Data governance

Concerns raised over TikTok’s US data handling

TikTok’s efforts to separate its US operations and user data from its Chinese parent company, ByteDance, have been scrutinised, as the following reports allege continued collaboration between the two entities. Despite implementing Project Texas, which aimed to enhance data security and independence, former employees claim that data-sharing practices persisted, with US user data being regularly sent to ByteDance executives in China.

Under Project Texas, US user data was supposed to be stored on Oracle’s cloud infrastructure. Still, former employees suggest that the reality differed, with a ‘stealth chain of command’ enabling continued collaboration between US-based staff and ByteDance executives. Allegations of ongoing control from ByteDance’s top management raise questions about TikTok’s claimed independence.

These revelations have significant implications, particularly amidst Congressional efforts to pressure ByteDance to sell TikTok. The House has already passed a bill threatening to ban TikTok unless it severs ties with its parent company. However, TikTok CEO Shou Zi Chew maintains the company’s autonomy, emphasising that American entities store and oversee American data.

Why does it matter?

While some former employees downplay concerns about TikTok’s connections to ByteDance, recent reports suggest that Project Texas may not have effectively insulated US operations from Chinese influence. As scrutiny intensifies, TikTok faces renewed scrutiny over its data practices and the extent of its independence from ByteDance.

China’s new data agency to accelerate development of national computing network

China plans to operationalise a nationwide computing power network by next year, aiming to balance regional digital disparities and enhance capacity. The initiative, led by the National Data Administration (NDA), is a strategic response to President Xi Jinping’s call for digital advancement and innovation amid global competition.

Liu Liehong, the head of the NDA, at a recent conference assured efforts to enhance data infrastructure and hasten the development of the computing power network. The initiative will enhance data sharing and utilisation, maintaining equilibrium between public and commercial interests while fostering data-driven innovation. The need for rigorous regulation, including standardization of formats, security protocols, and clear data governance policies was further emphasised.

In addition, the launch of pilot projects for data labelling, essential for AI utilisation, was announced, setting the stage for AI advancements across sectors.

This initiative can be located at the backdrop of China’s ongoing technological race with the US, as China intends to boost its computing capacity, currently second only to the US, by 50% by 2025.

Co-facilitators of Global Digital Compact process issue assessment from deep dives and consultations

In a letter dated 1 September 2023 and transmitted to all permanent representatives and permanent observers to the UN in New York, Rwanda and Sweden – as co-facilitators of the Global Digital Compact (GDC) process – shared their assessment from the GDC-related deep dives and consultations.

The co-facilitators note that they have identified ‘wide support from diverse perspectives for the establishment of a GDC that rests on the principles of the UN Charter, Agenda 2030, and the Universal Declaration of Human Rights’, and that ‘joint efforts should aim to strengthen digital cooperation, close the digital divide and ensure an inclusive, open, safe and secure digital future for all, which is anchored in human rights and that enables the attainment of the Sustainable Development Goals (SDGs)’.

The letter then outlines a summary of main points drawn from the deep dives and the consultations, along several key topics:

  • The role of digital technologies in accelerating progress across all SDGs. Highlighted here are the importance of connectivity and digital public infrastructure, as role as the potential role of the GDC to support exchange of best practices among countries on digitalisation.
  • Universal, affordable, and accessible connectivity. The need to connect the unconnected, advance digital literacy and skills, build capacities, and promote greater financial investment in affordable, accessible mobile connectivity are among the key issues.
  • An open, free, and globally accessible internet. The significance of interoperable internet standards and protocols and the need to avoid internet fragmentation are highlighted. The letter also notes that stakeholders expressed support for strengthening the multistakeholder approach to the governance of the internet, and that there is broad consensus that the Internet Governance Forum (IGF) should continue to play a ‘key role in promoting the global and interoperable nature and governance of the internet’.
  • Data protection and governance. Reference is made to the need to have a GDC that outlines principles to guide regional and national approaches to data protection and governance. Such principles would relate, among other issues, to ensuring that people have control over their data and to finding a balanced approach between free flow of data and data protection.
  • Digital trust and security. The GDC could promote digital trust and security, and address disinformation, hate speech, and other types of harmful online content, while also advancing transparent and responsible design and application of digital technologies.
  • Artificial intelligence. Here the focus is placed on the ‘need to further a common understanding of the risks’ associated with AI, with reference being made to potential approaches involving forms of regulations, standards, and guardrails. Also highlighted is the need for human-centric, transparent, and equitable risk-based approaches to the development, use, and governance of AI.
  • Addressing the digital gender divides was underscored as a cross-cutting issue.
  • Sustainability. Emphasised here are the role of green technologies and digitalisation in accelerating climate ambitions and the need to address technology-related drivers of climate risk.

