Open Forum #7 Advancing Data Governance Together Across Regions

Summary

This discussion focused on advancing data governance across regions, bringing together policymakers and civil society leaders from West Africa, Eastern Partnership, and Western Balkans to explore common challenges and share best practices. The session was moderated by Wairagala Wakabi from CIPESA and hosted by Dr. Ismaila Ceesay, Minister of Information from The Gambia, who outlined his country’s comprehensive digital transformation strategy including national data protection policies and alignment with ECOWAS and African Union frameworks.

Commissioner Milan Marinovic from Serbia emphasized the critical balance between digital advancement and personal data protection, proposing the creation of a global e-association of data protection authorities to facilitate international cooperation. He stressed that digitalization and data protection must develop in parallel, comparing their relationship to natural complementary forces. Regional experts highlighted varying approaches across different areas, with Folake Olagunju from ECOWAS describing West Africa’s focus on harmonization without homogenization, emphasizing multi-stakeholder engagement and evidence-based policymaking.

Dr. Olga Kyryliuk from Southeastern Europe described her region as having “high digital ambition” but facing challenges due to regulatory divides between EU member states and non-EU countries seeking accession. Civil society representatives from Armenia and Kyrgyzstan shared their experiences with digital transformation, emphasizing the importance of civic tech voices in building trust and ensuring inclusive governance. A recurring theme throughout the discussion was the need for harmonization of legal frameworks while respecting national sovereignty and cultural differences.

The panelists identified several practical next steps for strengthening inter-regional cooperation, including establishing continental data governance frameworks, creating controlled test environments for interoperable platforms, and developing formal cooperation channels between data protection agencies. The discussion concluded with emphasis on the critical importance of building cross-border trust, ensuring transparent oversight, and balancing multiple human rights including privacy and freedom of information in the evolving digital landscape.

Keypoints

## Major Discussion Points:

– **National Data Governance Framework Development**: Countries across different regions (The Gambia, Serbia, Armenia, Kyrgyzstan) are actively developing comprehensive national data protection and governance frameworks, with many aligning their legislation to GDPR standards and regional frameworks like ECOWAS and African Union policies.

– **Regional Harmonization vs. National Sovereignty**: A central tension emerged around balancing the need for harmonized cross-border data governance standards while preserving national data sovereignty, with speakers emphasizing “harmonization not homogenization” and the importance of mutual recognition frameworks.

– **Cross-Border Data Protection Authority Cooperation**: Significant focus on strengthening cooperation between Data Protection Authorities (DPAs) globally, including proposals for new international associations and formal cooperation channels for audits, incident response, and enforcement coordination.

– **Multi-Stakeholder Engagement and Civil Society Role**: Strong emphasis on the critical importance of involving civil society, private sector, academia, and citizens in data governance processes, with civic tech organizations serving as essential bridges between governments and citizens to ensure transparency and accountability.

– **Balancing Human Rights in Data Governance**: Discussion of the complex challenge of protecting privacy rights while preserving freedom of information and expression, with several countries adopting integrated approaches that combine data protection and access to information oversight under unified commissions.

## Overall Purpose:

The discussion aimed to foster inter-regional dialogue on data governance best practices, challenges, and cooperation mechanisms between policymakers and civil society leaders from West Africa, Eastern Partnership, Western Balkans, and other regions. The session sought to identify common approaches for building digital cooperation, sharing lessons learned, and developing actionable steps for strengthening international collaboration on data governance standards and frameworks.

## Overall Tone:

The discussion maintained a consistently collaborative and constructive tone throughout. Speakers demonstrated mutual respect and genuine interest in learning from each other’s experiences. The tone was professional yet accessible, with participants openly sharing both successes and challenges. There was a notable spirit of cooperation, with multiple speakers building upon each other’s ideas and offering concrete proposals for future collaboration. The atmosphere became increasingly solution-oriented as the session progressed, culminating in specific actionable recommendations and offers for continued partnership between regions and organizations.

Speakers

**Speakers from the provided list:**

– **Wairagala Wakabi** – Executive Director of CIPESA (Collaboration on International ICT Policy for Eastern and Southern Africa), Session Moderator

– **Dr. Ismaila Ceesay** – Minister of Information from The Gambia

– **Milan Marinovic** – Commissioner for Access to Public Information of Importance and Personal Data Protection of Serbia (appointed in 2019), former judge

– **Olga Kyryliuk** – Chair of the South Eastern European IGF, expert in digital governance, Internet freedom and international law

– **Meri Sheroyan** – Co-founder of Digital Armenia NGO, IT expert specializing in digital transformation in the public sector

– **Tattugal Mambetalieva** – Director of Civil Initiative on Internet Policy (Kyrgyzstan), initiator and founder of Kyrgyz Forum on Information Technology and Central Asian Forum on Internet Governance

– **Folake Olagunju** – Acting Director of Digital Economy at the Economic Committee of West African States Commission (participated online)

– **Audience** – Multiple audience members who asked questions during the session

**Additional speakers:**

None identified beyond those in the provided speakers names list.

# Inter-Regional Data Governance Dialogue: Sharing Experiences and Building Cooperation

## Session Overview

This inter-regional dialogue brought together policymakers and civil society representatives from West Africa, Eastern Partnership, Western Balkans, and Central Asia to discuss data governance challenges and share regional experiences. The session was moderated by Wairagala Wakabi from CIPESA and hosted by Dr. Ismaila Ceesay, Minister of Information and Communication Infrastructure from The Gambia.

## Opening Remarks

Dr. Ismaila Ceesay welcomed participants and outlined The Gambia’s digital transformation priorities, emphasizing a whole-of-government approach to data governance. He highlighted three key areas: institutional capacity building, legal reforms including the Data Protection Bill 2023 currently in parliament, and statistical system reform. Dr. Ceesay acknowledged significant challenges including capacity gaps, institutional fragmentation, and digital divide issues affecting rural populations.

Moderator Wairagala Wakabi structured the discussion around key questions about regional approaches to data governance, cross-border cooperation mechanisms, and practical steps for advancing inter-regional collaboration.

## National and Regional Perspectives

### ECOWAS Regional Framework

Folake Olagunju from ECOWAS described West Africa’s approach as “harmonisation not homogenisation,” explaining that ECOWAS revised its Supplementary Act on Personal Data Protection to support cross-border data flows while respecting individual country contexts. She emphasized a “whole-of-society” methodology involving government, civil society, private sector, academia, and citizens in policy development processes.

### Serbia’s Institutional Model

Commissioner Milan Marinovic from Serbia’s Commissioner for Information of Public Importance and Personal Data Protection described data protection as “one of the most threatened fundamental human rights in today’s era of rapid development of modern technologies.” He proposed creating a global E-association of Data Protection Authorities (DPAs) and highlighted Serbia’s “two-in-one system” that combines data protection and access to information oversight under a unified commission.

### Armenia’s Civil Society Perspective

Meri Sheroyan from Digital Armenia emphasized the role of civic tech organizations as bridges between governments and citizens. She described Armenia’s efforts to build comprehensive legal and technical frameworks for digital transformation, including e-governance platforms and data governance projects, while highlighting the importance of civil society in building public trust.

### Kyrgyzstan’s Distinctive Approach

Tattugal Mambetalieva from Kyrgyzstan explained that her country deliberately avoids data centralization and localization, stating that “centralization of data has risks for data protection and localization of data creates additional burden to business.” This approach differs from neighboring countries like Kazakhstan and Uzbekistan, demonstrating diverse policy choices within the region.

### Southeastern European Coordination

Dr. Olga Kyryliuk, Chair of the South Eastern European IGF, described her region as having “high digital ambition” but facing challenges due to regulatory differences between EU member states operating under GDPR and non-EU countries still seeking compliance. She emphasized the role of Internet Governance Forums in facilitating dialogue across different regulatory environments.

## Key Themes and Common Challenges

### Harmonization While Respecting Sovereignty

Multiple speakers emphasized the importance of regional cooperation that creates interoperability without imposing identical solutions. The ECOWAS model of harmonization rather than homogenization was cited as an example of balancing common standards with national sovereignty.

### Multi-Stakeholder Engagement

All participants stressed the importance of inclusive stakeholder engagement, though with different emphases. While The Gambia focused on whole-of-government approaches, ECOWAS emphasized whole-of-society participation, and Armenia highlighted the critical role of civil society organizations.

### Capacity Building Needs

Speakers from all regions identified capacity building and institutional strengthening as persistent challenges requiring sustained attention and resources.

### Balancing Rights and Innovation

Participants discussed the need to balance data protection with other rights including freedom of information and expression, as well as supporting digital innovation and economic development.

## Audience Engagement

The session included questions from the audience, including an inquiry about the SOLID protocol and linguistic AI in the context of indigenous language preservation. Dr. Ceesay acknowledged the complexity of language preservation in Africa, noting the continent has over 2,000 languages with some countries having 56 to 200 languages each.

