IGF 2023 WS #279 Sandboxes for Data Governance: Global Responsible Innovation

Tuesday, 10th October, 2023 (05:00 UTC) - Tuesday, 10th October, 2023 (06:30 UTC)
WS 5 – Room B-2

Global Digital Governance & Cooperation
Regulatory Sandboxes for Technological Innovations

Organizer 1: Tainá Flor Bento Mota, ANPD Brazil
Organizer 2: Moraes Thiago, ANPD
Organizer 3: Lorrayne Porciuncula, The DataSphere Initiative
Organizer 4: Armando Guío, Berkman Klein Center
Organizer 5: Pascal Koenig, UniKL

Speaker 1: Agnė Vaiciukevičiūtė, Government, Western European and Others Group (WEOG)
Speaker 2: Denise Wong, Government, Asia-Pacific Group
Speaker 3: Kari Laumann, Government, Western European and Others Group (WEOG)
Speaker 4: Ololade Shyllon, Private Sector, African Group
Speaker 5: Lorrayne Porciuncula, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 6Moraes Thiago, Government, Latin American and Caribbean Group (GRULAC)(video) 


Armando Guío, Technical Community, Western European and Others Group (WEOG)

Online Moderator

Pascal Koenig, Technical Community, Western European and Others Group (WEOG)


Tainá Flor Bento Mota, Government, Latin American and Caribbean Group (GRULAC)


Other - 90 Min
Format description: The panel combines input from speakers with interactive elements to engage the audience and to collect more perspectives on regulatory sandboxes. After a brief introduction of the subject by the expert (Armando Guio) and an initial word from the other speakers, the moderator will guide the speakers in a dynamic roundtable discussion. The discussion is structured into three thematic blocks (1. Introduction to sandboxes, 2. Regional perspectives; 3. International partnerships), with rounds of Q&A with the onsite and online audience and quick polls between them to collect more perspectives and facilitate interaction among participants. The room layout can follow the structure of roundtable sessions (format #2)

Policy Question(s)

A.Sandboxes characteristics: What are sandboxes' benefits to individuals, organizations, and regulators? How could sandboxes contribute to fostering good practices to responsibly unlock the value of data for all and promote responsible innovation in AI? B.Regional perspectives: How are sandboxes being regulated within different national and regional frameworks? What are the main enablers and challenges of implementing a sandbox? What could the proposed solutions be to overcome these challenges? C.International partnerships on sandboxes: What are the main transnational experiences of sandboxes and their challenges? How could international partnerships (North-South, South-South, and triangular cooperation) enhance access to science, technology, and innovation?

What will participants gain from attending this session? The session will provide several insights to participants and attendees, such as (i) the roles of regulatory sandboxes in the promotion of responsible data governance and AI innovation; (ii) a regional perspective on the enablers and challenges of implementing sandboxes; and (iii) international collaborations on sandboxes. This will allow stakeholders to reflect upon strategies to develop and be involved in sandbox initiatives that are able to foster innovation while respecting human-centered values. The session will also broaden participants' perceptions of what possible evidence already exists of the impact of sandboxes in different regulatory environments throughout the globe, with a focus on the Global South’s experiences or when sandboxes should be preferred in contrast to other traditional regulatory tools, as well as to what extent sandbox experiences can be "exported" from one country to another or implemented across borders.


The goal of this session is to critically analyze the role of regulatory sandboxes in shaping current and future regulatory frameworks related to data governance, including those on data sharing, data protection, and AI. In the last decade, sandboxes have been implemented by regulators, especially in the fintech space, and have become an increasingly important testing tool designed to identify and address challenges associated with emerging technology in different policy spaces. While establishing a space for live testing of innovations in technology and policy, balanced with appropriate safeguards and supervision, sandboxes can foster responsible innovation and allow regulators to learn about technologies and markets, thereby contributing to more agile and fit-for-purpose development of regulatory frameworks. To this end, several institutions have been involved in promoting sandboxes, such as think tanks and development banks, as well as developing them, such as government ministries and data protection authorities. The debate will bring perspectives from several of these organizations from across the globe, and more specifically from the experiences of Brazil, Chile, Colombia, India, Nigeria, Norway, Saudi Arabia, Singapore, South Africa, Turkey and the UK. Several questions will be raised based on the initiatives developed in the selected countries, with the goal of answering questions related to (i) sandboxes main characteristics and their role in promoting responsible data governance and AI innovation; (ii) regional implementation opportunities and challenges; and (iii) international partnerships on sandboxes. In this sense, the session aims to explore similarities, as well as specific challenges that may have arisen due to cultural and socioeconomic aspects, in particular when comparing the experiences of the Global North and the Global South. Finally, it intends to explore how international partnerships between these regions (North-South, South-South, and triangular cooperation) may enhance knowledge sharing and access to science, technology, and innovation.

Expected Outcomes

This session expects to provide an overview of several initiatives on data governance regulatory sandboxes throughout the world. With that, it expects to identify the similarities between these experiences that could become common denominators in a template for other regulators who wish to develop their own sandboxes programs. By drawing from the experiences of representatives from the Global North and Global South, it aims to identify national and regional contexts that may enable or hinder the implementation of sandboxes and the transposition of sandboxes from one setting to another. Furthermore, it is expected to explore how international sandbox partnerships between stakeholders from different regions may enhance knowledge sharing and access to science, technology, and innovation. Finally, one expected output is the publication of a report which summarizes the several experiences which will be presented in the session. This report will be shared by the involved stakeholders within their own communities.

