Governance Strategies for a Sustainable Digital World

Digitalization is changing society by the increased connectivity and networking that digital technologies enable, such as enhancing communication, services, and trade. Increasingly, policymakers within various national governments and international organizations such as the United Nations (UN) and Organization for Economic Co-operation and Development (OECD) are examining the original sustainability policy concepts applied within the Brundtland Report of 1987 through the lens of digitalization. While the growth of a digital economy may increase productivity and benefit local and global economies, digitalization also raises potential sustainability challenges pertaining to social (i.e., the benefits or costs imposed by disruptive digital technologies upon social networks and ways of life, including threats to economic sustainability and the rise of economic disparity) and environmental wellbeing (i.e., natural resource stewardship and concern for future generations) driven by the automation of information processing and delivery of services. Various perspectives have been raised regarding how the process of digitalization might be governed, and national governments remain at odds regarding a single best strategy to promote sustainable digitalization using the Brundtland concept to meet the development needs of the present without compromising the needs of future generations (i.e., social and environmental well-being). This paper reviews three governance strategies that countries can use in conjunction with adaptive governance to respond to digitalization sustainability threats: (i) a laissez-faire, industry-driven approach; (ii) a precautionary and preemptive strategy on the part of government; and (iii) a stewardship and “active surveillance” approach by government agencies that reduce the risks derived from digitalization while promoting private sector innovation. Regardless of a state’s digital governance response and how it is shaped by political and institutional realities, adaptive governance approaches are likely necessary to address the economic and social sustainability challenges posed within differing manifestations of digitalization.


Digitalization and Sustainability
Digitalization, defined as the increased connectivity and networking of digital technologies to enhance communication, services, and trade between people, organizations, and things [1], has been posited as both an emerging opportunity and as a challenge to the United Nations (UN) Global Sustainable Development Goals (SDGs), comprising 17 goals and 169 targets or objectives [2]. The growth and maturation of the digital world, where an increasing scale of individual and communal activities are being recorded, digitized, and analyzed for future technological improvement, is creating unique opportunities to enhance social and environmental well-being, and further improve global standards of living while preserving and improving environmental health for future generations [3][4][5]. Nevertheless, digitalization is increasingly shown to also enhance the likelihood of social and environmental sustainability challenges and threats, including the carbon footprint associated with increased electricity generation demand, cybersecurity vulnerabilities, and social discrepancies posed by the widening gap in access to information and communication technologies, commonly referred to as the "digital divide" between those who benefit from a digital economy, and those who may lose jobs, economic resources, or other social benefits [6][7][8].
Even though a global understanding exists that governance approaches are needed to adequately balance the potential benefits and risks posed by digitalization and ensure a sustainable digital economy, different views and opinions are expressed over the best governance strategies needed to develop digitalized economies and manage digitalization processes and consequences [9]. For example, representatives from the Organisation for Economic Co-operation and Development (OECD) Ministerial Council Meeting of June 2017 expressed differing viewpoints on optimal digitalization governance [10]. These viewpoints included calls to resist pre-emptive regulation and to promote favorable conditions on the one hand (Switzerland and Luxemburg), for central governments to take an active role to shape the direction and soften negative consequences of digitalization on the other hand (Portugal and Germany), and for a passive governing process in which government leaves industry to innovate while building capabilities to address resulting social and environmental harms (United States and Mexico). Given such a variety of viewpoints regarding how to best foster a sustainable digital economy, the question remains regarding how governance approaches should be constructed. As such, this paper reviews various governance strategies for digitalization discussed within OECD's June 2017 Ministerial Meeting, and ultimately suggests how adaptive governance strategies may be used within any such regime to meet emerging challenges posed by technologies such as artificial intelligence, distributed ledgers, and big data.

Emerging Fields of Digitalization and Sustainability Challenges
The rate of advance and increasing scale and complexity of digital systems present challenges for government and industry to promote sustainable digital growth and development, particularly as it relates to reduced inequalities, decent work, and responsible consumption and production within the UN Sustainable Development Goals [11]. This section discusses the social and environmental sustainability challenges arising from three developments identified by the OECD as among the most promising and potentially disruptive key and emerging digital technologies globally: (i) big data; (ii) artificial intelligence (AI); and (iii) distributed transactions and information sharing via distributed ledger technologies [12].
