Day 0 Event #257 Enhancing Data Governance in the Public Sector

Summary

This discussion focused on enhancing data governance in the public sector, featuring experts from Latin America, the United States, and Papua New Guinea who examined challenges and opportunities in implementing effective data governance frameworks. Luca Belli from Brazil emphasized that while over 150 countries have adopted data protection laws, including all BRICS nations, these laws are necessary but insufficient for successful digital transformation. He argued that countries must complement data protection legislation with strategic investments, multi-stakeholder governance, and locally-adapted solutions rather than copying policies from developed nations. Belli highlighted successful examples from BRICS countries, particularly India’s Digital Public Infrastructure (DPI) approach and China’s substantial investments in domestic technology development.

Chelsea Horn from American University outlined the fundamental components of data governance, including data stewardship, usage controls, security measures, and quality metrics. She stressed that effective data governance requires breaking down silos within government, fostering collaboration, and building public trust through ethical data handling practices. Horn emphasized the importance of standardized frameworks and training as relatively low-cost starting points for improving data governance.

Nancy Kanasa from Papua New Guinea provided a practical perspective on implementing data governance in a developing nation context. She explained that Papua New Guinea recently approved its National Data Governance and Data Protection Policy in September, prioritizing governance over protection due to existing institutional challenges. Kanasa highlighted significant obstacles including fragmented data ecosystems, limited civil society input in policy development, infrastructure constraints, and cultural resistance to change within government departments. The discussion concluded with recognition that successful data governance implementation requires addressing both technical and cultural barriers while ensuring that solutions are contextually appropriate and financially sustainable for developing nations.

Keypoints

## Major Discussion Points:

– **Data protection laws are necessary but insufficient for effective digital transformation** – Luca Belli emphasized that while over 150 countries have adopted data protection laws, these alone don’t drive innovation without accompanying investments, multi-stakeholder cooperation, and practical implementation strategies.

– **Multi-stakeholder governance is critical for both policy development and implementation** – All panelists stressed the importance of involving government, private sector, academia, and civil society in data governance frameworks, with particular emphasis on building public trust and ensuring inclusive policy-making processes.

– **Developing countries need context-specific approaches rather than copying developed nation models** – The discussion highlighted how countries like India (with Digital Public Infrastructure) and China (with massive industrial investment) have created innovative solutions tailored to their specific circumstances and capabilities.

– **Cultural and institutional barriers pose significant challenges to data governance implementation** – Nancy Kanasa from Papua New Guinea illustrated how government departments resist data sharing due to siloed thinking, fear of change, and misunderstanding of data governance concepts, representing broader challenges faced by developing nations.

– **Breaking down data silos while maintaining security requires balancing openness with protection** – The panel explored the tension between enabling data sharing for better public services (like one-stop citizen services) and maintaining robust data protection, particularly in resource-constrained environments.

## Overall Purpose:

The discussion aimed to examine practical approaches for enhancing data governance in the public sector, particularly focusing on challenges and opportunities in developing countries. The session sought to share lessons learned from different regional experiences (BRICS countries, Pacific Islands) and provide actionable insights for building effective, inclusive data governance frameworks that can support digital transformation while protecting citizen rights.

## Overall Tone:

The discussion maintained a pragmatic and collaborative tone throughout, with speakers acknowledging both opportunities and significant challenges in implementing data governance. The tone was notably realistic rather than overly optimistic, with panelists candidly discussing failures and limitations alongside successes. There was a consistent emphasis on learning from diverse global experiences rather than promoting one-size-fits-all solutions. The conversation became increasingly focused on practical implementation challenges as it progressed, particularly around cultural change and resource constraints, reflecting the real-world complexities faced by practitioners in this field.

Speakers

**Speakers from the provided list:**

– **Judith Hellerstein** – Moderator of the session on “Enhancing Data Governance in the Public Sector”

– **Sarai Tewita** – Online moderator, handling questions from online audience participants

– **Luca Belli** – Professor at FGV Law School in Rio de Janeiro, Director of the Center for Technology and Society, expert in data governance with focus on Latin America and BRICS countries

– **Chelsea Horn** – Senior lecturer at American University in Washington DC, Co-president of the Washington D.C. Internet Society chapter, expert in data protection, privacy and security concerns

– **Nancy Kanasa** – Lead for data governance and data protection within the Department of ICT with Papua New Guinea government

– **Audience** – Various audience members asking questions during the Q&A session

**Additional speakers:**

– **Guy Berger** – Working with the G20 on data governance in the public sector

– **Robert Sun** – Online participant from Cambodia who submitted questions

# Enhancing Data Governance in the Public Sector: A Comprehensive Discussion Report

## Introduction and Context

This discussion on “Enhancing Data Governance in the Public Sector” brought together international experts to examine the challenges and opportunities in implementing effective data governance frameworks, particularly in developing countries. The afternoon session was moderated by Judith Hellerstein, with online moderation by Sarai, and featured perspectives from Latin America, the United States, and Papua New Guinea. The conversation addressed the critical gap between policy development and practical implementation, exploring how countries can build robust data governance systems that serve both citizen needs and national development goals.

## Key Participants and Their Perspectives

The discussion featured three primary speakers, each bringing distinct regional and professional perspectives. Lillian Nalwoga was originally scheduled to speak but her plane was delayed.

Luca Belli, Professor at FGV Law School in Rio de Janeiro and Director of the Center for Technology and Society, provided insights from his extensive work on data governance across Latin America and BRICS countries. His perspective emphasized the importance of digital sovereignty and context-specific solutions for emerging economies. He noted that materials from his research are available at cts.fgv.br and cyberbrics.info.

Chelsea Horn, Senior Lecturer at American University in Washington DC and Co-president of the Washington D.C. Internet Society chapter, offered expertise in data protection, privacy, and security concerns from a developed country perspective. Her contributions focused on the technical and structural components necessary for effective data governance frameworks.

Nancy Kanasa, Lead for data governance and data protection within the Department of ICT with Papua New Guinea government, provided crucial real-world insights from a developing nation context. Her practical experience implementing data governance policies offered grounding for the theoretical discussions and highlighted the cultural and institutional challenges faced by practitioners.

Additional contributions came from Guy Berger, working with the G20 on data governance in the public sector, and Robert Sun, an online participant from Cambodia, who raised important questions about metrics and implementation challenges.

## The Insufficiency of Legal Frameworks Alone

A central theme throughout the discussion was the recognition that data protection laws, while essential, are insufficient for achieving effective digital transformation. Luca Belli emphasized this point strongly, noting that while over 150 countries have adopted data protection laws, including all BRICS nations, these laws represent only the beginning of the journey towards effective data governance.

Belli argued that “data protection law is essential, but really not enough to be able to foster a sustainable digital transformation.” He stressed that countries must complement data protection legislation with strategic investments, multi-stakeholder governance, and locally-adapted solutions rather than simply copying policies from developed nations.

This perspective was reinforced by Nancy Kanasa’s practical experience in Papua New Guinea, where she observed that government departments often prioritize technical infrastructure over governance frameworks when implementing data protection measures. She explained that “when I say data protection, it is the technical part of data protection… they think it’s to do with the infrastructure. So they put more effort in the infrastructure and not the framework, the governance framework.”

## Implementation Challenges and Regional Perspectives

### The Implementation Gap

The discussion revealed a significant gap between policy creation and implementation across different contexts. Belli noted that countries like Brazil excel at stakeholder input during policy creation but struggle with stakeholder participation during implementation phases. He highlighted Brazil’s success in digitizing more than 4,200 public services but noted ongoing challenges in ensuring effective governance of these systems.

Chelsea Horn addressed this challenge by outlining five fundamental components necessary for effective data governance: clear data ownership and stewardship, usage controls and policies, defined circumstances for data use, robust collection, storage, processing, and security protocols, and compliance metrics. She emphasized that these components must work together systematically rather than being implemented in isolation.

### BRICS Countries and Innovation Examples

Luca Belli highlighted successful examples from BRICS countries, particularly praising India’s Digital Public Infrastructure (DPI) approach and specifically mentioning the DEPA (Digital Data Empowerment and Protection Architecture) as a concrete example of innovative governance frameworks. He argued that emerging economies often develop innovative strategies precisely because of resource constraints, leading to more creative and locally appropriate solutions.