Another point emphasised in the summary is that, while the ‘GDC should not duplicate existing forums and processes’, ‘there is an expressed need to identify and address gaps to make the UN system and international cooperation more efficient and coordinated in responding to new and emerging challenges posed by rapid technological developments’.

Digital technologies in UN Secretary-General’s Policy Brief on a New Agenda for Peace

As part of the process leading to the Summit of the Future in 2024, the UN Secretary-General has issued a new Policy Brief – the ninth in its series – outlining proposals for a New Agenda for Peace. Not missing in the Policy Brief are references to digital technologies and the challenges they pose for peace and security. 

The document highlights the perils of weaponising new and emerging technologies, such as the proliferation of armed uncrewed aerial systems, the ease of access to powerful tools that facilitate the spread of misinformation, disinformation, and hate speech, and the misuse of digital technology by terrorist groups. 

Among the 12 sets of recommendations detailed in the Policy Brief as steps towards achieving more effective multilateral action for peace and security, one is dedicated to ‘preventing the weaponisation of emerging domains and promote responsible innovation’. Here, the Secretary-General calls for:

  • The development of governance frameworks, at the international and national levels, to minimise  harms and address the cross-cutting risks posed by converging technologies. 
  • The establishment of an independent multilateral accountability mechanism for malicious use of cyberspace by states, to reduce incentives for such conduct. Such a mechanism, the Secretary-General argues, could enhance compliance with agreed norms and principles of responsible state behaviour. 
  • The conclusion, by 2026, of a legally binding instrument to prohibit lethal autonomous weapon systems that function without human control or oversight, and which cannot be used in compliance with international humanitarian law, and to regulate all other types of autonomous weapons systems.
  • The development of frameworks to mitigate risks relating to AI-enabled systems in the peace and security domain. The Secretary-General specifically mentions the International Atomic Energy  Agency,  the International Civil Aviation Organization and the Intergovernmental Panel on Climate  Change as governance approaches that member states could seek inspiration from. He also invites member states to consider the creation of a new global body to mitigate the peace and security risks of AI while harnessing its benefits to accelerate sustainable development
  • The development of norms, rules and principles around the design, development, and use of military applications of AI through a multilateral process, with the engagement of stakeholders from industry, academia, civil society and other sectors. 
  • The development of a global framework regulating and strengthening oversight mechanisms for the use of data-driven technology, including AI, for counter-terrorism purposes.
  • The development of measures to address the risks involved in biotechnology and human enhancement technologies applied in the military domain. 

UN Secretary-General issues policy brief for Global Digital Compact

As part of the process towards developing a Global Digital Compact (GDC), the UN Secretary-General has issued a policy brief outlining areas in which ‘the need for multistakeholder digital cooperation is urgent’: closing the digital divide and advancing sustainable development goals (SDGs), making the online space open and safe for everyone, and governing artificial intelligence (AI) for humanity. 

The policy brief also suggests objectives and actions to advance such cooperation and ‘safeguard and advance our digital future’. These are structured around the following topics:

  • Digital connectivity and capacity building. The overarching objectives here are to close the digital divide and empower people to participate fully in the digital economy. Proposed actions range from common targets for universal and meaningful connectivity to putting in place or strengthening public education for digital literacy. 
  • Digital cooperation to accelerate progress on the SDGs. Objectives include making targeted investments in digital public infrastructure and services, making data representative, interoperable, and accessible, and developing globally harmonised digital sustainability standards. Among the proposed actions are the development of definitions of safe, inclusive, and sustainable digital public infrastructures, fostering open and accessible data ecosystems, and developing a common blueprint on digital transformation (something the UN would do). 
  • Upholding human rights. Putting human rights at the centre of the digital future, ending the gender digital divide, and protecting workers are the outlined objectives in this area. One key proposed action is the establishment of a digital human rights advisory mechanism, facilitated by the Office of the UN High Commissioner for Human Rights, to provide guidance on human rights and technology issues. 
  • An inclusive, open, secure, and shared internet. There are two objectives: safeguarding the free and shared nature of the internet, and reinforcing accountable multistakeholder governance. Some of the proposed actions include commitments from governments to avoid blanket internet shutdowns and refrain from actions disrupting critical infrastructures.
  • Digital trust and security. Objectives range from strengthening multistakeholder cooperation to elaborate norms, guidelines, and principles on the responsible use of digital technologies, to building capacity and expanding the global cybersecurity workforce. The proposed overarching action is for stakeholders to commit to developing common standards and industry codes of conduct to address harmful content on digital platforms. 
  • Data protection and empowerment. Ensuring that data are governed for the benefit of all, empowering people to control their personal data, and developing interoperable standards for data quality as envisioned as key objectives. Among the proposed actions are an invitation for countries to consider adopting a declaration on data rights and seeking convergence on principles for data governance through a potential Global Data Compact. 
  • Agile governance of AI and other emerging technologies. The proposed objectives relate to ensuring transparency, reliability, safety, and human control in the design and use of AI; putting transparency, fairness, and accountability at the core of AI governance; and combining existing norms, regulations, and standards into a framework for agile governance of AI. Actions envisioned range from establishing a high-level advisory body for AI to building regulatory capacity in the public sector. 
  • Global digital commons. Objectives include ensuring inclusive digital cooperation, enabling regular and sustained exchanges across states, regions, and industry sectors, and developing and governing technologies in ways that enable sustainable development, empower people, and address harms. 