(i) Big data. Generation of large volumes of data and the creation of centralized data repositories promise to drive growth across all sectors of society including advancements in SDGs, such as in agriculture, resource allocation, public health, education, and poverty reduction [13]. Specifically, these data can be used to determine relationships, predict behaviors and outcomes, and establish dependencies between correlated variables. Algorithms are developed to generate automated outcomes using this data and improve the performance of algorithm-driven tasks, promoting improved business operations, management, and productivity as well as improved consumer-driven tasks [12].
First, cyber vulnerabilities arise from the use of centralized datasets that increase the risk that nefarious actors have access to and misuse private or sensitive data for harmful purposes. Particularly, the increased need for storage facilities, supercomputers, and widespread and open Internet exposes the Internet to cyberattacks that can be carried out by pernicious intelligent adversaries whose strategies, targets, and instruments evolve in response to approaches implemented by targeted organizations. Prevention strategies are necessary but not sufficient to guard against these attacks. Governance strategies must be designed that position assets to optimally absorb and recover from potential shocks posed by intrusion or a loss in system functionalities [14].
Second, from an economic/social sustainability perspective, a heightened asymmetry of utilization of big data collection, storage, and analysis and subsequent power-shift exists between consumer and organizations, and between government and traditional businesses compared to data-driven businesses [12]. Similarly, data-driven businesses are continuously widening knowledge and information gaps between developing and developed countries [13]. Discrepancies remain not only with regard to access to technologies but also with regard to effective use and socialization of big data and affiliated technologies. Industrialization of big data further exacerbates these discrepancies due to preferential marketing of sales and new technologies in developed countries, as well as limitations in available social support, complementary hardware and software technologies, and socialization of newer technologies.
While the above described socio-economic sustainability challenges exemplify the limitations placed on developing countries from full utilization of big data, opportunities exist within the data mining field to reduce poverty, eradicate disease, and increase agricultural production for citizens in both developed and developing countries. Kshetri explains, for example, that rural farmers can use apps to identify optimal seed species for a given biome, purchasing options to afford such seeds and necessary equipment, and advice for planting and harvesting using descriptive data inputs by the farmer [12]. Similarly, data can be mined on social media sites to better understand and predict disease outbreaks and their associated impacts. Further, call detail records and cellphone transaction data can be used to predict and model the number of residents living in poverty and better predict resource allocation needs including infrastructural development and basic needs provisions based on this type of data. Thus, despite the limitations described above, globalization of digitization technologies through multinational firms or NGOs have naturally begun to close the gap in Internet and e-commerce related technologies, as well as several notable big data entrepreneurship opportunities and access and training provided by international agencies such as the UN Development Program [13]. While big data does have the capacity to improve efficiency and operations for consumers within NGOs, business, and public sector operations, governance structures are needed to ensure fairness, equality, and data integrity among broad spectrums of socio-economic groups.
(ii) Artificial Intelligence. Digitalization is furthering the development of Artificial Intelligence (AI). With AI, computer science enables the creation of intelligent machines (algorithms and software) that work and react like humans. The OECD defines AI as the ability of machines and systems to gain and apply knowledge and to carry out intelligent behavior [12]. Applications range from education to social welfare to energy and the environment. Advanced developments in the field of "machine learning" imply that machines will be able to learn from their experience and make their own decisions, without further input from humans, beyond initial design of the machine. Already, machines have surpassed the ability of humans to perform certain functions, such as image recognition and other intelligence-related tasks.
Proponents and opponents of AI cite various risks that may derive from AI, including loss of employment and upset social stability deriving from automation of specific industries. The White House in 2016, for example, cited the need for aggressive policy action to soften the disadvantages placed on persons affected by changes in the economy [15]. Among others, this includes increased investments in research and development, promoting education in the STEM fields, pro-competition policies among new and existing firms in the field, as well as short-and medium-term solutions to potentially significant employment loss [15]. Routine tasks involving efficiency, precision, and dexterity are expected to be particularly overwhelmed by AI-enabled robots. However, all service industries are expected to be affected, including manufacturing, entertainment, health, and finance [12]. While many but not all sustainability challenges can be prevented through appropriate governance structures, it is too early to predict the true consequences of AI.