Belli’s analysis of digital sovereignty was particularly noteworthy, as he defined it as countries’ ability to “understand, develop, and regulate technologies domestically to exercise control and self-determination.” This concept extends individual data protection principles to the national level, addressing concerns about technological dependence on foreign platforms and infrastructure.

### Pacific Island Nations’ Unique Challenges

Nancy Kanasa provided detailed insights into the specific challenges faced by Pacific Island nations, using Papua New Guinea as a case study. She explained that Papua New Guinea recently approved its National Data Governance and Data Protection Policy in September, deliberately prioritizing governance over protection due to existing institutional challenges. She noted that expatriates often questioned why they put “data governance and data protection” rather than “data protection and data governance” in their policy title.

Kanasa highlighted several significant obstacles, including fragmented data ecosystems, limited civil society input in policy development, infrastructure constraints, and cultural resistance to change within government departments. She noted that “most of the policies that are drafted within the government from my country, we don’t have much input from the civil society that we really need.”

Currently, the police clearance certificate is the only government service working online in Papua New Guinea, illustrating the early stage of digital transformation. The country is also exploring the global cross-border privacy rules framework as part of their governance approach.

## Multi-Stakeholder Governance and Capacity Building

### The Critical Role of Civil Society

All panelists emphasized the importance of multi-stakeholder governance, though they acknowledged significant gaps in current practice. Chelsea Horn stressed that civil society partnerships are crucial for building public trust by providing impartial oversight and transparent research about government data practices.

However, the discussion revealed substantial challenges in achieving meaningful stakeholder engagement. Nancy Kanasa’s candid admission about the lack of civil society input in Papua New Guinea’s policy development process highlighted how multi-stakeholder rhetoric often fails to translate into practice.

### Skills and Capacity Challenges

The discussion highlighted significant capacity challenges across different contexts. Luca Belli noted that Brazil alone needs 700,000 cybersecurity professionals, illustrating the scale of the skills gap in data governance and cybersecurity. This shortage affects both the public and private sectors’ ability to implement effective data governance frameworks.

Nancy Kanasa described Papua New Guinea’s establishment of a National Data Governance Steering Committee to provide coordination and ensure multi-stakeholder input, as well as the launch of a secure data actions platform in 2024 as practical steps toward building capacity.

## Technical Challenges and Global Platform Dependence

### Infrastructure and Platform Dependencies

A significant concern raised during the discussion was the dominance of global technology platforms and infrastructure providers. Luca Belli noted that “most people in the global south… are primarily connected to social media of one enterprise… the way in which their data are hoovered and processed is not defined by the law but is defined by the very same corporation.”

He provided a specific example of how Meta.ai is automatically downloaded and people contribute data for free, illustrating how platform dependencies can undermine national data governance efforts regardless of strong national laws. The discussion highlighted how the dominance of few cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud) can challenge effective data governance.

### Emerging Technology Considerations

Guy Berger raised questions about the integration of AI and other emerging technologies into public services, asking about the implications for data governance frameworks. The discussion touched on how countries need to consider these evolving technologies when designing governance frameworks, though specific solutions remained largely unresolved.

## Practical Implementation Strategies

### Low-Cost Improvement Approaches

The discussion identified several practical, low-cost approaches for improving data governance implementation. Chelsea Horn suggested that countries could begin with creating structured frameworks, standardizing data definitions, and investing in training programs through organizations like the International Telecommunication Union (ITU).

Luca Belli emphasized the importance of making solutions “cheap and easy” to implement, contrasting this with current data protection laws which are often perceived as difficult and costly. He mentioned GovStack as one example of available open-source solutions that countries could leverage, and suggested building on countries’ existing strengths rather than attempting to build comprehensive systems from scratch.

### Balancing Protection and Sharing

The conversation highlighted ongoing tensions between data protection and beneficial data sharing. While Chelsea Horn emphasized the need for robust protection frameworks, audience members argued for equal attention to both protection and sharing to enable accountability and innovation, including local AI development.

Nancy Kanasa’s approach in Papua New Guinea of prioritizing governance frameworks before protection measures illustrated one strategy for addressing this balance, though she acknowledged this approach faced resistance from some stakeholders who expected protection to come first.

## Audience Engagement and Unresolved Questions

The session included audience participation with two microphones available for questions. Robert Sun from Cambodia raised important questions about metrics and measurement of data governance effectiveness, highlighting the need for better evaluation frameworks.

Other audience members contributed perspectives on balancing data protection with data sharing for accountability purposes, and the importance of ensuring that governance frameworks enable rather than hinder beneficial uses of data for public good.

## Key Takeaways and Future Directions

The discussion revealed several areas of strong consensus among the diverse participants. All agreed that data protection laws alone are insufficient for effective digital transformation, that multi-stakeholder governance is essential, that context-specific solutions are needed rather than copying developed nation models, and that cultural and organizational barriers present major implementation challenges.

However, significant challenges remain unresolved, including how to break down data silos between government departments, how to overcome cultural resistance to change within government agencies, how to address fundamental dependency on foreign infrastructure providers while maintaining sovereignty, and how to build adequate skills and capacity for effective implementation.

The conversation demonstrated that successful data governance implementation requires addressing both technical and cultural barriers while ensuring that solutions are contextually appropriate and financially sustainable. The emphasis on practical, low-cost improvements and the recognition that emerging economies often develop innovative strategies due to resource constraints provides hope for creative solutions to persistent challenges.

Ultimately, the discussion highlighted that data governance remains a complex and evolving challenge requiring ongoing dialogue between academics, practitioners, and civil society to bridge the gap between policy aspirations and practical realities. The path forward appears to require continued collaboration and adaptation as countries work to develop governance frameworks that serve their specific contexts and needs.

Judith Hellerstein: Good afternoon. Thanks for everyone. We are starting in a few seconds. So if everyone can take a seat we are going to our session today on enhancing data governance in the public sector. I am Judith Hellerstein. I am going to be the moderator along with my online moderator over here, Sarai. And today’s session is Enhancing Data Governance in the Public Sector. We will have representation from Luca Belli is at the end. He is from the Latin American Caribbean He is an expert in data governance. Next to him is Chelsea Horn. She is a professor at American University on data governance as well as being the co-president of the Washington D.C. Internet Society chapter. And then our host is Nancy Kanasa with the government of Papua New Guinea and we are also talking about the use case of data governance in Papua New Guinea. Again, I am Judith Hellerstein and this… This is Sara, and for those who are online, Sara will be working to get your questions and answers to you, and also maybe to hopefully feature some of you. I will gather questions from the audience, and we have two mics on either side, so when we start the Q&A, we’ll ask you to come up to the mic and give your name and what sector you’re from. Thanks so much, and let me turn it over to Luca, who will be our first presenter. Thank you.