## Action Items and Commitments

In their final one-minute responses, panelists made specific commitments:

– **Commissioner Marinovic** committed to contacting DPAs worldwide within the week to propose his E-association concept

– **Dr. Ceesay** committed to finalizing The Gambia’s data protection legislation by year-end and implementing the planned merger of access to information and data protection oversight functions

– **Folake Olagunju** outlined ECOWAS plans to establish controlled test environments for member states to trial interoperable platforms in sectors such as health, education, and identity systems

– **Dr. Kyryliuk** offered to host a side meeting during CDIG’s October meeting in Athens to advance inter-regional dialogue

– **Meri Sheroyan** emphasized continuing to pilot small-scale cross-border data-sharing initiatives in specific sectors

– **Tattugal Mambetalieva** highlighted the need for intergovernmental agreements on data exchange in Central Asia

## Key Takeaways

The dialogue demonstrated both shared challenges and diverse approaches to data governance across regions. While all participants agreed on fundamental principles such as the importance of multi-stakeholder engagement and the need to balance various rights and interests, their implementation strategies reflect different regional contexts and priorities.

The session highlighted the value of inter-regional dialogue for sharing experiences and identifying potential areas for cooperation, while respecting the diversity of approaches needed to address local contexts and constraints. The concrete commitments made by participants suggest potential for continued collaboration and mutual learning across regions.

The discussion reinforced that effective data governance requires not only technical and legal frameworks but also sustained institutional capacity building, inclusive stakeholder engagement, and mechanisms for regional cooperation that respect national sovereignty while enabling cross-border collaboration.

Wairagala Wakabi: Hello, good afternoon, dear audience, it is my pleasure to moderate this session today, and I’ll begin by introducing myself. My name is Wakabi and I am the Executive Director of CIPESA, which is the Collaboration on International ICT Policy for Eastern and Southern Africa, a think tank that works on issues at the intersection of technology, human rights, governance, and livelihoods. Today, we are bringing together notable speakers from across various regions to discuss data governance in line with the IGF sub-theme of building digital cooperation. The session aims to contribute to inter-regional dialogue among policymakers and civil society leaders from West Africa, from the Eastern Partnership, and the Western Balkans to leverage common knowledge. I am from East Africa myself, which wasn’t mentioned among those regions, so there’s also some insights that will come out of there. On this note, to kick us off, I would like to invite our host, who is the Minister of Information from The Gambia, to share his welcome remarks. Dr. Ismail Asise, please take the floor.

Dr. Ismaila Ceesay: Thank you very much, Dr. Wakabi, thank you for that introduction. Excellencies, distinguished delegates, ladies and gentlemen, it is a great honor to join you today for this very important discussion on advancing data governance across regions as we collectively seek pathways. In an increasingly digital world, data is a critical enabler of development, innovation and rights. For The Gambia, harnessing data responsibly is key to driving economic growth, improving service delivery, and protecting the dignity and rights of our people. The Gambia is embracing the digital age with ambition and purpose. We recognize that digital transformation is not just a matter of technological advancement. For us, it is a catalyst for inclusive growth, innovation and good governance. Our national broadband policy, our digital ID initiatives and e-government platforms are all part of a comprehensive strategy to bridge the digital divide, empower citizens and modernize our economy. We have made significant strides in putting data governance at the core of our digital development agenda. We are currently implementing our national data protection and privacy policy, grounded in principles of accountability, transparency and human rights. Steps are also underway to establish an independent data protection authority, which will oversee the enforcement of data governance principles and build trust with citizens, businesses and regional partners. We are also committed to finishing the development of the Gambian national data governance policy, supported by the African Union and the European Union. The Gambia is actively engaged in regional frameworks on the ECOWAS and the African Union, including alignment with the EU data policy framework. We recognize interoperability, regulatory harmonization and mutual trust are essential for effective cross-border data flows in Africa and beyond. We believe that effective cross-border data governance can unlock tremendous value, facilitating trade, strengthening regional integration and enabling secure data flows across borders. We believe that International Cooperation must be fair, inclusive and development-oriented. We are fully aware that no country can do this alone. Advancing data governance across borders requires trust, coordination and shared values. As countries in the Global South, we seek equitable participation in shaping global digital rules, and we emphasize the need for capacity support, infrastructure investments and data governance models that reflect our local realities. The Gambia stands ready to work with partners on the continent and globally to build a data governance ecosystem that is secure, rights-respecting and fit for the digital age. Let us advance together, bridging borders and building trust in the digital world. Thank you.

Wairagala Wakabi: Thank you, sir, for outlining the Gambia’s efforts in its digital development agenda and also outlining its commitment to cooperative data governance. As Dr. Sisay has touched on, the domestic as well as cross-border assisted governed data effectively is crucial, and so to explore common challenges and valuable experiences from different regions, we are going to hear from our panelists and dive deeper into the varying contexts that can enable us to be able to accelerate responsible, future-ready and rights-based data governance globally. I will therefore introduce our panelists today, beginning next to Dr. Sisay, Milan Marinovic, who was appointed Commissioner for Access to Public Information of Importance and Personal Data Protection of Serbia in 2019. Previously, Mr. Marinovic served as judge in different courts. He has authored various publications and participated in various working groups, drafting and amending legislation in Serbia. Next to him, we have Dr. Olga Kiriliuk, who currently serves as chair of the South Eastern European IGF, leading multi-scope cooperation across 18 countries in the region. She’s internationally recognized as an expert in digital governance, Internet freedom and international law with over 12 years of experience at the intersection of technology, policy and human rights. And to my left, we have Meri Sheroyan, the co-founder of Digital Armenia, an NGO focused on advancing digital transformation through inclusive, user-centered approaches. As an IT expert, she is specializing in digital transformation in the public sector and public administration systems. And she has extensive experience working within government institutions as well as with the development institutions. To the extreme left, we have Tatu Mambetalieva, the Director of Civil Initiative on Internet Policy based in Kyrgyzstan. She’s also the initiator and founder of the public platform Kyrgyz Forum on Information Technology, the annual Central Asian Forum on Internet Governance, which is a regional initiative of the Global Internet Governance Forum created under the auspices of the UN. We also have a participant online who has not been able to join us, and that is Folake Olagunju, the Acting Director of Digital Economy and post at the Economic Committee of West African States Commission, where she leads the Digitalization Directorate. We will now hear from our panelists and set the stage and get a sense of the state of data governance in The Gambia and Serbia. We’ll start with Dr. Sese first. As The Gambia continues to develop its digital infrastructure and data policies, where are the country’s priorities and challenges in developing and implementing effective national data governance frameworks and how they align with the broader strategies of the African Union and the ECOS?

Dr. Ismaila Ceesay: Thank you very much once again, Mr. Moderator. As for our priorities, our number one priority is institutional capacity building. Now, as The Gambia is advancing the development of a comprehensive national data… Digital Governance Framework to support digital government, evidence-based policymaking, and public service delivery. This initiative is supported by UNDESA and includes a series of stakeholder consultations and capacity-building workshops led by the Ministry of Communication and Digital Economy of The Gambia. Our other priorities also focus on legal and regulatory reforms. For example, we have the data protection and privacy legislation, which is currently in parliament. This is building on the National Data Protection and Privacy Policy of 2019. The Gambia has formulated the Data Protection and Privacy Bill 2023, which is currently before the National Assembly. The bill provides a robust legal framework covering data subject rights, controller and processor responsibilities, transborder data flows, processing principles, safeguards, enforcement mechanisms, and sanctions. Under these reforms, we also have the statistical system reform. This is under the National Strategy for the Development of Statistics. The 2025 Statistics Act is being revised to strengthen coordination across the national statistical system. This reform aligns with the National Development Plan 2023-2027, Agenda 2063, the ECOWAS Regional Statistical Strategy, and the UN SDGs. We also have the national data policy reforms, with support from GIZ and UNDESA. The national data policy has been validated and is pending cabinet submission. It aims to harmonize data governance across sectors and establish a foundation for secure, inclusive, and rights-based use. Another priority is the whole-of-government approach. The MOCDE, which is the Ministry Responsible for Digital Economy, is spearheading cross-sectoral coordination to ensure that data governance is embedded across ministries, departments, and agencies. Once adopted, the policy will address data protection, cyber security, open data, and access to information, while balancing freedom of expression with the mitigation of online The National Data Policy is a cornerstone of the Gambia’s broader digital transformation agenda, aligning with the Digital Transformation Strategy 2024-2028, Digital Economy Master Plan 2024-2034, and Government Open Data Strategy 2024-2027. It supports the NDP, SDGs, and Agenda 2063 by promoting data availability, accessibility, and interoperability to drive innovation, transparency, and inclusive development. Our challenges, particularly the persistent ones, one is capacity gaps. Many ministries, departments, and agencies lack the technical and analytical capabilities to manage and utilize data effectively. A second challenge is fragmentation. The national data ecosystem remains siloed with inconsistent standards for data collection, storage, and sharing. Another challenge we are facing is the digital divide, inequities in digital access and literacy, particularly across rural and undeserved populations. This limits inclusive participation in data-driven governance. And finally, our alignments with EU and ECOWAS strategies. The Gambia’s data governance reforms are closely aligned with the African Union’s data policy framework, which emphasizes data sovereignty, cross-border data flows, and inclusive digital economies. At the regional level, the Gambia is also actively engaged in the ECOWAS Supplementary Act on Personal Data Protection, which is expected to be endorsed by heads of state in the upcoming summit. These efforts underscore the Gambia’s commitment to regional harmonization and digital trust.

