 We are living in a world unimaginable just a few decades ago. The internet drastically changed our lives, making it faster, easier and more convenient to get things done. But many individuals, like myself, don't know who ends up only owing my personal data and what will happen to it. Can I trust the digital world that exists beyond my gadgets? Not completely. Then how should the trust be created and who will take the leadership in that process? We have today four distinguished guests. Let me introduce them to you. Madam Kirstie Carillite, President of Republic of Estonia. Professor Lee Sheldon, Director of Institute for Internet Governance, Tsinghua University. Mr. Adam Getty, Founder and CTO Ioniq Society. And Professor Urs Gasser, Executive Director of Bergmann Klein Center for Internet and Society, Harvard University. Thank you all very much for joining us today. First of all, the trust issue. The world has seen so many incidents of data breaches where personal data of millions or sometimes billions have been hacked, stolen, compromised. How have these cases impacted governments, industries and individuals in each country? I would like to ask President Carillite first. Yes, thank you. Estonia, for those who do not know, is a society where for one generation already starting from the beginning of this century, people have digital passports, digital identity. So in Estonia, we are not anonymous in the Internet and we do not have to rely on identifiers coming from private sector, which quality we do not know. And we have learned one thing, that technology does not build trust. Trust is being built by legal space in which you do operate. Because if the state provides people with the identification means in the Internet, anonymity is gone from that part of the Internet. Because if two people sign in into our system, they have an encrypted conversation channel with somebody they know. And state guarantees that the person they think they are talking to is really the person because digital passport works like the real one. You go to notary office to show your passport and you do believe that this is a true thing. Exactly the same guarantees are offered in Estonia to people. And therefore we know that whatever technologies you use to avoid hacks and leaks, etc., we do use all of those. For example, there is no one big Estonian public database. We have dispersed databases, etc. So we do use the technology to make sure that we are technically safe. But this is not enough to build trust. You have to tell people that you have a legal space where it is a crime to snoop in Estonia. This is a crime. So if somebody should get into our government guarded, which is guarded by the same digital signature Internet space and snoop. First of all, if it's somebody of ours, they could only get in with their identity. That is a trace you would know who looked. And then you can complain. And if they didn't have anything to do, it's criminal prosecution for them. You see, this is what builds trust. It's not enough only to say to people, this is your data and I take good care of it. You have to constantly, every day, millions of times demonstrate it. And this way society learns that actually technology can help with this kind of trust building. Because if I give you a very simple example, all you have medical records somewhere. And they are in your doctor's office or in a safe or somewhere. You don't know exactly where. And you don't know who really lived through this file last time. If you're honest to yourself, you don't know. But I do know because my data is in a e-health system. And if a nurse, a doctor goes in, there is a trace I can verify. And if I think this particular nurse has nothing to do with me, I can complain. And they have to tell me why. So it's not fine to go into the database even if you have access rights to check what was the paycheck of your ex-girlfriend's new boyfriend. It's simply not done. It's criminal prosecution for you. And I know if somebody has been checking. So you see, digital actually can provide better security and safety than analogue. It's not absolute. I do agree. Nothing's ever absolute. But it may be better than the analogue world. And it only can be guaranteed with the legal space setting. So it's a societal issue. It's not the technological issue. It never will be. Welcome back to Estonian Geass. It's very, very interesting. Mr. Getty, how about an industry, especially in America, how has been these, you know, these incidents impacted on them? Madam President just described that trust is a societal issue. And technology can help evolve what it means to society today. But it is a societal issue. And in the United States, we've had quite the opposite experience than what the Madam President just described. Estonia is on the bleeding edge of implementing technology and law for today's needs. In the United States and other nations like it are not necessarily catching up with either technology or law just yet. And so in the last several years, we have suffered a significant amount of fatigue with access to large amounts of private and sensitive data by unauthorized parties that have really gone unrecourced. A lot of companies have paid fines, but nothing's changed. Some people have gone to jail, but nothing about the system that allowed for those crimes to take place has changed. And I fundamentally believe that it is rooted in one really simple belief that hasn't yet become pervasive in the United States. That is a belief I believe is pervasive in Estonia. Trust underpins every functioning relationship. If it is a relationship that is to last, it is one that is built on trust. Trust is fundamentally built on transparency and observation over time. The laws in my country, in the United States, are built on two fundamental principles that are no longer true in the digital age. One in the United States, our laws are built on possession. If you have something and it is tangible, then there is a lot of law to help resolve situations. In the digital era, many things are no longer tangible. You can have two of the same thing. Who's currently in possession of the one thing the law can account for? It's a very gray space. Secondarily, U.S. law