WS #257 Data for Impact Equitable Sustainable DPI Data Governance

Summary

This panel discussion focused on the critical role of data governance in enabling equitable and inclusive outcomes from Digital Public Infrastructure (DPI), examining how governance frameworks must evolve to balance innovation with accountability. The conversation was moderated by Priya Chetty from Research ICT Africa and featured experts from various sectors discussing the intersection of data governance, DPI implementation, and sustainable development goals.

Souhila Amazouz from the African Union Commission outlined continental policy frameworks, particularly the African Union Data Policy Framework adopted in 2022, which aims to create integrated data governance approaches across Africa. She emphasized the concept of “data justice” to ensure equal representation in digital spaces and highlighted that while 60% of African countries have data privacy laws in place, only 7% have interoperable digital payment systems. Andrew Vennekotter from Amazon Web Services stressed the importance of getting data governance right for AI innovation, advocating for risk and principles-based frameworks that focus on security, responsible AI implementation, and human-in-the-loop approaches rather than premature technology mandates.

Payal Malik raised critical concerns about market concentration risks in DPI ecosystems, warning that private entities operating on public infrastructure rails could engage in data extractivism without proper governance frameworks. She argued for contractual arrangements and fiduciary obligations to prevent the creation of monopolistic enclosures while maintaining the public nature of DPI. Thomas Linder emphasized civil society’s crucial role as a third sector voice, advocating for local adaptation and operationalization of governance frameworks rather than cookie-cutter approaches.

Mariana Rielli from Data Privacy Brazil presented findings on integrating data protection frameworks with DPI governance, moving beyond privacy-focused approaches to encompass broader fundamental rights and accountability mechanisms. The discussion highlighted real-world challenges through examples from India’s healthcare DPI implementation, where exclusion of vulnerable populations and privacy concerns have emerged despite system efficiencies. The panel concluded that effective DPI governance requires integrated, multi-stakeholder frameworks that address not only privacy and security but also competition, inclusion, and democratic participation to ensure that digital public infrastructure truly serves public interests.

Keypoints

## Major Discussion Points:

– **Data Governance as Critical Infrastructure for DPI Success**: The panelists emphasized that effective data governance frameworks are essential for Digital Public Infrastructure (DPI) to deliver on its promises of digital transformation, inclusion, and sustainable development. Without proper governance, DPI cannot achieve its potential for equitable outcomes.

– **Public-Private Partnership Challenges and Market Concentration Risks**: Significant concerns were raised about how private entities operating on public DPI platforms may engage in data extractivism, create monopolistic enclosures, and concentrate market power. The discussion highlighted the need for contractual frameworks and regulatory oversight to ensure public interest is maintained.

– **Integration of Rights-Based Frameworks Beyond Privacy**: Panelists argued for moving beyond traditional privacy-focused approaches to incorporate broader data protection principles, including informational autonomy, self-determination, and contextual integrity. This includes embedding accountability mechanisms and ensuring fundamental rights are protected in data flows.

– **Multi-Stakeholder Governance and Civil Society Role**: The conversation emphasized the critical importance of including civil society organizations in DPI governance design and implementation, recognizing their unique position to represent diverse community interests and bridge between technical implementation and local contexts.

– **Real-World Implementation Lessons and Challenges**: Drawing from examples like India’s healthcare DPI and Brazil’s data protection framework, the discussion highlighted both the benefits (efficiency gains, improved service delivery) and significant risks (exclusion of vulnerable populations, privacy violations, stigmatization) of current DPI implementations.

## Overall Purpose:

The discussion aimed to explore how data governance frameworks can be evolved and strengthened to ensure that Digital Public Infrastructure delivers equitable and inclusive outcomes. The session sought to move beyond technical efficiency considerations to address broader questions of digital rights, market concentration, and democratic participation in DPI development and implementation.

## Overall Tone:

The discussion maintained a constructive and collaborative tone throughout, with panelists building on each other’s insights rather than debating opposing viewpoints. The conversation was notably solution-oriented, with speakers acknowledging challenges while focusing on practical recommendations and frameworks. There was an underlying sense of urgency about getting governance frameworks right, particularly given real-world examples of both successes and failures in current DPI implementations. The tone remained academic and policy-focused while being grounded in practical, on-the-ground experiences from various global contexts.

Speakers

**Speakers from the provided list:**

– **Chetty Pria** – Moderator, Research ICT Africa (digital policy think tank based in Cape Town, working across Africa on digital equality and data justice)

– **Souhila Amazouz** – Senior ICT Policy Officer, African Union Commission (over two decades of experience in ICT frameworks, policy frameworks, digital policy frameworks, data policy frameworks, regional harmonization efforts and technical support to member states in Africa)

– **Andrew Vennekotter** – Senior Manager, Amazon Web Services (expert in cybersecurity and assurance work, former NASA employee, worked in public sector for many years, now leading public-private efforts at AWS)

– **Malik Payal** – Senior Advisor, International Council for Research on International Economic Relations (ICREA) (formerly based at Competition Commission, works at intersection of economics, competition, and policy)

– **Linder Thomas** – Senior Coordinator, Open North (works on initiatives related to data governance, citizen engagement, and data justice)

– **Mariana Rielli** – Co-Executive Director, Data Privacy Brazil (brings perspective from Brazil’s ground experience with data governance work)

– **Audience** – Various participants asking questions and providing comments

**Additional speakers:**

– **Nikita Jain** – Online moderator, Economist with the International Council for Research on International Economic Relations (ICREA)

# Comprehensive Report: Data Governance for Equitable Digital Public Infrastructure

## Executive Summary

This Internet Governance Forum panel discussion examined the critical intersection of data governance and Digital Public Infrastructure (DPI), focusing on how governance frameworks must evolve to ensure equitable and inclusive outcomes. Moderated by Priya Chetty from Research ICT Africa, the session brought together experts from continental policy organisations, technology companies, civil society, and academic institutions to address fundamental questions about power, equity, and democratic governance in the digital age.

The discussion revealed the complexity of DPI governance challenges, with participants examining both the transformative potential of DPI and the significant risks that must be addressed through comprehensive governance frameworks. Key themes emerged around the inadequacy of traditional data protection approaches, the risk of market concentration in public-private partnerships, and the need for integrated governance frameworks that prioritise public value creation.

## Opening Framework: African Continental Perspective

### Setting the Context for Data Justice

Priya Chetty opened the discussion by establishing the African continental context, explaining that the African Union Data Policy Framework, adopted in 2022, represents a significant shift towards integrated data governance approaches across Africa. She introduced the concept of “data justice” as ensuring equal representation of all people in the digital space, including diversity of languages and cultures.

“The African Union Data Policy Framework was adopted in 2022, and it really tries to take an integrated approach to data governance across Africa,” Chetty explained. “It introduces this concept of data justice, which is about ensuring equal representation of all people in the digital space, including diversity of languages and cultures.”

Chetty outlined the current state of DPI implementation across Africa, noting significant disparities: while 60% of African countries have established data privacy laws, only 7% have implemented interoperable digital payment systems, and merely nine countries possess real-time data exchange capabilities. This uneven development landscape underscores the importance of harmonised approaches while respecting local contexts.

She positioned DPI as potentially transformative for Africa’s integration agenda, capable of accelerating achievement of Agenda 2063 goals through multi-stakeholder, multi-sectoral, and secure data sharing systems. However, she emphasised that realising this potential requires addressing fundamental questions of data justice and equitable participation.

## Continental Policy Perspective

### African Union’s Integrated Governance Approach

Souhila Amazouz from the African Union Commission elaborated on the continental framework, emphasising how the African Union Data Policy Framework moves beyond traditional transparency measures to actively address equity concerns in digital infrastructure development. She highlighted the framework’s focus on harmonisation while respecting diverse national contexts and capacity levels.

Amazouz stressed that DPI represents a “game changer” for African integration, but warned that technical implementation alone is insufficient. “We need to move beyond just the technical aspects to address fundamental questions of how data governance can serve all our people equitably,” she noted.

The continental perspective revealed the challenge of coordinating DPI development across countries with vastly different technological capabilities and regulatory frameworks, while maintaining the vision of seamless, interoperable systems that can serve the continent’s development goals.

## Civil Society and Democratic Participation

### Reframing Governance Beyond Corporate Models

Thomas Linder from Open North provided the civil society perspective, emphasising how traditional corporate data governance models are inadequate for public infrastructure. He argued that DPI governance requires fundamentally different approaches centred on democratic participation and social contracts.

“Data governance as traditionally understood originated in corporate spaces focused on efficiency and effectiveness, but DPI governance requires different approaches centred on social contracts and democratic participation,” Linder observed.

Linder outlined four key ways civil society organisations can contribute to DPI governance: policy and research work, advocacy for collective ownership models, direct advocacy and accountability work, and capacity building initiatives. He emphasised that civil society serves as an essential third-sector voice to balance state and corporate interests while adapting high-level governance principles to local contexts.