Luca Belli: Good morning. Thank you very much, Judith and friends, for organizing this panel. I think I will take off my headphones not to hear myself. I think you can hear me. My name is Luca Belli. I’m a professor at FGV Law School in Rio de Janeiro, where I direct the Center for Technology and Society there, and over the past years, we have done quite a few research on several topics related to data governance and in the public sector, especially in two of our main areas of focus, which is Latin America and the BRICS grouping, so Brazil, Russia, India, China, and South Africa, plus the six new countries that have adhered as of last year. The ideas I want to share are directly related to the research we have conducted over the past years, and everything actually I’m mentioning is available in open access on the website of our Center, cts.fgv.br, and also on the dedicated website of our CyberBRICS project that analyzes and compares the digital policies of the BRICS grouping, which is cyberbrics.info. So the first thing that I want to stress is that I think over the past… Especially since the pandemics, we have witnessed a great scramble to digital transformation in most countries, but not necessarily all countries organize it in a very structured and coherent way. And even if we have heard over the past 15 years that data is the most valuable asset or a new asset class, there is this difference between the type of policies that are usually adopted, especially data protection policies that is essential for digital transformation, but then what happens in practice in terms of leveraging data for digital transformation, especially of the public sector. And here I think that some of the initiatives that we have mapped in the BRICS grouping could be very interesting. The first example that could come to my mind is the fact that China, all BRICS members have adopted data protection laws over the past years, but I will get into this in a couple of minutes. Before this, I would like to mention also some interesting complementary initiatives that make the adoption of data protection more meaningful, especially for the public sector. First, investments and very well-focused industrial policy in China is a very good example, but also investment in innovation. And here I think that India comes to mind, creating digital public infrastructures precisely to digitize public services through open software, interoperable software. And then Brazil has been also leading the path in terms of digitalization of public services. There are now more than 4,200 public services that have been digitized in Brazil over the past five years, which is quite a record. Brazil is also investing in the creation of data spaces. to make the use of data, local use of data more easy, particularly for the government. And here our research on digital transformation encounters two other streams of our research, one on data protection and the other one on digital sovereignty. The one on digital sovereignty that we have developed over the past five years, it’s really about understanding to what extent these countries have managed to understand, develop and regulate digital technologies, which is how we define it, digital sovereignty, understanding, developing, regulating digital technologies in order to exercise control, power, self-determination over the technology. And this is actually, it makes it easy to connect it to data sovereignty, meaning being able to understand how data intensive technology function, develop them ideally domestically and regulate them effectively. Actually, if you take our Brazilian data protection law, one of the key principles is informational self-determination. So the fact that every individual must be able to control data, to know how data is used and by whom. And you can, what we stress in our research on data sovereignty is that you can think about it also in a collective fashion. So not only the individual being able to understand how data is used and control it, but also the nation itself being able to understand who is hoovering up data, how data are utilized and with whom are shared. So this is also something that we have stressed and analyzed deeply in our research and also then coming back to my first point, the essential nature of data protection laws, which is something that all BRICS members have adopted over the past 10 years, especially over the past five and more than 150 countries in the world have adopted, including Most of global south countries have already adopted data protection law, but then why you may wonder people are not developing an enormous quantity of Data driven innovation if there is all such legislation well because the data protection law is essential Is necessary but not sufficient. So if you don’t also articulate it with investments and with multi-stakeholder Cooperation and here I’m speaking about multi-stakeholder governance not to pay lip service to multi-stakeholder Thinking or philosophy if you want, but to really thinking about the government working with the private sector working with academics Working with civil society actors to identify how data could be used by whom to direct investment and finding because this innovative Research that can be elaborated by researcher then translates into products and services and to keep it in so Regulated that those who maintain the control on the data are the individual users but also those who reap the benefit of it is the local community and not necessarily a Let’s say a handful of global corporations that are in this moment hoovering all data from global south and Let’s say giving back Not a lot after at least in fiscal terms. And so yeah, that’s my what are my initial provocations on this issue stressing that’s this this all the elements I’ve shared are freely available online and Yeah, I think that we have to be if I can give also a provocation and the suggestion We have to be a little bit more critical on how we Translate the nice policies and regulation we spend a lot of time to developing into concrete action and I think that for this Both investments and multi-stakeholder governance are critical

Judith Hellerstein: Thanks so much Luca for your presentation will next move over to Chelsea and she’s also going to talk about some of the biggest challenges that countries face when trying to get started with data governance in the public sector. So I’ll move over to Chelsea.

Chelsea Horn: Thank you Judith. Hello and good afternoon. My name is Chelsea Horne and I am a senior lecturer at American University in Washington DC. So thank you for having me and thank you in particular to Judith and to Nancy, our organizers. It’s an honor to be a part of this really important discussion. My research focuses on data protection and in particular in privacy and security concerns, but today my remarks be more at a high level. So I want to give more of an overview of some of the major concerns that we should be thinking about when we talk about data governance. When we talk about data governance it might sound like something that’s massive and has a lot of complexities. It’s because it does, but fundamentally at its core it’s something about, it’s something very simple. It’s just thinking about how we collectively manage and how we use people’s information and it’s hopefully with the aim of improving the lives and bettering our communities. So that’s the ideal version of data governance. So thinking about a quick overview or what are some of the major questions we think about data governance. It’s to think about five things. First, who is responsible for what data? So thinking about data ownership and stewardship. Do we have data stewards? Who’s taking control of it? Is there somebody in charge? Are there multiple departments? But thinking about who is responsible for what data. Secondly, what actions can be taken with specific data? So thinking about controls, settings, usage policies, what can be done with the data that’s being collected. Third, when and what and under what circumstances data can be used. Fourth, how data is collected, stored, processed and secured. So thinking about, that’s a very big one, it’s a and Laura. I will say it quickly, but that’s a massive part of data governance, making sure that the collection storage, processing and security of these data is very well thought out. And finally, fifthly, having metrics for measuring the data quality and compliance, so making sure that there are checks in place to make sure that the data governance frameworks are being applied correctly, accurately and effectively. And finally, the last but not least, making sure that we are able to optimize the value of data while mitigating the risks, ensuring compliance, and building public trust. Effective data governance is not just a bureaucratic exercise, it’s a foundation for delivering essential public services more efficiently. It’s about safeguarding privacy, fostering trust in institutions and making sure that the power of data is harnessed ethically and effectively. So, to conclude, I would like to highlight a couple of key considerations, first, a solid data governance plan, sorry, a solid plan for data governance is crucial, as it ensures information is managed wisely and it enables governments and the public sector to make better decisions and deliver more effective strategies. Second, to make sure that we’re fostering broad collaboration, that we’re breaking down data silos within the government, and as well as making sure that we’re actively engaging the public sector in the data governance process. And third, and finally, to think about how we are going to be building trust and ensuring ethical use by establishing these robust data governance frameworks that make sure that they protect privacy, prevent misuse, and that they ensure that the data is handled in an ethical and meaningful fashion. So, I’ll finish my remarks there.

Judith Hellerstein: ≫ Thanks so much for setting the scene there. And next we’ll talk about, move over to Nancy Kanasha, who’s really talking about a news case in her country in Papua New Guinea where data governance is a pretty new concept and idea and also where they just passed last year a data protection and data privacy policy and they’re working on creating a data governance law and data protection law which is all very new concepts for people in Papua New Guinea who haven’t really had that much experience on privacy issues and data governance.

Nancy Kanasa: Thank you, Judith. Good afternoon, everyone. I’m Nancy Kanasa. I lead data governance and data protection within the Department of ICT with Papua New Guinea government. It is a privilege to share our journey towards building an all-of-government approach to managing data responsibly and securely. In Papua New Guinea, data governance is still a very new concept for us, for the government. The agenda is also new, but it’s one that is rapidly gaining traction recently due to digital transformation reforms. Most government departments prioritize data protection over data governance. And when I say data protection, it is the technical part of data protection. As the department responsible for ICT policy and coordination across government, the Department of ICT plays a central role in shaping how data is managed, shared and protected. The department is also a very new established department. In 2020, the department started implementing the need for digital transformation reform across all of government. One of these reforms came to be data governance and data protection. All government departments face fragmented inconsistencies. The National Data Governance and Data Protection Policy was approved and came into effect on September. The National Data Governance and Data Protection Policy, this policy is for all of government departments and any actors that come to make business with government departments in regard to data. The policy establishes clear principles for data handling, including transparency, purpose limitation, and data minimization, which are core tenets of the European GDPR. We are also exploring adoption of the global cross-border privacy rules framework, which we believe will help us align with global best practices and enable secure data exchange across borders, which is a critical step towards Papua New Guinea’s participation in the global digital economy. Why are we leading this work in data governance? The decision for the Department of ICT to lead this work is driven by real and urgent challenges that we’re facing as a third world country. Fragmented data ecosystem, inconsistent practice across agencies, and limited use of data for informed decision making. Without proper data governance, digital transformation efforts risk falling short. That’s why we’re moving now to improve transparency, public trust, and more strategic national planning. Our current implementation is the policy framework. We’re looking at a centralized oversight, a national data governance steering committee which is currently in progress to provide eye level coordination and ensure multi-stakeholder input from government, civil society and all the actors. Secure interoperability. Our secure data actions platform was launched in 2024. It has now been piloted across ministries. For instance, citizens can access, can already access police clearance certificate online and that is the only government service online across all of government that has been piloted and is currently working. The key challenges that we have like any other countries, we have gaps in digital transformation, legal alignment and workforce skills and we also need deeper engagement from communities, academics and the private sector to fully realize our goals. From the government, working from the government, I can truly say that the government, most of the policies that are drafted within the government from my country, we don’t have much input from the civil society that we really need. So when policy is drafted and when it’s approved and we come to realize that the civil society kind of have no say in the policy. So they kind of, we see that they are kind of left out from what has already been established. So like I said, like many other developing nations, Papua New Guinea face infrastructure limitation, gaps between policy and departmental practice, financial and human resource constraint, and public awareness. We need a lot of public awareness in regard to data and data governance and the need for framework, governance framework, multi-stakeholder collaborations. So to conclude, I want to thank my fellow speakers and our moderators. Thank you.