is based on proximity, meaning that you need to be near something or accountable to something near you to figure out what court or jurisdiction or region that you can have the law applied from. Well, in the digital era, when everything is digital, it is virtual. It can be anywhere. And that also means things that you rely on, tangible things like medical records, are no longer in a place close to you. And so the crime may happen to you right here, but the system that can help prosecute recourse in your favor may not necessarily be capable of prosecuting the person or entity that actually perpetrated the crime. And those two things, the lack of tangibility and the lack of proximity of digital information is something the United States legal system is woefully behind it. And that is something that I believe we can even look to nations like Estonia for resolutions that do work. And it's an era that I think commercial entities are going to help shape but without the symbiotic relationship with government and law, it will never be successful. Professor Gasser, what would you say the trust level of people in the digital world? I think it's really interesting, an interesting time. I would characterize it as some sort of a trust paradox, a situation of trust paradox. I assume many in this room came to this place by using internet technology for booking the flight, for making hotel reservations and so forth. And indeed, if you look at millions of people around the world embracing digital technology in all aspects of their lives, whether it's for doing commerce or e-banking or even dating and keeping in touch with friends, we all use digital technology. And in some sense, you could argue, we trust in the working of this technology in its reliability in many cases. But then on the other hand side, as you alluded to, we have a lot of disappointed trust over the past few years, starting perhaps with the Snowden revelations as one big incident and more recently the Cambridge Analytica story. And perhaps more broadly, if you look at survey data, we live in an age where trust in traditional societal institutions is eroding arguably, whether it's government or businesses or media or NGOs, we have a trust problem. And that's broader than technology, of course, but it's also very likely to influence and shape trust in digital technology. And we see that currently particularly in the US around the issue of disinformation and misinformation of propaganda, fake news, where suddenly social media platforms are no longer benefiting from previous trust. And so it will be very interesting to see how these two poles or forces at play will actually develop over time. Some sort of a trust in the functioning of the technology on the one hand side, but then a deeper erosion of trust at the foundational societal level, how we create trust. We just conclude by saying these are indeed societal questions. I would absolutely agree with you that go far beyond technology, but technology factors into it in a complicated way. Professor Li, I would be very interested to know how much trust do people in China have in the digital world and have there been any data bridges incident happened in China? I think China is a country where long history and also there's so many people trust the government, especially some third party to build the trust. But recently I think if you want to discuss with some young people I think maybe have a different view. And just as Mr. President, you mentioned that we use a law but you know that even Estonia is a pioneer country to adopt so many new technologies, but in some sense some younger people will not 100% trust the laws. Even you trust the lawmaking but you don't trust the law enforcement. And if you even trust the law enforcement, how to make sure that there's some illegal use of my data? So I think in China is some mixed situation. For maybe the people age like me, I trust the government and third party, maybe the people just as 20s so you trust the technology. Just maybe the future work we rely on the code instead of the law. But the code is in some sense is very trustworthy for them, for the younger people. Mr. President, I just wanted to react. You say Estonia is at the forefront of technology. This is actually a wrong statement. Estonia is the quickest follower of the technology being created elsewhere. Estonia is a country of 1.3 million people and all we do is we create the legal sandbox where it is good to play for technology. And indeed, 6% of GDP is ICT related, but we mostly get it from smart and quick application, not from patient because we are too small to create... It's a paler country. This is something which I wanted to say otherwise. I totally agree with you. Implementation of the law is key and we've had initially cases. They were highly media-tized. Now everybody knows that the state needs what it says. One thing that sounds very clear to me from everybody's statements so far is that law can help frame intent and understanding. But in today's day and age, technology can help prove that the law was applied correctly. And that relationship is one that is hard to get right in practice. And that is something that I think collaboration from all the stakeholder groups here is worth us thinking about. I'm very sure that it will get gradually better. This understanding also on the public side, how to create this trust and regulate. And the reason I'm assured is that I now see Germany gives people digital identities. France is starting next year. And if they start adding public services also online, so that you will create in the public sector, on the public sector side, and understanding what does it mean to guarantee legal space in technology sphere, how to apply analogue law in digital. It has to grow this knowledge in the public sector. The reason we get it is because we have been as digitalized as Facebook. And this helps us to understand also the business needs. And so that you wouldn't simply say you cannot do it or quell the business initiative. But work in the same way. Because, for example, I give you an example. In Estonia, people are now asking for proactive services. Their question is if I have a child and I have the