When innovation meets regulation: The KWM Digital Future Summit 2024

What did we learn in week 1?

Our first six sessions cut to the heart of our digital future, with regulatory authorities and industry leaders sharing insights on the pressing issues of competition, consumer protection, online safety, privacy and the governance of emerging technologies like AI and digital finance.

ACCC: safeguarding competition and empowering consumers in a digital economy

ACCC Chair Gina Cass-Gottlieb told KWM’s Luke Woodward that consumer trust is the lifeblood of competitive markets for the ACCC. The ACCC is prioritising consumer trust and fair competition amidst the rise of digital platforms, with a keen eye on long-term market trends.

1. The ACCC supports the government's review of whether Australian Consumer Law adequately covers new technologies like generative AI. Generative AI could lead to misleading and discriminatory behaviour, which the ACCC must address. 
2. The ACCC has built expertise in the digital sector since 2017. This allows it to track key players and trends, focusing on long-term issues rather than short-term distractions.
3. Agility is critical. Businesses quickly adapt their models, and the ACCC must identify potential competition or consumer issues in these changes.
4. Innovation from established digital platforms is welcome – but the ACCC is watching to guard against dominant players limiting rivals' innovation or favouring themselves.
5. The ACCC works with domestic regulators and international competition bodies to share information and monitor developments, like the EU's Digital Services Act and Digital Markets Act.

Privacy in a data-driven world

Former Information Commissioner Angelene Falk and Privacy Commissioner Carly Kind spoke with KWM’s Michael Swinson, explaining that the OAIC is wary of a 'perfect storm' of risks emerging from data breaches, supply chain vulnerabilities and the rush to harness AI.

'...technological change has been just so dramatic, and I think we just need to remember that they've caused incredible public benefit, but at the same time they have increased privacy risks.'  Angelene Falk

'I hope we will see companies taking note of the real reputational impact, as well as legal impact, of not complying with the Privacy Act.' Carly Kind

1. A "perfect storm" is brewing. Australia needs a Privacy Act that covers all layers of business in our economy – especially given large data breaches and third-party security vulnerabilities in supply chains.
2. There is heightened community awareness and expectations regarding individual privacy rights, driven by technological advancements and increased data-driven business models.
3. Technological advancements such as generative AI and automated decision-making will continue to pose privacy risks and require careful consideration of accountability, transparency, and compliance with privacy laws. 
4. Balancing privacy with other societal interests, such as online safety and integrity, can be challenging. Necessity and proportionality should guide decision-making in these cases, ensuring that privacy is not unnecessarily compromised.
5. The OAIC sees itself as having a dual role to educate and support businesses with their compliance and to act as a deterrent by enforcing the law through civil penalties and other actions in cases of serious privacy violations.

Online Safety: Designing a safer digital experience

A shift from the reactive 'whack-a-mole' tactics to proactively embedding safety in the digital blueprint was at the heart of the conversation between eSafety Commissioner Julie Inman – Grant and KWM’s Peta Stevenson.

'When you layer on immersive technologies and … invasive technologies, we’ve got a really complex digital architecture that we’re going to have to start regulating.' Julie Inman-Grant

1. Online safety is often a secondary concern, and that needs to change. Platforms and service providers should consider safety through every part of the design, development and deployment process.  
2. Regulation and takedowns are important, because they remediate harms to Australian when platforms fail to act. However, they only provide a ‘whack-a-mole’ approach.
3. eSafety’s transparency powers are important: you cannot hold a company accountable if they are not transparent about their online safety initiatives, and we’re starting to see companies become, by design, much more opaque.
4. Australians generally want an independent regulator to help establish the boundaries, even if there are different views on how we achieve online safety or where to draw the line on freedom of expression.
5. The eSafety Commissioner advocates for a proactive and anticipatory regulatory approach to address the challenges posed by the evolving technology landscape.