Judith Hellerstein: Thanks so much, Nancy. We were supposed to have another speaker, Lillian Nalwoga, but her plane got delayed and she only just landed. So she is not going to be able to give her part. But it just means that we’ll have a lot more time for questions and answers from you. And I just wanted also to make sure that people line up on either side and also that we have any questions from our online audience. I’ll first turn to online. Do we have any questions? Not yet. Not yet. OK. Well, I have some other questions right now until we get some other questions from the audience. But we would love to hear your questions and comments. But first, I’ll ask Luca, what lessons can we learn from digital transformation and data governance in the BRICS countries that you’ve mentioned? And if you can elaborate a little bit more on that.

Luca Belli: Yeah, I think that one of the main points that could be learned is that adopting data protection law by itself is essential, but really not enough to be able to foster a sustainable digital transformation. The elaboration of the policymaking that to be of high quality must be as inclusive as possible. And here, I think that’s something that, again, one has to. to mention, to praise multi-stakeholder approach, not only for the sake of multi-stakeholder reason, because if it is organized in an effective and efficient way, multi-stakeholder participation really increases a lot the quality level of the output of the process, of the regulation that will be adopted. But then it’s also very important to use this, to leverage this in the implementation. And it has a cost to implement a policy, of course. And this is why, for instance, if we take the example of data protection, we have seen over the past 10 years at least sometimes very intense criticism about the law, because it increases the cost. But then it increases the cost if you consider compliance with it as a cost and not as an opportunity to have a far to it. We have actually new types of businesses, of products and services that can be created to comply with the law. And actually that is very interesting. It is precisely what happens in India, where they are leveraging DPIs to implement the law. And I think that sometimes it’s very interesting to study developing countries precisely, because as they don’t have the same level of institutional maturity and the same type of resources of highly developed countries, they have to find some different strategies to be effective. And I think that the Indian strategy, everyone knows about the ADAR, which is the digital identity, but a few people know about the DEPA, the Digital Data Empowerment and Protection Architecture, which is a software, a constant manager that allows people, data subjects, to manage the concept to personal data. And that is in use since at least 80 years in the financial sector. It is going to be… widen up to all type of data now with the entering force of the Digital Personal Data Protection Act 2023. And so that is a very interesting, I think, case study to understand that if you are in a developing world and you know that your citizenry does maybe not have the skills to understand very well the law, you know that it is not easy to implement the law, copying and pasting from Europe is not necessarily the best option. First, because as any good academic, I would tell you that you should not copy and paste, but you should study. You should study what the others have done and what are the reasons why it may have succeeded or failed. And so I think that the Indian example to leverage the DPIs and the software skills that they have to help implement this is something very interesting. The Chinese example of putting billions to construct new products and services that can already bake the values that their law, the people, the personal information protection law embeds into legislation is also something very interesting. I think that Brazil is very unique in terms of multi-stakeholder governance, but I’m a little bit critical because the Brazilian approach is very good for policy suggestions, to gather stakeholder inputs, to shape, to elaborate the policy, but it’s quite limited in stakeholder participation, multi-stakeholder governance for implementation, which is what the Indians are very good at. So I think that there is a lot to be learned from studying developing world, if we can use this term, approaches to data governance, and maybe not only focusing on the most developed countries.

Judith Hellerstein: Thanks so much for that very elucidative answer. My next question will be… to Chelsea and it is question is how can public sector bodies effectively partner with civil society organizations? I mean Nancy touched on it but a bit that it’s very difficult sometimes to partner with the from governments to partner with civil society or academia or private sector how can they do that and strengthen it build public trust but sometimes it’s not very strong with government and others and so I’ll let you answer that question. Thank you Judith.

Chelsea Horn: You touched upon it in your question itself but one of the reasons why having a multi-stakeholder approach and talking and working for the government to talk and work with civil society, academia, NGOs and other types of outside of government agencies is exactly to build that public trust. Sometimes there can be suspicions of why government is collecting data even if there’s the government is putting forward information saying that this is how we’re using your data why we’re using it what we need it for and how we’re going to protect it there still might be some type of suspicion or worry about governments owning and using that type of sorry not owning using and collecting that type of data so what the civil society and other members of the multi-stakeholder group can offer is in theory and hopefully in practice an impartial view and opportunity to research and transparently provide information about how and what the government is doing with that data so those partnerships are absolutely crucial in making sure that we’re ensuring transparency but not just for it to say that we are doing transparency but making sure that it is credible rigorous and informative for the general public so the the trust element and how the multi-stakeholder approach can offer that trust in an imperical matter its really really critical and why those partnerships are really important and how we aproach them.

Judith Hellerstein: Thank you so much. We do have an online question and I’ll give it to Sarai to represent who the online question is from.

Sarai Tewita: Thank you, Judith. Good afternoon. This is a question from Robert Sun from Cambodia. I think this relates to Luca’s comments and presentation. Do you have a report on data governance that I can download? And question two, are there any metrics for platform or applications to ensure data sovereignty?

Luca Belli: Can I reply that? Yeah. I have quite a few reports and publications on this. I think that pretty much all of them are in open access. There is a nice website called cyberbricks.info where you can literally find dozens of reports, including on data sovereignty. And again, let me also stress, because I’m fairly aware that when one uses the S word of sovereignty, a lot of people get a little bit nervous. And rightly so, because there are conceptions of the digital or data sovereignty notion that flirt very much with authoritarianism and protectionism. But there are also others that are very much based into promoting national development, national competition and empowering people through technology. Actually, we have a book called Digital Sovereignty in the Bricks that was published in December by Cambridge University Press. And you find it also freely available both on the website and Cambridge University Press and on our website that illustrates some of the examples of how this has happened in the BRICS countries. However, again, here I think that is my word of caution and I think that one should really make a difference between the policy and the declarations and then what happens in practice. That is why I think that leveraging multi-stakeholder governance also in the implementation and not only in the conception of the policy is key here. Because to translate the policies in concrete actions, you need to have this kind of coordination, communication and ideally cooperation. And it also costs money, obviously. It costs money, so that is why investments are critical. But if you have a well-focused industrial policy, then your investment really triggers a new area of products and services that are developed at the domestic level. And China or India are very good examples of this, to some extent South Africa as well. In Brazil, I think that there are a lot of paradoxes in Brazil and if I can just add a very interesting example of one of those paradoxes, as I was mentioning, Brazil has more than 3,200 public services, which is a stellar record. Brazil has data protection law since 2018, entering force in 2020 that mandates data security. Brazil is a data protection authority. Brazil has at least seven or eight different sectoral regulations in information security spanning from banking sector to telecom sector. So you might say, well, Brazil is heaven of data governance, right? Well, it is not. And there is actually ransomware and cyber incidents are booming in Brazil at the same time climbing the ranking of the most cyber secure countries, because it has adopted a lot of very interesting and very good policies, but also in the top five of the most attacked. and vulnerable countries. Why? Because data governance and data security and cyber security are still perceived as a cost and not as an opportunity to make. In this moment, there are more than 700,000 cyber security professionals that are needed in the country, so it would be 700,000 jobs that you would have created immediately if you were to invest in capacity building, for instance, right? So I think that if you start considering data governance not as a cost of compliance that everybody hates, but as an opportunity to make money, that I think is the secret ingredients to make a successful digital transformation. Because yes, it will cost money in training and in capacity building and infrastructure development, yes, of course, but after some years, you will have an enormous return on investment.

