The future of Spanish and European prosperity but also a distinctly European approach to digital rights pivot on whether we will be able to transform our economies to meet the requirements of a digital age, also in light of political sovereignty and geopolitical rivalry. Against that backdrop, the Spanish government’s new Digital Agenda, to be announced publicly later this week, would do well to conceive of ‘the digital’ as a space where our security, economic, and democratic interests meet and can be aligned. As the Covid-19 pandemic has underscored, greater inter-departmental coordination and a more open and attentive public debate on questions of surveillance and digital rights are therefore key in shaping a healthy digital society.
The Spanish Secretary of State for Digitisation and Artificial Intelligence (SEDIA) is about to go public with a new Digital Agenda for the country. Its publicised plan is to finally invest in an AI National Strategy, along with a National Council for AI, à la the UK. One of its pillars is normative, expressing the need to deepen the scope of citizens’ digital rights, as outlined in the GDPR bill of 2018. To fulfil this pillar, SEDIA has established a national committee of experts in Data Rights & Privacy and tasked them with writing a first draft of the AI National Strategy in the coming months.
This announcement marks a long-awaited milestone, with the promise of leading Spain to the top of the EU’s digital economy. We should keep in mind however, that the stakes for the country are high with this one.
The exponential growth and development of technology within this past decade (the so-called ‘fourth industrial revolution’) has given the most technologically advanced countries a considerable amount of geopolitical leverage. It opens windows of opportunity to grow economic power and military muscle within the international system. We are all well aware how some countries, namely China and Russia, have made use of that, and the dangerous normative shifts this has implicated for a global digital society. Europe must get ready and keep up with its own digital strategy, which must include sustainable economic and security plans. And Spain must do the same.
The errors of the past
The size of Spain’s digital economy was close to 19% of its GDP in 2019. While that’s far from digital leaders like the US or China, it still means that Spain has become a competitive player in the global digital economy. A new bold image far from the ‘sol and siesta’ economy.
If we want to be more ambitious still, however, we cannot do without concerted government support. Furthermore, without political and public accountability, our digital economy may end up being ruthless and unethical in its deployment, our assets and data may end up unprotected, and our citizens’ rights in the digital sphere may end up non-existent. So a Digital Agenda is not just a nice-to-have, but rather an urgent need for Spain’s digital future. But will this single Digital Agenda help us keep up with our European neighbours’ years-long efforts to combine economic interest and fundamental rights protection? Has Spain been doing its job and actually developed a healthy digital economy and digital society?
The answer to this question takes us back to our first attempt: Spain’s 2013 Digital Agenda. In the early 2010s, when digital benchmarks started being measured within the EU, Spain was below the average line in almost everything. For that reason, the country started working on a national strategy. Given its scope and forecasted impact, all kinds of stakeholders (companies, associations, civil society) participated, through different participatory instruments, establishing priorities for the draft.
That plan crystallised in 2013 as Spain’s first Digital Agenda, which established six key priorities to be reached before 2020:
- ultrahigh broadband networks;
- the development of the digital economy for businesses;
- improving e-government;
- the reinforcement of citizens’ digital trust;
- the enhancement of innovation in ICTs;
- and, fostering digital literacy amongst its citizens and digital skills training for a future ICT Spanish workforce.
Seven years later though, most of those goals remain unfulfilled, and at times even unpursued. According to official data published by the Ministry of Economic Affairs and Digital Transformation, out of eleven specific plans (based on the six key priorities), only two have been allocated a real budget and been properly implemented – namely, the plan to foster Language Technologies and the National Plan for Smart Places. The neglect and abandonment of the Agenda is such that most of the scheduled work packages already expired in 2015.
The geopolitics of 2013, and of today even more so, would have required this Agenda to do better. In 2013, our national defence strategies already stated the need for a cyber defence and digital security strategy given the multiplication of hybrid threats. An ideal plan would have been to plant the seed of this multidimensional approach to our digital life early on, in 2013, but not only did the first Digital Agenda fail to account for questions of national security, it couldn’t even fulfil its pretty straightforward promises. This failure has had consequences.
Spirits summoned
The failure of Spain’s 2013 Digital Agenda to formally tackle national security within the digital space has led to many shortcomings, two of which have been particularly noteworthy this year.
First, there’s no critical surveillance literacy nor sense of urgency to tackle technology ethics outside of very technical realms; the public hasn’t been talking about it and companies are not particularly interested in putting much effort into it. Because of this, we haven’t held public debates on surveillance capitalism. For the same reason, we also haven’t paid much attention to how Covid-19 may amplify government surveillance.
