Top Policy Trends 2019

Policy competition in these divided times increases uncertainty and costs for business, but it also opens up opportunities to shape the future of everything.

Welcome to PwC’s second annual report on the top public policy trends we are seeing around the world.  Understanding emerging policy trends has never been more important. The 22nd Annual Global CEO Survey, to be unveiled on the eve of the Annual World Economic Forum in Davos, reveals that more than 40% of US CEOs expect policy changes related to trade, foreign investment, cybersecurity and privacy to have a significant impact on their strategies and business plans over the next three years.

Around the world, CEO concern is not unwarranted as today’s public policy environment is more complex than ever. Multinational companies are dealing with an evolving tax and trade policy environment, differences across and within countries with regards to data and privacy policies and a lack of regulatory clarity around how or whether to regulate the role of big tech platforms and emerging technologies in today’s business environment. We’ve achieved a long-pursued goal where much of the information in the world today is instantaneous, ubiquitous, and free. 

But this has implications. It is increasing the debate, but widening the divide between competing visions – free trade vs fair trade, data barriers vs information free flow, localism vs globalism, hierarchy vs decentralization, you name it. Diverse and extreme viewpoints are weighing in 24/7 on developments covering everything, from local worker strikes to net neutrality to global trade policy.

Paradoxically, policy making in 2019 will be shaped by these divisions, and simultaneously by the search for common ground among competing policy power centers.  In this report we are addressing policy questions in three big areas affecting businesses: global trade, data and privacy, and the 4th industrial revolution. Businesses need to understand and adapt to the evolving policy environment if they want to be successful in planning and executing their strategies over the next several years.

Rule
Top Policy 1
Top Policy 2

What to watch for in 2019

Less clarity - and more risk - as policy making gets more fragmented

Companies are operating in a world of policy fragmentation, which is increasing costs for business and creating new risks.  Nowhere is this fragmentation more apparent than in the rush among cities, states, countries and regions to frame new privacy laws for our digital age. After the European Union enacted the General Data Protection Regulation (GDPR), California moved quickly to fill a legal void in the US and passed the California Consumer Privacy Act (CCPA). The CCPA has heightened concern about further fragmentation with more US states passing their privacy laws which, in turn, is helping to build momentum for a single, uniform federal privacy law.  In this type of environment, companies can either take a tailored approach to privacy for each regime (costly), try to find a baseline that covers the most stringent requirements or somewhere in between. Each approach has its benefits and drawbacks. Finding the right balance and understanding the direction of policy makers in regimes without a defined framework is critical.

View more

Public sentiment exerts more influence on policy making

A new and formidable player is entering the policy making competition: the individual en masse. Social media has become a digital megaphone, capable of amplifying the voices of citizens and groups and making them viral. Social media platforms can influence, even manipulate, public opinion to the extent of possibly even changing election outcomes.  It is telling that Brazil’s recently-elected President Jair Bolsonaro ran his campaign on WhatsApp, instead of courting traditional media coverage or appearing on televised debates. The public is speaking up on a range of issues, from diversity in the workforce to cybersecurity to climate change to immigration, and through their efforts are forcing change. Businesses, facing significant and immediate reputational risk, understand that the response to the digital megaphone must be fast and thoughtful at the same time. Many are now responding to public sentiment with more urgency than the typical policy making cycle allows. The recent responses of several companies to the #MeToo movement are a perfect example.

View more

New strategies for addressing policy risk

As policymaking changes, government affairs-related activities of companies, too, will undergo a transformation.  The focus can no longer be exclusively on large, national and multilateral policymaking bodies. Smaller policy-making bodies in states and localities now demand close attention. This requires a new approach to prioritizing and focusing limited government affairs resources and more focus on demonstrating results.  Moreover, companies need to address how new influencers -- the increasingly activist public and its digital megaphone -- could have an impact on policy making at all levels and build that into their government relations strategy.

Companies still wield influence on how policies are developed and implemented, but it’s getting harder in the more dispersed policymaking landscape today.  In addition to their efforts to educate policymakers and influence the direction of new policies, many companies are taking it upon themselves to lead by example on key policy issues.  Whether they do it alone or in conjunction with other companies, industry associations or issue coalitions, companies are seeing positive results from the “do it yourself” approach to policy making and regulating.  

View more

The upside of policy competition

While politics and special interests will always have the ability to influence policy making, the dispersed policy making model is providing a counterbalance to the centralized model. In the long run, increased policy competition could lead to a positive outcome: policies that better balance the demands of diverse stakeholders -- be it citizens or big business -- and that are implemented in a more efficient and effective manner.

View more

The three big questions that will trigger policy competition and action in 2019

How can we fix the shortcomings of the current global trading system?

Don’t overlook the current opportunities that shifting trade policies can create for your business.


Who owns our data and can they be trusted?