right to child support and you know my bank account number because I pay you taxes. Why I have to log on and ask? Just pay me. You see, they are seeking state now to take action without human being themselves on the loop. This again means that you need to think what you can legally do in order to make this safe and possible. And if you have a government which has this demand from citizens, it understands it slightly better, I believe, than simply having it in the business sector this kind of customer demand. Do you think this practice can be applied in the states? I mean, there are two very different countries. You know, one very, very big, huge population. One point in Italy. I mean, there are absolutely important lessons to be learned from Estonia for sure. And I would say the emphasis on law as some sort of a trust supporting institution is hardening for me as a law professor. So I like that. At the same time, I would caution a little bit as we try to generalize some of these lessons learned. I do believe law only takes us so far and I've heard it in both your statements already. I was wondering also what is the role of some sort of the mindset and the kind of strategies of empowerment of citizens and ultimately education. Talking about young people, I feel there is a tremendous potential as well in addition to advanced technology and the legal infrastructure that needs to be in place. What's the software that we need to develop, the human operating system as we go forward so that we can embrace the technology for the social good, for the benefit of a large population and mitigate some of the risks and challenges. So again, going back to this human nature of what you're talking about and I'm very interested to hear from Madam President how you look at these software issues as part of the strategy that you're drafting and implementing. One thing which I would very much like to insist on is a term it's coined by me and I call it cyber hygiene. This is something where you basically have to teach all your population that you have to be hygienic in the cyber world. It's very similar to washing hands not to get sick, keeping yourself safe. It's easier if you have a single digital identifier like we do because you don't have millions of them for different applications of internet. But whichever way it is, we need to teach people that it will never be technology which keeps them safe. It will only be themselves updating, etc. But we noticed that in Estonia, for example, one cry didn't pass, not a single case because all systems were updated by people. Obviously, we have been able to make our society more cyber hygienic. It's been hard work. We did run when we digitalized public services. We ran programs both for, we called it Tiger Leap. I don't know why we don't have tigers in Estonia. But anyway, we taught young people, we taught old people to make sure that it's also inclusive, that everybody is able to use, etc. But I fully admit that we entered the internet where the most horrible thing was a virus which will come into the computer unless you have some antivirus program downloaded. Entering as a society to the internet of things is much more scary. Yet there is no other way than education and cyber hygiene because this is the only thing which will help. And then people say it's not possible. But I'm sorry, we taught our people to wash hands and then we didn't have these communicational means. So if you say we cannot do it, then it's lazy policymaking. We can do it if we want to do it and it's absolutely necessary. We teach children at school that bullying in internet is no better than bullying in real life, etc. We have web police making regular visits to Estonian schools explaining kids the risks of internet. You cannot avoid it, I'm afraid. But President, so maybe I can have a question for you because Estonia has people in millions of populations. But you opened the application for the digital ID for other people in other countries. That means in the future you will have a lot of, maybe billions of digital IDs. How can you protect the information? How to educate the people who didn't? Yes, I mean if an e-resident because indeed you are referring to a stone and e-residency program everybody you can all apply for a stone and e-residency and you have access to our identification and verification system. But all that system does for you, it checks other ID card holders whether they are who they claim to be. So in principle you cannot get into the system in an unhygienic way. It has to be with the same identity. If you have lost it and you have written your codes on it, chances are globally that somebody would know how to use it, it's also low, but if it becomes higher then we need again to see what can be done about that. But right now even if somebody impersonates you and gets into the system it cannot do any harm to the system as such. It can of course I mean harm your processes. But nobody else. So it has to be very strictly compartmentalised who has access to what and who. You wouldn't have even access to all our public services simply because you are not a citizen. All you can do is send encrypted email to your friends, your bank account, operate your company if you have one in Estonia, pay taxes online, these things you can do. But only relate it to yourself. So you cannot contaminate the rest. That means the infrastructure and platform, the security and the stability of the infrastructure should be very important. Absolutely. In your case law would not come that much into the game. This is more for example if you are a police officer. Then in principle you can check, I don't know my traffic offence record if you want. You have physical access and there we have by law to forbid and then to implement and then to punish if somebody looked who had nothing to do. But in your case you wouldn't have any of these access rights. You will only have access to your own data which we do protect also from everybody else. Talking about law, I would like you to talk about the general data protection regulation which just started implementing in May this year. Madam President, what was the reason behind this came into being in Europe? My understanding