IGF 2019 Reports

Integrated Policy Framework Key to Realizing Digital Inclusion – This workshop focused on sharing practical insights on the value of an integrated policy framework for digital transformation in fostering economic prosperity across all sectors and improving societal well-being inclusively. It used the OECD’s Going Digital integrated policy framework as a reference and explored the value and barriers that may arise in implementing the framework. Speakers also considered how the related Going Digital Toolkit may help to overcome some of the barriers.

David Gierten, OECD

This Going Digital (GD) Project aims to help policymakers better understand the digital transformation and develop policies fit for the digital age. The project started in 2017 and we are currently in the 2^nd phase. There are two key publications of Phase I: Going Digital: Shaping Polities, Improving Lives and Measuring Digital Transformation. These summarize some 130 outputs produced under GD Phase I. A third key output also launched in March 2019 is the online GD Toolkit. The Integrated Policy Framework (IPF), also developed in Phase I of GD Project is the structuring element of both publications, as well as of the GD Toolkit. The purpose of the IPF is to:

• Overcome siloes seen in many countries that address issues arising with digital transformation in all corners of government, but often not yet in a coherent and coordinated manner.
• Bring together all key policy areas that need to be considered in a whole-of-government approach to digital transformation under seven policy dimensions.

The seven dimensions show a number of different policy areas that should be looked at jointly because they are likely to interact and should, therefore, be coordinated.

Access – high-quality access to communication networks and services as well as access to data, which is becoming increasingly the foundation for the digital economy. Key policies include:

• Communication infrastructure and services – e.g. ensure that technical enablers are in place
• Competition – crucial to lower prices and improve quality of communication services
• Investment – investment in infrastructure that can cater to growing demand for data
• Regional development – to make sure good connectivity doesn’t stop at city borders

Use – effective use of digital technologies by all actors: individuals, firms and governments. Key policies include:

• Digital government – to go beyond e-government, adopting a user-driven approach
• Investment – enable firms to invest not only in ICTs but also in intangible assets
• SMEs – targeted support to help SMEs catch up and thrive
• Business dynamism – structural policies that affect technology diffusion
• Skills – equip everyone with the mix of skills needed to succeed in digital life and work
• Digital security and privacy – to overcome mistrust and empower people and organizations to manage digital risk

Innovation – fundamentally underpinning digital transformation. Key policies include:

• Entrepreneurship – reduce regulatory burden for start-ups and enable experimentation
• SMEs – facilitate R&D in smaller firms
• Science and technology – foster knowledge diffusion, open innovation, and open science
• Digital government – open government data
• Sectoral policies and regulations – new business models and experiments, e.g. regulatory sandboxes 

Jobs – both the quantity and quality of jobs are being affected by the digital transformation, positively and negatively. Key policies include:

• Labor markets – promote successful and fair transitions from declining to expanding jobs
• Education and training – empower people with the mix of skills needed to succeed
• Social protection – ensure no one is left behind, incl. those working in new forms of work
• Tax and benefits – fit for a transforming labor market and new forms of work
• Regional development – address regional imbalances in transforming labor markets

Society – the digital transformation should be inclusive, improve well-being, and lead to social prosperity. Key policies include:

• Social policy

• Tax and benefits – notably in the context of a transforming world of work
• Education and training - reduce existing digital divides, e.g. by strengthening foundational skills and lifelong learning
• Environment – unleash the potential of digital technologies to tackle collective and global challenges
• Health care
• Digital government – boost civic and stakeholder engagement in the policy process

Trust – fundamental condition for a digital society and economy to flourish. Key policies include:

• Digital risk management – central approach for trust-related policies
• Digital security, including critical infrastructures and essential services – implemented by all actors
• Privacy - national privacy strategies address privacy from a whole-of-society perspective
• Consumer protection - in all digital environments, including in p2p markets
• SMEs – particularly vulnerable to digital threats and risks

Market Openness - digital technologies and data transform how firms compete, trade, and invest, leading to greater competition in some markets, but also tilting others towards greater concentration. Key policies include:

• Trade – lower trade barriers
• Investment – lower barriers to international investment
• Financial markets – ensure good access to finance for firms going digital
• Competition – monitor changing competitive dynamics, concentration, and dominance
• Taxation – ensure tax systems are fit-for-purpose in the digital age (e.g. BEPS)
• There are some cross-cutting themes that aren’t one single policy dimension but are a part of multiple of the seven above (e.g., gender, skills, digital government, or inclusion).