(iii) Distributed Ledger Technologies. Distributed ledger technologies aim to enhance trust among nodes in an open (public) or closed (private) network through the distribution of ledgers onto which information about transactions between the nodes is recorded. There are many facets of how the basic technology is currently developed, primarily in the exploratory phase, which could change the way organizations and individuals engage in an increasingly digitalized world [16]. The question is whether and how governments should intervene in the choice, design, or use of blockchain technologies and other distributed ledgers.
Current applications of the technology present potential risks. Blockchain systems may have to be reformed, to ensure that this technology is properly used to handle sensitive and potentially confidential information. For example, the technology used for the Bitcoin cryptocurrency allows for anonymous financial and data transactions between parties, which breeds opportunities for underhanded transactions, including illicit trade. Without adequate governance and regulation, the current model of decentralization that distributed ledger technologies enable leaves markets more vulnerable to the occurrence of illicit activities [17]. Uncertainty abounds regarding governance needs for rulemaking and reform within a distributed network-requiring a willingness by potential stakeholders and industry to iteratively test blockchain technologies for strengths and potential weaknesses in applications ranging from supply chain management to financial transactions [18].
Further, despite the identification of big data, blockchain, and AI as some of the most promising and potentially disruptive digital technologies globally, environmental impacts of these technologies have been little discussed among international organizations including the UN and OECD. Janowski points out that digitalization plays a minimal role among the UN SDGs, with 19 of 169 targets promoting the use of technology to reach SDGs and two of those targets promoting the development of clean energy and environmentally sound technology [19]. Social media articles have speculated on the carbon footprint stemming from digitalization and the potential for sustainable use of digital media [7,8]. Digital technologies are currently calculated to consume two percent of global carbon emissions; however, this number is expected to increase significantly as the number of users and amount of usage inevitably increases [7]. Further, several articles have been released on the energy use requirements for bitcoin mining, a form of cryptocurrency and blockchain technology. The Bitcoin Energy Consumption Index, for example, shows the amount of energy required to mine bitcoin every year and indicates that bitcoin required as much energy as 32.36 terawatt-hours in 2017, which equals the total energy demand of 2.9 million households in the US each year [8]. More research is needed to show the extent of energy use by different sectors of the digital economy, as well as the knowledge base of digital consumers who ultimately drive the energy demands and needs of the digital economy. Janowski, for example, promotes the use of advanced digital government capabilities to help UN member states reach SDGs, including the provision of digital platforms to enable local or sectoral development as part of the digital government's contextualization stage [19].

Three Governance Strategies
Various national governments have taken diverging strategies to govern these emerging developments enabled by digitalization. Three overarching governance options for sustainable digitalization were discussed at a June 2017 OECD Ministerial Meeting in Paris, France. Specifically, these options include: (i) a laissez-faire, industry-driven approach; (ii) a precautionary and preemptive strategy on the part of government; and (iii) a stewardship and "active surveillance" approach by government agencies to reduce risks derived from digitalization while promoting private sector innovation.
The first digitalization governance strategy, referred to as a laissez-faire approach, includes an industry-driven, open market-based approach that relies on the ability of a market to organize and protect itself in the face of threats. This option requires limited government intervention in the marketplace and instead requires that companies and individuals identify their individual best strategy to govern the process of digitalization [20]. Typically, such an approach resists the imposition of government regulation, except in the direst of circumstances, and seeks to identify industry solutions for social and environmental challenges posed by emerging technological developments. However, this market-based approach does not foster a central authority to identify and enforce best practices and safe use limitations for digital systems, raising the potential for external security threats via state-based or nuisance-based cyber-attackers on the one hand as well as the social inequalities spurred through digitalization and automation [21]. Additionally, such a strategy may not be normatively positive, as it could allow large corporations to expand their power and act against the wishes of a given government-thereby reducing national sovereignty and possibly leaving government with less capacity to meet policy goals.