Hybrid Format: Before the session, the organizers will hold preparatory meetings with the speakers to give a structure for the session and create more synergy among participants. In order to reach a broad online audience, the proposer aims to publicize the panel through its social media, and it will encourage panelists to do the same to reach stakeholders in their given regions. During the session, engagement will be done by alternating between onsite and online moderators. In this way, we expect that both onsite and online audiences will be incentivized to participate in the debate. Furthermore, to ensure the stability of the session, we expect to have a dedicated liaison moderator who will serve as a point of contact between online and onsite participants and provide assistance in case of technical issues.

Key Takeaways (* deadline 2 hours after session)

No sandbox will be the same and depending on who you ask the definition of a sandbox is different. This shouldn’t alarm stakeholders but rather fuel openness and enable sandboxes to be used as an anchor for policy prototyping

Sandboxing is a spirit and can help actors share and understand a problem. This can clarify policy challenges or new tech applications and how to develop user safeguards.

Call to Action (* deadline 2 hours after session)

Regulators need to listen different point of views. Building an effective sandbox is less about the skills and maturity of a regulatory but rather about regulators being allowed to engage purposefully with stakeholders.

More experimentation and sharing of experiences need to be done in order to help unpack the opportunities and challenges of setting up sandboxes for data in a particular sector or regulatory environment.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

Mr. Axel Klaphake, GIZ Director, Economic and Social Development, Digitalisation, opened the panel by briefly introducing the topic, emphasizing the benefits of data for economic growth and social development, and then introducing the speakers present at the table as well as those who would be attending online. 

The on-site moderator, Armando Guio, then gave a presentation on the current state of regulatory sandboxes to offer context for the upcoming conversation. He defined the regulatory sandbox as "a regulatory approach, typically summarized in writing and published, that allows live, time-bound testing of innovations under a regulator's oversight. Novel financial products, technologies, and business models can be tested under a set of rules, supervision requirements, and appropriate safeguards." This concept was attributed to the U.N. Secretary-General's for special advocate for inclusive finance for development. Mr. Guio also dealt with examples of uses, such as Brazil, Colombia, Ethiopia, Germany, Kenya, and Lithuania. 

As the first panelist's speech, a video from ANPD, the Brazilian Data Protection Authority which co-organized the panel, was broadcasted, in which Thiago Moraes emphasized the importance of fostering a dynamic discussion among all relevant stakeholders in order to deliberate strategies that can pave the way for the development of Sandbox's initiatives. He also announced the beginning of the call for contributions for ANPD’s regulatory sandbox on AI and data protection, which is a crucial step forward in Brazil's journey toward responsible innovation. 

Agne Vaiciukeviciute, Vice Minister of Transport and Communication of the Republic of Lithuania, highlighted her country's experience with regulatory sandboxes. The outcome has been considered a success, and this has generated more interest and investments in this area. They are currently exploring 5G technology and its capabilities in depth. 

Denise Wong, from the Singapore Data Protection Authority, IMDA, highlighted their experience and spoke about unlocking the potential of data through policy mechanisms in collaboration with industry as a method to support it and also assist them discover suitable safeguards and protections. She cited one of the key advantages of employing sandboxes as the ability to reduce the time and effort required for technologies to be deployed, allowing enterprises to securely experiment with cutting-edge technologies that provide them a competitive advantage, among further benefits. 

Lorrayne Porciuncula, from the DataSphere Initiative, addressed the fact that the aspects required for governments to follow in order to successfully establish a regulatory sandbox vary depending on the national jurisdiction in which it is located, the institutional framework, and the time frame, among other factors. Therefore, it is important to demystify what sandboxes are and to show that they are not for exclusive application of sophisticated regulators. In fact, it is a way of engaging purposefully with stakeholders from the design phase onward and building institutional trust with the private sector. 

Kari Laumann, from the Norwegian DPA, presented the benefits of using sandboxes in her country. She listed as a good practice the experience of bringing firms into the dialogue prior to the installation of the sandbox with questions about what they were interested to build when it comes to AI and data protection, algorithm fairness, and minimizing data. 

Ololade Shyllon, from Meta, shared the private sector's perspective, saying that while the benefits of using sandboxes vary depending on the unique context of each project, in general, they help to reduce regulatory uncertainty, create a safe space for innovation, make adaptation faster, and build trust between regulators and the private sector. 

The panel then proceeded with an online and in-person Q&A session. 

Overall, the session brought out the following takeaways: 

  • It is critical to establish objective criteria and clear advantages for participants, such as certifications. Set highly specific use-case objectives as well. 

  • The sandbox is vital for mapping common problems that the public and the private sector would face when developing or deploying a technology. 

  • Bringing many stakeholders into the conversation can help to reduce regulatory capture. 

  • The resources needed to implement sandbox may vary according to its goals and the skills and maturity of the regulator. 

  • Sharing experiences between countries is a great approach to learn about the many models available. 

  • Sandboxes can promote responsible data governance and AI innovation, creating a space where innovative ideas can flourish while respecting human rights, such as privacy and data protection.