The Going Digital Toolkit (https://goingdigital.oecd.org/en/)

• The GD Toolkit is structured by the seven policy dimensions of the IPF and has two strong points: 1) it provides key data for countries to self-assess where they stand in their own digital transformation, and 2) it provides rich policy analysis from the OECD, guidance and innovative practices on key issues arising with digital transformation.
• The Toolkit is not a snapshot in time and is being updated and developed (e.g. adding new data metrics and expanding policy notes guidance).
• Each policy dimension has indicators per dimension, where you can compare a country with the OECD average (black dot) or to another country.

Comments from the floor

• Education and skills in the digital transformation span many of the dimensions. However, educators often are unaware of the work that is being done on this topic, nor are they upskilled on digital technology. This missing feedback loop is important. The educators creating school curricula should be more informed on which skills are needed in the future and what the future of jobs will be. How can we get this information to educators? Could the OECD have an ambassadorship such as the UN’s “SDGs for Educators” program?

Responses from panelists:

• David Gierten, OECD: Further data and specific publications on digital skills and education, in particular, can be found on the Skills page of the Toolkit (e.g., 2019 Skills Outlook). In terms of skilling the teachers themselves, the OECD’s Education Directorate has released a Skills Strategy that looks specifically at teacher education. Germany, for example, is spending EUR 5 Billion to equip schools with digital tools. This is based on its Education in the Digital Age strategy, which was created in consultation with teachers and curriculum drafters.
• Ben Wallis, Microsoft: Microsoft sees education and training to be vital to building knowledge and skills that will be in demand in the future. We have a project called “TEALS,” where Microsoft engineers go into schools to teach computer science. Also, LinkedIn provided data to the city of LA on in-demand skills to help map education history and ultimately change educational curricula.
• Alex Cooke, Government of Australia:  The education structure is at the territory level, which adds complications. Australia has a number of programs to develop digital/STEM skills and resources, as well as to develop R&D and curriculum to develop AI in schools. We are also promoting life-long learning programs and normalizing micro-credentialing.
• Jane Coffin, ISOC: Educators are well-placed to be “ambassadors” of digital skills, especially among grassroots movements.
• Where do people with disabilities fit within this Integrated Policy Framework? You highlight certain groups of vulnerable communities; disabled people are just as important to consider.
• David Gierten, OECD: I agree completely. There are a number of OECD publications that touch on disabled populations more specifically.

Implementing the Integrated Policy Framework (Company, country, organizational examples)

• Alex Cooke, Government of Australia -- Australia released its standalone policy for the digital economy, called Australia’s Tech Futures, after extensive consultation. This work took into account the OECD’s IPF, as both works were being undertaken simultaneously. Our policy, called Australia’s Tech Future focuses on four key areas: people, services, digital assets, and the enabling environment. If you look at these areas in relation to the Integrated Policy Framework, the categories align quite neatly:  

• Against the category of People: “developing Australia’s digital skills and leaving no one behind”, sits Jobs, Skills, Society or promoting social prosperity and inclusion; 
• Against the category of Services: “how government can better deliver digital services” – which relates to Use and one of the metrics of the Going Digital project is the use of government digital services.
• Against Digital assets: “building infrastructure and providing secure access to high-quality data” – relates to increasing the effective use of digital technologies and data but also enhancing access to communications, infrastructure, services, and data.
• The enabling environment: maintaining our cybersecurity and reviewing our regulatory systems – which takes into account issues of fostering market openness and maintaining a regulatory environment that is conducive to investment, and development of a technology ecosystem.

