Session
Organizer 1: Sophie Tomlinson, 🔒
Organizer 2: Lorrayne Porciuncula, The Datasphere Initiative
Organizer 3: Natalia Loungou, Datasphere Initiative
Speaker 1: Lorrayne Porciuncula, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 2: Sue Hendrickson, Civil Society, Western European and Others Group (WEOG)
Speaker 3: Laura Galindo Romero, Private Sector, Latin American and Caribbean Group (GRULAC)
Speaker 4: Moraes Thiago, Government, Latin American and Caribbean Group (GRULAC)
Lorrayne Por, Civil Society, Latin American and Caribbean Group (GRULAC)
Natalia Loungou, Civil Society, Western European and Others Group (WEOG)
Sophie Tomlinson, Civil Society, Western European and Others Group (WEOG)
Roundtable
Duration (minutes): 90
Format description: The roundtable will engage a diverse group of stakeholders in a highly practical conversation on challenges and best practices of implementing sandboxes. The 90-minute workshop will allow participants to engage in the discussion and exchange insights and experiences. The organizers will explore using interactive tools to encourage online and onsite participation.
A. How can we map out the various layers of trust necessary to create a successful sandbox, and what mechanisms can help to establish this trust? a) among stakeholders, b) in the technology, and c) in a convening third-party interlocutor d) in the chosen governance framework, etc. B. How could sandboxes contribute to fostering good practices to responsibly unlock the value of data for all and promote responsible innovation in AI? C. What are the key challenges to scaling data solutions developed in sandboxes, and what are some helpful ways to prepare for scalability while piloting?
What will participants gain from attending this session? Participants will gain: - An introduction to sandboxes and the various forms they can take. - The roles of regulatory sandboxes in the promotion of responsible data governance and AI innovation. - Various perspectives surrounding the successes and failures of sandbox initiatives that have occurred. - Concrete advice to inform sandbox implementation in any environment.
Description:
The session aims to thoroughly analyze the pivotal role of regulatory sandboxes in shaping regulatory frameworks regarding data governance, including data sharing, data protection, and artificial intelligence (AI). Over the past decade, regulatory sandboxes have emerged as essential tools for regulators, particularly within the fintech sector, to address challenges posed by emerging technologies across various policy domains. By providing a controlled environment for real-time testing of technological innovations and policy interventions, while integrating necessary safeguards and oversight mechanisms, sandboxes foster responsible innovation and facilitate regulator understanding of evolving technologies and market dynamics. This facilitates the development of agile and contextually relevant regulatory frameworks. Various entities, from think tanks and development banks to governmental ministries and data protection authorities, have actively championed and implemented sandbox initiatives. Insights from these organizations representing diverse geographical regions, including Brazil, Chile, Colombia, India, Nigeria, Norway, Saudi Arabia, Singapore, South Africa, Turkey, and the UK, will be featured in the conversation. The discussion will delve into key aspects of sandbox initiatives undertaken in these countries, addressing inquiries regarding the fundamental characteristics of sandboxes, their efficacy in promoting responsible data governance and AI innovation, regional implementation prospects and challenges, and fostering international collaborations.
This session expects to provide an overview of several initiatives on data governance regulatory sandboxes around the world as part of the Datasphere Initiative’s Global Forum on Sandboxes for Data. This roundtable will feed into the Forum’s “Policy Dialogues” track, and participants will be invited to join the Forum to deepen their knowledge of sandboxes at the end of the session. The Forum offers a variety of ways in which participants may engage in the future.
Hybrid Format: The remote moderator will actively solicit comments and questions from online participants throughout the session. Organizers will also actively promote the session on social media. The moderator of the workshop will give the floor to participants by the order they raise their hands, to avoid giving preference to those who are attending onsite. Onsite participants will be encouraged to interact in the chat in order to engage with the online audience. The session will be an interactive discussion, weaving contributions from online and in the room. Online participants will be encouraged to turn-on their videos and introduce themselves so all attendees can see who has joined the session. The organizers will explore using Mentimeter, an online polling tool, to encourage online and onsite participants to answer questions and spark discussion and reactions.