Wairagala Wakabi: Thank you very much. That’s a handful of measures that have been implemented to advance data governance, in spite of the challenges, and it would be good here if the challenges are also shared across regions. But I have a follow-up question. The Gambia also recently launched a five-year strategic plan to strengthen good governance. Its pillars include to to improve transparency and access to information to boost public participation and strengthen institutional capacity and good governance. Could you please describe to us what is the role of the Ministry of Information that you lead in building public trust around the governance?

Dr. Ismaila Ceesay: While the Ministry of Digital Economy leads on technical and regulatory aspects, the Ministry of Information, which I lead, plays a critical role in fostering public trust and civic engagement. One of the things we do, and which is our mandate, is public awareness and digital literacy activities. The Ministry is responsible for sensitizing citizens on their data rights, the value of open data, and the safeguards in place to protect personal information. This includes campaigns to demystify data governance and promote responsible digital citizenship. Our initiative and activities we do focus on transparency and access to information. As a key pillar of the 2025-2029 strategic plan, the Ministry is expected to champion proactive disclosure of government-held data, thereby reinforcing transparency and accountability in public institutions. We also engage in media engagement and narrative framing. By collaborating with public and private media, the Ministry also shapes inclusive narratives that build confidence in digital reforms, counter misinformation and disinformation, and promote calm and stability during periods of digital transition. And finally, we also engage in stakeholder dialogue and inclusion. The Ministry serves as a bridge between government, civil society, and the public, facilitating participatory dialogue to ensure that data governance policies reflect citizen concerns and uphold democratic values.

Wairagala Wakabi: Thank you very much. We’ll hear now from Commissioner Marinovic of Serbia, which has equally made significant progress in developing a rights-based data governance framework with a particular emphasis on the protection of personal data. Commissioner, what have been the recent institutional challenges of balancing compatibility between digital and data systems with the protection of fundamental rights?

Milan Marinovic: Thank you, Mr. Vakabi. Dear all, greetings from Serbia to everyone. First of all, I want to thank GIZ for the invitation to participate in such an important event. Also, with GIZ support, we plan to raise capacities of policy makers and other policy makers and IT experts in the field of data privacy in Serbia. In the early beginning, let me share with you one of my experiences. Every time I find myself at such a large and important event dedicated to digitalization and the use of modern technologies, I, as someone who deals with the protection of personal data, feel like a cat at a dog’s exhibition. It is an extraordinary pleasure and honor, but also a responsibility to be with you today at this fantastic forum. Protection of personal data, as well as the right to privacy in general, is one of the most threatened fundamental human rights in today’s era of rapid development of modern technologies, widespread digitalization and enormous use of artificial intelligence. That is why it is extremely difficult to find the appropriate balance between digital and data systems and the protection of personal data. Difficult, but not impossible. What is most important in creating that balance? Parallel, balanced development of both sides of the same story. This means that the accelerated development of digitalization in all areas of life must be accompanied by the development of personal data protection systems. Digitalization in general, and artificial intelligence in particular, cannot exist without data processing, especially personal data. They feed and depend on data. The processing of data is certainly necessary and useful, and it will be more and more in the future. But as the processing of personal data grows, so must grow protection of this data. Just as a day cannot exist without night, summer without winter, so the processing of personal data cannot exist without its protection. There is a strong link between the processing and protection of personal data. This implies many things, of which I will mention only those which, in my opinion, are the most important. First, strengthening the system and the measures for the protection of personal data. Second, strengthening data protection authorities around the world. Third, strengthening cooperation and collaboration between data protection authorities from all over the world. Fourth, establishing and strengthening the communication and cooperation of the regulatory bodies with the most important controllers and processors of personal data, such as big tech companies and social networks. And fifth, last but not the least, raising the level of awareness of citizens about the importance of personal data protection.

Wairagala Wakabi: Thank you so much, Commissioner. I think all DPAs and many of us are always grappling with best ways in which we can be able to balance those two elements. And you’ve said parallel balanced development of… both is the key. But you also mentioned the issue of a deeper cooperation between DPAs in different countries. In your role, where you sit, what kind of cross-border and inter-regional cooperation is happening between different data protection authorities?

Milan Marinovic: Speaking of cross-border and inter-regional cooperation between data protection authorities, I would like to take this unique opportunity to introduce to you an initiative that I promoted this spring at the Privacy Symposium in Venice. My idea is to form an association of DPAs named E-association of DPAs from all over the world on a global level in an online format. I call this future association E-association of DPAs and my idea is that all regulators, regardless of their status in the country they are from, have the opportunity to exchange practices in the field of personal data protection, to exchange their experience, provide mutual legal assistance and solve common problems in a simple, easy and efficient way on bilateral and multilateral level. As a first step in the realization of this idea, I plan next week to send to all DPAs in the world email in which I will explain the idea of creating an association and ask them did they support this idea and if they would like to be members of the future association. Depending on the answer, the activities we will undertake will also depend.

Wairagala Wakabi: Thank you very much. Great initiative. We hope you will be also partnering and associating with other actors, academia, civil society, etc. and they will not feel like cats and dogs exhibitions. No, I hope so. So thank you our distinguished speakers for those valuable insights into national approaches to foster regulated and inclusive data governance with many lessons learned and a couple of common challenges. We would now like to invite our regional experts to contribute to this discussion by bringing their experience from West Africa and Southeastern Europe. We are going to begin with Folake Olagunju who is online but was introduced. In the region, Folake, there is a lack of reliable data and this can hamper evidence-based policy making that is necessary for well-founded decision making. How is the economic community for West Africa contributing norm-setting and coordination among its members facilitate cross-border data flow and what lessons can be shared with other regional blocks that are willing to follow suit?

Folake Olagunju: Thank you very much Wakani for giving me the floor and I must apologize for the noise. I’m at a conference center so it’s a bit hectic here. Very valid point. We do know that data is something we all struggle with. It’s not just a West African issue. But for us at the ECWAS Commission, we’re looking to ensure that all the policy making we actually do is anchored based on an evidence-based approach. How do we do this? We try and prioritize the data that we get and ensure that there’s inclusive engagement. We always ensure there are many… Member States are right with us from the very beginning all the way to the end. It was interesting that the Minister from The Gambia spoke about the Supplementary Act on Data Protection within West Africa. That is something we’ve just revised and we’re trying to ensure that it is adopted. That process actually went through from Member States all the way through to the Council of Ministers. But before we did that, we actually made sure we do studies with different stakeholder groups across West Africa. So you’ve got your civil society, you’ve got your private sector, every voice matters. Because when you talk about data, it involves every single person. So it’s not just about a whole of government. I understand why The Gambia is doing a whole of government, but for us at the regional perspective, we’re looking at a whole of society because this is absolutely vital. Now one of the things we’ve done with the revision of the Supplementary Act for the Data Protection within ECOWAS is to look at how we can support cross-border data flow. And this is inter-, intra- and across-borders because this is very, very important. It’s about harmonisation at the regional level, but not homogenisation. So yes, we need to harmonise because we’re a regional bloc, we have similarities, but then it needs to be homogeneous in a certain extent so that it’s tailored to the different nuances of each member country. Stakeholder consultation remains absolutely key, and it’s at the cornerstone of everything that we do at the ECOWAS Commission. We need to ensure that whatever we do is data-driven, and decisions need to have inclusive research, we need to ensure we’ve got academia, we need to ensure civil society for accountability, we need to ensure private sector because they bring the money to the table. We need governments because they are the ones that would actually operationalise whatever it is we do at the regional level. We’re also trying to ensure that what we do aligns with the continental frameworks that we have. The Minister spoke about… not just Malaga Convention, but he also spoke about the ADPF. We look at continental frameworks as well. We’re not working in silos. We ensure that what we do is actually of value to our member states, but also puts them in a right position to be able to actually interact with other regions, like you’ve rightly said, Comestas, SADC, and globally across. We’re looking to align all our standards as well, because this is absolutely very important. So that’s what we’re doing at the moment in terms of harmonization, ensuring that we have evidence, frameworks that are backed up with evidence. Like you rightly said, again, data, not easy to find, but I think if you’re able to actually include people across, what’s the word I’m looking, a plethora of people in the process, you will actually see that at the end of the day, you get that buy-in, and hopefully operationalization becomes a dot. Thank you.

Wairagala Wakabi: Thank you very much. And as a follow-up, how does ECOWAS support the creation of favorable conditions for data governance in the region, and what stakeholders does it take to effectively implement the strategies?

