Technological Regulation From a Software Product Point of View
As technology use and shared data spread across the world, regulation becomes a cultural issue with implications that pose questions about human rights.
Join the DZone community and get the full member experience.Join For Free
The Regulation Landscape With Techplomacy
Until recently, regulation and diplomacy were usually the jobs of governments and non-profit organizations. In 2017, technological diplomacy (techplomacy) was augmented as a cross-cutting foreign and security policy priority , . There exist governments employing new roles such as technological ambassadors. Such people’s main duty is to liaise and connect governments to tech companies around the world. Countries are affected by certain companies as much as they are affected by other countries. These kinds of companies have become like a new type of nation, a fact that needs to be accounted for. Realizing the important role that they play in shaping our lives today and in the future, identifying the transformative and pervasive nature of a number of technological fields  such as artificial intelligence and social media, companies now play their part in shaping the regulation landscape.
Products, Then and Now
When streets and houses were first wired, electricity was only used for lighting. Electricity's ability to change people's lives was not immediately apparent. When the infrastructure was in place, though, products like the TV, radio, and telephone emerged.
Similarly, new software products and new uses tend to appear progressively based on existing products. When social media apps were first introduced they were used as a communication tool. Their weaponization as a tool for propaganda using deliberate misinformation and fake news became popular in later stages. If social media apps had never existed, it’s unclear if a web or mobile app built solely for propaganda could ever match their influencing power. To accommodate unexpected trends, regulation is usually reactive.
Changes in Software Products
While change is inevitable and products change as markets change, regulations may also change, extend, and evolve. Building a product and reactively enforcing regulations as the product matures is an option. Such changes, however, are likely to be technically difficult, costly, risky, and time-consuming. Building a product and enforcing regulation from scratch via clear requirements is a better option.
Proactiveness is key for building software products. A product design based on regulations is likely to seamlessly accommodate the extension and evolution of existing regulations. For a regulation agnostic product, however, accommodating regulation changes may be a challenging task.
Approaches to Regulation
Towards technological regulation, at least two approaches can be identified:
- Regulation that is prohibitive since it only dictates what companies cannot do.
- Regulation that provides use cases about what companies should do.
The first approach gives companies the room to maneuver with regulation and sets the boundaries of what is not allowed. Companies have the freedom to approach regulation-related features as they like. If certain features, sub-features, or usages are not regulation conformant, they will be banned. Although this freedom may sound tempting, it comes with a cost — the implementation cost of not setting clear requirements about how things should work. Identifying how things should not work may give hints about how they should work. But hints are usually not good enough. Implying functionality is one thing and explicitly specifying functionality is another.
The second approach is more industry-friendly and probably more effective too. This approach usually elaborates mainly on what should be done rather than on what should not be done. As an example, GDPR falls into this category, giving consumers certain privacy rights . Although GDPR is far from perfect, it acts as a compass for tech companies not only to avoid bad practices but also to create the appropriate business and technological processes. According to GDPR, customers have the right to know what data a company has about them. Companies with personal data are required to allow access to those to who the data belongs. Customers also have the right to change, delete, or move their data to another provider.
From a product point of view, this elaboration about what should be done can lead to clear requirements, avoid conflicts and ambiguities, favor completeness, consistency, testability, traceability, and viability. While regulation approaches like GDPR are a push forward for tech companies, the need for well-defined, streamlined, and effective processes to manage regulation is a key issue. Such processes will also need to be automated with the cautionary note that automating a mess will create automated chaos. For tech companies affected by regulation, access to customer data in a unified way across siloed data will require technological changes. Tech companies with a number of products affected by regulation will probably need a common architectural design. A per-product architectural design (or redesign) for regulatory compliance will add to the cost and complexity of maintaining different systems. The common architectural design approach may be better, if possible.
Although do's and don'ts should be clear, conceptual integrity, a cornerstone for the successful evolution of software products, is favored when requirements are at least clear, simple, and straightforward. Adding the extra requirement(s) for regulation may negatively affect conceptual integrity and careful design decisions are necessary.
The evolution of software products and the pervasiveness of a number of technological fields have made regulation difficult. New advances and their implications are difficult to grasp. Such conceptually involved endeavors will require multi-stakeholder engagement and coordination. Although this is easier said than done, the difficult question is not whether to regulate or not. The difficulty lies in identifying the right regulation and implementing it effectively. When new products are used across continents with data shared and persisted around the globe, regulation is bigger than technology and software. It's a cultural issue with socio-technical implications, posing practical and philosophical questions about human rights, freedom of speech, security, privacy, safety, authenticity, and ethics. For an educating read, the interested reader is directed to the books from  to .
5. Future law: Emerging Technology, Regulation and Ethics, by L. Edwards, B. Schafer, E. Harbinja, Edinburgh University Press, 2021
6. Law, Technology and Society: Re-imagining the Regulatory Environment, by R. Brownsword, Routledge, 2019
7. Regulating New Technologies in Uncertain Times, by L. Reins, T.M.C. Asser Press, The Hague, 2019
8. Rethinking the Regulation of Cryptoassets: Cryptographic Consensus Technology Technology and the New Prospect, by S. Johnstone, Edward Elgar Publishing, 2021
9. Cloud Computing Law, by C. Millard, Oxford University Press, 2021
10. Blockchain and Public Law: Global Challenges in the Era of Decentralisation, by O. Pollicino et. al. Edward Elgar Publishing, 2021
11. Regulating Code: Good Governance and Better Regulation in the Information Age, by I. Brown, C. T. Marsden, MIT Press, 2013
12. FinTech: Law and Regulation, by J. Madir, Edward Elgar Publishing, 2019
13. Archives in the Digital Age: Preservation and the Right to be Forgotten, by A. Mkadmi, Wiley, 2021
14. Emerging ICT Policies and Regulations, by V. Sridhar, Springer, 2019
Published at DZone with permission of Stelios Manioudakis. See the original article here.
Opinions expressed by DZone contributors are their own.