Report
The workshop brought together researchers and regulators designing or studying sandboxes to share their experiences on their use and potential as an example of the “multistakeholder approach” in practice. Speakers from Latin America, Africa, US and Europe identified the need to build trust and share experiences to inspire sandbox design and participation and raise public awareness about their potential as tools to address the opportunities and risks of digital technologies.
There is an incredible diversity of sandboxes around the world with differing objectives, scope, intended impact and regulatory flexibility. The concept of a “sandbox” - safe spaces to test new technologies and practices against regulatory frameworks or experiment with innovative uses and means of governing data - has generated a lot of interest and it is a practice that is growing. Research by the Datasphere Initiative shows that many countries have in some way or another used: Regulatory sandboxes (collaborative processes where regulators, service providers and relevant stakeholders test innovative technology and data practices within a regulatory framework), Operational sandboxes (testing environments where hosted data can be accessed and used) or Hybrid sandboxes (a
combination).
A regulatory sandbox can come early on in a regulatory process to anticipate the way a new technology may challenge an existing regulatory framework. It can be used to explore whether an innovation may hinder regulation or require a new technique. Sandboxes can also be used in the particular development of legislation to organize the engagement of specific actors and gain insights from non-governmental experts and/or affected communities. While sandboxes did first arise in the fintech sector, their use has expanded. For example the way privacy regulators have been dealing with sandboxes has been different to financial regulators where they give flexibility and lower barriers to entry. Data protection regulators are usually concerned about how innovations interact with data protection frameworks.
Whether regulatory, operational or hybrid, the design stage of a sandbox is very important and can impact intended results
When setting up a sandbox, a regulator can face a range of questions in the preparatory phase which is crucial to the success of any sandbox initiative. Questions may include: How to define the purpose of the sandbox? Who are the stakeholders that need to be included? What type of data may need to be accessed? How will security be ensured? Who will be in charge of managing risk and deployment? A sandbox may also need to include multiple regulators as one technological solution may cut across many different sectors. The preparation phase of sandbox design is also important from a communication standpoint. The goal of a sandbox needs to be communicated clearly to ensure the most relevant applications apply or are invited to participate.
More resources are needed to support governments and SMEs interested in designing and participating in sandboxes. Sharing of practices and experiences among those who have sandbox experience is very important.
Sandboxes can be costly in terms of time and resources for regulatory authorities and participating SMEs or start-ups. While some regulators may have the resources to build teams and hire staff to design and manage a sandbox, smaller regulatory authorities may struggle to find the bandwidth. This makes discussion and knowledge sharing amongst regulatory peers important and many lessons can be drawn from sandbox experiences across sectors and geographies.
While there is generally little documentation on sandboxes and their results, some regulators do invest in reporting on the outcomes and findings of sandboxes to make these learnings publicly accessible. For example, the government of Norway produced a podcast on their sandbox as a way to communicate about the work to the public. The European Union’s AI Act states that member states should ensure that their competent authorities establish at least one AI regulatory sandbox which shall be operational by 2026. Governments within the EU with little resources may find this challenging due to the resource burden, and some regulators could risk being left behind.
The design of sandboxes must consider the incentives for participation and the need for trust building and transparency.
Sandboxes rely on the participation of non-governmental actors including companies who may be invited to “test” a service or product within a sandbox. There is therefore a need for trust in the sandbox process and while in certain environments or contexts, the private sector may have high appetite to participate in a sandbox as a way to ensure legal clarity or to gain a “stamp of approval”, there may also be many cases where companies are weary about regulatory scrutiny or intellectual property infringements.
Regulators can help address concerns by clearly articulating the goals and format of the sandbox and offering protections and confidentiality. When regulatory flexibility cannot be offered, some regulators may also offer financial incentives to participate in sandboxes for SMEs or offer to share data-sets that can be useful for innovators when developing their products.