“Civil society organisations have a crucial role in ensuring that DPI implementations serve community needs and maintain democratic accountability,” Linder stated, highlighting the importance of community participation in governance frameworks.

## Economic Analysis and Market Dynamics

### Platform Economics and Monopolisation Risks

Payal Malik from the International Council for Research on International Economic Relations (ICRIER) introduced critical economic analysis of DPI platform dynamics. She highlighted how the economics of multi-sided platforms create inherent network effects that can lead to winner-takes-all outcomes and monopolisation.

“The economics of multi-sided platforms where DPIs essentially function as platforms connecting multiple actors create inherent network effects that can lead to winner-takes-all outcomes resulting in the creation of monopolies,” Malik explained.

She identified a crucial “regulatory blind spot” where private entities operating on public platforms may engage in data collection and usage without adequate oversight, potentially creating “monopolistic enclosures and data hegemony in public-private partnerships.”

Malik argued for comprehensive contractual arrangements and fiduciary obligations to ensure private partners uphold public interest and maintain competitive neutrality in DPI implementations. She emphasised that without proper governance frameworks, there is significant risk that public data and infrastructure will be leveraged for private gain without corresponding public benefit.

## Private Sector Innovation Perspective

### Balancing Innovation with Accountability

Andrew Vennekotter, representing the private sector perspective with experience from NASA and U.S. government technology initiatives, advocated for risk and principles-based frameworks that enable innovation while ensuring accountability. He emphasised the importance of getting data governance right for AI innovation, arguing that premature technology mandates could stifle beneficial developments.

Vennekotter cited a Harvard Business School study showing that AI tools can improve task completion by 12.7% while democratising expertise across skill levels. “This demonstrates the potential benefits of AI when properly governed, but we need frameworks that don’t stifle this innovation through overly prescriptive regulations,” he argued.

He highlighted significant compliance costs associated with prescriptive regulatory approaches, noting that compliance can reach 40% of product value in some jurisdictions. Vennekotter advocated for frameworks based on established standards like the NIST AI Risk Management Framework and ISO 42001, focusing on security, responsible AI implementation, and human-in-the-loop approaches.

“Data governance must focus on risks and principles-based frameworks rather than premature technology standards to enable innovation,” Vennekotter stated, while acknowledging that technical solutions must be embedded within broader governance frameworks.

## Rights-Based Legal Integration

### Moving Beyond Privacy-Centric Approaches

Mariana Rielli from Data Privacy Brazil presented findings from their new report on integrating data protection frameworks with DPI governance. She argued for approaches that move beyond traditional privacy-focused frameworks to encompass broader fundamental rights and accountability mechanisms.

“Economic value being generated by data, regardless of how that is shared, does not per se guarantee the achievement of public value if the rights of people are being neglected,” Rielli observed.

She distinguished between economic value generation and public value creation, emphasising that economic benefits do not automatically translate to public good if people’s rights are neglected. Rielli introduced concepts including “contextual integrity” and briefly mentioned “informational separation of powers” as frameworks for thinking about data governance that go beyond simple privacy protection.

Rielli argued that data protection frameworks should be integrated into DPI discussions as procedural rights that provide rules for just information flows, recognising data protection as containing preventive and precautionary principles that can help ensure DPI implementations serve public rather than private interests.

## Real-World Implementation Challenges

### Lessons from India’s Healthcare DPI

The discussion was grounded through examination of India’s healthcare DPI implementation, presented by audience member Erum via online moderator Nikita Jain from ICRIER. This case study revealed both potential benefits and significant risks of current DPI implementations.

While the system has created efficiencies in patient data sharing among doctors, significant adverse outcomes have emerged. People with chronic diseases such as leprosy, or people with disabilities, struggle with Aadhaar enrollment processes. Most concerning, patients with diseases carrying social stigma, such as HIV and AIDS, exclude themselves from using the Ayushman Bharat Digital Mission (ABDM).

“Although there have been efficiencies in patient data sharing among doctors, significant adverse outcomes have been realised as well. People with chronic diseases, like leprosy, or people with disabilities, struggle with Aadhaar enrollment. Patients of diseases with social stigma, such as HIV, AIDS, exclude themselves from using ABDM,” the audience member reported.

This real-world example demonstrated how technical solutions can reproduce and amplify existing social inequalities despite stated goals of inclusion, effectively creating a two-tiered healthcare system where those most in need of services are least able to access them through the digital system.

## Key Themes and Recommendations

### Integrated Governance Frameworks

Throughout the discussion, speakers emphasised that traditional data protection approaches focusing solely on individual consent and privacy are insufficient for DPI governance. Instead, comprehensive, integrated frameworks are needed that address structural issues, public value creation, and equitable outcomes.

### Multi-Stakeholder Collaboration

Speakers consistently emphasised that effective DPI governance requires collaboration across government, private sector, and civil society organisations. This multi-stakeholder approach was seen as essential for ensuring balanced representation of interests and equitable outcomes.

### Addressing Implementation Gaps

The varying levels of DPI maturity across regions, particularly in Africa, require sustained attention to capacity building and institutional development. Speakers highlighted the need for approaches that can integrate existing digital systems rather than replacing them entirely.

### Preventing Market Concentration

The discussion emphasised the need for contractual arrangements and regulatory frameworks to prevent private monopolisation of public infrastructure, ensuring that DPI serves public purposes rather than private profit maximisation.

## Conclusion

This comprehensive discussion revealed both the transformative potential and significant governance challenges of Digital Public Infrastructure. The conversation demonstrated sophisticated understanding of the need to move beyond technical implementation to address fundamental questions of equity, rights protection, and democratic participation.

The real-world examples of both successes and failures in current DPI implementations underscore that these are urgent practical challenges affecting millions of people’s access to essential services. The emphasis on data justice, equity, and inclusion reflects growing recognition that technical efficiency alone is insufficient—DPI must actively work to serve all populations, particularly the most vulnerable.

The path forward requires continued collaboration across sectors, sustained attention to capacity building, and commitment to learning from both successes and failures in current implementations. Only through comprehensive governance approaches can DPI fulfil its promise of enabling equitable digital transformation while avoiding the risks of market concentration, exclusion, and rights violations that current implementations have revealed.

Chetty Pria: Good afternoon, everyone, and thank you for joining us after the tea break. We are very excited today about this particular panel because it brings the data conversations that we’ve been having, I think, across the last few days into focus. And today we’re speaking about data for impact and its correlation with digital public infrastructure and how we can evolve and shift our approaches to data governance to bring more equitable and inclusive approaches to data governance. This correlates, I think, with IGF Subtheme 2, which is around building sustainable and responsible innovation. And I think this has really been our experience as we’ve worked across digital public infrastructure, artificial intelligence more recently, policies that are centred on micro and small enterprises in the digital economy, and various other subjects interrelated with this subject that data governance is really being looked to as a model to bring more equity and inclusion in what technology and innovation promises in this age. So, a quick introduction of myself, the moderator for the session. My name is Priya Chetty. I come from Research ICT Africa. We are a digital policy think tank based in Cape Town, but working across Africa on a range of programmatic areas around digital equality and data justice. Your online moderator today is Nikita Jain. You’ll see her. Hello to all the online participants. You’ll see Nikita with you. She is an economist with the International Council for Research on International Economic Relations, ICREA. So welcome, online participants, and thank you, Nikita, for the online moderation. So, just a few thoughts to set the scene for today. We’ve had a number of conversations around digital public infrastructure, and really this opportunity that is presented by DPI as a foundational layer technology option for digital transformation across society. And so we’ve had a number of discussions in the lead up to this on DPI. And the promise in digital public infrastructure to drive national digital transformation, to drive regional digital transformation, to foster innovation, and to produce some outcomes for sustainable development. What is the promise behind DPI for sustainable development? At the same time, we have this realization that the ambition that we have for DPI is not realized unless we have relevant governance frameworks to give us direction, to give us a strategy, and to keep us accountable for what we will do with DPI. So, what we want from the technical perspective is high levels of efficiency. And sometimes there can be an overfocus, I suppose, on the technical side of things. So we want to have a balanced approach that is about technical efficiency, but also about equitable outcomes. If we are investing in digital public infrastructure. We want to have a fair degree of openness in terms of the systems, in terms of the applications, and in terms of the data. And at the same time, we want to balance this with assurances that we need to give society and users about the security of the data, and the protection of the data, and the assurances that will be built into the systems and applications that are constituted by digital public infrastructure. So, what we are speaking about is that we want to advance the innovation, and at the same time, we want to make sure that the governance delivers an accountability framework that we can rely on as we implement digital public infrastructure. When we speak about data governance specifically, we first speak about the association between data governance and digital public infrastructure. We have come to recognize that how we govern the data, the data exchange component, not just as a pillar of DPI, but across digital identity and digital payments implementation, really determines whether DPIs can deliver on this promise. That data governance has become so integral to the objectives of digital public infrastructure. And this is where we speak about how we are going to, one, adapt our data governance frameworks so that we can foster the innovation that we need, because we need to see the data moving across this layer at the system level. And also, how we can broaden the participation of those who are engaging with the digital public infrastructure for data-led value creation. Can they participate in the data value chain? So, when we speak about data governance, it isn’t just about the protection mechanisms and the accountability mechanisms. It’s also about whether it can be used and leveraged, the governance that we have It’s also about whether it can be used and leveraged, the governance framework, to empower citizens digitally. Can changes in access to data and use of data and sharing and exchange of data at all levels of society empower citizens and users of DPI? And when we enable this kind of integrated data governance framework, can we unlock this sustainable development gain? The challenge that we see at the same time is that this requires a different orientation to data governance. So, a reference that we work with at Research IST Africa and now a model that has been absorbed into the Global South is the African Union Data Policy Framework. And this particular framework is looking at this integrated approach to data governance. It speaks about whether the frameworks that we have currently provide for the essential digital and data rights for all. And we don’t just mean the right to privacy or the right to information. We’re speaking about the right to meaningful connectivity. Whether the frameworks actually do allow this data exchange for equitable and beneficial data access. So, where citizens are not just the providers of data, but they are in fact using the data in beneficial ways. Whether these frameworks are adequate for transparency, accountability, and responsible data use. Whether the mechanisms of enforcement and redress are there and apparent in the frameworks or whether we need to improve them to address issues of bias that can present in the data or rights violations. Do we need stronger oversight or interoperability mandates? And when we see this unique coming together of public and private sector in new models of cooperation, do we have the necessary mechanisms in our broader data governance frameworks? Not just in our data protection frameworks or in our access to information laws, but also in our consumer protection laws and our market mechanisms, our competition laws and policies to prevent monopolization while also fostering this open innovation. And that brings us to our session today. Which we hope will be interactive and we hope that you will engage with us on recommendations that we can take forward.

