance plans. Like privacy, by creating a set of statutes that are capable of analysis and understanding, this may make it easier for non-lawyers to understand.
Finally, the EU can be, in some cases, more thoughtful on Internet issues than the US. For example, while the US is only beginning to wrestle with cloud security issues, ENISA, the EU agency charged with network security, reviewed cloud security issues over four years ago. In the US, it took an executive order to begin the process.
In some cases, the US resistance to thoughtfulness reflects a deeply ingrained fear that should the government begin to think about a subject, it will regulate it. However, topics like Internet security, privacy, and similar issues that may be pan-national, must be considered before they become problems. While the European process of political problem solving is not without its difficulties, it may be better suited for an evolved Internet in which Internet businesses increasingly will not be able to make policy based solely on their own business needs.