Digital Finance: Tokenisation, ‘unfair’ crypto settings and regulation

Global Digital Finance co-chair and regulation guru Greg Medcraft shared how the tokenization of assets is transforming finance, with calls for regulation to pace with innovation to avert potential crises. Crypto.com CEO Kris Marszalek argued for a balanced approach to regulation in the crypto space, while risk strategist Jessical Mila Schutzman warns against the misuse of growing ‘honeypots of data’.

'A good regulator is one that is always looking forward. I think regulators recognise that there are a lot of benefits from a lot of the innovation that's coming - it's a matter of, how do you then fit that within your mandate?' Greg Medcraft

'We should be able to arrive at a setup where the legislative solutions and the regulatory frameworks [for crypto] are driven by what's good for the market, what's good for the consumer and not what is on the political agenda.' Kris Marszalek

'If the mission is to protect community - how do we achieve that through privacy-enhancing tools?' Jessica Mila Schutzman

1. Tokenisation of real-world assets is a “massive opportunity”, providing benefits like 24/7 trading, instantaneous settlement, and increased accessibility.
2. Consistent and effective regulation in the crypto industry is needed to ensure consumer protection, market integrity and systemic risk management.
3. Regulators should customise regulatory frameworks for the digital asset industry, rather than trying to fit it into existing structures.
4. Regulators need to balance transparency and data privacy, understanding that protecting privacy and fighting financial crime can be conflicting interests.
5. Building trust in AI for finance requires governance, fairness and responsibility for algorithms.

AI: The vanguard of governance

ASIC Chair Joe Longo made a clarion call to businesses: innovate with AI, but be accountable. Business leaders are urged to understand the tech they employ and the regulatory environment that it operates in.

1. ASIC is concerned about the risk of consumer harm from AI. Innovations are encouraged but accountability is also required. 
2. Directors should understand and be curious about their business, including what AI and tech the business is using.
3. We should not rush into introducing new prescriptive regulations. There is existing tech-neutral legislation that we can leverage.
4. Australia’s approach to regulating AI should broadly align with our trading partners (including the EU, Canada, the US and China).
5. Director liability is fact-sensitive and takes into account the reasonable reliance defence (ie, directors should be able to rely on others when doing their job). 

It’s time to talk about AI: Governance starts with educating the business

Good AI Governance is crucial to not only managing the range of risks that generative AI usage presents but to ensure that companies can harness the potential benefits of generative AI in a way that fosters and maintains trust.  In a dynamic discussion with KWM’s senior associate Kendra Fouracre, CHOICE's Consumer Data Advocate, Kate Bower, SEEK's Head of Responsible AI, Fernando Mourão and Director of the Centre for AI and Digital Ethics and Professor at Melbourne Law School, Jeannie Marie Paterson, hashed out the key elements of AI governance:

1. Companies developing, implementing and using AI shouldn’t wait to “see what happens” on legal reform before implementing AI Governance. If you use generative AI, you need AI governance now.
2. Good AI governance isn’t just for IT or risk teams – implementation needs input from across the company including legal, technology, risk, products, HR and other key stakeholders, from the design of the AI Policy to the make-up of the AI Governance Committee and beyond.
3. Employees are already using gen AI. The best way to ensure it is used in a safe and responsible manner is through an AI Governance framework that empowers employees.
4. Effective AI governance is unique to each company – it must complement existing risk management frameworks and processes and reflect how you are using AI. It must also be flexible and able to adapt as generative AI continues to rapidly evolve.
5. Existing IT risk management frameworks are not sufficient to address the risks that generative AI present.

What did we learn in Week 2?

GenAI in practice: How businesses are focusing on measurable impact and responsible leadership

Industry leaders shared their real-world applications and encouraged a hands-on approach combined with robust governance frameworks in this insightful session on GenAI moderated by KWM’s Bryony Evans. CBA chief decision scientist Dan Jermyn, Telstra’s data & AI executive Dayle Stevens OAM and KWM’s chief innovation officer Michelle Mahoney shared how their organisations are using GenAI and taking advantage of this fast-evolving technology. Operational efficiency and internal customer support functions are the top two use cases that businesses are most active in, based on the speaker and audience feedback.