Souhila Amazouz: There’s been a lot of conversations on what we need. But how exactly are we going to do it? So we’re going to hear from our fantastic panelists today who are each going to bring unique perspectives from their work and their on the ground work in this space. And then we’re going to have some audience engagement where I hope you will not just raise questions for the panelists but also share your recommendations and your experience working in this space. I think what’s wonderful about the IGF is that we’re in a room of experts where everyone is equally vested in this topic but also actively engaged in this topic. So with that, I want to bring our panelists into the conversation. We are delighted to have with us today Sohila Amosu who joins us from the African Union Commission where she’s a senior ICT policy officer and has been engaged in over two decades in various situations of ICT frameworks, policy frameworks, digital policy frameworks, now data policy frameworks, including in the regional harmonization efforts and technical support to member states in Africa. We have Andrew Fenecotta from Amazon Web Services. He’s a senior manager there. And to date the only person that I know who’s worked at NASA but he has. He is an expert in cybersecurity and assurance work in the trust area and worked for many years in the public sector and now leading public-private efforts at AWS. We have Payal Malik who’s the senior advisor to the International Council for Research on International Economic Relations, ICREA. And Payal for many years has been based at the Competition Commission where she advised and informed policy shifts. So her work is at the intersection of economics, competition, and policy. We have Thomas Linder with us from the Open North. He’s a senior coordinator on various initiatives related to data governance, citizen engagement, and to data justice. And we have Mariana Rielli who’s the co-executive director of Data Privacy Brazil and brings a fascinating perspective where Brazil is really encountering these issues on the ground already and so really looking forward to Mariana’s perspective. perspectives from the ground in Brazil with her data governance work. So, over to our panelists. Souhila, if I can come to you first for your continental and public sector perspective. Can you paint the picture for us? What are the relevant continental policy frameworks that guide data governance for DPI? Especially when we speak about equitable and inclusive outcomes for society from DPI. And what is your experience with those frameworks? What can you share from your experience of engaging with those frameworks and lessons here for the IGF community? Good afternoon. Do you hear me? Good afternoon. Thank you. First of all, I would like to thank Research ICT Africa for extending the invitation to the African Union Commission to be part of this important conversation on how to develop or to advance effective and well-functioning data governance frameworks and mechanisms to support the deployment of digital public infrastructure, knowing that data is a foundational component of DPI. So, to respond to your question, I would say that from our African Union perspective, we see DPI as a game changer. Like for Africa, it will help to support our integration and development agenda. It has the potential to accelerate the attainment of the Agenda 2063 and advance digital transformation, and also address the socio-economic inequalities, knowing that DPI is a concept of integrated systems and the operability of digital systems that will create a platform for citizens’ participation, and also it will improve lives as it will facilitate access to essential services, and this will really help to bridge the digital divide affecting the continent. It also has the opportunity to create new business opportunities for people, like to boost intra-Africa digital trade, the development of an inclusive digital economy. And also, we really aim that through the implementation of the DPI concept, we can achieve the digital prosperity and inclusion of the continent. So, at continental level so far, we don’t have a continental policy on DPI, but we have many strategic frameworks that have been adopted in recent years. They are laying the foundation for the development of DPI across the continent. Maybe, as you mentioned, the main one is the African Union Data Policy Framework that was adopted in 2022. Our main objective is to see how to harness the potential of data to transform the economies and societies, and also it aims to build the capabilities of African countries when it comes to data, like how to manage data, to have the data storage capacities, and also to create a kind of data exchanges at national level that will help data access and also facilitate data transfer. So, the data policy frameworks lay the foundation for the development of integrated data governance approach across the continent, and we are now in the implementation phase, as we are implementing the framework through a continental initiative, which is a data governance initiative for Africa, where we support all African countries to develop their national data strategies or policies, to develop capacities, because there is also a need to build institutional and human capacities in data to enable data, to make data available, to enable data access, use data sharing, and it is one of the main conditions that will enable us to develop DPI. So, just to highlight that all this, another framework that is directly related to DPI is the interoperability framework for digital ID, which is also a continental framework that was adopted in 2022. It aims to create space for countries to agree on minimum standards and technical parameters, and also harmonization of policies and regulations to facilitate and enable the use of digital ID across the continent. There is also an initiative on digital payment, where we created a Pan-African payment and settlement system in Africa. It is a digital platform that is already operational, that aims to facilitate payment across the continent without relying on foreign policies. So, this is the key strategic frameworks that we have in place, but both of them are in the implementation phase, and all of them are aligned with our main core values, like the principles of equity and integrity, and also we introduced a new concept of data justice and also transparency. Through the data justice, we aim to ensure equal representation to all people in the digital space, including the diversity of languages and cultures. So, as I said, we are now working with all countries to develop national capacities, because it is important. At the same time, also, we have many countries that have started implementing DPI at national level. We have countries that advance DPI as a national priority, such as South Africa, they are also pushing through the G20 also for DPI, and we have other countries that are really making good progress in advancing DPI as an integrated approach. Like, we have already progressed when it comes to advancing digital ID systems and also some experiences on digital data exchanges. For instance, we have around 60% of African countries, they have already the data privacy in place. We have like 60% also, they have in place transactions, legislations, and when it comes to the countries with data exchanges, we have 28 countries so far, they have data exchanges. Among them, they have 22, they are cross-sectoral data exchanges, but only nine of them, they have real-time data exchanges. And we have so far, 35% of African countries, they have in place some kind of digital payment systems, but only 7% of them, they are interoperable, which shows that there is work in progress. There is a lot of policy development and also implementation, while at the same time, we try to align to the African context. We know that our main challenge is to address the infrastructure and digital deficit, while at the same time, integrating all what is related to digital transformation, including DPI in the national development agenda. I stop here and I would be happy to come back if there are any questions. Thank you. Thank you so much, Sina, and I think you’ve already introduced

Chetty Pria: into this conversation a few defining concepts for us to take forward. The one, signaling the need for interoperability of the data and the data systems, if we are really going to unlock the access to the digital services in our digital transformation ambitions. The second, data justice, where access to data benefits all, and seeing how we meaningfully deliver on that. You spoke about integrated governance and you also gave us a picture, I suppose, of the data ecosystem that we see across the continent and the need to boost the maturity of the data ecosystem. I wonder if I could bring Andrew into the conversation now. Sihila spoke a little to the ambitions of the continent and what the digital transformation ambitions are that rely heavily on innovation. So, I wanted to ask you, what is the reason for us to get the data governance right if we want to enable this kind of DPI innovation? Why is data governance so critical in this space? And I wonder, Andrew, if you can draw on your public sector and your private sector experience. Sure. So, thanks. And I want to say, first of all, I appreciate the