Judith Hellerstein: Thanks so much. Do we have another online question yet? Okay, so I’ll have another question. This is for Nancy. And the question is, how can Pacific Island nations develop resilient and inclusive data governance frameworks that not only look towards building trust within the government and capturing the data, but also uphold indigenous data sovereignty and support sustainable development?

Nancy Kanasa: Thank you, Judith. In the Pacific, I speak for Pacific because PNG is Papua New Guinea is in the Pacific. We have a lot of our context is quite different. I mean, every country is different. And the data governance initiative is very new for us. And I think we have to look at our context and the issues that are currently within our country and not follow just like Lucas said, just copy or cut and paste from a developed country and put it in because it will not work for us and that was some of the Some of the things that we’ve been doing in With the PNG government. We’ve came up with a policy and we were asked by a lot of Expatriates that we’ve worked with in regard to why did you put data? Governance and data protection and not data protection and data governance so looking back at that we have used cases in Use cases with other government departments and we’ve realized that data protection is not gonna solve our problem our problem is Governance, we like governance in all the government departments So I think that also goes with the other Pacific Islands, it’s we have to have data governance framework within and After that, we could have protection Data protection to come in place because in PNG we when you talk about data protection They in Papua New Guinea, sorry, they think it’s to do with The infrastructure So they put more effort in the infrastructure and not the framework the governance framework And this is one of the issue that we faced in my country and the Pacific. Thank you

Judith Hellerstein: Thanks so much do we have a question online yes, could you go to the mic Thank you so much and then introduce yourself to

Audience: Thank you to the panelists, my name is Guy Berger I’m working with the G20 on this data governance in the public sector. So I’ve got two questions quickly for Luca, question of procurement of systems in the public service. As we know, AI agents are going to be using incredible volumes of data in their autonomous and hard-to-trace ways and they will also likely feed data back to the vendor. And so the question is, as this technology becomes integrated in the public service, does it make a mockery of effective data governance possibility? My second question goes to Chelsea. Data protection, as you said, is especially important. I think we’ve seen this in the US with the centralization and abuse of data under Doge. But I want to ask you about the other side of data governance, because while upholding data security and data protection, there’s also governance that promotes data sharing inside the public service and open data for the outside, which of course can help with accountability, local AI development, etc. Shouldn’t one give equal attention to that side of data governance, not only to the data protection side? Thank you.

Luca Belli: Yes, I think that in your question, there was already a sort of answer I would hint to, which is the reason why I’m really keen on stressing that adopting data protection law is essential, but far from being sufficient to be sure that these values and obligations and rights are de facto correspond to the reality of how data are processed, right? And I think that you raise a very good point, which is the fact that pretty much everyone in the world, out of China and Russia, depends on a cloud infrastructure that is provided by three corporations, AWS, Microsoft Azure, and Google Cloud. And I think that’s a very good point. and well the Chinese have their own and they are exporting it globally as well and Russia depends on China so it’s not really so often in this but here’s the point if you if you spend a lot of time crafting the best possible data protection law and also lavish efforts into defining a very good institutional framework that can work well but at the end of the day the way in which data is processed is defined by the architectures of a specific service that and the way in which data is hoovered is defined by a few very dominant players it’s very it’s really useless and let me give you a very concrete example that I have been providing for the past 10 years I think and very few countries except India have understood this in most of the global south people don’t have access to meaningful connectivity they are connected to meta family of apps social media without entering into what this means for competition and democracy let’s focus on the data this means that most people in the global south in Brazil 78% of the population that does not have meaningful connectivity there is a very good report by SETIC of last year these people are primarily connected to social media of one enterprises so they are they are giving or even if you have the best possible law the way in which their data are hoovered and processed is not defined by the law is defined by the very same corporation that and let me give you a very explicit example about this and why there is difference between Brazil and India for instance in 2021 right in the middle of the pandemic meta announced that all data metadata of whatsapp would be merged with at the time meta did not exist yet but with Facebook and in the middle of the pandemic social distancing in distance in the global south whatsapp was the only way for communicating I if I had to book a COVID test, my pharmacy network only accepted booking it to WhatsApp, the WhatsApp business account of the pharmacy network. What does it mean? That it was simply not possible for the Global South to have the actually meaningful choice that was given in Europe. Do you want to accept this term or refuse them? So pretty much everyone in the Global South has accepted in January, between January and May 2021, that all their data are hoovered by WhatsApp and then transferred to Facebook and now Meta. Same thing with Meta.ai that has been automatically downloaded in all smartphones of everyone in the world. So what does it mean that everyone now is contributing data and trading for free Meta.ai and probably as we had reports in 2015 that people in several Global South countries, including Brazil, thought that WhatsApp was, that Facebook was the internet. I’m pretty sure, I would bet that in six months, maybe not even a year, we will have, if we do the same kind of survey in the Global South, people will think that Meta.ai is AI because they have understood very well what Lessig was writing 25 years ago, that you regulate technology not only by the law, but also by the code, by the architecture, and they are doing it very well. And that is what I think most countries in the world, except maybe China and India, have not understood yet. Brazil is doing a lot of effort to try to design its own solution, but the huge problem is that, well, usually governments start to work well after two years, two and a half, and then they have six months to work and then they have elections. So it’s very difficult to have sustainable change in these conditions.

Judith Hellerstein: Thanks so much. Chelsea?

Chelsea Horn: Yes. Thank you for the question. I think it’s a very important question. Just to remind everyone, it’s more or less that We need to have data protection data governance frameworks that are securing information But also isn’t there something to be said about having more open? frameworks to I Certainly, but more data doesn’t necessarily mean better results, but I can see many compelling cases, especially when it comes to health and research that having access to more data and more information can Create quicker and more innovative solutions That’s a very compelling reason and we also see that we hear that quite often from the the platforms that the reason why they need So much data about us is because they can offer us better services. They can offer more personalized recommendations There’s different stakes involved with when the government has information and they’re sharing information Especially between different departments and how it was collected versus how the private sector has it. So those are Little bit apples and oranges the comparison but to think about There’s many use cases I’m trying to imagine something like Facial recognition if we have biometric information about a missing child’s face We could very likely find them within minutes and that’s a wonderful I mean, I’m promising a lot of things from the technology, but we see that also even in Fiction shows where they are trying to imagine these things where the data allows for very positive use cases My personal take on it is I think that that’s wonderful. I think that we see more harms though And I have more concerns about the way those protections are being Guaranteed and offered to us. So It’s it’s a bit of push and pull Is a bit of push and pull but we do need to like I think without having protection having open shared data Is is a concern and a worry to have but so there needs to be some sort of framework that’s protecting that that’s protecting citizens so It’s a balancing act so but I would say I’m It’s easier to say open, and it’s harder to put in the frameworks. I think that’s why there’s such emphasis on data protection. And I would even say I know that in your remarks, Nancy, you mentioned about data governance, prioritizing that over data protection. But in good data governance frameworks, which you are outlining here, implicitly data protection is a part of that. So not necessarily like the primary driving force, but it’s already being built in there from what you described. So it’s definitely a component.

Judith Hellerstein: Thanks so much. Do we have other questions from the audience? Okay. While we go think about some questions, and then we’ll get back to you. But I was going to ask Chelsea or Luca, what are the practical low-cost options for public sector to take that they can improve data quality? And also try, how are we going to break down some data silos? As you all know in each of the departments, many of the public sectors are silo-based, and they don’t want to step on inside other people’s, other departments’ toes or do other things. But oftentimes the goal is, how are we going to help the citizens? We want the citizens to be able to do one-stop shopping and not have to, you hear the same refrain from many other places, that, oh I wish that I only had to fill out the form once instead of 5,000 times. But how do we do that and effectively share the data between the agencies when most of the countries don’t have any data sharing laws? So, whoever wants to tackle first.