Folake Olagunju: That’s an interesting question. So one of the things we’re looking to do at the moment is actually have a regional instrument in place that will talk about open data. Now, why do we need open data? We’re trying to ensure that all the frameworks that we put in place at the regional level will do three things. Encourage transparency, promote interoperability, because that is absolutely key, and last but not least, but I think the most vital, is responsible data sharing. So data is only as good as who has it and who is willing to share it and how it’s used. So we’re doing that at the regional level. We’re also looking at certain data priorities in the digital sector development strategy that we’ve got, and this is over five years. What we’re trying to do is to ensure that we can define sensitive and non-sensitive data categories for our member countries. What we find is when you ask someone to share data, they’re a bit reluctant because they don’t know which one needs to be, which data needs to be sovereign and which data can be shared. And I think if we’re able to actually elaborate a little bit more on this, this will actually help. Also, we’re looking at technical and infrastructural standards. I know the Honorable Minister from The Gambia mentioned connectivity. That is something we’re also looking at because without connectivity, how do you even begin to share data or even have the conversations that would allow you to, you know, get data and use data? We’re looking at how we can help member countries transform from a more, I don’t want to say analog government to a more interactive government. So we’re looking at quite a number of member countries have static information portals. So we’re trying to see how we can actually elevate those portals so that they become more interactive for their member countries. And it will actually bring more data and it will actually encourage innovation. Because if you’ve got data, you can also innovate. Like I said earlier on, it has to be across, across what’s the word I’m looking at, multi-stakeholder where the IGF, multi-stakeholder collaboration. So we need private sector, private sector are the big guns. They will actually help us build our data driven solutions. We need governments and ICT regulators to actually adapt and adopt these regulations that we’re putting in place and show that they’re domesticated at the national level. We need academia. They’re the ones that will tell us what we need to be looking at two, three years from now. Last but not least, we need our partners. We can’t do it without them. It’s not always about reinventing the wheel. You can actually take what has been done in a different region, bring it here and tailor it to the new nuances of West Africa. And then I want to say we definitely cannot do it without the citizens. If the citizens don’t use data, if the citizens don’t understand the need for data or the citizens.

Wairagala Wakabi: Thank you so much, Folake. Much appreciated. That’s what’s happening in Western Africa. So let’s move on and hear from Southeastern Europe. Olga, that region navigates national data ecosystems with broader regional dynamics. How would you describe the current state of data governance in the region? What are the most prominent dynamics within the region? Thank you for the question. When talking about my region, I like to describe Southeastern

Olga Kyryliuk: Europe as a region with high digital ambition. Also, what makes the region truly unique is that it remains divided between the countries that are operating under the EU regulatory framework such as GDPR, for example, Croatia, and the countries who are still in the process of securing full institutional and legal compliance, such as North Macedonia. This regulatory divide has real consequences, especially when it comes to cross-border trust and data sharing. While the EU member states are benefiting from structured oversight and shared enforcement mechanisms, for the neighboring non-EU countries, even those whose laws quite closely mirror the EU standards, it is often still a challenge because very often they are still considered as third countries in terms of data protection guarantees and safeguards. This status itself introduces friction into the data flows, especially when it comes to public health, education, and digital services where cooperation is supposed to be seamless and smooth. As you can see, the region is caught in between fragmentation and convergence. Fragmentation still defines the legal space, the institutional capacity, and the technical infrastructure. There is also a growing convergence of ambition. We know that there are almost all countries in the region who are having either the EU accession ambition or they are trying to integrate into the global digital markets. This is why they are trying to take the example of the European Union and to standardize and harmonize their laws and their enforcement practices in the sphere of data protection and data governance with the European Union model. This moment also presents both a challenge and an opportunity for our region. When we talk about the challenge, this usually comes to bridging the digital-legal divide which stalls the cooperation. So it’s really very important to ensure that the legal frameworks really talk to each other and there are no major discrepancies. But there is also the opportunity which lies in building shared regional trust frameworks which go beyond the simple compliance mechanisms. I think so far our region is doing quite a good job in trying to adopt the legal frameworks which are according to the best safeguarding practices in terms of data governance and data protection. There is of course quite a long way to go for some countries compared to others because, as I said, the region is not uniform but this is also what is making the region unique and an interesting example for sharing the practices and the case studies with other regions in the world.

Wairagala Wakabi: Thank you very much. I hear a couple of similarities from your region, Eastern Europe and Western Africa. Issues around harmonization and compliance mechanisms, issues around interoperability We are at the IGF, so we cannot not ask about the role of the IGF. Where you sit, you have the regional IGF CDIG. How is it contributing to harmonizing data governance frameworks? Have there been any successful models from the region that I imagine that could serve as a template for others?

Olga Kyryliuk: I believe that IGFs and CDIG in particular have a crucial role to play in this whole process. First of all, we are contributing by identifying shared priorities across the region. We are connecting the in-country stakeholders from across the region and we bring them to the same room and facilitate the dialogue between the stakeholders. As the next step, we also help to improve trust between counterparts from neighboring countries and help them improve coordinating with each other beyond the borders of their nation states. So, of course, CDIG, as any IGF initiative, is not the space that can create the loss, but we are definitely the space that can create the opportunity where the better loss and better cooperation can be shaped and where the new initiatives with some practical value can take the beginning. I would also say that for fragmented regions like ours, usually the very fact of creating the habit of cooperation is an important first step to trusted cooperation throughout the years and I think this is what the initiatives like CDIG are doing. Also, as I mentioned, there is the imagined practice in our region of shaping the convergence between different countries and I think this is important also to have this culture of different stakeholders talking to each other. Of course, during the CDIG meetings which are happening on the annual basis, we repeatedly have the sessions which are touching from different perspectives the issues of data governance and data protection and we usually get a lot of proposals on these specific topics which means that this is something which resonates with the stakeholders in the region and which is truly important to them. And also, for the upcoming meeting this year in October that we will be hosting in Athens, we also have been partnering with the Council of Europe and will be hosting a pre-event to the main meeting gathering the representatives of the media regulatory authorities from Western Balkans which is also a good example to start with some more trusted conversation where they feel more comfortable to share the challenges that they are experiencing on the daily basis but then, of course, they will join the main meeting and will talk to other stakeholders and there will be also the panel hosted so that this can truly shift to the multi-stakeholder conversation. So, I would say this is probably not the solution for everything having the space like IEGF but this is obviously a good beginning where the good initiatives could start.

Wairagala Wakabi: Thank you for sharing these inputs, very insightful in regional challenges from Western Africa, from Southeastern Europe. The examples illustrate the importance of the work that regional organizations are doing in facilitating data governance among states. We have looked at national and regional perspectives on data governance and would like to get into the conversation. We will begin with Meri Sheroyan. The digital code recently adopted in Kyrgyzstan aims to create a favorable environment for digital services and data processing. From your perspective, how has the national approach to data governance evolved over the recent years and what opportunities and challenges does civil society have when engaging in data policy and implementation processes?

Tattugal Mambetalieva: Thank you. At the regional level, Kyrgyzstan is the first to use an integration gateway for secure and transparent data exchange between the state bodies and the business. This innovative approach is part of Kyrgyzstan’s recent digital code which set a standard for data handling, focusing on legality, minimization of data collection, accuracy and integrity to build a better digital environment. Kyrgyzstan doesn’t use centralization and localization of data. Centralization of data has risks for data protection and localization of data creates additional burden to business. This approach differs from many neighboring countries like Kazakhstan and Uzbekistan where data centralization and localization of data is used. Therefore, challenges for civil society, risks on data protection and ethical use still remain. Very well.

Wairagala Wakabi: Thank you for that. As a follow-up, what opportunities do you see for civil society to bridge regional and global data governance efforts? Thank you.

Tattugal Mambetalieva: For Central Asia countries, Central Asia countries Data exchanges are economically interdependent, making data exchange crucial for interaction. However, cross-border data exchange raises concerns about ensuring adequate data security. Civil society must primarily monitor the arrangement of data exchange to ensure countries guarantee transparency, accountability and inclusivity.

Wairagala Wakabi: Thank you so much. I will now move to Meri quickly. Armenia is navigating digital transformation. Coming from the non-government sector, why is it important to bring civic tech voices into public processes and what role are they playing today in advancing robust data frameworks?

Meri Sheroyan: Thank you very much for the question. You are completely right. Armenia is going toward digital transformation and has made notable progress in recent years by launching e-governance platforms, digitizing public services, initiating important data governance projects. Currently, the country is working on building both legal and technical frameworks that need to support these transformations. These frameworks aim to define how public information is accessed, to set the standards for data collection and processing, as well as to regulate the use and management of databases. But from my perspective, I think that these efforts not only depend on technological advancements or standards or rules or protocols, but also on inclusive and participatory governance. That’s why I think that civic tech voices into public policy processes are essential. Armenia builds trust in public institutions. It needs the insights and oversight of actors. that actually serves as a bridge between citizens and public institutions. And civic tech organizations such as non-profits, such as watchdog groups or data advocates or digital right defenders play a crucial role in the process. And I think our involvement does not only include just monitoring digital projects but also to flag the ethical concerns, to identify the data misuse or to address barriers of the excess of data. And in areas like practically in procurement, in budget or beneficiary transparency, beneficiary ownership platforms that Armenia has, these are the transparency tools that have shown the greatest impact when they are complemented by the engagement and oversight of the public. I can say just for our organizational perspective and experience, we’re just not doing the monitoring but we go beyond simply evaluating an impact and we do outreach projects, we do education for citizens so they can understand how their data is used, why digital systems matter and how government platforms can improve public services for everyone. So in short, the civic tech voices are not just contributors but are essential partners to build digital systems that are ethical, that are inclusive and also serve for the public.