Andrew Vennekotter: opportunity to speak at this event. One of my, actually my last posting for the U.S. government was in Ghana. So, I spent a year living in Accra. So, to any Ghanaians out there, thank you for welcoming me to this. So, let me start with why getting data governance is so critical for enabling innovation. At its core, data governance is about asserting positive control over, especially in the AI world, generative AI outputs. So, we have to ensure that they’re not just useful, but also safe and beneficial. And so, while large language models are becoming increasingly sophisticated generating content, reducing hallucinations, and performing deep research, there’s no shortcut for around good data governance. The better we help AI understand our data, the better results we’ll achieve. And that goes for, you know, private companies and governments and public organizations alike. But then, you have to also think about security, which is a critical part of data governance. So, security is a fundamental aspect of governance frameworks. It can’t be an afterthought or a bolted-on solution. It has to be woven into organizations’ cultural fabric and prioritized by leadership, which means carefully selecting providers and partners in the public and private sector who demonstrate a strong security culture. And clear data ownership is also crucial. So we also recommend that organizations work with partners to establish distinct ownership boundaries around data and provide tools for secure data management. So another aspect of data governance that we need to get right is a responsible AI, right? You need to have a concrete plan for managing risks. I recommend starting with established frameworks like NIST’s AI Risk Management Framework or international certifications like ISO 42001. Those provide structured approaches to developing AI safely while limiting potential harmful content. And so there’s a lot of, that’s data governance, right? But why do we need data governance? What is the whole point of gathering data, processing and generating new information? What are we doing this for? And I think a lot of the benefits of gen AI have not yet been fully realized by a lot of organizations. So there’s a lot of buzz around it, but I want to share some actual research and exciting findings. There’s a Harvard Business School study recently, actually earlier this year, that investigated 776 professionals at Procter & Gamble and it revealed some pretty remarkable insights. Teams using AI showed significant performance improvements, completing tasks 12.7% faster while producing higher quality work. And what’s particularly interesting is that a single AI-enabled individual was able to perform at levels comparable to traditional teams working without AI. And so it also, the study also found that AI helps break down expertise barriers within organizations. It bridges functional silos between different specialists, such as R&D, commercial teams, and enables professionals to produce more balanced solutions regardless of their background. This democratization of expertise is transforming how organizations operate. It’s also enabling people who are, who may not be extremely technical or engineers to start thinking about creative solutions to technical problems in new ways, which is, I think, something that we’re all interested in. And we’re seeing these benefits in some real-world applications. And, you know, not speaking for all providers, but for us, we have a customer, YC, and they’re using AI to revolutionize medical writing, regulatory medical writing, which is significantly accelerating the delivery of new medicines. And by maintaining a human-in-a-loop approach, they ensure not only regulatory accuracy and compliance, but also save pharmaceutical companies thousands of hours in document preparation time. And so that human-in-a-loop approach is also critical. It goes back to the risk management framework. We have to think about where humans need to be, in fact, involved in the AI data governance. So that’s a critical thing that all organizations, public or private, should be thinking about. So, you know, we talked a lot about, we talked a lot about, like, governance and regulation. So when does government regulation of technology make sense? I think where it makes sense is when we focus on risks and principles, right? So we need to develop frameworks based on risks and principles, because the, you know, if we, if we, the compliance costs for most government imposed regulations are pretty high. In the EU, they’re about 40% of the total product’s value, right? So if you think about how to enable innovation, and you’re already taxing an organization’s resources with 40%, you can think of all the different things you can do with that, with those resources. And so harmonizing standards is also critical, right? So enable, to enable international cooperation and things like data governance. We need to figure out how to make the standards work together with each other, because technology does not have borders anymore, really. And so the more we can enable innovation everywhere in the globe, the more the entire globe benefits from that. So we also need to think about when not to do that, right? When should we be cautious when mandating new standards? Because I think we’ve all can think of an example of a standard regulating something when the technology advances much faster than the standard. And so that’s not to say that we shouldn’t do standards. Obviously we should, we have lots of standards that we comply with in my organization. But it just means that we need to make sure that the technology is in a settled place, in a place that will allow for the use of standards in a smart way that thinks about the risks and principles involved. And so the second thing we need to do is to accelerate private sector digital adoption. And that means streamlining access to private finance for startups and government funding for businesses, a factor that 45% of businesses decide is critical. We also need to think about lifting up all boats by building digital skills. So 84% of businesses see AI skills as crucial but only 26% feel adequately prepared. And that goes for the entire globe, right? Especially if you think about some of the great innovations going on in Ghana where I served. I knew a lot of folks who were itching to spread their products to the globe, but they were facing a limitation of digital skills in terms of the labor workforce. So I think that there’s a lot of work we can do both in the private sector and the public sector to enable that. And then finally.

Chetty Pria: Andrew, I wonder if we could pause there and if we could come back to your recommendations, final recommendations in the closing remarks. I thought it was a good point to bring in AI innovation as an example and to then use that as a proxy for speaking about the positive control that we might need over some of the AI innovation outputs. But at the same time, I think it’s a good time to bring in Payal now. What we’re seeing, especially in DPI, and Andrew has spoken quite a bit about AI as a proxy, but across the DPI, we’re seeing this model of public and private participation and this model of public-private sector coming together to implement DPI. And I wanted to come to you to give us a perspective on how this is influencing markets and what some of the key data governance challenges are that are emerging in that space. Are there risks of market concentration, data extractivism, privatization of public data? I make these three points because I have inside information having collaborated with you on a recent paper. But I wonder if you could come in at this point. What is the interplay between the public and private sector? What are the risks we should be aware of? And what is the potential for data governance to address some of those risks?

Malik Payal: Thank you, Priya. And yes, as you mentioned about that T20 policy brief, which we did, it was really great to collaborate with you because these issues which were not discussed in the DPI ecosystem, especially the role of data governance, etc., and how it may be a competition issue as well. So as we all know, DPI’s distinguished characteristics, and that’s what we are all excited about because it is really transformational when it comes to public service delivery, characteristics of openness, interoperability and scalability to underscore DPI’s criticality beyond just technology, but for the larger goals of public and private service delivery. So what was pathbreaking with this kind of technology where the public infrastructure was kind of rails that they provided a network or gateway that enabled other entities, and especially the private entities, and that’s where the value creation came from, to scale up to a simple plug-and-play system by building digital applications or services on these rails. But the economics of multi-sided platforms where DPI’s are essentially the platforms connecting multiple actors, be it users, be it service providers, be it the applications, the value of the platform to one side increases with increased number of participants on the other side. So these inherent network effects of DPI’s can lead to winner-takes-all outcomes resulting in the creation of monopolies. So in the data ecosystem, there are significant concerns that these applications, which are the private entities trying to create value out of the public infrastructure, may involve or may be extracting a huge amount of data. What are the data usage principles? Are they governed by any, or it is free for all? Because these zero-priced products, because these, for instance, in the case of India’s UPI, it is zero-priced. market for users, but the application providers, that is the TPAP, that is the third party application providers, are harvesting vast amounts of user data over time. Because data is like a shareable modular input that allows these firms, who are then riding on these digital public infrastructure rails, to also expand into adjacent markets. For instance, in the payment system, we are seeing that exploiting these data, harnessed and harvested from these public infrastructures, companies are then getting into retail lending, microfinance, et cetera. So what needs to be done, and that’s why we had started our discussion, that there is an absence of a contractual or regulatory framework which governs these private entities operating on these public infrastructures. So there should be some, to address these challenges, there should be some governance reforms. And what we are discussing at various forums is that DPI must be treated as a shared infrastructure and not be converted into exclusive assets because only a handful of companies are then harvesting the data. So there should be some kind of a contractual arrangement or concession agreements between the private entity and the public infrastructure provider to provide for open access, but also put limits on the kind of data which could be collected, the minimization of data collection, et cetera. And these agreements, therefore, should establish fiduciary obligations on the private partners to uphold public interest and competitive neutrality, thereby aligning the private incentives with public goals. So there is currently a regulatory blind spot, if I may say, because if this data collection, data usage by the private entities on these public platforms is not regulated, it may lead to creation of monopolistic enclosures and data hegemony in public-private partnerships. So privileged access to public data sets enables these dominant players to leverage DPI infrastructure and create more dominance in many several markets. And currently, we see that there is an absence of effective governance arrangements which exacerbates the risks of data extractivism, network effects exploitation, and reinforcements of existing hierarchies. So while these DPIs were supposed to be, by design, competitive, and of course they did allow multiple parties to participate, but the fear is they may end up as alt-big tech because of the data misuse and in the absence of data governance. So I can stop here, and there we could just then discuss what are these possibilities, what could be a good data governance framework, not just limited to the data protection laws, but because data protection laws do not take care of these structural infirmities which are arising out of indiscriminate data use by private entities.

Chetty Pria: And thank you so much, Payal, and thanks for sharing also or introducing that what we are witnessing here is these platforms connecting multiple actors. So we’re seeing these network effects, and we do need to ask the question of how we create the value, how do we embed these data governance principles, use the example of digital payments as needing those embedded frameworks, including contractual frameworks, regulatory frameworks. And it comes back to that question of what makes DPI, in fact, public infrastructure? What makes it public? So, and let’s emphasize the concepts of openness, interoperability. Andrew, you mentioned democratization and the need to develop the appropriate standards. And I think that’s where we want to place the emphasis is on the maturity of the governance frameworks we have, but also have that democratization element that you mentioned is so crucial. I wonder if we can come to you now, Thomas, to bring in the civil society perspective and your data justice work. What is the role of civil society here as these governance frameworks are being built? And how do we strengthen data governance frameworks by bringing in the crucial civil society perspective?

