Dare to Share: Rebuilding Trust Through Data Stewardship | IGF 2023 Town Hall #91

Report

The analysis focused on several key points raised by the speakers. One of the main concerns highlighted is the existence of asymmetrical power relations in data sharing, particularly in the context of the African continent. It is distressing to note that a staggering 80% of data flows outside the African continent, leaving the region at a significant disadvantage.

Moreover, a large number of people in Africa still remain offline, further exacerbating the digital divide.

The speakers also emphasized the importance of extending beyond first-generation rights when it comes to data governance. Currently, most regimes heavily focus on individualized notions of privacy and compliance.

However, there is a need to recognise and prioritise economic and environmental rights in order to ensure a more holistic approach to data governance.

Advocacy for the African Union Data Policy Framework and data interoperability was another central argument put forth during the analysis.

The establishment of a single data market within the African Union could provide leverage in terms of international markets. This Framework extends regulatory concerns beyond the scope of first-generation rights, ensuring a more comprehensive approach to data governance in Africa.

The lack of equitable data access for African researchers and institutions was also highlighted as a significant issue.

It was pointed out that big tech companies, such as Google, currently provide limited data access to European researchers, while African researchers and institutions face barriers in accessing valuable data. It is argued that this situation hinders the ability of African researchers to contribute meaningfully to relevant fields and areas of study.

Furthermore, the need for effective enforcement of data governance, particularly in the realm of broader economic regulations, was underscored.

Examples were provided where a data protection and information regulator in South Africa took strong action against WhatsApp and various groups. To handle the challenges of international regulation and obtain data from large operators, it was emphasised that global cooperation is essential.

The analysis also drew attention to the limited participation of civil society in many public processes across the African continent.

In many countries, it is not required for civil society to participate in public processes as per administrative law or justice. The influence of private sector entities and telecom companies in these public processes was also noted. It was argued that enforcing public participation and providing resources for researchers to access critical information can help inform these processes and ensure more balanced outcomes.

In conclusion, the analysis highlights the need for broader data governance and the participation of civil society in public processes across the African continent.

It emphasises the importance of global cooperation and maintaining a balance of interests to protect data and foster innovation. The African Union Data Policy Framework and data interoperability are presented as potential solutions to address the asymmetrical power relations in data sharing.

Ultimately, it is crucial to prioritise equitable data access for African researchers and institutions, while also enforcing effective data governance and considering economic regulations.

Report

The current data regulation is criticised for primarily focusing on individual data rights and overlooking the importance of group dynamics. The lack of consideration for existing institutions, such as cooperatives, which historically facilitated collective decision-making, is seen as a limitation in the data economy.

It is argued that group rights should be codified into existing laws to address collective and community rights more effectively.

Supporting this argument, some notable facts include the exploitation of group rights in bioethics related to data banks and biobanks.

The mention of data cooperatives in the data governance framework of the European Union also emphasises the significance of collective data handling. Additionally, a government report from India explored the concept of community rights in data, further highlighting the need to incorporate group dynamics into data regulation.

However, establishing new data institutions faces challenges.

While models like data trusts have been proposed for pooling data rights, their implementation encounters obstacles. Therefore, the argument suggests that existing organisations, like cooperatives, can be adapted and made competent for the digital age, presenting an alternative solution to address the challenges faced by new data institutions.

In the context of law enforcement and regulatory frameworks, the implementation of laws developed at a fast pace is found to be problematic.

The lack of early consultation with stakeholders hampers smooth implementation. It is argued that early consultation is essential for better implementation and stakeholder buy-in. Increased buy-in enhances the understanding of implementation opportunities for different stakeholders. For instance, the Telecom Regulatory Authority in India was developed through private sector demand and consultation, demonstrating the benefits of early stakeholder involvement.

Moreover, building institutions through prolonged consultation processes, although potentially inefficient, can be advantageous for implementation and enforcement.

Such processes ensure greater understanding and buy-in from the private sector and civil society, enabling them to work together effectively.

In conclusion, the current data regulation needs to consider the importance of group dynamics and collective decision-making. Codifying group rights into existing laws can help address collective and community rights more effectively.

Additionally, existing organisations like cooperatives can be adapted for the digital age to overcome challenges faced by new data institutions. Early consultation with stakeholders is crucial for better law implementation and stakeholder buy-in. Prolonged consultation processes, while potentially time-consuming, can aid in building institutions and enhancing enforcement.