Wairagala Wakabi: Thank you very much. Could we briefly also maybe look at some of the capacity gaps that organizations you work with face in leveraging data for sector initiatives?

Meri Sheroyan: For someone who worked many years in public sector, then in international organization and now serving from civil society, I see maybe the issues more crystal clear and maybe I can state one issue that is important, has the importance. I think the lack of clear data strategy maybe is the main challenge and I think that without a unified vision of a roadmap on how data supports the missions, the efforts somehow become fragmented in public institutions. So the weak data governance I think often results to unclear ownership and inconsistent data quality controls. So as we run out of the time, I’ll just be short for this question.

Wairagala Wakabi: We have time. No worries. So thanks everybody. A lot of insights. Before we go to the public to give us some comments and questions, we would like for each participant to use just one minute to give something actionable. Considering the many common challenges that we’ve discussed, what practical steps can your regions take in the next 12 months to strengthen inter-regional, international cooperation on data governance, especially around areas like standard setting, data interoperability and oversight mechanisms? We’ll take this, I think, the same way we went, beginning with the Minister and then the Commissioner and then Olga.

Dr. Ismaila Ceesay: Well, thank you very much. I think one of the practical steps that we can consider is to establish a continental data governance framework so that we can finalize and promote adoption of the EU data policy framework across all member states. This will create a shared baseline for data protection, cross-border data flows, but also interoperability across the continent. Another thing we can also consider is to harmonize national data protection laws across the continent so we can encourage countries to align with continental standards like the Malabu Convention but also internationally with the GDPR style protections. This will reduce fragmentation but also promote easier cross-border collaboration and trust in African data systems. Another thing to consider is to engage in global standard setting bodies to increase African representation in ISO, IEEE, UN bodies, for example, the ITU and others. This will ensure Africa’s interest and realities are reflected in global data standards and regulatory frameworks. And then perhaps we can also consider building regional oversight and coordination mechanisms to create or empower sub-regional data governance hubs. This will help us oversee policy compliance, technical cooperation, joint investigations on cross-border data breaches, but also encourage shared accountability and mutual learning. Thank you.

Wairagala Wakabi: Thank you, Minister. Commissioner?

Milan Marinovic: Thank you. In the next 12 months, in order to strengthen regional and international cooperation in the field of data governance, in our region of the Western Balkans, we plan to hold multilateral and bilateral meetings with DPAs from the region and with relevant representatives of executive authorities, IT companies and other companies. As a good example of those multilateral meetings, I can tell that there is an initiative from 2017 on the initiative of Slovenia, which gathers all DPAs from former Yugoslavia. And it is a very interesting combination because we have two member states of the EU, Slovenia and Croatia, and four which are not members of the EU as Bosnia and Herzegovina, Montenegro, North Macedonia and Serbia. But from these four, Serbia and recently Bosnia and Herzegovina has a law of personal data protection which is complied with the GDPR and police directive of the EU. Montenegro and North Macedonia has not yet. So it is one particular meeting. And the second is the meeting of data protection authorities of Bosnia and Herzegovina, Montenegro and Serbia on our initiative, how to solve the problem which we have with the META and X according to changing of their private data.

Olga Kyryliuk: I think my job is now much easier, responding to this question after commissioning, because I don’t actually need to reinvent the wheel. I would just align with the idea of having inter-regional dialogue on cross-border data sharing between the data protection authorities. What I can offer from my side, as long as we are going to host our annual meeting in October, which is still pretty much time until that moment, I can suggest to have some side meeting or run the session with the DPAs during the CDIG meeting, so that we can also bring this conversation to the regional community. This will be another step in developing this idea and making sure that what we have mentioned over here is not just staying at the level of ideas, but we actually take the follow-up action on what we are discussing here. I also think that one of the things that could be done is some kind of mapping of the regulatory bottlenecks in cross-border data sharing. This can show us what are still the challenges in terms of regulatory frameworks, infrastructure and interoperability. Then, from there, different DPAs in different regions could take those findings and recommendations to ensure further alignment through bilateral and multilateral meetings.

Wairagala Wakabi: Thank you so much. Olga, we’ll go to Folake.

Folake Olagunju: Thank you very much. I’m going to piggyback on the Honourable Minister from Gambia’s words. He’s already spoken about harmonisation and alignment and all that. If that is taking place in the Gambia, by default, hopefully it means it will have moved to Senegal and then hopefully moved to Sierra Leone. The three countries have done all the harmonization the Honorable Minister was talking about. What I would like to see is a setup of a controlled test environment where we can actually get all these member states, the public agencies of member states, to actually trial an interoperable platform. Now, if we’re able to do this for certain sectors, such as health, education, identity systems, and it works, we will be able to then take those lessons and scale up to a regional event. Thank you.

Wairagala Wakabi: Excellent. We’ll now… Okay. Good.

Tattugal Mambetalieva: First of all, I support all proposals, and currently at all international platforms we’re advising an initiative to create an intergovernmental agreement on data exchange among Central Asia countries, open for other countries to join. And this is because data is the new oil, and issues of access are crucial, not only within a country, but also at the regional level.

Wairagala Wakabi: Thank you so much. And finally, Meri?

Meri Sheroyan: For Armenia, what I can say is that the country uses international experience in incorporating many initiatives, for instance, in interoperability, like using X-Road, like an Estonian model. And I think that many practical exercises should be done. So it could be like piloting small-scale data-sharing initiatives to understand whether the cross-border public service delivery works or not. And it could be in different areas, and starting with, like, consular or migration or environmental areas. So this would lead to understand…

Wairagala Wakabi: Thank you so much panelists for those great ideas on joint initiatives on what is relevant work on in the future. Would like now to invite any comments or questions and if whoever has any question or comment please, there is a mic over there, please get there and shoot your question or comment. We have one or two videos, going to ask questions, any others please go ahead and ask. You may mention your name and where you come from. If you want a particular individual to answer the question, you may also direct it to them.

Audience: Thank you all and very excellent panelists. And all the points actually you raised is, I mean, to the critical in the points of the data governance, cross-border governance. So there’s one new protocol and a new framework about, it’s called SOLID and social linked data actually can help to address, can help address all the issues and related to the cross-border governance. So currently, because all the panelists actually from, you know, the emerging countries and emerging countries currently also need the language to be supported by large language models and all the language and the culture can be preserved. and the other is that there is a question about the language data sets. Can you tell us how you observed if the language data sets can be owned by your own country but also can be cross-border and with solid protocol and the LingoAI? So LingoAI is working on the whole solution and can address the issues you raised. Actually the proposal was invented by the founding father of the World Wide Web called Sir Tim Berners-Lee and he joined IGF three times. So I would like to know the deployment or awareness of your countries and to the new protocol of our next generation web. And this protocol was invented to take care of the data control and the data ownership and data sovereignty and cross-border issues. And I’m not sure whether your nation, your country or region have adopted or have the awareness of a solid protocol. Thank you.

Wairagala Wakabi: Thank you so much. The question we have received, anybody is welcome to respond to it. While speaking about not only the element of awareness of the protocol but what kind of initiatives are underway in order to promote data ownership but also encourage cross-data flows. Who is willing to give us a comment? Yes, Commissioner.

Milan Marinovic: As I know, Serbia didn’t adopt that protocol yet. But when I heard how good is the protocol for data protection, I’m sure that Serbia will adopt soon.

Wairagala Wakabi: Thank you. Excellent. Other responses?

Meri Sheroyan: Maybe I can add something. I think that Armenia or any other country localize sensitive data such as biometric information or health records. And also for Armenian cases, I know that government working on distinguish between the sensitive data and less sensitive data. And I think that having different kind of protocols or standards internationally recognized could also impact on the cross-border data sharing. But first of all, for countries that are in a process of implementation and adoption of data governance frameworks, first of all, need to distinguish between sensitive and less sensitive data. And then move forward on adopting international standardization. And I am hopeful that countries like Armenia that are landlocked or emerged will step forward to this initiative to make it possible the cross-border public service delivery across country and out of the country.

Audience: Singapore Internet Governance Forum. So I’m the coordinator and the co-founder for SGIGF. And SGIGF like to work with every countries and the representatives and to help to promote and the solid protocol and the lingual AI to help actually protect the data. And the culture for all the emerging countries. Okay, thank you.

Wairagala Wakabi: Thank you so much. Useful contextual information. We know where you’re coming from. And I think many of us will be willing to reach out to you. The minister has a response to that as well.