• The Tech Futures policy is an attempt to bring together the current policy approaches in the Australian system, so there are many other aspects of the Australian context which are not brought together under the one policy.
• Being able to track the effectiveness and implementation of our policy is incredibly import, which is why we are very supportive of the OECD’s measurement roadmap. Australia has also been trying to leverage that work through our national statistics (e.g. need to work on market openness, measure productivity, trust).

• Ben Wallis, Microsoft, Regulatory Policy Analyst -- Microsoft supports the IPF and sees the OECD as being well-placed to produce this Toolkit because it:

• Focuses on sustainable economic growth and innovation;
• Has an evidence-based approach;
• Embraces the multistakeholder model;
• Has the data and analytical capabilities to pull this together.

• Microsoft believes that, in order to achieve the vision and potential of digital transformation, there need to be integrated and holistic approaches to policy problems. There also needs to be clear objectives set by governments at the national level, and those national governments need to work across agencies to look at the digital economy as a whole.
• This holistic approach to policymaking and implementing the toolkit is challenging because of the difficulty in bringing diverse issues together, the variety of communities of interest, the unclarity of responsibility within national governments (e.g., governments do not often have a ministry devoted to the digital economy so there is not necessarily a natural convening platform).
• Having a practical way to implement the Integrated Policy Framework – through this Toolkit – is key to actually leveraging the OECD’s work on this topic.

The potential role of regulatory sandboxes in the OECD’s Integrated Policy Framework

• Ben Wallis, Microsoft -- Technologies evolve quickly, meaning there also needs to be innovation in policy-making to keep up. Regulatory sandboxes can provide a safe way to develop regulation in relation to rapidly-emerging technologies without stifling innovation.

• AI, as an example, has potential benefits as well as concerns. How can we put guidance in place to encourage the development of the technology in a responsible way, and to encourage the use of the technology in ways that help meet global challenges?
• We also know that to enable the technology to be most useful, there needs to be experimentation in the ways the technology is used.
• If you want to use AI in healthcare, there are clearly potential harms that we want to better understand through experimentation. Also, by using experimentation, we can better understand how to apply existing laws (e.g. privacy in healthcare, credit reporting laws in financial services).
• In cases where companies fear steep consequences of potentially violating an existing regulation, then a regulatory sandbox is a useful tool.
• For example, the Government of Singapore published AI ethical guidelines, but importantly, it also provided examples of ways in which data can be shared in a responsible manner. They put out this vision of a collaborative data-sharing platform and were clear that they understood not everything is known. Further, they said that if a company has an application it is not sure about, it could come to the government and apply for a potential exemption or a regulatory sandbox to enable it to do the experimentation.
• It’s not simply about making space for companies to innovate; it also provides a way for governments to understand the actual harms that would require regulation. Are existing regulations sufficient or is something new needed?  Could this be a new interpretation of existing regulations or entirely new regulations? Regulatory sandboxes are a great mechanism to help answers these questions.

Challenges encountered in implementing the IPF and how they have been addressed

• Jane Coffin, ISOC -- The OECD needs to issue more targeted, specific use case examples, especially video examples. One of the challenges among non-OECD members will be integrating and understanding the IPF, as it relates to them. A cross-sectoral and cross-government approach is really important, but not all countries are on the same page.

• Measurement benchmarks: Many countries do not have strong statistical benchmarks to measure where they are in their digital transformation.
• Multi-level engagement: For example, access and digital/communications infrastructure are key. Measurement is often lacking. At the same time, projects aimed to increase access have a distinct “human element” whereby engagement at multiple layers is required to get buy-in to get these projects off the ground.
• Varying market conditions: How do you implement the IPF in an already complicated environment of digital transition? For example, some countries are just now going through the liberalization of the dominant telecommunication service provider. Adding to this, countries are at the same time barraged with questions on privacy and cybersecurity.
• Regulatory sandboxes are a great way for countries to test out new services and assess potential impacts that may require regulation. Governments should also understand that there is probably going to be some failures – and that’s okay. The OECD can help non-member countries implement these tools by engaging on a more regional level (e.g., at CITEL).