is that people felt that their personal information is not protected and companies felt that they cannot handle people's information without the risk of having to go around and apologize for crimes. They have not created it because simply that was absolutely no law regulating what can be done and what cannot be done. And the state similarly felt that their people and their businesses are online anyway and they cannot leave them alone any longer. And this is how GDPR was born. GDPR, I heard some voices in the states that maybe the United States should follow the example. So we've had both California and New York. It's a California. Move forward with legislation. The California Consumer Data Protection Act is very similar in intent and structure to the European General Data Protection Regulation. I think what we're going to see over a narrow window of time by politics and law scales in the next few years is a standardization of basic principles. That no matter the nation, no matter the citizen, no matter the service, these basic things are going to stop being problems that a single company or a single entity has to face. And we're all going to recognize it's like washing your hands. It makes everybody's life better. And that's going to encourage some new consistencies in certain technology designs, certain ethics and governance models, and certain legal frameworks. Right now, it's everybody for themselves that almost feels like in a nation and now in the U.S. at a state level, but that can't last. The interconnectivity, you can become an e-resident in Estonia if you're in any other country. The interconnectivity of the internet that we all depend on is going to demand that these things become international norms more than necessarily each and every state and each and every country having its own law for certain aspects. How then there is the enforcement and the follow-up around punishment and the follow-up around accountability, that is certainly within the boundaries of a nation to sort out. But whether or not you must show me what information you've collected, whether or not you must give me positive affirmation of what has and has not happened to the information that you've collected, I fundamentally believe a few years from now we'll all look back and laugh that that wasn't already accepted as something that would be a right and not necessarily a feature. If I may disagree with respect, I would agree first on the importance of GDPR as some sort of a new gold standard that of course shines throughout the world. We see it in Latin America. GDPR becomes a reference point in many parts of Asia as well. As a footnote, I think it will be very interesting to see whether there are from these continents kind of alternative approaches to GDPR which also comes with some drawbacks as we all know and whether there is a fourth way, so to speak, coming from either Latin America or Asian jurisdictions. But where I would be less optimistic is that we will see some sort of a trend towards a global coherent set of norms. At the level of principles, I would say we have those already. There is rough agreement. The OECD principles have been around for a long time. I think there is international law. At a very abstract level, fair enough, there are global standards. But then when it gets more granular to the level of detail of a GDPR, I think it's very unlikely that we'll see a uniform world law of privacy. The reason is because of very different political economies that we're dealing with that also play out at the geopolitical level. We're a nice group of people from different countries here and if you look at the interest and agenda within the US, if you look at the culture and trajectory of Europe and contrast that with China or host country here, I think these are very different political economies that will shape the outcomes of policies and laws, especially when it comes to data and especially as we are entering the age of AI where data becomes such a decisive factor. So I'm a little bit less convinced, although I would find it desirable for all the reasons you mentioned, to be less optimistic that we'll see a high degree of interoperability across these different jurisdictions. Professor Lee, how do you... How do you say you mentioned GDPR? I think GDPR is a good start for the data protection and adequately more people or adequately more government officials in the industry and civil society should know more about the data protection issues. But I'm not optimised about GDPR deployment because there's a lot of issues to... Maybe one of that is how to make sure that technology and law enforcement can be perfect. So I agree with Professor... Now I think it's like Europe has GDPR and California has their law, China has their law. So in the future that means that the international company needs to face different kind of laws. Maybe there's different kind of requirement. That will make the internet to be fragmented. So I didn't know what it is. Maybe now is the right time to start to take some action to have some multinational collaboration to find some consensus about the data protection. That it should be good. Even you mentioned that the OECD and other organisations have similar concerns, but it's not enough in this era. So now I feel depressed because up to now there's no such kind of organisation can do some coordination about data protection. How to make some consensus among those countries. And even in a nation, only government officials get involved in that. Not enough involvement from the industry and also from the academia and civil society area. So I think now we need to think about how to have this global platform to do some collaboration on the policy making. What sort of efforts are being made in China for protection of personal data? In China? In China, yes. In China how to protect the personal information. I think if I recall my memory, China starts to discuss how to protect the personal information since 15 years ago. But there's over one decade past, but it's not a very perfect solution for that. Even now the China government discuss how to protect the personal information. It's just as similar as the GDPR. I think over 12 items is still the