Dr. Ismaila Ceesay: I think the issue with language is a bit complex because Africa has over 2,000 languages. Some countries have 56 languages. Some have 200 languages. So for us, just like Serbia, we haven’t really considered this yet. As a small country, 2.5 million people, we have almost 11 to 12 different languages, which are totally different. So how we really harmonize this with the language, with 2,000 languages, it’s difficult. Yes, I mean, because of the colonial history, we have French Africa, we have Spanish Africa, Portuguese Africa, English Africa. Perhaps this is something we can consider. Using those languages. But not our indigenous languages.

Audience: Yes. Lingua AI is actually designed for the indigenous languages. Because, you know, when AI becomes popular, becomes a commodity, and everyone currently in emerging countries, almost, is using it. All use English as a language and to prompt and to get the, you know, generative AI result. And gradually, the indigenous language will be forget, and especially the culture build on the languages. So, for larger companies, if they want to support indigenous languages, and they are going to collect the data, in this centralized way, the data will be owned by the centralized company. And after the fine-tuning the large network model, the data will be continuously collected to the larger companies. So, the data will run out of your countries, and your people and the country don’t own the data. This is called digital colonization. So, the new protocol and the solid and the lingual AI is helping to anti, you know, this kind of a digital colonization.

Wairagala Wakabi: Thank you so much for that clarification. Okay, thank you very much. Data colonization and data sovereignty are key issues in our conversation from where many of us come from. So, it’s good to know there is something that is addressing that. We will reach out to you, but we do have another comment. Thank you, sir.

Audience: Hi, good afternoon. I think my question might be a little premature looking at the landscape in our country, but I will go ahead and ask anyway. Where there is no IGF, no local IOS, where do you suggest this conversation starts in terms of thinking about regulations and guidance and protocol for cross-border data protection? Should it start with the regulator for the sector? Should it be emanating from civil society? Suggestions, I’m open to hear. Some quick guidelines in the two seconds we probably have. Thank you.

Wairagala Wakabi: Would you mind telling us where you’re from?

Audience: The Bahamas.

Wairagala Wakabi: Lucky you. But we have IGF and you don’t, so, you know. All right, we’ll begin with Olga. She has a response.

Olga Kyryliuk: I think it’s not really the problem that you don’t have yet a dedicated space because the dialogue can be created just from the desire to have the conversation. And very often you can have a much more open and trusted dialogue once you talk to stakeholders who are actually having the decision-making and policy-making power. Sometimes even having the decision-making power, but sometimes they might not have the full awareness or might not be that much in full capacity to execute and enforce. And sometimes just some small support and push from outside might be the beginning of a good positive change inside the country. So, I would say if you want something specifically from the DPA, go to DPA. If you want from someone else, go to them. Start maybe from bilateral one-to-one meetings. And once they feel more comfortable to talk to other stakeholders, then you can extend this dialogue.

Wairagala Wakabi: Thank you very much. Other panelists? Yes, please.

Milan Marinovic: Only a few words. It must be multilateral, not bilateral. So, when I said multilateral, it means data protection authorities, stakeholders, executive bodies, all, and civil society. Thank you very much.

Wairagala Wakabi: We do have another question. Please go ahead.

Audience: Thank you. Good afternoon. I’m Joseph. I’m here for the Wikimedia Foundation. I was very interested in the Serbian Commissioner’s comment about privacy as a human right, which, of course, we completely agree that it is. But, of course, there are many other human rights, the right to freedom of information and expression. And I’d like to ask the entire panel very broadly how, through this process of harmonizing regional data protection laws and implementing such new laws, how we can ensure that all human rights are respected throughout this process and that the right to privacy does not come at the expense of any other potential right.

Wairagala Wakabi: So, we are going, thanks for that question, what we are going to do is that we are going to couple it up with another related questions. Namely, in many countries there is a diversity of legal systems and institutional maturity is different. How can we move also towards mutual recognition of data protection frameworks without undermining national data sovereignty? I would like you to reflect on that for one minute, even as we all answer the question from the participant from Wikipedia. We have one and a half minutes. Tie in your last word as well, please. We will go… This time, let’s start from my left. Then, you know, move on.

Meri Sheroyan: Okay, maybe I can start. I think there is a blurred line between protecting digital rights and the expression of freedom of information and sometimes government need to deal with that, not to ban the freedom of information while also considering how to protect them and how to protect their rights in Internet because in recent years the Internet gives us a broad mass of information which can lead to fake news, which can lead to disinformation and for the government it’s important to underline this line and protect their rights but also not to violate the freedom of information. And concerning the question, I think there should be formal cooperation channels between different countries for data protection agencies in different countries so that they can set clear protocols for audits, incident responses or enforcement coordination, etc. So my perspective is that these formal cooperation channels could lead to the national digital sovereignty and to implement data protection frameworks.

Wairagala Wakabi: Thanks, Mary. Satya, the same for you.

Tattugal Mambetalieva: Continue our previous discussion about synchronization and harmonization of approaches between countries are crucial. We need to create an environment of trust and organize a transparent data exchange making it clear who is using the data and for what purpose, I think.

Wairagala Wakabi: Thank you so much. We’ll go to Olga and then the Commissioner.

Olga Kyryliuk: So as a lawyer I don’t see the mutual recognition of data protection frameworks as a threat to national sovereignty but it’s rather an issue of legal interoperability. So we often don’t need to create the identical laws but what we really need is to create the trustworthy equivalence and to create the trust which is cross-border trust so that whenever the data is shared there are also some safeguards in place and responsibility which comes for the breach of mishandling of data. But also I would say that it’s important to ensure that there is transparent oversight and independent enforcement whenever it comes to handling the personal data. So once that is in place it’s just a matter of… for Dialogue and Trust between the Borders and between the Nation-States.

Wairagala Wakabi: Thanks, Olga.

Milan Marinovic: When we speak about sovereignty and data protection authority, it is possible because any law which is based as a law in Serbia on GDPR and police directive have exceptions of the principles. So, if there is a national security in question, you have exceptions of ordinary data protection authority. We have two models of data protection authorities, ordinary and specially which made the bodies in that situation like organized crime, national security, etc. And according to the question of the Wikimedia, I must say something. Exist states in Europe and in the world which have two-in-one system, two bodies which protect two rights, two human rights, personal data protection and free access to information of public importance. It is a situation in Serbia. So, I think that it is a good situation because you can measure in any particular case what is stronger, personal data protection or right to know of the public.

Wairagala Wakabi: Thank you, Commissioner. We’ll go to Folake for one minute and then we’ll end with the Minister.

Folake Olagunju: Thank you very much. Obviously, we all agree that building trust is required around data. For me, I know sovereignty matters. Thank you so much. And we’ll end with Amin.

Dr. Ismaila Ceesay: Yes, I think we were able to solve the problem by we currently have the access to information commission, which has been operationalized. And once we pass the data protection law by the end of this year, we are going to merge these two commissions. So they can be able to fulfill that role of balancing each other like the commissioner from Sabia has said. So that we are going to have one commission responsible for access to information, but also oversight over data protection. And my final words would be, three words will summarize what I’ve been saying. That is harmonization, harmonization, harmonization. We need to harmonize legal and regulatory frameworks and legally binding EU-wide data governance charter, aligned with the Malabu Convention, but also with the GDPR principles and Global Digital Compact. And finally, we need to create uniform standards for consent, privacy, cross-border flows and AI ethics. Thank you.

Wairagala Wakabi: Thank you, Dr. Cisse. Thank you, Commissioner Marinović. Thank you, Meri, Folake, Olga and Tato. Ladies and gentlemen, please join me.

Agreement points

Need for harmonization of data governance frameworks across regions

Speakers

– Dr. Ismaila Ceesay
– Folake Olagunju
– Olga Kyryliuk

Arguments

The Gambia aligns with African Union data policy framework and ECOWAS Supplementary Act on Personal Data Protection

ECOWAS revised the Supplementary Act on Data Protection to support cross-border data flow through harmonization rather than homogenization

Mutual recognition of data protection frameworks is about legal interoperability rather than threat to national sovereignty

Summary

All speakers agree that regional harmonization of data governance frameworks is essential, but emphasize that harmonization should not mean homogenization – allowing for local adaptations while maintaining interoperability

Topics

Legal and regulatory | Development

Multi-stakeholder engagement is crucial for effective data governance

Speakers

– Folake Olagunju
– Meri Sheroyan
– Milan Marinovic

Arguments

ECOWAS prioritizes inclusive engagement ensuring all member states participate from beginning to end with whole-of-society approach

Civic tech voices are essential partners building trust in public institutions and serving as bridge between citizens and government

Proposed E-association of DPAs worldwide to enable exchange of practices and mutual legal assistance in simple online format

Summary

Speakers consistently emphasize that effective data governance requires involvement of all stakeholders including government, civil society, private sector, academia, and citizens rather than top-down approaches

Topics

Development | Human rights | Legal and regulatory

Balancing data protection with innovation and other rights is a fundamental challenge

Speakers

– Milan Marinovic
– Meri Sheroyan
– Audience

Arguments

Parallel balanced development of digitalization and personal data protection systems is essential, as they cannot exist without each other