It is important to foster collaboration and understanding among stakeholders to achieve successful data regulation and ensure the benefits of the digital economy are distributed equitably.

Report

Enforcement capacity plays a crucial role in supporting data sharing mechanisms, frameworks, and policies. In the US, there have been significant struggles in enforcing data protection laws, particularly in relation to medical data. These challenges highlight the need for stronger emphasis on enforcement capacity in data protection and data sharing.

One of the main points raised is the inadequate enforcement of existing data protection laws in the US.

This suggests that, despite having legislation in place, there is a gap in effectively implementing and enforcing these laws. This is particularly concerning when it comes to sensitive data, such as medical information, where the need for protection is high.

The importance of enforcement capacity becomes apparent when considering its implications for data sharing mechanisms, frameworks, and policies.

Without a strong enforcement mechanism, it becomes difficult to ensure compliance and accountability. This can lead to vulnerabilities and risks related to data privacy and security.

The argument put forward is for a stronger emphasis on enhancing enforcement capacity in the context of data protection and data sharing.

By improving enforcement capabilities, it becomes possible to strengthen the overall governance of data practices and hold organizations and individuals accountable for their actions.

The analysis also highlights the relevance of this issue within the broader context of Sustainable Development Goal 16: Peace, Justice, and Strong Institutions.

Effective enforcement of data protection and data sharing laws is vital for building strong institutions and promoting justice in the digital era.

In conclusion, the struggles faced in enforcing data protection laws, especially in relation to medical data, underscore the need for stronger enforcement capacity.

Enhancing enforcement mechanisms can support data sharing mechanisms, frameworks, and policies, and contribute to achieving SDG 16. Ensuring the protection and privacy of data is crucial in promoting integrity, accountability, and trust in the digital landscape.

Report

Kevin Luca Zandermann has highlighted the global focus on data governance, particularly in privacy legislation. He emphasised the significance of important privacy laws, such as the General Data Protection Regulation (GDPR), which is being recognised as the gold standard globally.

This reflects a growing recognition of the importance of protecting individual privacy and regulating the use of personal data in our increasingly digital world.

In addition to privacy legislation, Kevin emphasised the need for institution models that can effectively manage data stewardship.

He pointed out that data is a non-rivalrous resource, meaning its use by one person does not diminish its availability to others. With the vast amount of data being produced by sources such as the internet of things, wearables, and cloud platforms, it is crucial to establish mechanisms to ensure responsible and ethical data management.

Kevin also highlighted the EU Data Governance Act as a significant step towards establishing an institutional framework for data stewardship.

This act allows the reuse of data held by public sector bodies, enabling the efficient and responsible use of data for various purposes. Furthermore, the act certifies data intermediaries, ensuring they meet certain standards and promoting the responsible handling of data.

The act also promotes the concept of data altruism, which involves individuals voluntarily sharing their data for societal benefits. This type of data sharing can be particularly valuable in the context of diseases such as rare diseases, where the sharing of data among researchers and medical professionals is vital.

Overall, Kevin’s arguments underscore the critical need for data governance and the establishment of effective institutional frameworks to protect privacy and ensure responsible data stewardship.

The analysis also highlights the growing recognition of GDPR as a global standard and the potential value of data altruism in addressing complex societal challenges. These insights contribute to the broader conversation on data governance and the ethical use of data in our interconnected world.

Report

The analysis focuses on various aspects of data sharing and data rights, exploring the need for a balanced approach between innovation and privacy when opening up the value of data. The session acknowledges that data is often referred to as the new oil, carrying great potential for innovation and progress.

However, it also raises concerns about privacy and ethical use.

Different approaches to data sharing are discussed, ranging from collaborative ecosystems to individual donations, and even illegitimate methods such as hacking and theft. The Open Data Map by Open Data Institute illustrates these diverse approaches, including data exchanges, research access schemes, and personal data donation.

It is noted that some approaches bypass regulations to gain access to otherwise closed data.

One notable argument proposed is that data sharing should be viewed as a collaborative effort, similar to a dinner situation with friends where everyone contributes.

The preparation of dinner with friends, where everyone brings a dish to share, is used as an analogy for data sharing. While everyone enjoys the benefits of data sharing, the challenges and effort required to establish it are often overlooked.

The analysis highlights the importance of a more nuanced regulatory approach towards data sharing.

Currently, regulations primarily focus on individual data rights and their relationship with platforms and governments. However, there are several group decisions that occur with regard to data, and existing institutions historically enable groups to make collective decisions. In the data economy, the existence of groups in the real world is often overlooked or misunderstood.