Linder Thomas: Thank you, Priya. Hi, everyone. Thanks for inviting me. It’s a pleasure to be here, and it’s a pleasure to follow such excellent speakers. I think from this perspective, I’d like to broaden the scope somewhat and talk about what data governance has become in this conversation about DPI. It’s been becoming this for quite a while when you think about it. Data governance as a term originated in the corporate space and was very tied to questions of efficiency and effectivity as it pertains to corporations and profit-making. However, that’s really not what we’re talking about in DPI that much anymore. I mean, sure, there will be some for-profit elements, but a lot of it is public infrastructure. It’s in the name. So really, we’re talking about something much broader than just questions of efficiency. And as you mentioned, Priya, it comes down to questions of democracy and inclusion and participation and equity and all of those things. And once we understand data governance from that perspective, it becomes far more a question of using data governance to understand the kind of social contract that we’re developing with DPI, right? This isn’t just a simple for-profit venture. This is a redesigning of fundamental parts of society. And from that perspective, including civil society is essential as it has been for a wide range of many other society-changing developments that we’ve had over the last decades. Civil society’s role there has always been as a kind of third sector, right, to balance the interests of the state and to balance the interests of corporate interests. Civil society organizations are in a very unique position in this, from this perspective, to represent different interests of groups and communities that would otherwise have been lost. And this is really essential because they function not just as a different interest, but they also function to represent these interests on different levels. They can be extremely local to transnational. We see all sorts of civil society organizations doing this, whether they’re non-profit or charity or NGO or any other guys. So as we’re thinking about introducing DPI and thinking about the data governance of it, we really need to ensure that we have this third sector voice that can represent these different organizations, these different communities, these different groups at these different levels. So including them in the conversation, including them in the design and implementation and operationalization of data governance is essential as you’re leaving out vast swaths of the people purported to be represented or you served by DPI. So what are the main ways that civil society orgs can participate in this? Because after all, it is largely up to them to take up the baton and do that, as many do. And from my perspective, there are four, if you count it differently, five different ways for civil society orgs to do this. The classic one is policy and research. Then the more, let’s call it the pie in the sky one, is collective ownership over data and also collective ownership and control over software and hardware. A fourth one would be advocacy, representing groups, pushing voices, and finally, capacity building. And I will get into each one of these one at a time. So from the policy and research perspective, civil society organizations, and there are a great number of excellent organizations who do this, have done exceptional work to not just conduct simple policy analysis and provide recommendations, but when we’re talking about this kind of wholesale application of high-level data governance principles, ethical frameworks, et cetera, what’s really needed, what we’ve seen over and over again, is a combination of integration, adaptation, and operationalization to local contexts and conditions. It will never work to simply take one model, one cookie-cutter approach, and replicate it all across the world, certainly not in a place as diverse as Africa. It just doesn’t work that way. You need civil society organizations with a deep embedded understanding of the local conditions who can help to do this integration, adaptation, and operationalization, especially for something like DPI, where there are so many pre-existing, what I like to think of as precursor DPI projects, whether they’re around digital ID, or payments, or data exchange, or whatever the next function is that we add to the DPI complex. Many of these things already exist in some form or another quite successfully, and you… can’t just replace them, they need to be integrated, they need to be adapted. So the top-down ideas of DPI need to be connected to these pre-existing projects on the ground. And the local civil society organizations that know them best are also best suited to help do this kind of work. Then civil society organizations can also help with coordination and translation of this knowledge. I’m thinking here specifically of knowledge gleaned by practitioners on the one hand, so people who’ve been doing the work to operationalize and implement this tech already, but then also the important academic work that happens. And frequently there’s a mismatch between the two, sides don’t talk to each other very well. But civil society organizations can be uniquely situated to help facilitate that connection, to bridge between the two worlds and translate that knowledge that may most effectively be adopted by both sides. We’ve seen several organizations in Africa that do this very well, Research ICT Africa is one, Open Cities Lab is another, Policy is one after that. So they already exist and it’s just a question of championing them further.

Chetty Pria: Thomas, I wonder if we could stop there. I think we’re waiting to get to Mariana as well, because Mariana, this is a good point to come in. As we’ve heard the different recommendations from the panelists and also interesting now to bring you in with also a technical perspective on this topic. So as you’ve listened in, I suppose, what are your recommendations for how some of this can be built into the technical side of DPI? These essential elements, the essential attributes of what we’re speaking about as the just information architecture, if we want to realize these outcomes from DPI. Thank you.

Mariana Rielli: Thank you, Priya. Thank you for the question and also the invitation to be on this panel and to the panelists before me. So I have this tough challenge of having little time and being the last one to kind of try to bring everything together. But we were thinking, I speak from an organization that is based in Brazil and is doing local and global work to promote fundamental rights in the face of datafication processes. And we were acquainted somehow with the idea of DPI as a framing and as a definition and that it is disputed also around the time of the transition between the G20 in India and the G20 in Brazil, which took place last year. And we were asking ourselves, I think some of these same questions, like some more conceptual or what are we talking and some more normative, what is the public and DPI? What should it be? And I think what I heard, I heard a lot about the word integration and integrating frameworks. And we have been attempting based on the Brazilian context where we have fundamental rights to data protection and a very lively current landscape of both legal and institutional movements to kind of give life to this right and to this framework. How that can also be integrated to the discussions of DPI, because I think our hypothesis was that this grammar of data protection was not duly integrated to the discussions of data governance when it comes to DPI. So what we had already at that point had some research and policy work on risks of digital identity systems in the Brazilian context. And those were risks arising from data processing specifically, but also broader risks of discrimination, exclusion. I mean, I think we all know what we’re talking about here, but basically I think our concern was to not frame the problem of data related risks of ID and of digital infrastructure only in terms of privacy, but rather understanding how data protection as a procedural right that has certain mechanisms to be implemented that already involves a whole number of actors that need to be accountable, how that can be better integrated into the discussions of first identity as a backbone of DPI, but also now with the DPI framework. So more recently we produced this new report that kind of seeks to create, to propose that integration. Of course, it considers the Brazilian legal institutional framework for data protection, but we understand that there is a lot of it that is relevant elsewhere. And I think it goes back to the idea that while privacy is substantive, the idea of data protection really starts from the idea that personal information will circulate and should circulate, and it provides the rules and the constraints to ensure that this information flow is just and protects fundamental rights, including privacy, but also other fundamental rights. So we think that this is relevant because I think we think that it provides a bridge to concerns about trust that not being formulated only in terms of trustworthiness of systems, but rather from a relational perspective that centers people, that centers their rights and that creates mechanisms to ensure transparency, accountability, and redress for people. So from this particular context, from this particular read on DPI, the report comes to a few conclusions and attempts to articulate these ideas. I will briefly share them. I know we have very little time, but it starts really addressing the public value in DPI as a condition for it, and that economic value being generated by data, regardless of how that is shared, does not per se guarantee the achievement of public value if the rights of people are being neglected, and that informational autonomy and self-determination at the same time that it ensures that individuals are able to exercise their capacity to develop their personalities, but also to know how their data is being used. It also can generate collective value as it creates more trusting people and also trustworthy databases and even can act as barriers to fraud and identities that affect when you have that kind of relationship being established and using those concepts from data protection and those ideas of self-determination. We also talk about privacy as contextual integrity. I think this is also important to kind of bring into the discussion. This is very confined usually to data protection scholarly circles, but we think that it makes sense in the context of DPI as well, and the informational separation of powers, the idea that at least on the state side of things, there needs to be also administrative oversight and certain mechanisms to make sure that the sharing of data is also not creating more concentration of power on that side of the equation. And finally, there are also some discussions on accountability mechanisms and the idea that data protection is already containing a preventive and sometimes a precautionary principle and accountability mechanisms such as assessments and things that could also be looked at in terms of being updated and being adapted to the context of DPI, but that we think really should not be taken for granted. And I think the idea is that sometimes you have this notion that data protection is solely related to privacy or that it is very individual, but what we try to kind of stress here is whether that framework also can be further assessed in terms of its public value creation. So what we have attempted to do in Brazil recently was that, and I will stop here so that we have some time for questions.

Chetty Pria: Thank you. And thanks so much, Mariana. And I think everyone’s wondering when they can get access to that report or read it. And certainly I am very keen to read it. But thanks for that. And what was really interesting was that you were speaking about embedding the rights frameworks, even in the information flows and speaking about, I suppose, beyond privacy by design. You know, what comes next in terms of these real mechanisms of accountability. And you spoke about autonomy and self-determination. And I think that goes back to what Thomas was describing as the social contract. If we want people to show up, then how do we deliver on the value that was initially promised? And so this has been an excellent set of provocations, I think, for how we get closer to the data governance framework that we need. So thank you, panelists, for bringing those very many perspectives. And Mariana, you also mentioned integrity. I think that ties in with some of what we spoke about in terms of security as well. But placing now the emphasis, even when we speak about integrity, on how we deliver assured data value for citizens. So let’s turn now to our people in the room and let’s ask Nikita if we’ve got any questions. When the screen swapped a little bit, I did see that there were a few comments or perhaps some questions in the chat. Nikita, can we go to you and get a sense of comments or questions that have come up from online participants? And while we’re doing that, can I also ask everyone in the room, if you’ve got a question, to please come up to one of these microphones and we’ll take a round of questions. So, we have one comment, so let me first go through that.

