Data governance

The new business model of the Internet industry, developed mainly by companies based in Silicon Valley, started to emerge in the late 1990s and took full shape in the 2010s. The growth of the Internet in the 1990s could not be sustained on public funding, as it had been in the past; it required a more robust business model. A few attempts to charge for access to Internet services and content failed. The new Internet business model does not charge users for the use of Internet services; it generates income from sophisticated advertising.

In this new business model, user data is the core economic resource. When searching for information and interacting on the Internet, users give away significant amounts of data, including personal data and the information they generate - their ‘electronic footprint’. Internet companies collect and analyse this data to extract bits of information about user preferences, tastes, and habits. They also mine the data to extract information about a group; for instance, the behaviour of teenagers in a particular city or region. Internet companies can predict with high certainty what a person with a certain profile is going to buy or do. This valuable block of data about Internet users has different commercial uses, but it mainly serves vendors, who use it for their marketing activities.

Thus, Data is at the core of modern society, from our digital footprint via email and social media, through to big data analytics. An analysis of the role of data in digital policy reveals that data is also at the core of most policy areas. Artificial intelligence is further increasing the power and relevance of data. Cross-border data flows is challenged by policy decisions, in a similar way as the movement of goods, services, and people across borders. Data localisation laws, for instance, require companies to keep data on servers located within national territory. The developments related to data have driven the need for discussions on data and digital policy, including data governance.

Different aspects of Data Governance

Concerns regarding Data Governance and the role of data in digital policy may come from multiple sides. 

Human Rights and Law 

From the Human Rights side, Privacy and Data Protection are two core interrelated issues. Privacy is usually defined as the right of citizens to control their own personal information and to decide whether or not to disclose it. Data protection is a legal mechanism that ensures privacy. Privacy is a fundamental human right. It is recognised in the UDHR, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. National cultures and different ways of life influence the practice of privacy. Privacy is particularly important in Western societies, with Germans, for example, assigning high relevance to privacy. Modern practices of privacy focus on communication privacy (no surveillance of communication) and information privacy (no handling of information about individuals). Traditionally, privacy concerns related to government surveillance. Increasingly, however, privacy issues relate to infringements by the business sector as well. Data protection so also relevant for law enforcement and national security reasons. 

Increasingly often, information considered vital for criminal or civil investigations finds its way outside the jurisdiction of the investigative authorities, straining existing international cooperation mechanisms which aren’t considered efficient and timely enough for the current pace and volume of transnational investigations.

Data Economy

Data Governance is also relevant from an economic point of view. As mentioned above, data is the core economic resource of the new economy. Corporations and governments have been increasingly aware of the impact of data on national economies and have sought to implement policies to foster data-based industries within their borders. 

Some have done so by stimulating specific high-tech sectors of their economies, attempting to create local “Silicon Valleys” that are able to compete globally on an open market.

Other States have attempted more direct and protectionist approaches. Forcing data to be stored within national borders through data localisation measures embedded in legislation, implementing other related policies that force companies to deploy installations and subsidiaries or actively banning foreign tech firms from operating within the country have been some methods of attempting to create national data-intensive industries. This raises the question of whether data protection legislations (Especially those containing data localisation measures) and other policies and institutional forms of incentives for the deployment of data-intensive industries within a certain nation might be a new form of economic protectionism, and the calls for free flow of data between jurisdictions a new form of trade liberalism, each of which motivated by countries’ and  corporations’ economic and/or political agendas. Digital protectionism, as it has been labeled, has risen as a relevant concern to governments, international organisations and companies alike.


Mr Pedro Vilela Resende Gonçalves

Director, Institute for Research on Internet & Society

Mr Pedro Vilela Resende Gonçalves is founding director of the Institute for Research on Internet & Society. Pedro holds an LLB from the Federal University of Minas Gerais and collaborates on data protection at the Alexandre Atheniense Law Firm.

Share on FacebookTweet