Armenia is building legal and technical frameworks for digital transformation including e-governance platforms and data governance projects

Human rights must be balanced in data protection implementation to ensure privacy doesn’t come at expense of freedom of information and expression

Summary

There is consensus that data protection cannot be implemented in isolation but must be balanced with digital innovation, economic development, and other fundamental rights like freedom of expression

Topics

Human rights | Legal and regulatory

Capacity building and institutional development are critical priorities

Speakers

– Dr. Ismaila Ceesay
– Tattugal Mambetalieva
– Meri Sheroyan

Arguments

The Gambia prioritizes institutional capacity building, legal reforms, and whole-of-government approach with data protection legislation currently in parliament

Civil society must monitor data exchange arrangements to ensure transparency, accountability and inclusivity

Civic tech voices are essential partners building trust in public institutions and serving as bridge between citizens and government

Summary

All speakers recognize that effective data governance requires significant investment in building institutional capacity, technical capabilities, and oversight mechanisms

Topics

Development | Legal and regulatory

Similar viewpoints

Both speakers advocate for institutional approaches that balance data protection with transparency and access to information, with dedicated bodies handling both responsibilities

Speakers

– Dr. Ismaila Ceesay
– Milan Marinovic

Arguments

Ministry of Information plays critical role in fostering public trust through digital literacy, transparency, and stakeholder dialogue

Two-in-one system protecting both personal data and free access to public information allows balancing competing rights

Topics

Human rights | Legal and regulatory

Both emphasize the need for practical, incremental approaches to data sharing that start with clear categorization and small-scale pilots before scaling up

Speakers

– Folake Olagunju
– Meri Sheroyan

Arguments

Countries must distinguish between sensitive and less sensitive data categories to facilitate responsible data sharing

Piloting small-scale data-sharing initiatives for cross-border public service delivery in consular, migration, or environmental areas

Topics

Legal and regulatory | Infrastructure

Both speakers highlight how their regions face challenges from regulatory fragmentation and different approaches to data governance among neighboring countries

Speakers

– Tattugal Mambetalieva
– Olga Kyryliuk

Arguments

Kyrgyzstan avoids centralization and localization of data unlike neighboring countries, reducing risks to data protection

Southeastern Europe faces regulatory divide between EU member states operating under GDPR and non-EU countries still seeking compliance

Topics

Legal and regulatory | Human rights

Unexpected consensus

Digital colonization and indigenous language preservation

Speakers

– Audience
– Dr. Ismaila Ceesay

Arguments

SOLID protocol and LingoAI can address cross-border data governance issues while preserving indigenous languages and preventing digital colonization

Need to establish continental data governance framework and increase African representation in global standard setting bodies

Explanation

There was unexpected alignment between the audience member’s technical solution (SOLID protocol) and the Minister’s call for African representation in global standards, both addressing concerns about digital sovereignty and preventing external control over local data and cultural assets

Topics

Human rights | Sociocultural | Legal and regulatory

Practical implementation through pilot projects and controlled environments

Speakers

– Folake Olagunju
– Meri Sheroyan
– Olga Kyryliuk

Arguments

Controlled test environments for member states to trial interoperable platforms in sectors like health and education

Piloting small-scale data-sharing initiatives for cross-border public service delivery in consular, migration, or environmental areas

IGFs like CDIG contribute by identifying shared priorities and facilitating dialogue between stakeholders across regions

Explanation

Unexpectedly, speakers from different regions converged on the same practical approach of starting with small-scale pilots and controlled environments rather than attempting large-scale implementations immediately

Topics

Infrastructure | Development | Legal and regulatory

Overall assessment

Summary

The discussion revealed strong consensus on fundamental principles of data governance including the need for harmonization (not homogenization), multi-stakeholder engagement, capacity building, and balancing protection with innovation. Speakers consistently emphasized practical, incremental approaches over ambitious large-scale implementations.

Consensus level

High level of consensus on principles and approaches, with speakers from different regions facing similar challenges and converging on similar solutions. This suggests that despite different regulatory environments, there are universal principles and practical approaches that can guide effective data governance across regions. The consensus provides a strong foundation for inter-regional cooperation and knowledge sharing.

Different viewpoints

Data localization and centralization approaches

Speakers

– Tattugal Mambetalieva

Arguments

Kyrgyzstan avoids centralization and localization of data unlike neighboring countries, reducing risks to data protection

Summary

Kyrgyzstan explicitly chose not to use data centralization and localization approaches, differing from neighboring countries like Kazakhstan and Uzbekistan. This represents a fundamental disagreement on data governance strategy within the Central Asian region.

Topics

Legal and regulatory | Human rights

Scope of stakeholder engagement approach

Speakers

– Dr. Ismaila Ceesay
– Folake Olagunju

Arguments

The Gambia is spearheading cross-sectoral coordination to ensure that data governance is embedded across ministries, departments, and agencies

ECOWAS prioritizes inclusive engagement ensuring all member states participate from beginning to end with whole-of-society approach

Summary

While The Gambia focuses on a ‘whole-of-government’ approach primarily targeting government institutions, ECOWAS advocates for a broader ‘whole-of-society’ approach that includes civil society, private sector, academia, and citizens from the beginning.

Topics

Development | Human rights

Unexpected differences

Language preservation in data governance

Speakers

– Dr. Ismaila Ceesay
– Audience

Arguments

The issue with language is a bit complex because Africa has over 2,000 languages. Some countries have 56 languages. Some have 200 languages. So for us, just like Serbia, we haven’t really considered this yet

SOLID protocol and LingoAI can address cross-border data governance issues while preserving indigenous languages and preventing digital colonization

Explanation

An unexpected disagreement emerged around the feasibility and priority of preserving indigenous languages in data governance frameworks. While the audience member emphasized the importance of preventing digital colonization through language preservation, the Minister from The Gambia expressed skepticism about the practical implementation given Africa’s linguistic diversity.

Topics

Human rights | Sociocultural | Legal and regulatory

Overall assessment

Summary

The discussion revealed relatively low levels of fundamental disagreement among speakers, with most conflicts centered around implementation approaches rather than core principles. Main areas of disagreement included data localization strategies, stakeholder engagement scope, and practical approaches to cross-border cooperation mechanisms.

Disagreement level

Low to moderate disagreement level. The speakers generally agreed on fundamental principles of data governance, human rights protection, and the need for regional cooperation. Disagreements were primarily tactical rather than strategic, focusing on ‘how’ rather than ‘what’ or ‘why’. This suggests a mature policy environment where stakeholders share common goals but may have different preferred pathways to achieve them. The implications are positive for international cooperation, as the shared foundation provides a basis for compromise and collaborative solutions.

Partial agreements

Similar viewpoints

Both speakers advocate for institutional approaches that balance data protection with transparency and access to information, with dedicated bodies handling both responsibilities

Speakers

– Dr. Ismaila Ceesay
– Milan Marinovic

Arguments

Ministry of Information plays critical role in fostering public trust through digital literacy, transparency, and stakeholder dialogue

Two-in-one system protecting both personal data and free access to public information allows balancing competing rights

Topics

Human rights | Legal and regulatory

Both emphasize the need for practical, incremental approaches to data sharing that start with clear categorization and small-scale pilots before scaling up

Speakers

– Folake Olagunju
– Meri Sheroyan

Arguments

Countries must distinguish between sensitive and less sensitive data categories to facilitate responsible data sharing

Piloting small-scale data-sharing initiatives for cross-border public service delivery in consular, migration, or environmental areas

Topics

Legal and regulatory | Infrastructure

Both speakers highlight how their regions face challenges from regulatory fragmentation and different approaches to data governance among neighboring countries

Speakers

– Tattugal Mambetalieva
– Olga Kyryliuk

Arguments

Kyrgyzstan avoids centralization and localization of data unlike neighboring countries, reducing risks to data protection

Southeastern Europe faces regulatory divide between EU member states operating under GDPR and non-EU countries still seeking compliance

Topics

Legal and regulatory | Human rights

Key takeaways

Harmonization of data governance frameworks across regions is critical, but should focus on harmonization rather than homogenization to respect local contexts and nuances

Parallel balanced development of digitalization and data protection systems is essential – they cannot exist without each other and must grow together

Multi-stakeholder engagement involving government, civil society, private sector, academia, and citizens is fundamental to successful data governance implementation

Cross-border data flows require building trust frameworks and legal interoperability rather than identical laws across jurisdictions

Regional organizations like ECOWAS, African Union, and regional IGFs play crucial roles in facilitating dialogue and coordination between member states

Capacity building, institutional strengthening, and bridging digital divides remain persistent challenges across all regions discussed

Data protection authorities need stronger international cooperation mechanisms to address cross-border data governance challenges effectively

Resolutions and action items

Commissioner Marinovic to send emails to all DPAs worldwide next week proposing creation of an E-association of DPAs for global cooperation

CDIG to host a side meeting or session with DPAs during their October meeting in Athens to advance inter-regional dialogue