Business could become the defacto harmonizer of regulation in like-minded nations.


How do we establish policies for the 4th industrial revolution?

Business and policymakers will likely start coalescing around standards that makes technology more trustworthy.


1. How can we fix the shortcomings of the current global trading system?

The big picture

A rising chorus is calling out the dangers of an outdated world trade system and laying bare the deficiencies of the World Trade Organization (WTO). The WTO’s detractors include powerful voices on both sides of the US-China trade dispute, from American President Donald Trump to Alibaba’s cofounder and China’s richest man Jack Ma.  Other countries, with diverse cultural leanings and economic priorities, are also expressing their frustrations with the current system.  

International institutions, trade agreements, and governance norms are changing in ways that indicate a long-term shift, even if the political winds turn.  The many flashpoints in global trade conflicts include: trade-distorting subsidies, data protectionism, intellectual property transgressions, erosion of labor and environmental protections, and lack of attention to people who lose jobs as a result of freer trade.   

UK’s Brexit decision and President Trump’s America-First approach have challenged the bonds of the post-war alliances in the west. Meanwhile, China is asserting itself around the world leaving smaller economies to re-calibrate their relationships with the big powers.

Look for opportunities in new and emerging trade agreements
Test
Test
Test
Test
Test
Rule

2019 turn

Old and new tools, from tariffs to data governance laws, will be wielded to renegotiate trade deals and hammer out new rules of international trade. Regional trade agreements will not only continue to rise but cover more policy areas than before. For example, rules for IP protections and digital trade will become part and parcel of trade agreements among the developed world, in steps towards modernizing trade agreements.

In a break from diplomatic persuasion under the aegis of the WTO, the Trump administration is wielding protectionist measures to bring partners to the negotiating table. The Trump administration is likely to continue to seek terms somewhat more favorable to US interests in negotiating bilateral free trade agreements next year with the EU, the UK and Japan.

Across the Pacific, China will redouble its efforts to exert its economic influence around the world. Its Belt and Road initiative is a multi-trillion-dollar infrastructure and investment project across Asia, Africa and Eastern Europe. It has all the hallmarks of diplomacy with “Chinese characteristics” such as state-directed investments and exporting Chinese manufacturing and other standards to developing countries. China is also working toward concluding an Asia-Pacific trade alliance (RCEP).

These new alliances are, in part, a response to new decouplings. With Brexit scheduled to happen on March 29, 2019, UK’s trade, economic and security relationships with the EU and the US could be redefined. Looming large over businesses around the world is the other great decoupling, as the US-China trade disputes alter investments and supply chain strategies of businesses in both countries.  

For all the disagreements, there could be common ground for cooperation. For example, the US, EU and Japan recently pledged to negotiate e-commerce rules as part of a “plurilateral agreement” within the WTO, in the absence of multilateral consensus. In the 21-member APEC trade bloc, upgrading digital infrastructure is at the top, or near the top, of a list of potential policy solutions to accelerate competitiveness.

The bottom line

New political and economic realignments are taking shape, which means businesses must exercise caution while being prepared for quick shifts.

  • Consider a number of “no regret” moves. Review pricing, sourcing, hedging, cash planning, and manufacturing footprint decisions to make sure you’re ready either way. For example, if you are a UK company, calculate how much extra stock you’ll need and explore alternate sourcing models for the contingency of Brexit going through without a deal between the UK and EU.
  • Evaluate trade deals - and disputes -- with a global lens. For example, how does the US-Mexico-Canada Agreement (USMCA) affect the strategies of businesses outside North America? Will Chinese companies opt to produce more in Mexico to reach the US market? If you are a US company with a large presence in China, do you need to keep a part of your supply chain there as the price of admission to the Chinese domestic market?
  • Don’t overlook opportunities of regional trade agreements; you may have to take a fresh approach to your sourcing and supply chain strategies. For example, Vietnam has emerged as a viable alternative to China not only because of favorable costs and skills, but also because it is part of many trade blocs like Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP=TPP without the US), ASEAN and has bilateral pacts with China, South Korea and others.  
  • In the face of trade protectionism, M&A and direct investment are still viable routes to global expansion and market entry. Record amounts of available capital will continue to fuel the ongoing M&A cycle. Prepare to capitalize on the loosening foreign investment rules and other fundamentals like demographic trends amid trade disputes.

2. Who owns our data and can they be trusted?

The big picture

Trade wars, once fought only over real goods, have spilled into the virtual world — with pronounced impacts. Earlier this summer,  just as the US-China tensions were heating up, CEOs across the APEC region told us that they continue to experience greater difficulties moving data across borders than goods, services, or people, compared to 2017. CEOs are worried because complying with emerging and often inconsistent data sovereignty and privacy laws are new terrain for many businesses and policymakers.

