• Technology regulation is evolving rapidly but remains fragmented across national and regional divides.
  • Agile governance can potentially address the issue by creating a nimbler and more adaptive approach to regulation.
  • But we need to overcome the constraints that agile governance faces in real-world settings to embrace this form of policymaking.

Although technology regulation is evolving rapidly in today's world, such regulation remains greatly fragmented across national and regional divides. Agile governance can potentially solve this fragmentation by promoting nimbler, more fluid, and more adaptive approaches to regulation.

Whether it is privacy, cyber security, cyber warfare, national security, or prohibited content, every hot-button issue in technology governance today seems to be of global concern, yet resides in the hands of nationally-focused lawmakers relying on outdated policies that continue to reinforce the fragmentation of technology regulation.

Take data protection, for example. The EU's General Data Protection Regulation (GDPR), which was first proposed in 2012 and came into effect in 2018, is essentially an international privacy law for data protection. Any organization that processes any personal data from any EU citizen is covered.

Beyond its extraterritorial impact, it has inspired similar efforts to update and improve data protection in other jurisdictions, such as in Japan, Chile, Egypt, and the state of California in the United States.

‘Patchwork’ of data regulation

This flurry of GDPR-inspired activity gave hopes that data protection would become more consistent over time. Indeed, there are established mechanisms for precisely this. For more than 20 years, the European Commission has conferred "adequacy" rulings on national regimes that meet its strict data protection standards, allowing personal data to flow unimpeded across borders. However, only a handful of countries and territories have received the European Commission's "adequacy" decision, including Japan and the United Kingdom.

There is no systematic and all-inclusive privacy law regulating all private parties in other countries. In the US, for example, there is a patchwork of state and federal laws, and most focused on specific industries, such as the Health Insurance Portability and Accountability Act (HIPAA) in healthcare and the Gramm-Leach-Bliley Act (GLBA) for entities in the financial sector.

Meanwhile, China's data protection laws focus on strong government control, public order, and national security. These laws include its 2017 Cybersecurity Law and its 2021 Data Security Law, and the upcoming Personal Information Protection Law. These include broad requirements on data localization and have an extraterritorial effect.

Asia has seen perhaps the greatest transformation in the area of data privacy in the last decade. Before 2020, only six countries had comprehensive data privacy laws. Between 2010 and 2020, 20 jurisdictions enacted new data privacy laws, and seven undertook amendments. Five of these have extraterritorial provisions, and while they all share similar data protection elements, all differ from one another and other regions in important ways.

Furthermore, even if GDPR compliance is equivalent to "gold-plating" your firm's system, a global firm will still need to check that its systems fit the idiosyncratic data protection requirements across 20 markets in Asia alone.

Regulatory fragmentation is more than just about costs to firms, however. It also matters because greater complexity and diversity across jurisdictions means that consumers are less likely to be well-protected. Moreover, less discussed is that fragmentation impedes governments' implementation and enforcement. By contrast, a consistent approach means inter-agency cooperation and information sharing between agencies is far easier to achieve.

AI, machine learning, technology

How is the World Economic Forum ensuring that artificial intelligence is developed to benefit all stakeholders?

Artificial intelligence (AI) is impacting all aspects of society — homes, businesses, schools and even public spaces. But as the technology rapidly advances, multistakeholder collaboration is required to optimize accountability, transparency, privacy and impartiality.

The World Economic Forum's Platform for Shaping the Future of Technology Governance: Artificial Intelligence and Machine Learning is bringing together diverse perspectives to drive innovation and create trust.

  • One area of work that is well-positioned to take advantage of AI is Human Resources — including hiring, retaining talent, training, benefits and employee satisfaction. The Forum has created a toolkit Human-Centred Artificial Intelligence for Human Resources to promote positive and ethical human-centred use of AI for organizations, workers and society.
  • Children and young people today grow up in an increasingly digital age in which technology pervades every aspect of their lives. From robotic toys and social media to the classroom and home, AI is part of life. By developing AI standards for children, the Forum is working with a range of stakeholders to create actionable guidelines to educate, empower and protect children and youth in the age of AI.
  • The potential dangers of AI could also impact wider society. To mitigate the risks, the Forum is bringing together over 100 companies, governments, civil society organizations and academic institutions in the Global AI Action Alliance to accelerate the adoption of responsible AI in the global public interest.
  • AI is one of the most important technologies for business. To ensure C-suite executives understand its possibilities and risks, the Forum created the Empowering AI Leadership: AI C-Suite Toolkit, which provides practical tools to help them comprehend AI’s impact on their roles and make informed decisions on AI strategy, projects and implementations.
  • Shaping the way AI is integrated into procurement processes in the public sector will help define best practice which can be applied throughout the private sector. The Forum has created a set of recommendations designed to encourage wide adoption, which will evolve with insights from a range of trials.
  • The Centre for the Fourth Industrial Revolution Rwanda worked with the Ministry of Information, Communication Technology and Innovation to promote the adoption of new technologies in the country, driving innovation on data policy and AI – particularly in healthcare.