The document further notes that ‘the success of a GDC will rest on its implementation’. This implementation would be done by different stakeholders at the national, regional, and sectoral level, and be supported by spaces such as the Internet Governance Forum and the World Summit on the Information Society Forum. One suggested way to support multistakeholder participation is through a trust fund that could sponsor a Digital Cooperation Fellowship Programme. 

As a mechanism to follow up on the implementation of the GDC, the policy brief suggests that the Secretary-General could be tasked to convene an annual Digital Cooperation Forum (DCF). The mandate of the forum would also include, among other things, facilitating collaboration across digital multistakeholder frameworks and reducing duplication; promoting cross-border learning in digital governance; and identifying and promoting policy solutions to emerging digital challenges and governance gaps.

G7 digital and tech ministers discuss AI, data flows, digital infrastructure, standards, and more

On 29-30 April 2023, G7 digital and tech ministers met in Takasaki, Japan, to discuss a wide range of digital policy topics, from data governance and artificial intelligence (AI), to digital infrastructure and competition. The outcomes of the meeting – which was also attended by representatives of India, Indonesia, Ukraine, the Economic Research Institute for ASEAN and East Asia, the International Telecommunication Union, the Organisation for Economic Co-operation and Development, UN, and the World Bank Group – include a ministerial declaration and several action plans and commitments to be endorsed at the upcoming G7 Hiroshima Summit.

During the meeting, G7 digital and tech ministers committed to strengthening cooperation on cross-border data flows, and operationalising Data Free Flow with Trust (DFFT) through an Institutional Arrangement for Partnership (IAP). IAP, expected to be launched in the coming months, is dedicated to ‘bringing governments and stakeholders together to operationalise DFFT through principles-based, solutions-oriented, evidence-based, multistakeholder, and cross-sectoral cooperation’. According to the ministers, focus areas for IAP should include data location, regulatory cooperation, trusted government access to data, and data sharing.

The ministers further noted the importance of enhancing the security and resilience of digital infrastructures. In this regard, they have committed to strengthening cooperation – within G7 and with like-minded partners – to support and enhance network resilience through measures such as ensuring and extending secure and resilient routes of submarine cables. Moreover, the group endorsed the G7 Vision of the future network in the Beyond 5G/6G era, and is committed to enhancing cooperation on research, development, and international standards setting towards building digital infrastructure for the 2030s and beyond. These commitments are also reflected in a G7 Action Plan for building a secure and resilient digital infrastructure

In addition to expressing a commitment to promoting an open, free, global, interoperable, reliable, and secure internet, G7 ministers condemned government-imposed internet shutdowns and network restrictions. When it comes to global digital governance processes, the ministers expressed support for the UN Internet Governance Forum (IGF) as the ‘leading multistakeholder forum for Internet policy discussions’ and have proposed that the upcoming Global Digital Compact reinforce, build on, and contribute to the success of the IGF and World Summit on the Information Society (WSIS) process. Also included in the internet governance section is a commitment to protecting democratic institutions and values from foreign threats, including foreign information manipulation and interference, disinformation and other forms of foreign malign activity. These issues are further detailed in an accompanying G7 Action Plan for open, free, global, interoperable, reliable, and secure internet

On matters related to emerging and disruptive technologies, the ministers acknowledged the need for ‘agile, more distributed, and multistakeholder governance and legal frameworks, designed for operationalising the principles of the rule of law, due process, democracy, and respect for human rights, while harnessing the opportunities for innovation’. They also called for the development of sustainable supply chains and agreed to continue discussions on developing collective approaches to immersive technologies such as the metaverse