• Alex Cooke, Government of Australia -- Australia places a strong emphasis on cyber cooperation, and specifically on cyber cooperation in the so-called Pacific Rim region. We have been doing this through our Cyber Cooperation Programme, but also through our Pacific Step-up.

• Australia is investing AUS $34 million over seven years (2016-2023) in its Cyber Cooperation Program to champion an open, free and secure cyberspace and build cyber resilience across the Indo-Pacific.
• The Program supports Australia’s commitment to delivering on the UN 2030 Agenda for Sustainable Development which recognizes the vital role of digital technologies to achieve a better and more sustainable future for all.
• Specific activities include:

• Training to foster understanding of responsible state behavior in the cyberspace
• Activities to fight cybercrime and support technology for development, such as blockchain and e-government readiness assessments
• Provide next-generation connectivity through our “Pacific Step Up initiative,” which will build the Coral Sea Cable System to connect Papua New Guinea, the Solomon Islands, as well as Malaita Island, Noro, and Taro Islands.

The IPF and “trustworthy AI”

• Ben Wallis, Microsoft -- As a developer and provider of AI technologies, Microsoft looks at AI from two angles – (1) the AI ecosystem and (2) society at large.

• On the AI ecosystem, Microsoft is involved in developing AI technologies, but this is only one part of an AI ecosystem. The whole ecosystem includes the people and organizations involved in integrating, deploying, maintaining, and operating AI technology solutions. From Microsoft’s perspective, we think about how we can develop our technologies in a way that would increase awareness of the need for trustworthy and responsible AI throughout the ecosystem.

• From a societal perspective, what is needed to ensure that AI technologies are adopted and deployed to their utmost potential? On this point, Microsoft is trying to make a contribution in several areas:

• “AI for Earth”: a 5-year, USD $50 million effort to put the Microsoft Cloud and AI tools in the hands of those working to solve environmental challenges, specifically in relation to climate, agriculture, biodiversity, and water. It is a combination of money and technology – we provide grants for projects and we also make available open-source tools, models, infrastructure, data, and APIs to support sustainability and environmental science.
• “AI for Accessibility”: a program to work with others to solve some of the most challenging problems for people with disabilities, by making software and devices smarter and more contextually relevant for people with disabilities and to improve daily life.
• Two other initiatives: “AI for Humanitarian Action” and “AI for Cultural Heritage”
• For both of these angles – the AI ecosystem and society as a whole - the integrated policy framework can give us guidance, whether in the form of specific requirements to feed into the AI ecosystem or requirements to reflect the broader needs of society, e.g. trust and skills. It can also provide guidance about actions that can be taken in complementary policy areas, e.g. connectivity and access to enable more democratized access to AI so that the deployment of the technology doesn’t exacerbate the digital divide.

• David Gierten, OECD -- We could look at any specific digital tech, like AI, through the lens of the seven dimensions of the IPF. For instance, the adoption of AI in firms would fall under the “Use” dimension; AI innovation could result in new business models, new jobs, or new tasks that are carried out. Under the “Society” dimension, we can consider the ethical implications of AI. Finally, under the “Trust” dimension, this is very much aligned with the AI principles, with several of the principles dedicated to upholding trust.
• Jane Coffin, ISOC -- This is about building trust. There is some fear now with respect to technology. Information is critical to building a community of trust; educating communities of what the technology is and how it can promote economic development is critical to help with the adoption of technology and deploying infrastructure.

Striking the Balance: Policies that maximize digital transformation while also addressing privacy and security challenges

• Ben Wallis, Microsoft -- Microsoft sees privacy and security challenges as being inexorably linked. The proliferation of connected devices and cloud-based services has opened new avenues of attack for cybercriminals and other malicious actors. Protecting our customers and the wider community is a responsibility we take seriously.