Luca Belli: Well, that is a $1 billion question, and if one had a very good answer, I think the problem would already be solved. I think that my first suggestion, coming back to my previous comments, would be not to copy and paste what has been done in Estonia or Norway, because it will likely not work in Ecuador or Zimbabwe, because you have to think about local realities first. And that is why I think it is very interesting to study what emerging developing economies do, not because I think they are better or worse than others, but because they know very well the limits of the policies in their countries. So, the fact that if you have… And I can witness this firsthand. I mean, in Brazil, data protection law was introduced in 2018, and it simply means that before that, pretty much no one, there was no specialist of data protection. So, how can you think that the law, by magic, would regulate the sector, the economy, the society, the democracy even, right? Because the digital data intensive technologies are nowadays essential for our democratic processes. So, if you do not embed data protection in that, meaning being very transparent in which kind of purposes, for which kind of purposes you use the data, and which kind of consequences this might have, that has enormous consequences, not only on society and democracy, sorry, not only on society and economy, but also on the democracy. Now, the fact that you bet on alternative strategies, regulatory strategies to tackle this, it might be more successful. And again, you have to leverage what you know to do well. and that is the Indian case of the DPI. They have a very large population of highly skilled information society, information engineers and information and data scientists that they have leveraged to do DPIs, to do software, to directly translate the normative command into architecture. That is what China has done. They have, they know they have, they are an industrial powerhouse and they have lavished billions, literally, to produce the technology they wanted to have. And the result is that after 20 years, they are not dependent on any other country. And even if you sanction them, that actually is productive for them because they coordinate internal market to be to outcompete you. So that is the kind of thinking that I think global South countries should have. Of course, this does not happen overnight. And actually, last year, we did a study on data protection, data security and open data in public sector in Brazil, together with the UN University. And actually, we mapped the regulation that already exists in Brazil. And then we wanted to go farther. So we did, it was the moment where everyone was speaking about GPTs. And so we did a chatbot that could help local municipalities or public servants to draft their own policies. But then we ended up realizing what everyone ends up realizing when you want to do something that is related to AI, that the code is something that doesn’t cost too much to do, but having it running on something costs you a lot. And so if you do not have computing infrastructure that is cheap and available, and you all depend from the same enterprises, then you end up losing what we call digital sovereignty. So being able to understand the technology, develop it and regulate it.

Judith Hellerstein: Thanks so much, Luca. Chelsea, do you have any comments?

Chelsea Horn: Sure, so I’ll leave you first. So it’s like what are some low-cost ways? Comparatively low cost would be to go back to the question of who’s managing what data and how. So to create a structured framework within the government or whichever department or agency will be responsible for the data. So thinking about just a structured format and to formalize that in a standardized way. Similarly thinking about how you can whoever’s in charge of that can standardize the ways that they’re understanding data. So like a word like the word like a term location, it can mean many different things. So thinking about a general location, a specific location, down to a house, large, where are we at? So standardizing what you mean by what is being what data is being collected is a very simple way of starting to think about who and what data and it will improve the data quality. And along those similar lines thinking about investing again comparatively low cost in training and workshops across whoever will be managing those types of data. There’s certain organizations like the ITU has a online course on data governance. And so there are other organizations too. So in having that type of standardized training and workshops across whoever will be managing and however that structure response is a relatively low cost way of approaching these these issues.

Judith Hellerstein: Thanks so much. I think the the question is also is from what I own and in especially in a lot of global south countries and developing countries is that it’s not so much also is it is a silos, but it’s also the culture. Many countries, many citizens are loathe to change processes on government agencies and they dont want to change policies since they were working so long. And you cant get as many as these work done without that. So you can have best system and the bestvpolicy and data, but if you dont have best companies working on it, how are we going to change the culture of the society?

Nancy Kanasa: Okay, firstly i would say that the question really goes well

in my country what is happening, with the goverment are are feeling like not content with the changes coming in in regard to sharing their personal data or government departments opening up to another government department to have interoperability with systems. So they feel that what has worked for them is not going to work if something new is added on. So they use a lot of excuses like, for example, the Department of Health would say that, oh, my act, we are mandated, and our act does not allow us to share data. But then the very same data is also required by the Department of Education. And so the changes are not really accepted with each government department because they probably fear the technological change and with that I think we need more awareness with the public in regard to educating public for the data and the importance of data and coming from the government we are doing that and we also face challenges in financial side and also challenges in educating our citizens because this is some of the new approaches that we’re taking so yeah that’s from my end thank you.

Judith Hellerstein: Thanks so much we have like two minutes left for our panel but I just want to get and maybe Luca might have since he’s worked with a lot of developing countries might have some ideas on how to get around this cultural change which seems to be a big problem in a lot of smaller countries.

Luca Belli: I think that’s more than a cultural change which is very difficult to trigger I think that people so the reason why we all use social media or several apps that are very common is that they are cheap and easy so the way I think that the successful ingredients to trigger this cultural change if you want is to make this cheap and easy and that is the reason why if you analyze the implementation of data protection law is maybe not as effective as we would like because it is perceived as extremely difficult even Byzantine to implement to understand and not cheap but costly because you have to hire specialists that will do it for you. Now there are already solutions that are even in open source for I mean the ITU has been working for years on the GovStack which is a certain set of building blocks for digital public infrastructure there are a lot of example that can already be adopted so yeah I think that you if you want to translate to policy into actions and cultural change, you need investments and you need training. And so I think that if you use already what we have for training, maybe you will not need so much in terms of investment, but you need a little bit of both if you want to trigger change.

Judith Hellerstein: Thanks so much. I’m just going to turn to the panel for any closing thoughts in the last 45 seconds that we have. Luzra, do you have any closing thoughts? Chelsea, any closing thoughts for you? No. Nancy, otherwise I wanted to thank the panel so much for the topics and the discussion here. We could talk a long time about this because, you know, he mentioned the GovStack in the ITU and yes, it may be open source, but then you need to be implementing them with engineers and other things which other countries don’t have. And so it’s like a cat’s cat and cat’s crown. So we could be talking for a long time about this, but I just wanted to thank very much for everyone for coming and staying to the end. And thanks so much for being our panelists. I hope you enjoyed it. Thank you.

Agreement points

Data protection laws alone are insufficient for effective digital transformation

Speakers

– Luca Belli
– Chelsea Horn
– Nancy Kanasa

Arguments

Data protection laws are essential but far from sufficient for sustainable digital transformation – countries need investments and multi-stakeholder cooperation to translate policies into concrete actions

Effective data governance requires five key components: data ownership/stewardship, usage controls, circumstances for data use, collection/storage/processing/security protocols, and compliance metrics

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Summary

All speakers agree that having data protection legislation is necessary but not sufficient – effective data governance requires comprehensive frameworks, proper implementation, and addressing fundamental organizational challenges before technical protection measures can be effective.

Topics

Legal and regulatory | Development | Infrastructure

Multi-stakeholder participation is essential for effective data governance

Speakers

– Luca Belli
– Chelsea Horn
– Nancy Kanasa

Arguments

Multi-stakeholder participation significantly increases policy quality during elaboration, but countries like Brazil excel at stakeholder input for policy creation while lacking stakeholder participation in implementation

Civil society partnerships are crucial for building public trust by providing impartial oversight and transparent research about government data practices

Government policies often lack meaningful civil society input, leaving communities without voice in established frameworks

Summary

All speakers emphasize the critical importance of involving multiple stakeholders – government, private sector, academia, and civil society – in both policy development and implementation phases, though they acknowledge significant gaps in current practice.

Topics

Sociocultural | Legal and regulatory | Human rights

Context-specific solutions are needed rather than copying developed country models

Speakers

– Luca Belli
– Nancy Kanasa

Arguments

Countries should study local realities rather than copy-paste solutions from developed nations – emerging economies often develop innovative strategies due to resource constraints

Pacific Island nations need context-specific approaches that address governance challenges first, as infrastructure-focused data protection doesn’t solve fundamental organizational problems

Summary

Both speakers strongly advocate for developing locally appropriate solutions that address specific national contexts and challenges rather than simply adopting frameworks from developed countries.

Topics

Development | Legal and regulatory | Sociocultural

Cultural and organizational resistance presents major implementation challenges

Speakers

– Nancy Kanasa
– Judith Hellerstein

Arguments

Government departments resist change due to fear of technological transformation and concerns about data sharing mandates, requiring extensive public awareness and education efforts

Cultural resistance to change in government agencies is a major barrier to implementing data governance policies, even when the best systems and policies are in place

Summary

Both speakers identify cultural resistance within government institutions and society as a fundamental barrier to implementing data governance reforms, requiring significant change management and education efforts.