Rather than let the system organize itself organically, a precautionary governance approach utilizes a pre-emptive strategy of regulation to avoid or prevent exposure to irreversible risk and mitigate risk in the immediate term [22]. This approach generally includes a review of emerging and future threats and common themes and development of corresponding uncertainties about those and regulatory requirements to avoid irreversible consequences and protect digitally-affected vulnerable populations and critical assets at risks. For example, oversight strategies of this type could design specific requirements about locations and access to data servers (for cloud computing services), the architectural design of computer systems, or choices and technical features of open or common software. This avenue is typically precautionary in nature, where governments seek to adopt new activities and technologies only after their safe use strategy has been demonstrated [23].
This approach may effectively reduce cyber threats and other risks related to digitalization, and signal the ability of government to act amid digitalization to respond to social concerns, security threats, or other general challenges to SDGs. However, it may also limit free enterprise and further expansions of the digital economy, and places a government at a marked disadvantage to predict and protect against future threats, given the adaptive nature of adversarial cyber risk. Such concerns may arise from the evolutionary nature of the digital economy and the ability of hackers to exploit new vulnerabilities in operating systems and other software packages faster than government-regulated systems can patch them. Further, this approach may also make a national economy less competitive in the global marketplace if other countries are more likely to embrace less-regulated digitalization and more quickly reap a greater share of economic benefits.
A third digitalization governance strategy, which we refer to as a stewardship approach, is one that facilitates and supports further development in the digital economy on the one hand, yet also calls for government agencies to take steps to prevent and mitigate sustainability concerns posed by future threats [24]. As a form of "governance by stewardship", government agencies work to actively surveil digital systems and build response capacity for future and emerging threats. In this case, government agencies only step in when needed to handle emerging threats and otherwise work with key stakeholders in industry and academia to articulate various hard and soft law strategies that may mitigate harms while maximizing benefits [14]. An example of this type of government action may include the creation of cybersecurity defense agencies, which are tasked with the identification of cybercriminals and the digital exploits used to attack governments, individuals, or businesses. While such measures may be in line with the more precautionary approach described above, a key difference here exists with a willingness by government actors to work alongside and even provide incentives to key stakeholders in industry, academia, and other non-governmental organizations to monitor the progress of digitalization and develop shared best practices throughout the process as it develops.

The Need for Adaptive Governance
Normatively, each government is responsible for the identification of the best digitalization governance strategy based on the country culture, customs, and economic needs. However, regardless of the governance strategy deployed within a given government, a sustainable digital economy will inherently require flexible and adaptive governance approaches that allow stakeholders in industry, government, and society at large to iteratively adjust their best practices and codes of conduct to derive the benefits of digitalization without incurring unnecessary or unacceptable risks or losses. In other words, it will become imperative for governments, in partnership with other stakeholders in industry, academia, NGOs, and the general public, to iteratively improve and adapt their policies that govern the digital economy to balance technological gains against the potential for social and environmental disruption and externalities-particularly as new information and experience is gained over the course of time. Figure 1 provides a conceptual illustration of how the three governance strategies can ultimately impact social and environmental sustainability objectives in the three fields of digitalization discussed above. Given the governing authorities and strategies taken by a given government, adaptability is needed to iteratively address adversarial threats related to digital sustainability as framed by the SDGs [25]. Adaptive governance can be defined as the adjustment of regulatory rules and practices to incorporate new data and to balance the risks and benefits of a given activity (see [26] for additional discussion on adaptive governance for an emerging technology). It may be achieved within each of the three proposed governance strategies. For example, adaptive governance may be driven by a legislative decision to monitor risks and review existing regulatory frameworks in the light of evolving landscape and risks. In that case, any regulatory instruments (hard law) must include clauses for regular revisions of risk assessment and management. Alternatively, adaptive governance may also be driven by voluntary arrangements among major affected stakeholders and include instruments such as codes of conduct (i.e., soft law), that may be modified as needed to meet emerging challenges posed by digitalization.