1. Some of the most successful use cases are internal-facing with a focus on operational efficiencies and improving frontline customer support.
2. Quantifying the value of GenAI is a key challenge. Organisations can measure metrics like utilisation, engagement scores and retention and gather qualitative feedback, but it is hard to translate these into traditional cost vs benefit financial metrics to determine ROI.
3. Hands-on engagement and experimentation with GenAI tools by all personnel - including executive leadership – is necessary to effectively make decisions and set strategies.
4. Organisations must have strong guardrails in place and make it clear what they can and cannot do with the data they hold. But flexibility is essential - including a process for breaking guardrails for exceptional use cases.
5. Organisations have an opportunity to be leaders in this space, particularly with responsible AI and working together across the economy to keep people safe. GenAI isn’t going away and has the potential to produce incredible outcomes.

Strengthening cyber resilience: A collective responsibility

KWM’s Cheng Lim spoke with Lieutenant General Michelle McGuinness, CSC, who emphasised that ‘Cyber is everyone’s business – we will harden if we all do simple things’. It should be discussed across all levels of an organisation and we must empower everyone to play a role.   

‘My job is not to regulate, my job is to be there to support an entity on their worst day and ensure we can minimise the greatest amount of harm across the greatest number of people.’ Lieutenant General Michelle McGuinness, CSC

1. Doing the ‘simple things’, like implementing multi-factor authentication, updating software and using unique passwords across different systems, will greatly reduce Australia’s vulnerability to sophisticated cyber threats.
2. It’s important to empower everyone in an organisation to play a role, because cyber security is ‘everyone’s business’ - not just an issue for IT or CISOs. Cyber should be discussed across all levels of an organisation, so that everyone knows it’s not solely someone else’s job.
3. Understanding your IT networks and where your data is stored is critical in preparing for cyber incidents – don’t underestimate the potential for sensitive data to be stored somewhere it’s not supposed to. Businesses often have convoluted supply chains and connections they didn’t know existed.
4. Businesses that practise incident response scenarios and learn lessons from others will always fare better in a real life cyber incident – ‘no time spent exercising is time wasted’.
5. Effective communication is crucial in a cyber incident - businesses shouldn’t underestimate the number of stakeholders that will demand information. You can do the best incident response, but if you fail to communicate well, then ‘it probably doesn’t matter in terms of your reputation’:

‘Notification is really important and removing unnecessary fear from the community … and notifying before it's made public is super important, where possible.’

Empowering consumers: The key to driving Australia's energy transition and innovation

In an energising one-on-one, Australian Energy Market Commission (AEMC) Chair Anna Collyer and KWM’s Shirley Cheng explored the dual drivers of consumer engagement and innovative technology in the energy transition. 

At its heart, shaping Australia’s electricity future as we navigate this ‘once-in-human-history transformation’ needs buy-in from current stakeholders. Anna and Shirley agreed to workshop a catchy tagline to get consumers excited for the emerging consumer-led charge, known as Consumer Energy Resources (CER) — ‘save electricity, save money, save the planet’ is the early frontrunner. Suggestions are welcome! 

1. Consumers are active participants in the energy system, not just as recipients. A unique opportunity is unfolding right now to address the traditional energy trilemma (reliability, affordability, sustainability) using consumer engagement and innovative technology.
2. Innovation is crucial, especially in integrating CER-like solar panels, household and community batteries, and EVs into the grid. New and emerging technologies will require a shift from ‘the old world to the new world’, better aligning with the habits of digital natives.
3. Government intervention and regulatory reform can influence investment decisions and consumer behaviour. This is particularly important in wholesale market design, distribution networks and consumer pricing structures. Participants and investors need certainty to make decisions which allow the energy system to adapt into the future.
4. Taking a customer-centric approach will help retailers and industry build trust with consumers, improve education and learning and ultimately transform the operation of the grid. There are greater opportunities to move to innovative technologies if all energy system participants (not just large consumers) are better able to understand these technologies and their benefits. Domestic consumers may hesitate, whether due to information asymmetry or a lack of trust in the technology in the short-term. 
5. The energy transition must address issues of equality and equity among different customer groups, ensuring diverse participation across the energy sector, and promoting a just transition from the traditional energy industry. We need to promote opportunities that allow for problem-solving and innovation in the energy sector and those that cater to diverse experiences.