same with the GDPR. But now it's a little bit difficult for China to do that. Why? China is a very large population, a very diverse culture, a very diverse education background, and also we have another 600 million people who cannot connect to the Internet. So if you only discuss this issue, can you discuss this issue because other people cannot connect to the Internet. So it's a very diverse country. So how to mix the consensus is quite different. Just as I mentioned, I think that this information is my privacy information. Maybe younger children just want to post on that. It's to be disclosed that if you're excited. I think it's a different concern. The people know there is a risk, right? It's a risk. I think in 2010, I can remember that. It's a big leakage for the user information. It's called CSDN. There's over six million personal information was leaked. It was attacked by the hikers. So because that's a very popular website. So that means the same user account in other websites. So it's a big issue. But even after a couple of months, nobody will concern that. Even some people don't know this memory. That's a big leakage for the website. So maybe you don't know the data protection. It's just a trust website. But maybe in some day, your information was disclosed to others. I just wanted to also say that we Europeans do not see GDPR as universal law because first of all it isn't. It's a regulation. Now every country has to go through their own legal space and apply. And countries can go further, for example, in applying this regulation and set higher restrictions and higher. President, they asked all of the international companies need to follow the law. They need to follow the law. This is exactly, but you need to follow not general GDPR. But every country will go through their own law space and set in the law also taking responsibility, for example, for how public sector deals and owns the information and data. And private companies who normally are part of creating this public sector ecosystem have to apply also the national law. And it has been very educative exercise, for example, for us because we, of course, have a better legal set than many. At the same time, maybe because computing power and storage has got quickly cheaper, we haven't thought about, for example, how long we'll hold any data available through digital databases, even to the state itself. So it's an educative exercise for every country to think these things through but outcomes could actually differ for different countries. So pay attention. Agreed. And if I may introduce another angle to the discussion, if you look at some of the largest problems we face in the world, whether it's global health crisis or global warming or nutrition, actually many of these problems we will only be able to solve based on data, on better data, on more data using the advanced analytical techniques we have available. And so while, of course, it's fair in the context of trust to talk about GDPR and data protection and law, I'm also very concerned how do we get enough data sharing going on so that we can embrace these new technologies for the social good, whether it's in the context of the sustainable development goals or in the nation context. And so, again, I think there we are still in a learning process and it seems like we have a pendulum that swings back and forth between reacting to some of the challenges we talked about before and misuses and bad things that happened and we enact tough laws, but how to get the balance right also to have laws in place that enable the sharing of data and the good uses, the social desirable uses of data and data analytics. And that to me, GDPR, I'm not totally convinced that this gives us the answer to that balancing question and I feel that's another challenge. One of the biggest risks associated with frameworks like GDPR and unique implementations of it not just within Europe but others trying to follow suit is this vulcanization outcome, this compartmentalization of the internet and the information flow that the internet has enabled for the last 30 years. Every person in this room and every person that will watch this broadcast will have benefited from incredible multinational multi-stakeholder information sharing leading to advancements in technology that have made all of our lives significantly better. At the same time, those tools and techniques have been used for harm by bad people and it is a constant balancing act. I personally fear waking up to a world where we get the privacy side right but we get the collaboration side wrong. I think that will do more harm than the inverse. I totally wanted to agree with you that while regulating we have also always been very much thinking about how to at the same time not restrict the data use and I would actually go away from digital to give you an example but this is not related only to the digital technologies. Estonia also has an Estonian genome law which makes it clear how you can gather population level genetic information about people, what right people have to this information, what right they have to distribute this information, for example, share it with their doctors and how companies and also scientists can access that information without knowing with whom information they are working with. And we did this law also, I think it was 2000 which means that in every case you are dealing with sensitive personal data in high quantities you have to think through both sides because if we had only said you can do the analysis but you cannot use the data on the other side then we would have had to pay good government money to get the Estonian Genome Foundation. Well, we said yes you can use and we guarantee both sides the safety and therefore private sector came in and created the Estonian Genome Foundation so they were ready to pay for it, for us simply because there was this legal space which allowed data use. So I do see that governments are anyway gathering huge mass of data. Our statistical office can demonstrate how tax data turns into macro data. I mean these plots are one of the most interesting I've ever seen. I mean you really see how the economy is changing and where it is going allowing you