Generally, adaptive governance requires the cooperation of industry, academia, and nongovernmental institutions to monitor digital services and characterize threats posed by digitalization and posit strategies and best practices to improve governing practices that are demonstrated to be ineffective or inefficient against such threats. Regardless of the governance approach chosen, stakeholders in government and industry may benefit from an adaptive governance approach not only to "keep up" with social and environmental sustainability challenges, but also to ensure that governance is relevant and helpful to stakeholders.
Adaptive governance can be of prime importance in addressing challenges we discuss for three fields of digitalization. For example, where various attackers have shifted their objectives (e.g., to breach privacy, steal money or corrupt data), potential targets such as government agencies or private companies must adapt their defenses to better absorb, recover from, and adapt in the aftermath of cybersecurity threats, i.e., to build resilience [27][28][29]. As with counterterrorism, adversarial risk management to reduce or mitigate risks from cyber-attacks must be flexible and adaptive to better meet emerging threats [30]. Regardless of whether a given country would embrace or reject the technological advancements posed by AI, adaptive governance approaches could be helpful to monitor and characterize the impacts associated with machine-learning-driven economies based upon social and environmental sustainability goals-particularly as the field of machine learning is still in a relatively nascent state [31]. Additionally, adaptive strategies would be helpful to engage publics to identify fears and concerns that may not have substantial focus amongst policymakers, and foster strategies that work with publics at-risk of substantial disruption posed by digitalization Given the governing authorities and strategies taken by a given government, adaptability is needed to iteratively address adversarial threats related to digital sustainability as framed by the SDGs [25]. Adaptive governance can be defined as the adjustment of regulatory rules and practices to incorporate new data and to balance the risks and benefits of a given activity (see [26] for additional discussion on adaptive governance for an emerging technology). It may be achieved within each of the three proposed governance strategies. For example, adaptive governance may be driven by a legislative decision to monitor risks and review existing regulatory frameworks in the light of evolving landscape and risks. In that case, any regulatory instruments (hard law) must include clauses for regular revisions of risk assessment and management. Alternatively, adaptive governance may also be driven by voluntary arrangements among major affected stakeholders and include instruments such as codes of conduct (i.e., soft law), that may be modified as needed to meet emerging challenges posed by digitalization.
Generally, adaptive governance requires the cooperation of industry, academia, and non-governmental institutions to monitor digital services and characterize threats posed by digitalization and posit strategies and best practices to improve governing practices that are demonstrated to be ineffective or inefficient against such threats. Regardless of the governance approach chosen, stakeholders in government and industry may benefit from an adaptive governance approach not only to "keep up" with social and environmental sustainability challenges, but also to ensure that governance is relevant and helpful to stakeholders.
Adaptive governance can be of prime importance in addressing challenges we discuss for three fields of digitalization. For example, where various attackers have shifted their objectives (e.g., to breach privacy, steal money or corrupt data), potential targets such as government agencies or private companies must adapt their defenses to better absorb, recover from, and adapt in the aftermath of cybersecurity threats, i.e., to build resilience [27][28][29]. As with counterterrorism, adversarial risk management to reduce or mitigate risks from cyber-attacks must be flexible and adaptive to better meet emerging threats [30]. Regardless of whether a given country would embrace or reject the technological advancements posed by AI, adaptive governance approaches could be helpful to monitor and characterize the impacts associated with machine-learning-driven economies based upon social and environmental sustainability goals-particularly as the field of machine learning is still in a relatively nascent state [31]. Additionally, adaptive strategies would be helpful to engage publics to identify fears and concerns that may not have substantial focus amongst policymakers, and foster strategies that work with publics at-risk of substantial disruption posed by digitalization [32]. A key focus here is on the capability of organizations to adapt to threats in an efficient and appropriate manner.
The scope of digitalization remains uncertain, yet will likely have substantial consequences upon social and environmental activities. Various institutions in the United States, European Union, and OECD have reflected upon the need for sustainable governance institutions and practices to ensure that the potential drawbacks of digitalization are softened by measures to assist those negatively affected by potential economic and/or social challenges. Given the uncertain and global nature of digitalization, adaptive governance approaches are needed to allow governments to iteratively adjust their policies and best practices to balance the technology's benefits and risks in a manner that reflects available data and a refined understanding of social and environmental implications.