Topics

Sociocultural | Development | Legal and regulatory

Similar viewpoints

Both speakers emphasize the need for practical, accessible, and cost-effective approaches to implementing data governance, focusing on standardization, training, and leveraging existing resources rather than complex, expensive solutions.

Speakers

– Luca Belli
– Chelsea Horn

Arguments

Successful digital transformation requires making solutions cheap and easy to implement, unlike current data protection laws which are perceived as difficult and costly

Low-cost improvements include creating structured frameworks, standardizing data definitions, and investing in training programs through organizations like ITU

Topics

Development | Legal and regulatory | Economic

Both recognize the dual nature of data governance – the need to protect data while also enabling beneficial sharing for innovation, accountability, and development purposes.

Speakers

– Chelsea Horn
– Audience

Arguments

Data governance must balance protection with beneficial data sharing for accountability and innovation, though protection frameworks should be established before opening data access

Data governance should give equal attention to promoting data sharing and open data, not just data protection, to enable accountability and local AI development

Topics

Legal and regulatory | Development | Human rights

Both identify the problem of government silos and fragmented systems that create inefficiencies for both government operations and citizen services, highlighting the need for better inter-agency coordination and data sharing.

Speakers

– Nancy Kanasa
– Judith Hellerstein

Arguments

Fragmented data ecosystems and inconsistent practices across agencies limit effective decision-making and digital transformation progress

Citizens desire simplified government services through one-stop shopping rather than filling out multiple forms across different departments

Topics

Infrastructure | Legal and regulatory | Development

Unexpected consensus

Prioritizing governance frameworks over technical protection measures in developing contexts

Speakers

– Nancy Kanasa
– Luca Belli

Arguments

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Data protection laws are essential but far from sufficient for sustainable digital transformation – countries need investments and multi-stakeholder cooperation to translate policies into concrete actions

Explanation

This represents unexpected consensus because conventional wisdom typically emphasizes data protection first. However, both speakers from different perspectives (practitioner and academic) agree that fundamental governance structures must be established before technical protection measures can be effective, particularly in developing country contexts.

Topics

Legal and regulatory | Development | Infrastructure

The limitations of global technology dependence on data governance effectiveness

Speakers

– Luca Belli
– Audience

Arguments

The dominance of few cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud) undermines effective data governance regardless of strong national laws

AI agents integrated into public services may undermine effective data governance due to their autonomous operation and data feedback to vendors

Explanation

This unexpected consensus emerges around the recognition that technological dependence on global platforms and AI systems fundamentally challenges the effectiveness of national data governance frameworks, regardless of how well-designed the policies are.

Topics

Infrastructure | Legal and regulatory | Economic

Overall assessment

Summary

The speakers demonstrate strong consensus on fundamental principles: data protection laws are necessary but insufficient, multi-stakeholder governance is essential, context-specific solutions are needed, and cultural/organizational barriers present major implementation challenges. There is also agreement on the need for practical, low-cost approaches and balancing protection with beneficial data sharing.

Consensus level

High level of consensus on core principles with significant implications for policy development. The agreement suggests a mature understanding of data governance challenges that transcends traditional academic-practitioner divides. However, the consensus also reveals the complexity of implementation challenges, suggesting that while there is agreement on what needs to be done, the practical pathways remain difficult. This high level of agreement among diverse stakeholders (academic, government practitioner, and international participants) indicates that data governance discourse has evolved beyond basic concepts toward more nuanced implementation challenges.

Different viewpoints

Priority between data governance and data protection frameworks

Speakers

– Nancy Kanasa
– Chelsea Horn

Arguments

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Data governance must balance protection with beneficial data sharing for accountability and innovation, though protection frameworks should be established before enabling broader data access

Summary

Nancy argues that data governance should come first because in PNG context, people think data protection means infrastructure rather than frameworks, and governance problems need solving first. Chelsea suggests protection frameworks should be established before enabling data access, implying protection should precede or accompany governance rather than follow it.

Topics

Legal and regulatory | Development | Infrastructure

Approach to balancing data protection with data sharing

Speakers

– Chelsea Horn
– Audience

Arguments

Data governance must balance protection with beneficial data sharing for accountability and innovation, though protection frameworks should be established before enabling broader data access

Data governance should give equal attention to promoting data sharing and open data, not just data protection, to enable accountability and local AI development

Summary

Chelsea emphasizes the need for protection frameworks first before enabling data sharing, expressing more caution about potential harms. The audience member argues for equal attention to both protection and sharing, suggesting less emphasis on protection-first approaches.

Topics

Legal and regulatory | Development | Human rights

Unexpected differences

Fundamental sequencing of data governance components

Speakers

– Nancy Kanasa
– Chelsea Horn

Arguments

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Low-cost improvements include creating structured frameworks, standardizing data definitions, and investing in training programs through organizations like ITU

Explanation

This disagreement is unexpected because both speakers are addressing similar developing country contexts and practical implementation challenges, yet they have fundamentally different views on whether governance structures or protection frameworks should be prioritized first. Nancy’s PNG experience suggests governance must come first, while Chelsea’s framework implies structured protection elements should be built in from the start.

Topics

Legal and regulatory | Development | Infrastructure

Overall assessment

Summary

The main areas of disagreement center on implementation sequencing (governance vs. protection first), the balance between data protection and sharing, and approaches to context-specific solutions. Most disagreements are about methodology rather than fundamental goals.

Disagreement level

Moderate disagreement level with significant implications – the speakers largely agree on goals (effective data governance, multi-stakeholder approaches, context-specific solutions) but differ substantially on implementation strategies and sequencing. These methodological differences could lead to very different policy outcomes, particularly regarding whether developing countries should prioritize governance structures or protection frameworks first, and how to balance protection with beneficial data sharing.

Partial agreements

Similar viewpoints

Both speakers emphasize the need for practical, accessible, and cost-effective approaches to implementing data governance, focusing on standardization, training, and leveraging existing resources rather than complex, expensive solutions.

Speakers

– Luca Belli
– Chelsea Horn

Arguments

Successful digital transformation requires making solutions cheap and easy to implement, unlike current data protection laws which are perceived as difficult and costly

Low-cost improvements include creating structured frameworks, standardizing data definitions, and investing in training programs through organizations like ITU

Topics

Development | Legal and regulatory | Economic

Both recognize the dual nature of data governance – the need to protect data while also enabling beneficial sharing for innovation, accountability, and development purposes.

Speakers

– Chelsea Horn
– Audience

Arguments

Data governance must balance protection with beneficial data sharing for accountability and innovation, though protection frameworks should be established before opening data access

Data governance should give equal attention to promoting data sharing and open data, not just data protection, to enable accountability and local AI development

Topics

Legal and regulatory | Development | Human rights

Both identify the problem of government silos and fragmented systems that create inefficiencies for both government operations and citizen services, highlighting the need for better inter-agency coordination and data sharing.

Speakers

– Nancy Kanasa
– Judith Hellerstein

Arguments

Fragmented data ecosystems and inconsistent practices across agencies limit effective decision-making and digital transformation progress

Citizens desire simplified government services through one-stop shopping rather than filling out multiple forms across different departments

Topics

Infrastructure | Legal and regulatory | Development

Key takeaways

Data protection laws alone are insufficient for digital transformation – countries need complementary investments, multi-stakeholder cooperation, and implementation strategies to translate policies into effective action

Effective data governance requires five core components: clear data ownership/stewardship, usage controls and policies, defined circumstances for data use, robust collection/storage/processing/security protocols, and compliance metrics

Developing countries should prioritize context-specific solutions rather than copying frameworks from developed nations, as emerging economies often develop innovative strategies due to resource constraints

Multi-stakeholder governance significantly improves policy quality during development but many countries struggle with stakeholder participation during implementation phases

Digital sovereignty involves understanding, developing, and regulating technologies domestically to maintain control and self-determination over data-intensive systems

Cultural resistance to change within government departments presents a major barrier to data governance implementation, requiring extensive public awareness and education efforts

The dominance of few global cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud) can undermine national data governance efforts regardless of strong domestic laws

