Data governance introductory session

Event report

[Read more session reports and updates from the 14th Internet Governance Forum]

The session featured a discussion on data governance as one of the featured topics of IGF 2019. The main input for this session was the introduction of data governance issues by Ms Marie-Laure Denis (President, CNIL). The participants discussed how the benefits of the data revolution can contribute to inclusive economic development and respect for human rights.

Denis stressed that the themes of data governance are vast, and the stakes are high. It is a multi-layered subject matter impacting our social and economic environments. She opened by emphasising the fact that the talks at IGF 2019 should go beyond the protection of data. It is no longer just a regulatory issue, it has vast economic impacts due to multinational business models based on the collection, use, and monetisation of personal data.

Personal data is the core of new global practices, Denis stated, making the privacy concerns global as well. The digital revolution presents many possibilities, but also comes with fears and negative consequences on our societies and economies. It can also be a powerful weapon to target democratic systems, as happened in the Cambridge Analytica scandal. Denis used the example of individual profiling which can impact the individual’s right to self-determination.

The immediate crisis spans from the feeling of loss over personal data, to ripping apart of the social fabric. Denis explained that on the one hand the data is talked about as the ‘new oil’ and on the other hand there are calls for more privacy protection and control over personal data.

Specific attention, according to Denis, needs to be paid to how data is collected, used, and enhanced so that individuals can keep an upper hand in controlling their personal data.

Conflicting models of addressing data governance and privacy exist on the international level. There needs to be an agreement about a common vision. Sustainable data governance cannot exist without personal data protection – as a human right, and to address the users’ expectations in processing personal data.

Giving an example for protecting children’s data, she stated that there is already a common framework of the United Nations Convention on the Rights of the Child (UNCRC) to protect the rights of the child. Data governance also implies where to draw a line in the use of biometric data and facial recognition. Such topics need to be addressed through binding instruments at the international level.

Data-driven businesses need to integrate data protection in all processes. This also means ensuring security of personal data.

There is a need to build bridges between the regulators in order to address the multifaceted aspects of data governance.

Data governance issues need to be addressed at the international level. The EU standpoint is that there cannot be a free flow of data without proper data protection safeguards. Issues such as government access and surveillance cannot be ignored in a multijurisdictional setting. They redefine the concepts of sovereignty and cause a clash between jurisdictional, societal, and cultural models according to Denis.

All of these issues need to be addressed at the multilateral level, as they can impact the openness of the Internet and human rights. We need to ensure that the different models have the opportunity to be discussed at the international level.

As an example of regulation at the international level, Denis cited the Convention 108 plus, the only existing data protection instrument open to countries outside of the EU.

Concluding, Denis stated that IGF 2019 is an example of addressing common challenges together.

The session then broke into groups to discuss cross-border data, jurisdictional and sovereignty issues, data protection frameworks, data and sustainable development, human rights and Internet ethics, and the governance and ethics of artificial intelligence (AI) algorithms.

By Richard Jonathan and Pavlina Ittelson