ECOWAS to establish controlled test environments for member states to trial interoperable platforms in sectors like health, education, and identity systems

The Gambia to finalize data protection legislation by end of year and merge access to information commission with future data protection authority

Central Asia countries to develop intergovernmental agreement on data exchange with openness for other countries to join

Armenia to pilot small-scale cross-border data-sharing initiatives in consular, migration, or environmental areas

African countries to establish continental data governance framework and increase representation in global standard-setting bodies like ISO, IEEE, and ITU

Unresolved issues

How to effectively handle indigenous language preservation and data sovereignty concerns in the context of AI and large language models

Balancing privacy rights with freedom of information and expression rights in harmonized frameworks

Addressing the regulatory divide between EU member states and non-EU countries in Southeastern Europe for seamless data cooperation

Managing the complexity of over 2,000 languages across Africa in data governance frameworks

Establishing clear protocols for distinguishing between sensitive and non-sensitive data categories across different jurisdictions

Creating adequate safeguards against digital colonization while enabling beneficial cross-border data flows

Developing capacity and infrastructure in countries without existing IGFs or mature institutional frameworks

Suggested compromises

Two-in-one system combining data protection and access to information oversight in single authority to balance competing rights (as implemented in Serbia and planned for The Gambia)

Using colonial languages (English, French, Spanish, Portuguese) as interim solution for African language data governance while working toward indigenous language solutions

Creating trustworthy equivalence rather than identical laws for mutual recognition of data protection frameworks

Establishing formal cooperation channels between countries’ data protection agencies with clear protocols for audits and enforcement coordination

Starting with bilateral one-to-one meetings between stakeholders before expanding to multilateral dialogue in countries without established frameworks

Mapping regulatory bottlenecks in cross-border data sharing to identify specific areas for targeted bilateral and multilateral cooperation

Protection of personal data, as well as the right to privacy in general, is one of the most threatened fundamental human rights in today’s era of rapid development of modern technologies… Just as a day cannot exist without night, summer without winter, so the processing of personal data cannot exist without its protection.

Speaker

Milan Marinovic (Commissioner, Serbia)

Reason

This philosophical framing elevated the discussion from technical compliance to fundamental human rights, using powerful metaphors to illustrate the inseparable relationship between data use and protection. It challenged the common view that privacy and innovation are in tension.

Impact

This comment shifted the entire tone of the discussion from technical implementation to rights-based approaches. It influenced subsequent speakers to frame their responses in terms of balancing rights rather than just regulatory compliance, and set up the foundation for later discussions about balancing privacy with other human rights like freedom of information.

My idea is to form an association of DPAs named E-association of DPAs from all over the world on a global level in an online format… I plan next week to send to all DPAs in the world email in which I will explain the idea of creating an association and ask them did they support this idea.

Speaker

Milan Marinovic (Commissioner, Serbia)

Reason

This was a concrete, actionable proposal that moved beyond theoretical discussion to practical implementation. It demonstrated how regional cooperation could scale to global cooperation and showed initiative in creating new institutional frameworks.

Impact

This proposal energized the discussion and influenced other panelists to think more concretely about actionable steps. It led to Olga offering to host a side meeting during CDIG, showing how one concrete proposal can catalyze additional collaborative initiatives.

It’s not just about a whole of government. I understand why The Gambia is doing a whole of government, but for us at the regional perspective, we’re looking at a whole of society because this is absolutely vital… It’s about harmonisation at the regional level, but not homogenisation.

Speaker

Folake Olagunju (ECOWAS)

Reason

This distinction between ‘whole of government’ and ‘whole of society’ approaches was intellectually significant, recognizing that data governance affects everyone, not just government entities. The harmonization vs. homogenization distinction was particularly nuanced, acknowledging the need for common standards while respecting local contexts.

Impact

This comment broadened the scope of the discussion to include all stakeholders and influenced how other speakers conceptualized inclusive governance. It also provided a framework for thinking about regional cooperation that respects sovereignty while enabling interoperability.

Kyrgyzstan doesn’t use centralization and localization of data. Centralization of data has risks for data protection and localization of data creates additional burden to business. This approach differs from many neighboring countries like Kazakhstan and Uzbekistan where data centralization and localization of data is used.

Speaker

Tattugal Mambetalieva (Kyrgyzstan)

Reason

This was a bold counter-narrative to the common assumption that data localization equals data sovereignty. It challenged conventional wisdom by arguing that decentralization might actually be better for both privacy and business, offering a different model from regional neighbors.

Impact

This comment introduced complexity to the discussion about data sovereignty approaches and showed that there isn’t one-size-fits-all solution. It prompted reflection on different models and their trade-offs, contributing to a more nuanced understanding of policy options.

So, the data will run out of your countries, and your people and the country don’t own the data. This is called digital colonization. So, the new protocol and the solid and the lingual AI is helping to anti, you know, this kind of a digital colonization.

Speaker

Audience member (Singapore IGF)

Reason

The introduction of ‘digital colonization’ as a concept was provocative and reframed data governance as an anti-colonial struggle. This connected historical power dynamics to contemporary digital issues, particularly relevant for the Global South participants.

Impact

This comment resonated strongly with the moderator and several panelists, as evidenced by the moderator’s response: ‘Data colonization and data sovereignty are key issues in our conversation from where many of us come from.’ It added a critical perspective that connected technical discussions to broader issues of global power and equity.

I, as someone who deals with the protection of personal data, feel like a cat at a dog’s exhibition.

Speaker

Milan Marinovic (Commissioner, Serbia)

Reason

This humorous but insightful metaphor captured the tension that privacy advocates often feel in technology-focused discussions. It acknowledged the challenge of being the ‘voice of caution’ in innovation-driven environments while doing so with self-awareness and humor.

Impact

This comment created a moment of levity that made the discussion more relatable and human. It also established Marinovic as someone who could balance serious concerns with approachable communication, which may have made his subsequent technical proposals more palatable to the audience.

Overall assessment

These key comments fundamentally shaped the discussion by elevating it from a technical policy exchange to a more philosophical and rights-based dialogue. Marinovic’s human rights framing and metaphors set a tone that influenced how other speakers approached the topic, while his concrete proposal for a global DPA association provided a practical anchor for the theoretical discussions. The ‘whole of society’ vs ‘whole of government’ distinction broadened the scope of consideration, and the digital colonization concept added critical depth about power dynamics. Together, these comments created a multi-layered conversation that balanced philosophical foundations, practical proposals, inclusive approaches, and critical perspectives on global digital governance. The discussion evolved from individual country reports to collaborative problem-solving, with participants building on each other’s insights to develop more nuanced and actionable approaches to cross-border data governance.

How can regions effectively balance harmonization with homogenization when developing cross-border data governance frameworks?

Speaker

Folake Olagunju

Explanation

This addresses the challenge of creating unified regional standards while respecting individual country nuances and sovereignty

What specific mechanisms can be established to create mutual recognition of data protection frameworks between countries with different legal systems and institutional maturity levels?

Speaker

Wairagala Wakabi

Explanation

This explores how countries can work together despite having different levels of development in their data protection systems

How can the proposed E-association of DPAs be structured and implemented to facilitate global cooperation among data protection authorities?

Speaker

Milan Marinovic

Explanation

This follows up on the Commissioner’s initiative to create a global online association of data protection authorities for knowledge sharing and cooperation

What are the practical steps for implementing controlled test environments for interoperable platforms across member states in different sectors?

Speaker

Folake Olagunju

Explanation

This addresses the need for pilot programs to test cross-border data sharing in sectors like health, education, and identity systems

How can countries with over 2,000 indigenous languages effectively implement language-preserving AI and data governance protocols?

Speaker

Dr. Ismaila Ceesay and Singapore IGF representative

Explanation

This explores the challenge of preserving linguistic diversity while implementing modern data governance frameworks

What is the level of awareness and potential for adoption of the SOLID protocol across different regions for addressing data sovereignty and digital colonization?

Speaker

Singapore IGF representative

Explanation

This investigates how emerging technologies can help countries maintain control over their data while enabling cross-border flows

How can countries without established IGFs or local internet governance structures initiate data governance conversations and which stakeholders should lead this process?

Speaker

Participant from The Bahamas

Explanation

This addresses the practical challenge of starting data governance initiatives in countries with limited existing infrastructure

How can data protection laws be designed to ensure all human rights are respected, particularly balancing privacy rights with freedom of information and expression?

Speaker

Joseph from Wikimedia Foundation

Explanation

This explores the complex challenge of protecting multiple human rights simultaneously without one undermining another

What specific criteria should be used to distinguish between sensitive and non-sensitive data categories at both national and regional levels?

Speaker

Folake Olagunju and Meri Sheroyan

Explanation

This addresses the need for clear categorization systems to facilitate appropriate data sharing while maintaining security

How can small-scale pilot initiatives for cross-border public service delivery be designed and implemented in areas like consular services, migration, and environmental cooperation?

Speaker

Meri Sheroyan

Explanation

This explores practical approaches to testing cross-border data sharing through specific use cases