Resolutions and action items

Papua New Guinea established a National Data Governance Steering Committee to provide coordination and ensure multi-stakeholder input

Papua New Guinea launched a secure data actions platform in 2024, piloted across ministries with police clearance certificates now available online

Recommendation to leverage existing open-source solutions like ITU’s GovStack building blocks for digital public infrastructure

Suggestion to invest in standardized training programs and workshops across government departments managing data

Proposal to create structured frameworks and standardize data definitions as low-cost initial improvements

Unresolved issues

How to effectively break down data silos between government departments when most countries lack data sharing laws

How to overcome cultural resistance to change within government agencies that prefer existing processes

How to balance data protection with beneficial data sharing for innovation and accountability

How to address the fundamental dependency on foreign cloud infrastructure providers while maintaining data sovereignty

How to ensure meaningful civil society participation in policy implementation rather than just policy development

How to make data governance solutions affordable and accessible for developing countries with limited resources and technical expertise

How to address the skills gap in data governance and cybersecurity professionals needed for effective implementation

Suggested compromises

Prioritize data governance frameworks over data protection in developing contexts to address fundamental organizational issues first, with protection measures following

Focus on making solutions ‘cheap and easy’ to implement rather than comprehensive but complex frameworks that are perceived as costly and difficult

Leverage existing technical skills and infrastructure strengths (like India’s software expertise for Digital Public Infrastructure) rather than trying to build everything from scratch

Use phased implementation approaches, starting with low-cost improvements like standardized frameworks and training before investing in complex technical solutions

Balance open data sharing benefits with protection concerns by establishing robust governance frameworks before expanding data access

Data protection law is essential, but really not enough to be able to foster a sustainable digital transformation… if you don’t also articulate it with investments and with multi-stakeholder cooperation… We have to be a little bit more critical on how we translate the nice policies and regulation we spend a lot of time to developing into concrete action.

Speaker

Luca Belli

Reason

This comment fundamentally reframes the discussion by distinguishing between policy creation and implementation effectiveness. It challenges the common assumption that having good laws automatically leads to good outcomes, introducing the critical gap between regulatory frameworks and practical results.

Impact

This insight became a recurring theme throughout the discussion, with other speakers referencing the implementation challenge. It shifted the conversation from focusing on what policies should exist to how they can be effectively operationalized, particularly influencing Nancy’s later comments about Papua New Guinea’s practical challenges.

In Papua New Guinea… Most government departments prioritize data protection over data governance. And when I say data protection, it is the technical part of data protection… they think it’s to do with the infrastructure. So they put more effort in the infrastructure and not the framework the governance framework.

Speaker

Nancy Kanasa

Reason

This comment reveals a fundamental misunderstanding at the operational level about what data governance actually entails. It exposes how technical solutions are often prioritized over governance frameworks, highlighting a critical knowledge gap in developing countries.

Impact

This observation grounded the theoretical discussion in real-world implementation challenges, prompting deeper exploration of capacity building and cultural change issues. It influenced subsequent questions about breaking down silos and changing organizational culture.

Most people in the global south… are primarily connected to social media of one enterprise… the way in which their data are hoovered and processed is not defined by the law is defined by the very same corporation… What does it mean that everyone now is contributing data and training for free Meta.ai

Speaker

Luca Belli

Reason

This comment exposes the fundamental power imbalance in global data governance, where legal frameworks become irrelevant when a few corporations control the technological infrastructure. It reveals how digital colonialism operates through platform dependency.

Impact

This shifted the discussion from national policy frameworks to global power dynamics and technological sovereignty. It introduced the concept that effective data governance requires not just good laws but also technological independence, influencing the conversation about infrastructure and capacity building.

From the government… most of the policies that are drafted within the government from my country, we don’t have much input from the civil society that we really need. So when policy is drafted and when it’s approved… the civil society kind of have no say in the policy. So they are kind of left out.

Speaker

Nancy Kanasa

Reason

This candid admission from a government official about the lack of meaningful stakeholder engagement is particularly insightful because it comes from someone within the system. It highlights the gap between multi-stakeholder rhetoric and practice.

Impact

This honest assessment validated the earlier theoretical discussions about multi-stakeholder governance and prompted specific questions about how to effectively partner with civil society. It added authenticity to the academic discussions by providing a practitioner’s perspective on governance challenges.

We have to have data governance framework within and after that, we could have protection… because in PNG when you talk about data protection they think it’s to do with the infrastructure… And this is one of the issue that we faced in my country and the Pacific.

Speaker

Nancy Kanasa

Reason

This comment challenges the conventional wisdom that data protection should come first, arguing instead for governance frameworks as the foundation. It reveals how terminology and sequencing matter in policy implementation, especially in contexts with limited technical literacy.

Impact

This reordering of priorities sparked discussion about contextual approaches to data governance and reinforced Luca’s earlier point about not copying and pasting solutions from developed countries. It influenced the conversation about low-cost, practical implementation strategies.

As this technology [AI agents] becomes integrated in the public service, does it make a mockery of effective data governance possibility?… Shouldn’t one give equal attention to that side of data governance, not only to the data protection side?

Speaker

Guy Berger (audience member)

Reason

This question introduces the complexity of AI governance and challenges the panel to consider whether current data governance frameworks are adequate for emerging technologies. It also pushes back on the emphasis on data protection by advocating for data sharing and openness.

Impact

This question elevated the discussion to consider future challenges and the tension between protection and utilization of data. It prompted nuanced responses about balancing competing interests and highlighted the evolving nature of data governance challenges.

Overall assessment

These key comments fundamentally shaped the discussion by moving it beyond theoretical frameworks to practical implementation challenges and global power dynamics. The conversation evolved from a focus on policy creation to the more complex issues of operationalization, cultural change, and technological sovereignty. Nancy’s candid insights from Papua New Guinea provided crucial real-world grounding that validated and complicated the academic perspectives offered by Luca and Chelsea. The discussion became increasingly nuanced as it grappled with the tension between universal principles and contextual implementation, ultimately highlighting that effective data governance requires not just good policies but also appropriate technology, adequate resources, cultural change, and genuine multi-stakeholder engagement. The comments collectively revealed data governance as a deeply political and practical challenge that cannot be solved through regulatory frameworks alone.

How can public sector bodies effectively partner with civil society organizations to build public trust when there are often suspicions about government data collection?

Speaker

Judith Hellerstein

Explanation

This addresses a critical gap in implementation where governments struggle to engage meaningfully with civil society in data governance policy development and implementation.

Are there any metrics for platform or applications to ensure data sovereignty?

Speaker

Robert Sun (online participant from Cambodia)

Explanation

This seeks practical tools and measurements for countries to assess and maintain control over their data sovereignty in the digital age.

As AI agents become integrated in public service and use incredible volumes of data autonomously while feeding data back to vendors, does this make effective data governance impossible?

Speaker

Guy Berger

Explanation

This addresses emerging challenges where AI systems may undermine traditional data governance frameworks through autonomous data processing and vendor data sharing.

Should equal attention be given to data sharing and open data governance, not just data protection, to promote accountability and local AI development?

Speaker

Guy Berger

Explanation

This highlights the need to balance data protection with data accessibility for innovation and transparency in public sector governance.

What are practical low-cost options for public sector to improve data quality and break down data silos between departments?

Speaker

Judith Hellerstein

Explanation

This addresses the practical challenge of implementing data governance in resource-constrained environments while enabling cross-departmental collaboration.

How can Pacific Island nations develop resilient and inclusive data governance frameworks that uphold indigenous data sovereignty and support sustainable development?

Speaker

Judith Hellerstein

Explanation

This addresses the specific needs of Pacific Island nations to develop culturally appropriate data governance that respects indigenous rights while enabling development.

How can countries overcome cultural resistance to change in government agencies when implementing new data governance policies and systems?

Speaker

Judith Hellerstein

Explanation

This addresses the human and organizational change management challenges that can undermine even well-designed technical and policy solutions.

How can developing countries implement data governance solutions when they lack the engineering capacity to deploy even open-source tools like GovStack?

Speaker

Judith Hellerstein

Explanation

This highlights the capacity building and technical implementation challenges that create barriers between policy development and practical implementation in developing countries.