With AI high on the meeting agenda, the ministers have stressed the importance of international discussions on AI governance and interoperability between AI governance frameworks, and expressed support for the development of tools for trustworthy AI (e.g. (non)regulatory frameworks, technical standards, assurance techniques) through multistakeholder international organisations. The role of technical standards in building trustworthy AI and in fostering interoperability across AI governance frameworks was highlighted both in the ministerial declaration and in the G7 Action Plan for promoting global interoperability between tools for trustworthy AI

When it comes to AI policies and regulations, the ministers noted that these should be human-centric, based on democratic values, risk-based, and forward-looking. The opportunities and challenges of generative AI technologies were also tackled, as ministers announced plans to convene future discussions on issues such as governance, safeguarding intellectual property rights, promoting transparency, and addressing disinformation. 

On matters of digital competition, the declaration highlights the importance of both using existing competition enforcement tools and developing and implementing new or updated competition policy or regulatory frameworks ‘to address issues caused by entrenched market power, promote competition, and stimulate innovation’. A summit related to digital competition for competition authorities and policymakers is planned for the fall of 2023.

UN World Data Forum concluded with a call for better data governance

The United Nations World Data Forum, which was held in Hangzhou City, China, called for better data governance and increased collaboration between governments to achieve a sustainable future. UN Secretary-General Antonio Guterres noted that data is a critical component of development and progress in the 21st century.

The Fourth UN World Data Forum saw delegates engage in various sessions across four themes: innovation and partnerships for better and more inclusive data; maximising the use and value of data for better decision making; building trust and ethics in data; and emerging trends and partnerships to develop the data ecosystem. Highlights included insights from the Data for Now Initiative, innovative ways for increasing timeliness and coverage of SDG indicators, and a session on public-private data collaboration during crises.

China, which hosted the event, has pledged to contribute more to global data governance, by hosting international training, supporting the development of the UN Global Platform for Big Data China Hub, and promoting international data cooperation within the framework of the Global Development Initiative.

Data poisoning – a new type of cyberattacks against AI systems

Data poisoning is a new type of cyber-attack aimed at misleading AI systems. AI is developed by processing huge amounts of data. The quality of data impacts the quality of AI. Data poisoning is the intentional supply of wrong or misleading data to impact the quality of AI. Data poisoning is becoming particularly risky with the development of Large Language Models (LLM) such as ChatGPT.

Researchers from the Swiss Federal Institute of Technology (ETH) in Zurich, Google, NVIDIA and Robust Intelligence have recently published a preprint paper investigating the feasibility of data poisoning attacks against machine learning (ML) models used in artificial intelligence (AI). They injected corrupted data into an existing training data set in order to influence the behaviour of an AI algorithm that is being trained on it. It impacted the functionality of AI systems.

As AI systems are becoming more complex and massive, the detection of data poisoning attacks will be difficult. The main risks are in dealing with politically charged topics.

US state of Utah introduces laws that prohibit social media platforms from allowing access to minors without explicit parental consent

In the USA, the Governor of Utah, Spencer Cox, has signed two laws introducing new measures intended to protect children online. The first law prohibits social media companies from using ‘a practice, design,
or feature that […] the social media company knows, or which by the exercise of reasonable care should know, causes a Utah minor account holder to have an addiction to the social media platform’. The second law introduces age requirements for the use of social media platforms: Social media companies are required to introduce age verification for users in Utah and to allow minors to create user accounts only with the express consent of a parent or guardian. The laws also prohibit social media companies from advertising to minors, collecting information about them, or targeting content to them. In addition, there is a requirement for companies to enable parents or guardians to access the minors’ accounts. and minors should not be allowed to access their social media accounts between 10:30 pm and 06:30 am.

The laws – set to enter into force in March 2024 – have been criticised by civil liberties groups and tech lobby groups who argue that they are overly broad and could infringe on free speech and privacy rights. Social media companies will likely challenge the new rules.

IoT Tech Expo Global 2023

The seventh annual Internet of Things (IoT) Tech Expo Global will be held from 30 November until 1 December 2023 in London, UK.

It is one of the 5 co-located events that will take place during these two days, among Cyber Security & Cloud, Blockchain, AI & Big Data, and Digital Transformation. The key topics that will be covered include digital Transformation, Data Analytics, IIoT & Smart Manufacturing, Connected Environments, Developing for the IoT, Process Optimisation, Sensor Deployment, Connectivity Considerations, 5G & Future Connectivity, Security & Standards, Cloud Computing, Autonomous Transportation, and  Device & Asset Management, among others.

For more information, please visit the event page