also regional predictions for example but for that to happen all governments need to take care that if a scientist or a company comes and asks can you give me this information? Because I know you have it. You will have to have a law which will make the public office say yes, if you respect these conditions and accept that you will never know whom it belongs to and if only too few well number of people have this kind of information we will not give it to you but otherwise you can use it. Only then will the data world actually materialize in cooperation with government and private sector. What do you think in 2000 led Estonia to the realization that that level of specificity was needed in law? In genetic information gathering we had a really good scientific base who said we would like to do something like this. We think it will be big, personal medicine will be big. We thought at that time that medicines will relate to or will basically be relating to your genetic basis and therefore it's important to know everybody's genome. This has not happened, there are other values but we knew we will not be able to pay for this so our plan was to quickly create the legal space to get things paid by the private sector and you know it worked quite long but then public sectors elsewhere, each one, they messed the market up. They started to buy this kind of service and therefore for 10 years we couldn't gather additional probes now it is really cheap, 25 euros per person. We are again gathering and the benefit appears to be different. It's preventive medicine. People know their risks and they can act accordingly. There is still no medicine out which will treat me but not you because we are genetically different. There are some coming but the biggest use, we now have about 10% of population screened by the ERN, the biggest use is preventive medicine. So you see, it took 20 years before we reap the benefits but we did it because we listened to the scientific community and of course we realized if we were a very poor country at that point we wanted to leapfrog and this is why we had the courage to do it. If I may follow up to that then in a lot of countries around the world right now initiatives that might take 20 years to be rewarded such as this one wouldn't survive a single political life cycle of an election. How do you feel that the political apparatus that is evolving in today's social media-led kind of society could start to support initiatives that go beyond the hype cycle of an election? Yes, I think you are very wrong that frankly speaking every politician has to be ready to take decisions which will implement and really show the benefits in 20 years time. It may mean your own political career will be 4 years long but this is what you do in democratic societies. You throw yourself out there with your full political life and get ready to be killed but you know you are doing the right things. I can tell you this has happened in Estonia too to politicians and if you get too timid and too focused on what people think today or say today you cannot get anything done and I think this is a big problem in this lack of trust to political leadership. Politics is not part of entertainment sector. It's about leadership, so you have to have the courage. Of course you have to know also how to explain to people and work hard on it. I can tell you we have worked very hard on this explanation side as well. Huge campaign we are following when we approved our genetic information law but finally you take the political responsibility when you do it. Well we understand the situation is very different from country to country. But because we are in China I would like to ask Professor Li a little bit more about China, the situation of China. The concept of cyberspace sovereignty which President Xi Jinping has repeatedly talked you know called for and it's important. Can you tell us the significance of that concept? Sure you know everybody mentioned that the internet is global. The unique internet is a global infrastructure to build a global one village in the future. But at any side if I try to understand our president's concept because you know even the world have a internet but the world have countries and every citizen have their countries and different countries have different laws. If you say something happened that means some specifically law by this country will be adopted. So you cannot use only one internet to deal with everything. In some specific area you should respect different kind of law in different country and then to do the business or deal with some conflict or just for the even the economic development. So I didn't say it doesn't mean that our president can emphasize this concept. It doesn't mean that it doesn't respect the one internet. So it's just to tell the people you need to respect the localised requirement and localised laws. President. President. Cyber space sovereignty. How do you see that concept? Frankly speaking I am among those who don't want cyberspace to be too restricted. I mean I totally accept that we even compete on our cyber law. I mean we set it more permissive or less permissive etc. So it may be different to certain extent. But then we have to also make these bridges which will cross these seams in the internet because the whole idea is that we are global. We work globally and we act globally and we cannot do that and if we cannot do that then it's actually pointless doing things digitally because then you could still sit in your car in the morning go to your office which is two blocks away or 100 kilometres away and the end of story. The tech world what it does it's a fantastic enabler of an individual because you don't have to gather anymore for example into enterprises in order to work productively. You can quite to the contrary choose yourself an extremely narrow specialisation and offer this independently for 10 companies globally in the world. And this is a huge enabler. You can be a poor girl in Africa who learns I don't know if it's tax code and works as a bookkeeper from Africa. It's a huge enabler and I think therefore you should be absolutely careful of not blocking these kind of enabling things. For example if you set