Therefore, the idea of figuring out some kind of group rights in data interaction is necessary.

It is suggested that existing laws and legislative conversations need to be rethought to emphasize group/collective rights and consent, rather than solely focusing on individual rights and consent.

Efforts are being made to consider group privacy and collective instruments, particularly in the field of bioethics. Some legislative conversations, such as the European Union’s Data Governance Act (DGA) and the Indian government report, discuss the concept of data cooperatives and community rights.

The concept of data stewardship is introduced as a potential solution for managing collective data rights.

Different models, such as data trusts, are examined, which can help address the pooling of data rights. However, it is acknowledged that creating these new institutions or reforming existing ones remains a challenge.

The analysis also emphasizes the need for further research on practical applications of group rights in the context of data sharing.

It suggests that policy development to regulate data rights and sharing is still in the early stages and requires more investigation. The complexity of the subject necessitates additional research to inform policy decisions.

Additionally, the importance of sharing knowledge on data protection regulation and governance before enforcement is emphasized.

The analysis highlights that sharing knowledge steers things in the right direction and proves to be more effective than immediately enforcing sanctions. The approach of issuing warnings before suspension or sanctions in data governance is considered to be effective.

In conclusion, the analysis delves into the intricacies of data sharing and data rights, highlighting the need for a comprehensive and balanced approach that considers both individual and group/collective rights.

It discusses different approaches to data sharing, the challenges of establishing collaborative ecosystems, the importance of rethinking existing laws and legislative conversations, and the potential of data stewardship. The analysis also calls for more research on practical applications of group rights and emphasizes the effectiveness of sharing knowledge before enforcement in data governance.

Report

The Ministry of Innovation in Brazil has faced criticism for creating an interoperability system that raises concerns about data protection and privacy. This is inconsistent with the Brazilian Data Protection Law, known as the LGPD. The Supreme Court is involved in ensuring that the decree aligns with data protection principles.

One major issue with the system is the creation of a vast database that encompasses citizen data from various governmental platforms.

The potential dangers of such a database have been highlighted as it holds sensitive information that could be misused if it falls into the wrong hands.

In a positive development, a new decree was published in 2022 to rectify the issues arising from the previous data sharing rules.

This new decree aims to make data sharing and handling more transparent. It is noteworthy that the committee responsible for drawing up this decree now includes civil society participants, making it more representative and diverse. The involvement of the Data Protection Authority has also been instrumental in ensuring that the new decree is compatible with the data protection law.

Despite concerns over data protection and privacy, the implementation of the interoperability system has brought efficiency and financial savings to the Brazilian public sector.

The introduction of new interoperability services through data sharing has resulted in substantial cost savings of half a million dollars in recent years. These services ensure that information is shared only when necessary, thus minimizing unnecessary sharing of data across all agencies.

The importance of sharing knowledge about data protection and governance regulations has become evident.

Before the enforcement of data protection regulations, it is crucial to raise awareness and provide education on these matters. This is particularly relevant in Brazil, where many people were previously unfamiliar with data protection and governance.

Empowering individuals about their data rights and educating data controllers about the regulations are vital for ensuring easy enforcement of the rules.

When people are aware of their data rights and data controllers understand their obligations, compliance with data protection rules becomes easier, and privacy-compliant initiatives can be implemented effectively.

An important observation is that communication and knowledge sharing should be prioritized over enforcement or sanctions.

Sharing knowledge has proven beneficial in guiding stakeholders in the right direction. It is also worth noting that only two sanctions have been enforced so far, with one being a warning to a public body. This highlights the importance of fostering a culture of compliance through education and communication rather than relying solely on punitive measures.

Finally, it is emphasized that the involvement of regulatory authorities in background processes is crucial for efficient governance.

The role of regulators goes beyond merely enforcing sanctions; they play an essential part in sharing knowledge and information.

In conclusion, while the Ministry of Innovation’s creation of an interoperability system has raised concerns about data protection and privacy, the introduction of a new decree in 2022 aims to address these issues and improve transparency in data sharing and handling practices.

The implementation of the system has brought benefits in terms of efficiency and financial savings to the public sector. Sharing knowledge about data protection and governance regulations is considered crucial, and empowering individuals and educating data controllers are necessary for effective enforcement of the rules.

Communication and knowledge sharing should be prioritized over enforcement, and the involvement of regulatory authorities in background processes is crucial for efficient governance.