Contact us for more information on how to get involved.

The concept of agile governance is one solution to this fragmentation. Just this past December, Canada, Denmark, Italy, Japan, Singapore, the United Arab Emirates and the UK signed the first "Agile Nations" agreement to incorporate the principles of agile governance into their regulatory environment.

Agile governance promotes nimbler, more fluid and more adaptive approaches to governance. It draws inspiration from agile software development, embodied by the principles of The Agile Manifesto.

Agile governance does not prioritize regulatory design or implementation speed, as too much speed can threaten the inclusiveness of policy processes or outcomes.

Instead, the idea of agile governance suggests that more proactive, inclusive and iterative approaches to policy design can create rigorous systems that are more effective and representative than traditional processes, even within compressed time periods.

Data policy should be outcome driven

One central idea of agile governance is that policymaking should be outcome driven and evidence-based while recognizing that contexts and needs change throughout a policy project.

This approach requires ongoing collaboration between a wide range of stakeholders to ensure that knowledge flows into policies effectively and inclusively, which then enjoy greater legitimacy.

Agile governance also recognizes that the architectures and rules that guide our behaviour – particularly in the world of technology – extend far beyond the incentives, regulations and laws created in the public sector.

Business models, corporate policies, software, product design, and technological infrastructure can all influence user behavior and outcomes for citizens more so than public policy. As a result, new models of collaborative governance across sectors are required to meet the challenges and opportunities of the 21st century.

The World Economic Forum has identified eight approaches and more than 100 examples of agile governance worldwide. Many governments are trialling policy labs, sandboxes and crowdsourcing efforts.

Other examples include novel forms of industry-led self-regulation, the concept of super regulators, setting shared ethical principles, new approaches to standards creation and enforcement, and the creation of collaborative governance ecosystems across jurisdictions.

Agile governance puts pressure on governments to innovate in engaging with a broader range of stakeholders. Most public sector institutions and agencies will require an investment in the skills and resources related to cross-sector collaboration and in approaches to knowledge management, systems thinking and design thinking.

Three constraints to agile governance

However, there are three increasingly important constraints to agile governance, the first which is limited policy space. The legal, economic, and technological implications of living in a globalized world mean that not all policy options are fully available to sovereign states.

The second constraint is stakeholder engagement. In addition to privileging their interests, stakeholders often possess very divergent views about what policies are possible and how to weigh different trade-offs – but engaging them is costly.


What is the World Economic Forum doing about healthcare data privacy?

The Healthcare Data Project at the World Economic Forum Centre for the Fourth Industrial Revolution Japan grapples with the question of how societies should balance the interests of individual citizens, businesses and the public at large when it comes to sensitive healthcare issues. An improved approach to governance during a number of health crises, including pandemics, can help build trust and possibly even save lives.

The Centre for the Fourth Industrial Revolution has developed an approach to data governance - Authorized Public Purpose Access (APPA) - that seeks to balance human rights such as privacy with the interests of a data-collecting organizations and the public interest — that is, the needs of whole societies.

Additionally, a recent white paper examining existing data-governance models, discovering that most are biased toward the interests of one of three major stakeholder groups. The whitepaper revealed the need for a balanced governance model designed to maximize the socially beneficial potential of data while protecting individual rights such as privacy and the legitimate interests of data holders.

Finally, the third constraint is trade-offs. All policy options come with trade-offs, which are very difficult to assess ahead of time and can be challenging to measure after the event.

Agile governance can help solve the growing fragmentation of technology regulation. However, we cannot reap the benefits of this new mode of governance and policymaking unless we continue to overcome the constraints that agile governance faces in real-world settings.