Data is essential for machine learning, intelligent automation, improved consumer experiences, and new business models. Therefore, data sovereignty laws can feel like taxes (or tariffs) that increase the cost of doing business, slow down innovation and put brakes on the creation of new value propositions and business models. Still, businesses know that as data is mined as a natural resource, it’s becoming critical to address questions about who controls data, who benefits from it, and above all, who bears responsibility for protecting people’s privacy and personal information.  

Some countries have started asking: why should business be the sole beneficiary of the economic value inherent in data? Most notably, China’s  Cybersecurity Law  is broad and sweeping, requiring all “personal information” and “critical data” to be stored within China. A similar law will come into effect in Vietnam early next year, while India is mulling its own data localization rules as part of its proposed privacy law. But many other regions, including the EU and North America, have started promoting rules that facilitate free, but secure and responsible, cross-border data flows.

PwC has estimated the growth in global GDP from AI to be $15.7 trillion through 2030. As the amount of data soars, more companies, not just tech titans, could be at risk of crossing ethical red lines as they pursue new ways to monetize it in different parts of the world. Regardless of how the new laws evolve, companies need to step up quickly because data integrity and security now move market valuations and transform reputations. Markets don’t shrug off cyber-attacks. Companies that reported data breaches are seeing their stocks underperform the market in the long run.

Moving data
Rule

The 2019 turn

Business will find themselves operating in two diverging worlds.  One world is exemplified by countries, mostly in Asia, exerting sovereignty over the data produced within their borders.  In some places, data protectionism is becoming a new front in techno-nationalism. The other world is exemplified by the EU, which holds that privacy is a human right and personal data belongs to individuals or “data subjects.”  The EU permits cross-border data transfers subject to organizations’ compliance with consumer privacy and cybersecurity protections in alignment with the GDPR. The GDPR provides for transparency, limitations on data uses and data subject rights, such as access and deletion.  Similarly, in the US, California’s new consumer data privacy regulation provides robust entitlements to individuals, including choices regarding the “sale” of their data.

Efforts in Europe and North America are also seeking to limit data localization.  The EU recently encouraged the free flow of non-personal data, largely prohibiting national data localization rules in member states. The US-Mexico-Canada (USMCA) trade pact proposes to follow privacy principles in the Cross-Border Privacy Rules (CBPR) for data flows among the three countries.

These laws are evolving at a time when almost everywhere citizens are demanding data disarmament, or the right to take back control of their own information and privacy -- whether from governments or businesses.  For example, India is debating obligations of “data fiduciaries” to ensure that digital transactions on large national platforms happen with the consent of individuals. Much of the public sentiment is driven by news about data breaches of personally identifiable information. But the true cost of data breaches is even greater than what’s immediately visible, for example, the long-term consequences of cyberattacks on IP and strategy.  In the US, the SEC has issued guidance to companies nudging them toward disclosing more detail on how they manage cyber risks.

Companies will be attentive to both new and evolving laws and the public sentiment behind them. Businesses are realizing that many of those laws are intended to engender trust and security – giving business license to operate in different parts of the world. Could 2019 be the year companies begin to address privacy as a strategic issue and go beyond compliance? Will we see greater transparency from business on how they manage cyber risks?  Will we see a focus on data ethics and data-for-good initiatives trigger innovative data use regulations?

The bottom line

Greater clarity is emerging in countries committed to free, but safe, flow of data. Over time, companies could become the de facto harmonizers of how data is collected, protected and used, at least across philosophically-aligned nations.

  • Companies have to step up quickly. In PwC’s Digital Trust Insights survey of 3,000 business leaders in 81 countries, only half of the businesses worth more than $100 million say they are making large investments in data governance, in creating transparency in the use and storage of data, and in increasing the control individuals have over their data.
  • Consider global, multi-cloud strategies. That might mean decentralized IT operating models and tiered approaches where global, regional and local templates are applied based on country-specific regulations.
  • As new privacy laws take shape at the state, federal and global level, prepare to disclose how your organization collects, stores, and uses data, as well as how it is considering the lifecycle of data. Public disclosure puts your organization in a position to influence new legislation and/or global standards.  
  • Integrate a strategic privacy approach into core operations, for example, by incorporating privacy and ethical data use considerations into product design and customer experience.
  • Include cybersecurity and privacy personnel, as well as risk professionals, on digital transformation teams from day one. Large tech companies have already started competing over who is better at building privacy into their products and disclosing information to customers.

3. How do we establish policies for the 4th industrial revolution?

The big picture

The 2016 US presidential election will likely be looked back on as a turning point in the role large social media platforms play in our lives.  According to Freedom House, online misinformation and manipulation has affected election outcomes in at least 17 other countries.  The term “fake news” is now a permanent part of our lexicon -- yet, we have no clear answer on what to do about it.  Moreover, disruptor platforms that have become an indispensable part of our lives are running into growing pains and are on the radar of regulators and policy makers around the world.  What’s clear from several high-profile hearings is that these platforms are causing alarm about the level of influence they have on the business environment, the political landscape, and all aspects of our lives.