Audience: So, it says that, like, Amin has commented on it. And in Amin’s thoughts, basically, we should structure a DPI in a way that facilitates a seamless cross-border data movement. And this way, it will gonna enable innovations such as AI in designing models. So, that’s one feedback that we have got in the chat. Besides that, there is Erum, who wants to actually discuss the findings of implementation of DPI in India in a healthcare space, like focusing on the ABDM, which is Ayushman Bharat Digital Mission. So, she’s, like, kind of discussing the findings from the Anita Gurumurthy, who is the Executive Director in IT4Change. And she presented it in a seminar. So, I’m just, like, giving a brief of what are the findings that Erum has provided in the chat box. And then the panelists can provide their feedbacks if they have any. So, the findings are, basically, although there have been efficiencies in patient data sharing among doctors and in healthcare aggregate data analytics supporting insurance companies, significant adverse outcomes have been realized as well. So, these include lack of access by many patients to ABDM and ABDM-Cas. For instance, people with chronic diseases, like leprosy, or people with disabilities, struggle with Aadhaar enrollment or authentication, leading to exclusion of those in need of healthcare services, diluting their right to equitable access to healthcare. The next finding is that the prospect of sharing health data in this manner also diverts some from accessing digital healthcare at all. For example, patients of diseases with social stigma, such as HIV, AIDS, exclude themselves from using ABDM. And lastly, the sharing of medical data violates the privacy by design principle. So, these are the findings that have been presented. So, if any of the panelists, yeah, over to you, Priya, then.

Chetty Pria: Thanks so much, Nikita. And I think that’s a great example to use, because I think it makes some of what we are speaking about here really, really come alive. We, I’m looking around, and there aren’t any hands raised. So, please feel, oh, Andrew’s raised his hand. Andrew, can I ask you, when you raise your hand as well, to also maybe just share a closing thought, and perhaps it’s included in what you’re going to raise, but to share a closing thought as we turn to each of the panelists for a line, a word, something you’re taking out of the session as we close the session.

Andrew Vennekotter: Yeah, thanks for the opportunity to talk. I do have to drop in a couple of minutes. So, just a really quick reaction to that question. There are actually some pretty good approaches right now in terms of technology, such as a data clean room, which is something that you use basically to analyze data without sharing the raw data among different organizations. And that’s a technical privacy-preserving technique that can help if you’re interested in sharing some of that sensitive medical data across providers. So, an approach that’s been implemented by many different providers in many different ways, but data clean rooms are at least something to explore when related to that question. And I’ll keep my remarks at that. Thanks for the opportunity. Remember, risks and principles-based frameworks don’t lock in technology before the industry has agreed on a standard, and make sure to lift all boats with skills and technology development.

Chetty Pria: Thanks, Andrew. Can I come to you, Suheela, for a closing thought?

Souhila Amazouz: Thank you, Priya. I would, from my side, I would say that data governance is an imperative for the development of equitable DPI. We have seen that really there is a need to have, to ensure that there is multi-stakeholder, multi-sectoral, and secure and safe data sharing systems, like to support the operationalization of DPI. And this can only be achieved also with putting in place the necessary safeguards through accountability, transparency, and also measures to mitigate the risks of misuse and also the risk of exclusion in the digital space. As you mentioned, when we started the session, the DPI main objective, if we can say, is really to ensure digital inclusion and also to empower people. Thank you, Priya, for this opportunity to speak.

Chetty Pria: Thank you so much, Suheela. Payal and then Thomas, if I can come to you for closing thoughts.

Malik Payal: Yeah, thank you, Priya. So I think there was a very good question from the audience, and that basically is the core of our discussion here, that DPI’s governance system, that is, they were supposed to be having embedded privacy by design, competition by design. But those principles are continuously violated. And she gave the example of India’s Ayushman Bhadad health digital mission. So I guess the sooner the DPI community understands, which they do, but the sooner some governance frameworks, integrated governance frameworks are discussed, the better it is. Because the very benefit which these DPIs were supposed to bring on the table would be lost, because we don’t want to be in a situation by that where in the absence of clear governance guardrails, especially data governance, this data can quietly slip into quasi-private control without transparency, accountability, or equitable return to public. And why we keep on talking about integrated data governance frameworks? Because data protection laws generally just focus on individual consent and privacy. These are important, but they are insufficient as they do not address many structural risks. And lastly, the Indian government also, I just pulled out because of the question which has been put up, is quite aware of the data concerns and which not only are challenges related to cybersecurity, but also protocols regarding robust encryption protocols to safeguard data during transmission and storage. And data storage, and Andrew is here, is also to be looked into carefully. Where is most of the data getting stored? Is there so much of private control on data storage? What is the government’s control on this data? What are the cross-border data flow rules in place, et cetera? So in short, it’s not just about privacy and consent awareness, which do get protected, get covered through data protection laws if they exist. Data governance is far more broad and should not be left to just a single law, just a data protection law, but should integrate all aspects of the DPI ecosystem, such that even issues such as disproportionate control, data sharing, et cetera, interoperability and portability are also taken into consideration. Thank you.

Chetty Pria: Thanks so much, Payal. I’ve been signaled that we’ve run out of time, but Thomas, I wanted to say that both you and Mariana, that I think layering onto what Payal and Andrew have said and what Sahila has said, I think there’s also value, one, in bringing these perspectives together, and thank you for sharing those perspectives, but also value in what you described, Thomas, as the precursor projects. There are lessons to be learned from our digital identity and digital payment ventures that came before. And then Mariana, as we said, so excited to read that report, and thank you also for sharing. I think we’ve heard from India and we’re hearing from Brazil, and these are the crucial lessons as we develop maturity and interest in DPI as to what’s working, what’s not working, but really timely and current insights coming from live DPI applications. So thank you all so much, panelists. We’ve run out of time. We could have expected it. It’s a great conversation to have had and look forward to continuing these conversations and our efforts and initiatives across the spectrum of stakeholders to make the DPI governance work for the outcomes that we’re pursuing. Thanks, everyone. Thank you. Thank you. Thanks. Goodbye.

Agreement points

Need for integrated and comprehensive data governance frameworks beyond traditional data protection laws

Speakers

– Chetty Pria
– Souhila Amazouz
– Malik Payal
– Mariana Rielli

Arguments

DPI requires integrated data governance approaches that balance technical efficiency with equitable outcomes and accountability

The African Union Data Policy Framework provides foundation for integrated data governance across the continent, emphasizing data justice and equal representation

Current data protection laws are insufficient as they focus only on individual consent and privacy, not addressing structural risks in DPI ecosystems

Data protection frameworks should be integrated into DPI discussions as procedural rights that provide rules for just information flows

Summary

All speakers agree that traditional data protection approaches are insufficient for DPI governance and that comprehensive, integrated frameworks are needed that address structural issues, public value creation, and equitable outcomes rather than just individual privacy concerns.

Topics

Data governance | Legal and regulatory | Human rights principles

Multi-stakeholder approaches are essential for effective DPI governance

Speakers

– Souhila Amazouz
– Linder Thomas
– Chetty Pria

Arguments

Multi-stakeholder, multi-sectoral, and secure data sharing systems are imperative for equitable DPI development

Civil society organizations serve as essential third sector to balance state and corporate interests in DPI development

DPI requires integrated data governance approaches that balance technical efficiency with equitable outcomes and accountability

Summary

Speakers consistently emphasize that effective DPI governance requires collaboration across multiple stakeholders including government, private sector, and civil society to ensure balanced representation of interests and equitable outcomes.

Topics

Development | Human rights principles | Legal and regulatory

Risk of market concentration and monopolization in DPI ecosystems requires governance attention

Speakers

– Malik Payal
– Andrew Vennekotter
– Chetty Pria

Arguments

DPI platforms connecting multiple actors create network effects that can lead to winner-takes-all outcomes and monopolization

Data governance must focus on risks and principles-based frameworks rather than premature technology standards to enable innovation

DPI requires integrated data governance approaches that balance technical efficiency with equitable outcomes and accountability

Summary

Speakers agree that DPI implementations face inherent risks of market concentration due to network effects and that governance frameworks must proactively address these risks while enabling innovation.