a law that bookkeeping data which is based for your tax data can never leave the country then you have closed this alley for poor African girls to choose this profession and gain a really good living standard from that. So you have to think at every step this kind of laws exist by the way in some countries. Tax data it has to be inland always. So you see it's very easy to cut this growth and this opportunity by wrong legal space setting and we have to all the time think of enabling not limiting enabling is what we need to do. Internet started off as a tool of globalisation and seamless and borderless but after a few decades it's changing too. The picture is changing. How do you see the progress of what internet has brought to the world? I mean at the core I think the promise of as we described it of an interconnected world that vision that the internet introduced where we can share information and knowledge across the globe. I think we're close to that. It's very important at the same time to acknowledge as Professor Lee mentioned before that there are still significant digital divides and participation gaps so there are large populations not yet connected and even within the connected populations there are different skill gaps and literacy barriers that makes it hard for people to equally embrace the opportunity of new technology. But overall I think the trend is towards more interconnectedness. But you're quite right. The forces at play have shifted. A lot of enthusiasm maybe 25 years ago that we would move thanks to the internet to a more decentralised democratic world with a lot of bottom-up opportunities for participation and engagement. I think we've learned that that's not the reality as of 2018 but we see new trends of concentration. We talked about big companies already and we'll perhaps spend a few more minutes on that topic. And you know some of it is within the economics, some of it is driven by interests. We also touched upon of course the fact that governments themselves are not without interests. The internet has become such an important driver of economies and has also national security implications that the stakes are high both on the private sector and the public sector side. And not surprisingly that has messed with the more academic vision of an equal everyone is just the user version of the internet from 20 years ago or 30 years ago. So being in a world where data is an asset, data is power, more data is money, right? Is the digital world being kind of stagnant in terms of who owns the data? How do you see that from industry point of view? So we have clients in our company that are multinationals, they're global 100 firms, their household names and they're all that because they've earned the trust and business of very large populations of the consumer world. Some of them are individual consumers, some of them are other large companies consuming their goods. I say all of that because those same clients are definitely recognizing and we've been involved in a lot of their conversations about this recognition that as they move forward in a digital era, putting trust in a digital sense as a competitive differentiator to the markets that they're in is going to be a make or break moment for the next phase of their business growth. And that's from CEOs down at these organizations. It's no longer this idea that it's the IT side of this house, the security side of the house that thinks about these things. That then leads to a slightly different view on data ownership. And what we've seen in some of the more avant-garde business kind of strategy sessions from these CEO-led initiatives and even some nation-state-led conversations is it's about data custodianship and data handling, less about data ownership. Because it's not a commodity that once again is tactile and is singular, it is something that can be shared and distributed at little to no cost with the same impact. Folks are thinking how can they get competitive offering services where they're the most trusted custodian and handler of the data and making that the reason why the population and the future will do business with their services versus say somebody else's. Similar to making maybe the cyber domain as a competitive differentiator to the residency of choosing where to do business in a nation. It was quite complicated what you said. It's simpler way but exactly the same thing. I'm not a specialist so I'm a generalist so I have to keep it simple. Simple thing is you don't have to own data to benefit as a society from the data. Very simple example, web doctors. Everybody who is sick Googles nowadays, their symptoms, what they right now get is rubbish. Lots of esoteric rubbish stuff. Now if you have proper trained web doctors, an algorithm which is learning from the cases it has been handling, I know NHS for example is experimenting with these systems, then the social benefits are much larger than simple money or gains so you don't need to own data to get benefits from that. Another example is we think it's only about data and smart people and engineers and I totally disagree. If you take handicraft sector, previously if you were in that sector you had to go to the markets to sell your stuff. Then you got more effective, you had an agreement with a souvenir shop in the capital if you were lucky. Now all you need is a home page. In Estonia there is a man who does bows and dares, world class really beautiful, expensive, nobody in Estonia almost would buy them. His closest clients are 1,000 kilometres away and I mean he came from South Africa, has settled in Estonia where nobody lives in the middle of the world and he's perfectly able to feed himself in a royal way by handicraft or take handicraft people. Previously if you were an autistic person who is afraid to talk to the world and you only have one habit, you really like to knit red socks in your own room. You didn't have any possibility to make living. Now among the billions of people connected to internet there are probably enough takers for your red socks and you don't have to talk to anybody. See, it's much bigger than data. It really comes down to the real analog work as well. Do you want to follow that? I didn't