The World Is Digitalising – So Too Should Regulators

Governments, including the Swedish government, are beginning to explore how legislating could be improved in light of digital technologies. This is welcome but something that businesses and business leaders have known for some time: the data being generated by our interactions in the digital world holds more potential than just the optimisation of what advertising we see.

In general, legislation is only ever as effective as the probability of its enforcement. In the borderless digital world, where today’s regulators and enforcers still enjoy only an analogue presence, that possibility of enforcement is significantly diminished. However, digital advances mean that data from both physical sensors and economic activities online, enforced through policy-maker-generated code, could change this. In particular, such data could be used for three things: 1) insight into regulation effectiveness; 2) automated oversight, and 3) pro-active compliance.

Digitalisation indeed has the potential to empower regulators and authorities. They, too, can use digital tools not only to increase public awareness of laws, as they do today, but also to fine tune and enforce them.

Insight into effectiveness

GDPR, which has been on everyone’s lip and in everyone’s inbox, exemplifies how complex the digital world has become. Data is generated from every corner and its collection and use is hard for individuals to track. For this reason, the European Union decided to regulate data use and collection; in large part because data was being collected and used unethically, but also because it’s never been easy for the average user to trace how their data online is being used. While the GDPR is well-intentioned, it will prove hard to enforce for the very reasons that made it necessary in the first place: regulators could not, and still cannot, see how and by whom data is being collected.

Following the GDPR example, were legislators (or enforcers) able to track how data is collected, and by whom, they would themselves be able to examine how effective GDPR has been, not wait for ex post reports of problems—which are likely to under-represent breaches. This ability to examine effectiveness is not just crucial for the legitimacy and effectiveness of legislation, it will also allow legislators to fine-tune regulations in line with changing social and technological conditions.

Take the Blockchain, for instance. Blockchain enthusiasts point to how this (perhaps hyped) piece of technology is inconsistent with GDPR: the immutability of Blockchain records, a feature of the technology, means that data cannot be removed from a distributed ledger. How are legislators to respond to this? Discussions at the EU level are ongoing, but data around the effectiveness of existing GDPR regulations would support these decision processes.

Automated oversight

The same digital tools that allow for insight into regulations’ effectiveness will also allow for oversight and monitoring of the nuances of regulatory compliance.

Not only would this allow for more effective regulating, it would provide a basis to measure and assess proportionality, allowing regulators to better assess whether, for instance, a set of regulations is adversely affecting a specific industry. It would also make compliance something that occurs automatically, lightening the burden it imposes on firms with simple business models, or in early stages of development.

Take financial transactions. In principle, these digital interactions leave a trail of data that can be used to understand, measure and tweak legislation to improve reach and impact. Collecting this data could even be anonymous in nature: with the right tools, individuals can retain digital integrity, while authorities obtain aggregate and metadata with which to develop insights and train algorithms.

Thus far, regulators have chosen to set technical standards (e.g. in PSD2), rather than develop code as a way of ensuring compliance. However, we believe that this is less effective than the other possibilities open to regulators. Standards may “set the scene”, but do not increase the probability of compliance and enforcement—and certainly do not allow for a nuanced understanding of the effects of regulation. Given the pace of innovation and disruption enabled by digitalisation, ensuring that regulation encourages, rather than hinders, fair competition is more important than ever before.

Pro-active compliance

While data collection and analysis is largely reactive, digital technologies also allow for pro-active compliance. This could be done through legal obligations to include certain modules in a digital product or service offering. Such modules are likely to be in the form of code and include self-executing contracts, automatic reporting and real-time data collection and analytics. However, they could also include digital sensors that monitor real-world conditions using digital tools.

Peer-to-peer platforms could, for instance, be obliged to include modules that connect to APIs maintained by trade unions to check for relevant collective agreements. Regulators could even require that other kinds of digital platforms, for instance those that sell products with taxes attached to them, include code modules that automatically and instantly pay taxes. This would make tax evasion when using portals like Airbnb and similar nearly impossible.

Tamper-free, built-in, digital IoT sensors could allow for automated, real-time compliance with environmental standards, for instance by assessing emissions from production or construction sites.

Today, code-as-law makes sense for the most simple of applications. However, complex rules that require flexibility and the ability to respond to social changes could also be on the horizon, as technologies that include AI and contextual learning advance.

Regulators need to get involved in the development of code—both for the protection of consumers, as in the example of GDPR, and in order to make legal enforcement credible. Governments, to be effective, thus need to become active agents in the network economy. This will require a shift in mind-set and the acquisition of new skills and competencies within regulatory agencies around EU Member States as well as within the European Institutions themselves, the European Commission included.