Topics

Economic | Data governance | Consumer protection

Public value creation must be prioritized over purely economic outcomes in DPI

Speakers

– Mariana Rielli
– Souhila Amazouz
– Chetty Pria

Arguments

Public value in DPI requires that economic value generation does not come at the expense of people’s fundamental rights

DPI serves as a game changer for Africa’s integration agenda and can accelerate achievement of Agenda 2063 goals

DPI requires integrated data governance approaches that balance technical efficiency with equitable outcomes and accountability

Summary

Speakers consistently emphasize that DPI must deliver public value and serve development goals rather than just generating economic returns, with fundamental rights protection being a prerequisite for legitimate public value creation.

Topics

Development | Human rights principles | Sustainable development

Similar viewpoints

Both speakers argue that existing data protection frameworks are inadequate for DPI governance because they focus too narrowly on individual privacy rather than addressing broader structural and systemic issues in data ecosystems.

Speakers

– Malik Payal
– Mariana Rielli

Arguments

Current data protection laws are insufficient as they focus only on individual consent and privacy, not addressing structural risks in DPI ecosystems

Data protection frameworks should be integrated into DPI discussions as procedural rights that provide rules for just information flows

Topics

Privacy and data protection | Legal and regulatory | Data governance

Both speakers emphasize the need for proactive governance measures that establish clear accountability and control mechanisms for private sector participants in public infrastructure, rather than reactive or voluntary approaches.

Speakers

– Andrew Vennekotter
– Malik Payal

Arguments

Data governance requires positive control over AI outputs and embedded security as fundamental aspects, not afterthoughts

There is need for fiduciary obligations on private partners to uphold public interest and competitive neutrality in DPI implementations

Topics

Data governance | Legal and regulatory | Economic

Both speakers recognize the importance of local context and capacity in DPI implementation, emphasizing that one-size-fits-all approaches don’t work and that local adaptation and capacity building are essential for successful DPI deployment.

Speakers

– Linder Thomas
– Souhila Amazouz

Arguments

Local civil society organizations are best positioned to integrate, adapt, and operationalize high-level governance principles to local contexts

African countries show varying levels of DPI maturity with 60% having data privacy laws but only 9 countries having real-time data exchanges

Topics

Development | Capacity development | Legal and regulatory

Unexpected consensus

Technical solutions can address some governance challenges without requiring extensive regulatory frameworks

Speakers

– Andrew Vennekotter
– Mariana Rielli

Arguments

Privacy-preserving techniques like data clean rooms can help address sensitive data sharing concerns in healthcare and other sectors

Informational autonomy and self-determination can generate collective value by creating more trusting relationships and trustworthy databases

Explanation

Despite coming from different perspectives (private sector technology focus vs. rights-based civil society approach), both speakers acknowledge that technical design choices and privacy-preserving technologies can contribute to governance objectives and rights protection, suggesting that technical and rights-based approaches can be complementary rather than opposing.

Topics

Privacy and data protection | Cybersecurity | Data governance

Real-world implementation challenges validate theoretical governance concerns

Speakers

– Audience
– Malik Payal
– Mariana Rielli

Arguments

DPI implementations like India’s healthcare system show both efficiencies and significant adverse outcomes including exclusion of vulnerable populations

DPI platforms connecting multiple actors create network effects that can lead to winner-takes-all outcomes and monopolization

Public value in DPI requires that economic value generation does not come at the expense of people’s fundamental rights

Explanation

The audience’s real-world examples from India’s healthcare DPI implementation directly validate the theoretical concerns raised by policy experts about exclusion, rights violations, and the gap between efficiency gains and equitable outcomes, creating unexpected alignment between practitioners and theorists.

Topics

Digital access | Human rights principles | Privacy and data protection

Overall assessment

Summary

There is strong consensus among speakers on the need for comprehensive, integrated data governance frameworks that go beyond traditional privacy protection to address structural risks, ensure multi-stakeholder participation, prevent market concentration, and prioritize public value creation in DPI implementations.

Consensus level

High level of consensus on fundamental principles and challenges, with speakers from different sectors (public, private, civil society, academia) agreeing on core governance needs. This consensus suggests a mature understanding of DPI governance challenges and creates a strong foundation for developing actionable policy recommendations and implementation strategies.

Different viewpoints

Approach to regulation and standards in DPI governance

Speakers

– Andrew Vennekotter
– Malik Payal

Arguments

Data governance must focus on risks and principles-based frameworks rather than premature technology standards to enable innovation

Current data protection laws are insufficient as they focus only on individual consent and privacy, not addressing structural risks in DPI ecosystems

Summary

Andrew advocates for minimal, principles-based regulation to avoid stifling innovation, citing high compliance costs (40% of product value in EU), while Payal argues for more comprehensive integrated governance frameworks that go beyond current data protection laws to address structural market risks and monopolization

Topics

Legal and regulatory | Data governance | Economic

Priority focus for DPI governance – technical efficiency vs structural market concerns

Speakers

– Andrew Vennekotter
– Malik Payal

Arguments

Data governance requires positive control over AI outputs and embedded security as fundamental aspects, not afterthoughts

DPI platforms connecting multiple actors create network effects that can lead to winner-takes-all outcomes and monopolization

Summary

Andrew emphasizes technical aspects like security, AI safety, and innovation enablement, while Payal focuses on economic structural issues like market concentration, data extractivism, and the need for competitive neutrality in public-private partnerships

Topics

Data governance | Economic | Cybersecurity

Unexpected differences

Role of technical solutions vs systemic governance reforms

Speakers

– Andrew Vennekotter
– Malik Payal

Arguments

Privacy-preserving techniques like data clean rooms can help address sensitive data sharing concerns in healthcare and other sectors

Private entities operating on public infrastructure may engage in data extractivism without proper contractual or regulatory frameworks governing their activities

Explanation

Unexpected because both speakers are addressing data protection concerns, but Andrew suggests technical solutions (data clean rooms) can solve privacy issues, while Payal argues that technical solutions alone cannot address structural governance problems and regulatory blind spots in public-private partnerships

Topics

Privacy and data protection | Data governance | Economic

Overall assessment

Summary

The main disagreement centers on regulatory approach – whether to prioritize innovation-friendly, principles-based frameworks or comprehensive structural governance reforms. There’s also tension between technical solutions versus systemic governance changes.

Disagreement level

Moderate disagreement with significant implications – the different approaches could lead to very different DPI governance outcomes, with Andrew’s approach potentially enabling faster innovation but risking market concentration issues that Payal warns about, while Payal’s approach might provide better structural protections but could potentially slow innovation as Andrew suggests

Partial agreements

Similar viewpoints

Both speakers argue that existing data protection frameworks are inadequate for DPI governance because they focus too narrowly on individual privacy rather than addressing broader structural and systemic issues in data ecosystems.

Speakers

– Malik Payal
– Mariana Rielli

Arguments

Current data protection laws are insufficient as they focus only on individual consent and privacy, not addressing structural risks in DPI ecosystems

Data protection frameworks should be integrated into DPI discussions as procedural rights that provide rules for just information flows

Topics

Privacy and data protection | Legal and regulatory | Data governance

Both speakers emphasize the need for proactive governance measures that establish clear accountability and control mechanisms for private sector participants in public infrastructure, rather than reactive or voluntary approaches.

Speakers

– Andrew Vennekotter
– Malik Payal

Arguments

Data governance requires positive control over AI outputs and embedded security as fundamental aspects, not afterthoughts

There is need for fiduciary obligations on private partners to uphold public interest and competitive neutrality in DPI implementations

Topics

Data governance | Legal and regulatory | Economic

Both speakers recognize the importance of local context and capacity in DPI implementation, emphasizing that one-size-fits-all approaches don’t work and that local adaptation and capacity building are essential for successful DPI deployment.

Speakers

– Linder Thomas
– Souhila Amazouz

Arguments

Local civil society organizations are best positioned to integrate, adapt, and operationalize high-level governance principles to local contexts

African countries show varying levels of DPI maturity with 60% having data privacy laws but only 9 countries having real-time data exchanges

Topics

Development | Capacity development | Legal and regulatory

Key takeaways

Data governance is imperative for equitable DPI development and must balance technical efficiency with accountability and inclusive outcomes

Current data protection laws focusing only on individual consent and privacy are insufficient – integrated governance frameworks addressing structural risks are needed

Public-private partnerships in DPI create network effects that risk monopolization and data extractivism without proper contractual and regulatory safeguards

Civil society organizations play a crucial third-sector role in balancing state and corporate interests while adapting governance principles to local contexts

DPI implementations show mixed results – while creating efficiencies, they also demonstrate exclusion of vulnerable populations and privacy violations

Technical solutions like data clean rooms and privacy-preserving techniques can help address sensitive data sharing concerns

African countries show varying DPI maturity levels, with foundational frameworks like the AU Data Policy Framework providing guidance but implementation gaps remaining

Data governance should be based on risks and principles rather than premature technology standards to enable innovation while ensuring accountability

Resolutions and action items

Develop contractual arrangements and concession agreements between private entities and public infrastructure providers to establish fiduciary obligations

Create integrated data governance frameworks that go beyond data protection laws to address competition, consumer protection, and market mechanisms