mention that. Sure the data is very, very useful and that's why so many companies want to get more data from internet users but remember that data is useful but it's also very dangerous because you need to invest a lot, have a big cost to protect the data. But maybe in the beginning there are so many industries just want to get data but they don't want to invest a lot of practical data so in the future there are some crises for this company. Even similar as the country. Now there are so many countries that want to get more data from the people but they keep on how the country and how the internet company can use the data. So I think now it's a very critical time because nowadays the average internet penetration in the world is over 50%. I think it's a very critical time. But I want to claim that to make sure the ownership of data doesn't mean you want to close the data. To clear the ownership of data is to better use the data. Just like the firm, if the firm respects every expert, your view is your view but you can permit me to use your view, use your knowledge that will make the firm better. You just lack the work. Everybody controls the data but you should respect the data, it belongs to myself. But I allow you to use my data to make the internet more useful. I don't invest the philosophy. We have a few minutes before the ending but I would like to ask each one of you what will be the key for you to feel safe in the digital world as an individual and what would you like to see for the world to be safer and protected or for you to feel more protected? Start with the second part of the question which is easier. I truly believe some of the challenges we touched upon are ecosystem level challenges. And therefore our approach is how we address the challenges as well as embrace the opportunities will require the working together of all stakeholders, whether it's companies, whether it's individual users, civil society, governments, we need to work together and we need to deploy all the instruments we have available in the toolbox, whether it's privacy by design or legislation or incentive-based new business models. We really need to embrace it and look at it as an ecosystem level issue what comes in terms of digital transformation. And therefore the first part of the question, it's harder to say is there one thing that makes me feel safe. Yet of course I try to contribute in my sphere of influence. I try to make good decisions as a user. I hope I can be helpful in helping to make good decisions in my job as I talk to policy makers. So of course we can do a lot as individuals but we have to understand this is bigger than any one of us. This is an ecosystem level challenge. Mr. Kasich. Certainly echo that and just repeat something that's already been said many times. The fear of getting the collaboration side of the future of the Internet wrong is what I personally am most concerned about and that's going to require a clear recognition from all stakeholders that this is a global challenge with global opportunity on the other side of getting it right and making sure we never lose sight of that. To the first part of your question, that's a real challenge. I wish somebody had the answer to it. But for me it's about knowing as much about what's not happening with my information as I know about what is happening with it and making sure that the systems and the technology that are telling me about what is not happening with my data are able to be trusted independently of those using those systems to process my data. Professor Lee. I think if I feel safe, there's two points. One, I know it very clear. One is a hundred percent I don't know. So if I want to know it clear then I mean who use my data to do a business even if it's government or company or some legal entity is transparent and a combo. So that would make me feel safe. Even if they use my data. But I know how to use that. And maybe the best solution for the current stage there's so many people lack of the knowledge for internet usage. Not everybody is the expert for technology. So maybe for some people they don't know it's safe. They don't need to know so many security instants to make them scared to use the internet. Just worry about everything will be steal by the hackers and it will make me feel dangerous. So don't need to let people know more scared issues for them. Even just across the street in Tianjin or Beijing I feel safe but actually there is some danger so you just got some car at good speed. But actually 99% is safe. Even now there is a lot of issue for internet now. But mostly it's safe. My main worry actually is that the academicians have analyzed a lot how international law space in analog world applies also to cyberspace. But we have pretty few elements of international law in cyberspace in place because countries simply have not declared clearly their intentions. And I think it's extremely important that we do this. And that's why Estonia is running for the United Nations Security Council because as a small country we don't have time for small objectives. So we want to bring this discussion at the global level. And my suggestion is if we start doing it let's not think of technologies of today. For example I would like to have guarantees that if singularity one day happens we as an international community I mean through AI, thinking, self-developing AI if this truly happens I want to have an international community in harmony on what obligations to report and what rights to verify. We do have for example let's imagine this takes a lot of energy probably you see an energy disappearing through a black hole this could trigger an international monitoring mission or perhaps all neuron network like computer systems which are large enough need to be declared and somehow monitored or open to international monitoring. Because if we think about singularity we will also cover narrow AI and all the current autonomous and automated systems which also pose a security risk. So this is something which I miss but I do not intend to sit and complain. I intend to act. Great, I think it's time to wrap up. So thank you very much for all your insights and contribution today. Thank you, thank you so much.