Spain’s Covid-19 response has also laid bare a lack of interdepartmental coordination, namely between the Ministry of State, SEDIA, and the Data Protection Agency on matters of national security. Spain’s Covid-19 contract tracing app (Asistencia COVID 19), conceived by SEDIA as well as major telecom companies and long-known startups, turned out faulty. The National Institute for Cybersecurity (INCIBE), which should have been of technical help to avoid security risks in data handling, as well as the Spanish National Agency for Data Protection (AEPD), which ended up publicly complaining about the non-transparency of the process, were not consulted in its development. Sticking to INCIBE’s cyber protection guidelines for databases and to AEPD’s privacy-by-design guiding principles would certainly have spared SEDIA one or two international embarrassments. The security weaknesses which plagued the first version of the app could have been sorted out if only the Ministry and the agencies had worked together.
We need new approaches
This should be a lesson for how we approach political problems, at the intersection of ‘the digital’, security, and privacy, but also elsewhere: we need to confront challenges with a 360-degree perspective and a collaborative approach, using all of our technical expertise and collective imagination. So far, Spain has ruefully missed chances to do so.
The latest chance Spain had at that was the National Defence Directive, issued on June 11th, 2020, amidst the coronavirus crisis. In line with my earlier deliberations on the geopolitical importance of economic competitiveness, it reminds us that “a growing part of negative impacts within the international security architecture have to do with socio-economic phenomena”. In that vein, the Directive’s impact (in the National Defence programmatic cycle, potentially 2022–2026) should call for a policy and data bridge between the National Security System (Department of National Security, Ministry of Defence, SSN) and the Ministry of Economy, among others. A winning Digital Strategy can’t be built upon a policy system that doesn’t feed its departments the same food. Hybrid threats and other “grey zone” threats need to be countered with aligned defence, security, and digital strategies.
So far, however, the National Defence Directive does not even specify the kind of technological capabilities that would aid our quest to have a thriving, competitive, secure, and dare I say, privacy-friendly, digital economy and society for decades to come. This lack of technological vision is in stark contrast with, at times, trailblazing Spanish companies. Telefonica and a startup called Quside, for instance, are already participating in the EU’s Quantum Communication Infrastructure initiative, which has identified that post-quantum encryption will be key to ensure the long-term security of data and that European sovereignty in a quantum internet is of utmost strategic and economic interest.
So in a nutshell, the Spanish government has shown time and again that it operates rather intransparently, that it doesn’t collaborate with technical public authorities to provide digital security and privacy in moments of need. It hasn’t invested strategically to prepare the country for a mainly digital economy nor has it equipped its citizens with protection within the digital realm.
Spain is a country where there is little policy on, government investment in, and public buying of digital technology. Public authorities tend to not talk to each other and in mainstream political discourse there is a remarkable dearth of attention on the digital sphere, digital rights, and surveillance. So when a pandemic hits and authorities feel forced to acquire potentially invasive surveillance technology, no one is ready to assess the risk, both for the state and for its citizens’ rights and freedoms.
This is symptomatic of the general relationship between the state and its citizens on these issues. The rather small number of security- or privacy-literate citizens who could contribute to a digital strategy debate simply can’t find the proper channels to weigh in. Regrettably, the participatory avenues that resulted in the Digital Agenda of 2013 were more of a one-hit-wonder, never to be repeated. This lack of citizen participation methodology is characteristic of the Spanish government. It doesn’t generally bother with public consultations on these themes. And if it does, it may not even issue a press release informing the public of its ability to participate, as was the case with a new Digital Rights Charter whose 2-week consultation period is ending today.
What is the value of the 2020 Digital Agenda?
Spain’s 2020 Digital Agenda will have to be nothing short of a titanic effort to mend and learn from the errors of the past. In light of the fact that Spain holds some leverage within the European digital economy — thanks to strategic assets (like connectivity, infrastructure) — that effort would be well worth it though.
The agenda needs to conceive of digital development as a transdisciplinary endeavour and establish real interdepartmental coordination. For example, it could designate the Department of National Security to lead on security threats including cyber and hybrid ones. All technical actors and agencies within the SEDIA ecosystem should be given a seat at the table when it comes to cyber-operations. This should include the Data Protection Authority AEPD, as privacy protection and cyber security should also be thought of as interconnected.
The agenda would do well to include strategic “drivers of change” like quantum communication and other new technologies. If we are to use these technologies in the future — and avoid that rather they use us or are used by geopolitical rivals to the detriment of European democracies — we need to start laying foundations now and build up the necessary literacy within society, companies, and universities.
The Digital Agenda should not just contain but further deepen the scope and dimensions of the future Spanish Digital Rights Charter, another important legislative project currently in the making, while being aware of the work that has already been done by various digital rights associations within the EU. To foster digital rights literacy within Spanish society, a public consultation during the national committee’s AI National Strategy drafting process could be of use. The public might have a lot to say, for example regarding new policing methods that utilise collective intelligence in interoperable databases. A good example of this kind of dialogue so urgently needed in Spain is France’s public consultation for the “Digital French Republic Law”, which allowed citizens and experts to weigh in to the policy debate.
The future of Spanish and European prosperity but also a distinctly European approach to digital rights pivot on whether we will be able to transform our economies to meet the requirements of a digital age. It is our time to be ambitious and to foster the role of the digital economy as a growth and development driver in Spain and the entire European Union.