• We believe privacy is a fundamental human right.  As more of who we are and what we do is recorded and stored in digital form, preserving this right becomes more important and increasingly difficult. We take a principled approach to build trust, with strong commitments to privacy, security, and compliance. For example, with the GDPR, Microsoft invested many resources to ensure not just that we are in compliance, but that we can support our customers in ensuring they are compliant, including the customers of our cloud services. This isn’t only with regard to data of people in the EU – we extended the protections enjoyed under the GDPR to all of our customers.

• Apart from making sure we understand and are fully compliant with privacy laws, there are a couple of other principles we follow and recommend more broadly.

• Firstly, we think organizations should be required to establish sound privacy practices. Privacy laws should require organizations to demonstrate that they have established sound privacy policies that, at a minimum, ensure compliance with legal requirements. This principle should apply both to organizations that collect and process data (e.g. a bank or hospital), and to those that process data only on behalf of other organizations (e.g. a Cloud Service Provider).
• Secondly, we need to think about how you define privacy laws. It’s important to be able to draw insights from data analytics and that means that privacy frameworks should not be so restrictive that they prevent governments, businesses and other organizations from using data analytics to draw insights, as long as it is done in an ethical manner.

• One way that privacy frameworks can achieve this balance is by encouraging the de-identification of data sets, allowing researchers to continue to innovate but not at the expense of the personal data of specific individuals.

• Alex Cooke, Government of Australia -- Australia supports an open, free and secure Internet that drives economic growth, protects national security and promotes international stability. There is an appropriate role for governments to play in regulating the Internet, but it is not one of control. A state-centered model would restrict and fragment the network, inhibit innovation and constrain opportunity presented by connectivity.

• One aspect of data localization relates to barriers, such as customs duties. Australia strongly supports the permanence of the WTO moratorium on customs duties for electronic transmissions, and we have advocated for this in current negotiations. Customs duties for electronic transmission will increase the cost of goods and services purchased online, likely acting as a disincentive for customers and suppliers to engage in e-commerce and potentially having a negative impact on an economy’s competitiveness from a global business perspective.
• One other aspect of data localization hinges around questions of privacy. Our Privacy Act allows cross-border disclosures of personal information in a range of circumstances to facilitate the free flow of information across national borders while ensuring that the privacy of individuals is respected. The Government announced in March 2019 that it will introduce legislation to strengthen penalties and enforcement under the Australian Privacy Act. These reforms will include a binding online privacy code that will apply to social media platforms and other online platforms that trade in personal information, requiring them to be more transparent about data sharing, meet best practice standards when seeking consent to collect, use or disclose personal information stop using or disclosing an individual’s personal information upon request, and follow strengthened rules about handling personal information of children and other vulnerable groups. The Government is presently consulting on this legislation.
• One last point to Ben (Microsoft), we would be interested in understanding the developments that could address these issues, like cloud-based services to maintain security and compliance with privacy regimes.

• Jane Coffin, ISOC -- End-to-end encryption (e2ee) is a way to secure information and build trust. Governments can implement this within cybersecurity principles at a very simple level, but you have to work to make sure people know how to implement these policies and they don’t just sit on the shelf.

• Barbara Wanner, USCIB -- Australia mentioned its view on data localization. Some countries have adopted localization requirements on grounds that they ensure more effective privacy and security protections. USCIB is against this data centralization requirement on grounds that they not only serve as trade barriers but also have the effect of increasing privacy and security risks because the data is stored in central locations and is more vulnerable to breaches and hacks.
• Ben Wallis, Microsoft -- People around the globe and their leaders are concerned about the power of large tech firms, and I think you can see digital sovereignty solutions as being intended to counteract that balance, which I think reflects a larger trend of distrust.