Implement multi-stakeholder, multi-sectoral approaches to data governance involving civil society organizations in design and implementation

Establish informational separation of powers and accountability mechanisms including assessments adapted to DPI contexts

Build digital skills capacity as 84% of businesses see AI skills as crucial but only 26% feel adequately prepared

Harmonize international standards to enable cooperation while avoiding compliance costs that can reach 40% of product value

Unresolved issues

How to prevent DPI from becoming ‘alt-big tech’ platforms due to data misuse in absence of proper governance

Addressing exclusion of vulnerable populations (people with disabilities, chronic diseases, stigmatized conditions) from DPI systems

Balancing cross-border data movement facilitation with data sovereignty and local control concerns

Determining optimal data storage governance and preventing excessive private control over public data

Resolving tensions between openness/interoperability requirements and security/privacy protections

Establishing clear boundaries between what constitutes ‘public’ versus private value creation in DPI ecosystems

Addressing the regulatory blind spot where private entities operating on public infrastructure lack adequate oversight

Suggested compromises

Implement human-in-the-loop approaches for AI systems to balance automation with human oversight and accountability

Use privacy-preserving techniques like data clean rooms to enable data sharing while protecting sensitive information

Adopt risks and principles-based regulatory frameworks rather than prescriptive technology mandates to balance innovation with governance

Establish fiduciary obligations on private partners while allowing them to participate in value creation from public infrastructure

Create data governance frameworks that enable information flows while embedding rights protections and accountability mechanisms

Balance technical efficiency goals with equitable outcomes through integrated governance approaches rather than purely technical solutions

We introduced a new concept of data justice and also transparency. Through the data justice, we aim to ensure equal representation to all people in the digital space, including the diversity of languages and cultures.

Speaker

Souhila Amazouz

Reason

This comment is insightful because it moves beyond traditional data governance concepts to introduce ‘data justice’ as a framework that explicitly addresses equity and cultural diversity. It reframes data governance from a technical/legal issue to a social justice issue, recognizing that digital infrastructure must actively work to include marginalized communities rather than simply avoiding harm.

Impact

This concept of data justice became a recurring theme throughout the discussion, with subsequent speakers building on this foundation. It shifted the conversation from focusing primarily on efficiency and protection to emphasizing equitable outcomes and inclusive participation in the digital economy.

The economics of multi-sided platforms where DPI’s are essentially the platforms connecting multiple actors… these inherent network effects of DPI’s can lead to winner-takes-all outcomes resulting in the creation of monopolies… there is currently a regulatory blind spot… because if this data collection, data usage by the private entities on these public platforms is not regulated, it may lead to creation of monopolistic enclosures and data hegemony in public-private partnerships.

Speaker

Malik Payal

Reason

This comment is particularly thought-provoking because it challenges the optimistic narrative around DPI by introducing critical economic analysis. It reveals how the very features that make DPI powerful (network effects, scalability) can paradoxically undermine their public purpose by creating private monopolies. The concept of ‘monopolistic enclosures’ and ‘data hegemony’ provides a stark warning about unintended consequences.

Impact

This comment fundamentally shifted the discussion from celebrating DPI’s potential to critically examining its risks. It introduced the crucial question of ‘what makes DPI actually public?’ and led to deeper analysis of the need for contractual frameworks and regulatory oversight of private actors operating on public infrastructure.

Data governance as a term originated in the corporate space and was very tied to questions of efficiency and effectivity… However, that’s really not what we’re talking about in DPI that much anymore… we’re talking about using data governance to understand the kind of social contract that we’re developing with DPI… This is a redesigning of fundamental parts of society.

Speaker

Linder Thomas

Reason

This comment is insightful because it recontextualizes the entire discussion by pointing out that applying corporate data governance concepts to public infrastructure is fundamentally inappropriate. By framing DPI as a ‘social contract’ and ‘redesigning of fundamental parts of society,’ it elevates the stakes and emphasizes the democratic implications of these technical decisions.

Impact

This reframing shifted the conversation toward questions of democracy, participation, and civil society engagement. It provided theoretical grounding for why traditional approaches are insufficient and why new governance models are needed that center social outcomes rather than technical efficiency.

Economic value being generated by data, regardless of how that is shared, does not per se guarantee the achievement of public value if the rights of people are being neglected… privacy as contextual integrity… informational separation of powers… data protection is already containing a preventive and sometimes a precautionary principle.

Speaker

Mariana Rielli

Reason

This comment is thought-provoking because it distinguishes between economic value and public value, challenging assumptions that economic benefits automatically translate to public good. The concepts of ‘contextual integrity’ and ‘informational separation of powers’ provide sophisticated frameworks for thinking about data governance that go beyond simple privacy protection.

Impact

This comment grounded the theoretical discussions in practical legal frameworks and provided concrete mechanisms for implementation. It showed how existing data protection principles could be adapted and expanded for DPI contexts, offering a bridge between current legal frameworks and future governance needs.

Although there have been efficiencies in patient data sharing among doctors… significant adverse outcomes have been realized as well… people with chronic diseases, like leprosy, or people with disabilities, struggle with Aadhaar enrollment… patients of diseases with social stigma, such as HIV, AIDS, exclude themselves from using ABDM.

Speaker

Audience member Erum (via Nikita Jain)

Reason

This comment is particularly impactful because it provides concrete, real-world evidence of how DPI systems can exclude the most vulnerable populations despite their stated goals of inclusion. It demonstrates how technical solutions can reproduce and amplify existing social inequalities, making the abstract discussions suddenly very tangible.

Impact

This real-world example served as a powerful reality check for the entire discussion, forcing participants to confront the gap between DPI aspirations and actual outcomes. It validated the concerns raised by earlier speakers about the need for robust governance frameworks and showed why theoretical discussions about data justice and inclusion are urgently practical matters.

Overall assessment

These key comments fundamentally shaped the discussion by progressively deepening and complicating the conversation about DPI governance. The discussion evolved from initial optimism about DPI’s transformative potential to a more nuanced understanding of its risks and governance challenges. Souhila’s introduction of ‘data justice’ set an equity-focused tone that influenced all subsequent contributions. Payal’s economic analysis introduced critical skepticism about market dynamics, while Thomas’s reframing of data governance as social contract theory provided democratic legitimacy for these concerns. Mariana’s legal framework analysis offered practical pathways forward, and the audience’s real-world example from India’s healthcare system provided sobering evidence that validated the theoretical concerns. Together, these comments created a comprehensive critique that moved the discussion from technical implementation questions to fundamental questions about power, equity, and democratic governance in the digital age. The conversation became increasingly sophisticated, moving from celebrating DPI’s potential to developing frameworks for ensuring it serves public rather than private interests.

How can we develop stronger oversight or interoperability mandates in data governance frameworks?

Speaker

Chetty Pria

Explanation

This was identified as a gap in current frameworks that needs to be addressed to prevent monopolization while fostering open innovation in DPI implementations.

What are the specific contractual or regulatory frameworks needed to govern private entities operating on public infrastructure?

Speaker

Malik Payal

Explanation

There is currently a regulatory blind spot regarding how private entities collect and use data from DPI platforms, which could lead to monopolistic practices and data extractivism.

How can data governance frameworks be integrated and adapted to local contexts and conditions across diverse regions?

Speaker

Linder Thomas

Explanation

Cookie-cutter approaches don’t work for DPI implementation, especially in diverse regions like Africa, requiring local civil society organizations to help with integration and adaptation.

How can precursor DPI projects (existing digital ID, payments, data exchange systems) be effectively integrated rather than replaced?

Speaker

Linder Thomas

Explanation

Many successful digital systems already exist and need to be integrated into new DPI frameworks rather than being completely replaced, requiring careful coordination.

What are the findings and lessons from Brazil’s implementation of data protection frameworks in the context of DPI?

Speaker

Mariana Rielli

Explanation

A new report was mentioned that proposes integration of data protection rights into DPI discussions, but the specific findings and recommendations need to be shared and analyzed.

How can cross-border data movement be structured within DPI to enable AI innovations while maintaining governance?

Speaker

Amin (online participant)

Explanation

Seamless cross-border data flow is needed for AI model development, but this needs to be balanced with appropriate governance frameworks.

How can DPI systems address exclusion issues faced by marginalized populations (people with disabilities, chronic diseases, stigmatized conditions)?

Speaker

Erum (online participant via Anita Gurumurthy’s research)

Explanation

Real-world implementation in India’s healthcare DPI shows significant exclusion of vulnerable populations, violating the principle of equitable access to services.

What are the implications of data storage location and cross-border data flow rules in DPI governance?

Speaker

Malik Payal

Explanation

Questions about where data is stored, level of private vs government control, and cross-border data flow regulations are critical for DPI governance but need further examination.

How can privacy-preserving technologies like data clean rooms be implemented in sensitive sectors like healthcare within DPI frameworks?

Speaker

Andrew Vennekotter

Explanation

Technical solutions exist for sharing sensitive data without compromising privacy, but their integration into DPI systems needs further exploration.