Platforms manipulated by bad actors or algorithmic bias are taking action, such as purging suspicious accounts and cracking down on bots.  However, there are concerns that stronger control from inside the halls of “Big Tech” companies will lead to opaque editorializing of speech on social media and market manipulation on ecommerce sites. Many of these companies are either replacing senior leadership or announcing dramatic shifts in direction, as they attempt to simultaneously calm the fears of consumers (e.g. the “digital megaphone”) and stave off additional regulatory oversight.

There is growing awareness that even though these platforms’ “network effects” benefit consumers, their ubiquitous market presence ties to two other issues. First, they have capability to spread disinformation that undermines trust in institutions, democracy, free press, and markets; and second, their business models offers nominally “free” services in exchange for consumers’ data. In the US, are Senator Mark Warner’s policy proposals to regulate social media and tech, which attempt to address these problems, a harbinger of how platforms get regulated in the future?   

Rule

The 2019 turn

Will 2019 be the year that we see some regulation of the big tech platforms in the US?  While there will be more hearings, more discussion and possibly even a bill or two proposed, we think that it is unlikely that a divided US Congress will be able to agree on any legislation addressing some of the policy concerns about the big tech platforms. As with privacy, states may once again step in to address their specific concerns (as California did with net neutrality). For now, the changes will continue to come from inside the biggest technology firms, as they move to stay ahead of policy makers -- and the wrath of the public.  In Europe, however, we expect to see other types of conduct guidance or regulation for the tech platforms. For example, the UK government is working on new laws to protect people from harm online, while the European Commission is drafting rules requiring companies to remove terrorist content within an hour of posting to stop the spread and damage.

Data consolidation by platform companies is also raising the issue of antitrust enforcement.  Brussels will likely continue to make life complicated for Big Tech in the EU, imposing large settlements and fines. The European Commissioner for Competition, Margrethe Vestager stated in September after investigating and eventually approving Apple’s acquisition of Shazam: “Data is key in the digital economy.  We must therefore carefully review transactions which lead to the acquisition of important sets of data, including potentially commercially sensitive ones, to ensure they do not restrict competition.” However, in the US, where antitrust arguments focus largely on consumer harm, Big Tech hasn’t felt the impact of antitrust-style enforcement yet and likely won’t in 2019. Consumers benefit from data consolidation, for example through lower prices or improved services. Breaking up Big Tech will also be costly and disruptive for other businesses that use their services. Even with the Federal Trade Commission’s (FTC) series of hearings on modernizing competition and consumer protection standards in the digital era, the probability of significantly changing the agency’s scope of authority is low.

Outside of the Big Tech platforms, where else do we expect to see policy making impacting emerging technologies? Advances in artificial intelligence (AI) and machine learning will continue to generate dialogue among policy makers about the amounts of data being collected and how it is being used.  While companies have regularly emphasized the anonymized nature of much of the data they are using - and selling - can individual data really be anonymous in the presence of so much other data (particularly geo-location data)? If that is true, do consumers really have the protections they think they do under privacy laws? Privacy law regimes are a start, but there will likely be more pressure to limit the amount and types of consumer data being collected and how it is being used.

The bottom line

The policy making environment is changing. Companies need to change their approach to the way they are managing policy risk. It is also more important than ever for companies to both lead from the front on responsible innovation and build consensus with policy makers on the appropriate path forward.

  • It is time to re-evaluate your approach to government relations;  the old way of doing things is just not going to be enough in today’s complex policy environment.  Are you getting a good return on your investment in government relations? Are you engaging and educating all policy makers, both the traditional ones and the new ones, i.e., the public?
  • “Make AI trustworthy,” is becoming a universal demand from customers, boards, regulators, and corporate partners. Businesses are coalescing around five pillars of responsible AI: security, explainability, ethics, governance, and de-biasing. Embed these into your AI strategy, assign them clearly, build in accountability, and create job roles that combine technical expertise with awareness of regulatory, ethical, and reputational concerns.
  • Building trust will entail balancing a company’s digital transformation with its potential impact on society across three axes: public good vs. speed of innovation, data-driven value vs. privacy and security, and local vs. national vs. global markets.

Contact us

David Sapin

Principal, Risk & Regulatory Leader, PwC US

Tel: +1 (202) 756 1737

Alison Kutler

Principal, Strategic Policy Leader, PwC US

Tel: +1 (202) 341 2800

Brian Dunch

Principal, Risk & Regulatory, PwC US

Tel: +1 (703) 835 5994

Jocelyn Aqua

Principal, Cybersecurity and Privacy, PwC US

Tel: +1 (202) 730 4862

Follow us