• But, as well-intentioned as data localization laws might be, they can also be costly to implement and you lose the efficiencies with come with the global scale of the cloud – undermining the fundamental benefits of the cloud.
• And while it is possible for global companies like Microsoft to build sovereign cloud systems, the extra cost and complications make it harder for smaller companies to do so, creating a kind of barrier to entry for local cloud providers.
• A more effective approach is to adopt regulation aligned with global standards or contracts that protect personal data regardless of its location. Such an approach can also help to improve resilience and security and make data processing services more efficient by reducing latency.
• And importantly, it should be incumbent on data processing companies to understand the laws in each country of origin and make sure that data is managed accordingly.

Public-Private Partnerships and Collaboration

• Alex Cooke, Government of Australia -- Co-creation with the private sector in Australia has arisen around two issues: 1) AI Ethics Framework and 2) Terrorist and Violent Extremist Content (TVEC).

• AI Ethics Framework: AI is developing at a fast pace and we are actively engaging with private companies to make sure that we don’t stifle innovation. The “Australian AI Ethics Framework” was released on 7 November 2019 and five businesses, including CBA, NAB, Telstra, Microsoft and Flamingo AI, have signed up to trial these principles. We are also taking into account international discussions, such as those going on in the European Union.

• TVEC: We are engaging through the Global Internet Forum to Counter Terrorism (GIFCT), as well as the OECD to work on this issue. We see that large companies, like Facebook, can deploy substantial resources to work on this, but that SMEs may not be able to do this. We are also supporting the OECD’s work to develop a transparency reporting protocol. A multistakeholder expert group was hosted in November that gave an opportunity to bring these diverse groups together to work quickly in this area.

• David Gierten, OECD -- Regarding public-private partnerships (PPPs), Colombia announced that they will work together with Coursera with the objective to have 150,000 students being trained in programming and other ICT skills by 2022. This is a nice example of how Colombia can address key challenges with PPPs.
• Jane Coffin, ISOC -- PPPs are key to do what we can do, especially to put in local infrastructure in remote areas. Partners on the ground provide vital resources (e.g., training, expertise, funding, human resources, etc). Collaborative partnership is crucial to be able to more sustainably build infrastructure, for example.

Comments from the floor

In Afghanistan, we have had a distinct problem with bringing digital financial services. This is not a problem with accessibility, but rather with trust. People do not trust the security of Internet transactions and therefore are resistant to using such services. What can we do?

• Jane Coffin, ISOC: It will be a matter of bringing together the right experts, both international and domestic experts, to figure out the problem and brainstorm possible solutions in your country. Training will be essential, and some degree of trial and error is usually necessary for these situations, though I know that banking doesn’t have room for mistakes. One point will be to ensure that online banking has encryption—banks need highly specialized IT support given the criticality of their services.

There were no special session outputs. The video of the session can be watched on YouTube: https://www.youtube.com/watch?v=DlsXNz0XAeU

https://www.intgovforum.org/content/igf-2019-%E2%80%93-day-2-%E2%80%93-…

https://twitter.com/GenevaGIP/status/1200093105678176256

https://twitter.com/MalloryKnodel/status/1200008987195985920

The open forum on “Arab Perspectives on Digital Cooperation and the Internet Governance Process”, came in line with the call of the United Nations Secretary-General for facilitating an agile and open consultation process to develop updated mechanisms for global digital cooperation. It tackled options for these mechanisms, including those presented in the Report of the Secretary-General’s High-level Panel on Digital Cooperation.

Discussions yielded policy recommendations on regional priorities requiring increased cooperation in the digital field and the related mechanisms. ESCWA also announced current preparations for the Fifth Arab IGF, to be held in Cairo in January 2020. 

The main policy recommendations highlighted by the experts during the open forum:

• the importance of the bottom-up and  multi stakeholder approach based on  transparency and inclusiveness principles,
• Increase the impact of the IGFs at regional and global level by promoting concrete outcomes and recommendations.
• Consider taking into consideration discussions happened at national and regional level and linking the grass roots needs to policy making process at the global mechanisms.
• Synergize the efforts and increase coordination between the different initiatives that are taking place in the region.
• Increase synergy among regional organization towards strengthening the community and addressing the main identified challenges.