Seizing opportunities, building trust: CER are critical to the energy transition

Intellihub CEO Wes Ballantine, JET Charge CEO Tim Washington and KWM’s Jess Kruger discussed the critical role of CER in the energy transition and the need for industry to work together to take consumers on this journey. There’s a fascinating question facing the industry about how much control, orchestration and automation capability consumers want and need and how this may impact on the extent to which CER achieves a balance between consumer interests and grid interests.

1. There is a huge opportunity for Australian consumers to transform how we produce and consume energy. This has benefits for both the grid (in terms of increasing supply and the ability to manage demand on the grid) and consumers (in terms of reducing energy/fuel bills while maintaining a high level of home comforts, in an environmentally conscious manner). Consumer take-up will determine success.
2. Education is crucial to help people appreciate and understand the opportunities and empower them to make decisions ‘around the kitchen table’ that will provide the most value to them.
3. CER must provide value to the consumer and be accessible. Consumers want comfortable homes and lifestyles, at the best possible price, with the least possible fuss. Getting the balance between control, orchestration and automation right will likely have a large impact on consumer take-up rates and define the success of current and future industry participants.
4. The industry, governments and consumers are also grappling with issues around trust, data, privacy and cybersecurity, in the context of retailers’ control of appliances, and access to personal data from connected devices.
5. Range anxiety and resale value of EVs and concerns around VPPs diminishing battery life (balanced against economic benefits to the consumer)are among other key issues.

Envisioning AI's future with Lee Yearsley: navigating the waves of innovation and responsibility

We ended the Summit with KWM’s Bryony Evans and AI trailblazer, Akin.com founder and CEO Liesl (Lee) Yearsley. We must ask what we are optimising AI for – and ensure we are reflecting human and societal needs.

‘We cannot sleepwalk into the future.’ Lee Yearsley

1. We must reflect on the reason for optimising AI. Over time Lee’s hope is that optimisation is driven more towards human and social needs, rather than other drivers which Lee considers could have unforeseen impacts.
2. Nothing in the economic structure of society gives a reason to turn off the development or progress of AI, instead we should become succinct about measuring the impact of the technology and look to pass on costs of negative impacts and reward positive impacts.
3. We are in the second of three waves of AI – machine learning. The first wave was structured learning, the third wave to come (still a long way off) is contextual adaptation – the ability to reason its way through a complex problem. To use an essay-writing analogy: in Wave 1 we would be able to ask the AI to grade the paper, Wave 2 to write the paper, and Wave 3 to solve the complex legal problem.
4. ‘AI doesn’t need a master, it needs a mother’. With agency and self-learning capabilities soon to pass us if not already, we shouldn’t think of AI as just another machine to turn off. We need to start thinking about AI as co-evolution species, focusing on how to bring it up well and amplify what AI can do to be responsible.
5. And to finish off, here are some thoughts from one of our attendees: 'Finally - someone who made it so simple and put it into context so magnificently.  Showcased with perspective an amazing depth of understanding, insight, ethical responsiveness and emotion.  I've never attended a CPD session before and decided during it that I would have a rerun of it with my family.  This is it.'

Thanks to Kendra Fouracre, Lauren Bourke, Stephen Brightman, Luke Hawthorne, Emma Newnham, Ha Dinh, Daniel Gray, Kai Nash, Chelsea Payne, Lucy Robinson, Whye Yen Tan, Wes Yu, Cindy Zhu, Emma Hall and Shannon Hatheier for their contributions to the KWM Digital Future Summit takeaways.