The digital society is built round data. The politics and governance of data are at the heart of its development: how they are gathered, analysed, combined, exploited, regulated.
These are the themes of this year’s Digital Economy Report from UNCTAD, the latest in a series that explores the digital economy’s complexities in depth. As usual, it’s an important contribution that digs deeper than most of what’s written on digital trade.
[A note for pedants]
[The word ‘data’ is a Latin plural, but usage varies and it’s often singular in modern English. Either’s now deemed ‘correct’ but, like UNCTAD, I prefer the plural: hence ‘are’, not ‘is’, below.]
What’s the issue?
The key theme in UNCTAD’s report is data sovereignty: who “owns” data?; who should have access to them or rights to exploit them?; within what limits?; where should they be held?
This theme is far from simple, but increasingly important. Being able to combine and analyse data in depth using computer power gives those who can advantage over those who can’t – adding value for public service, profit or control (a phrase I’ll use again): for better targeting of health resources, for example, or for maximising advertising revenue, or for monitoring how citizens behave.
That ability is growing constantly as technology advances – particularly machine learning – and as more and more decisions are transferred from human judgement to computer algorithms.
Dichotomy and disparities
One dichotomy arises from this, and two disparities of power.
Data exploitation versus data privacy
The dichotomy’s about underlying principles:
between the desire of governments and businesses to exploit data’s potential to the max (whether that’s for public service, profit or control),
and the desire of citizens for ownership and control of data that they generate (which is expressed in rights to privacy within the international human rights regime and national legislation).
Data generation versus data use
The first disparity of power’s:
between those who generate data but lack resources to make use of them themselves (individuals, especially, but also their communities, organisations and even local governments);
and those (governments and businesses, including global corporations) that can analyse, leverage and exploit them (her comes that phrase again) for public service, profit or control.
The second disparity arises from global inequalities in power and resources.
The digital economy in general, and data management especially, are dominated by companies based in just two countries – the United States and China – which have between them half of the world’s largest data centres.
Other developed countries and a few developing countries have national capacities to exploit data effectively, but such capacities are very limited in smaller countries with less developed economies.
UNCTAD captures the inequity and inequality here well.
‘As the data-driven digital economy has evolved,’ it says, ‘a data-related divide has compounded the digital divide. In this new configuration, developing countries… risk becoming mere providers of raw data to global digital platforms, while having to pay for the digital intelligence obtained from their data.’
What’s data sovereignty?
The idea of data sovereignty’s concerned with both these power disparities.
The term’s most used to talk about where data ought to be located, on which more below, but that can’t be fully separated from imbalances between those who generate data and those who use them.
What control – or sovereignty – should individuals have, for instance, over their own data? What control should (urban or rural) communities have over data generated in their own localities – for instance those concerned with local housing, traffic or environment? Where should the balance lie in data concerned with health or education between individuals, service providers, nation states and other interested parties (such as global pharma companies)?
There are complex balances of interest here. How, in particular, can data be aggregated in ways that maximise added value to societies while protecting individuals’ privacy? Or use to serve local communities’ interests rather than extracting value from those same communities? UNCTAD argues that rights to access, control and use of data matter more here than data ownership – or, one might add, data location.
And so to location
Much of the public policy debate has been concerned with where data should be located – how far they should be globalised or localised – and how that relates to national sovereignty.
Three main models have emerged among the digital society’s main power brokers (plus local variants).
The US model’s emphasised free markets and free flow of information. Data don’t need to be held in the country from which they originate, it’s argued, but should be where they can be most efficiently exploited and lead to greatest added value. Large data corporations, with data centres round the world, are best placed to do this. It’s a view shared by many internet insiders keen to stress the universal nature of the internet.
The European Union’s put most emphasis on regulations designed to maintain data privacy and protection and to prevent exploitation that may disadvantage countries of origin or their citizens. This means that data can and should flow outside countries of origin but only to other jurisdictions that guarantee they will be treated as they would be in ‘home’ countries.
The Chinese model’s emphasised national sovereignty, whereby (many or most) data generated within country are retained there and don’t become available for those outside it to analyse, exploit or use for other purposes. Some countries have sought similar restrictions, at least for data that are thought particularly sensitive, though few other than China have the necessary data storage capacity to go fully localised.
Some underlying issues
A lot of this debate has been conducted as a contest between market efficiency and the notion that the internet should be the same for all, on the one hand, and national sovereignty on the other. But, as in most digital disputes, there are underlying issues here that are more complex and suggest competing goals need to be balanced. Three points:
First, national sovereignty matters. Its significance has long been underestimated in the internet community, but sovereignty matters to citizens as well as governments in most countries. Dependency on multinational corporations is not attractive to governments or local businesses. In many countries it’s redolent of colonialism or of ‘structural adjustment’ imposed on economies back in the 1980s (and after). The concentration of digital power today resembles, in some ways, the concentration of media power that led to conflicts over a ‘New World Information and Communication Order’ in the ‘70s and ‘80s.
Second, the issues here aren’t purely economic, about the cheapest way to do things. Data location has implications too for national security (few countries are prepared to risk their data in the hands of enemies), for human rights, for equity and social inclusion, for economic and industrial policy, for environmental efficiency.
Third, different locations are more or less effective at data management. One of the arguments that global data corporations make is that they can provide better security than is available domestically, particularly in countries that have limited resources or cyber capacity.
UNCTAD explores these issues in its new report (the first chapter of which is also a useful primer on the current state of play in data.)
It recognises the complexity of issues and calls for ‘middle ground solutions’. It argues, in particular, that developing countries are disadvantaged by ‘the absence of a properly functioning international system of regulations of cross-border data flows’ – one ‘that allows maximizing benefits from data, while addressing the risks, in a way that income gains are equitably distributed.’
Without such rules, enabling fairness, UNCTAD argues, developing countries will be forced to regulate their data flows at national level – which is sub-optimal. To get such rules, it suggests, will require new internationally agreed arrangements, and perhaps a new international institution – achieving which will require multilateral, multistakeholder and multidisciplinary cooperation.
Some final thoughts
Discussions in the lead-up to UNCTAD’s report showed up the complexity of issues and the lack of consensus around what could and should be done. But the subject is increasingly important as data management becomes ever more central to the global, not just the digital, economy.
Maximising data value can be crucial to national economic interest, but (as noted earlier) economic outcomes aren’t the only ones that matter. Security, rights and equity are also central where policy’s concerned. Many argue strongly, as part of equity, that the value that can be derived from data must be secured by those from who generated the data from which it is derived, rather than appropriated elsewhere. Or at very least shared equitably with them.
In this context, rules and their enforcement probably matter more than physical location: rules, for instance, concerning cybersecurity, privacy, who can exploit data and within what limits. These rules are always going to be contextual, because different countries have different governance norms and institutions, different capabilities for data gathering and analysis, different capacities for implementing and enforcing what’s agreed.
UNCTAD’s suggestion of a new institution will be controversial. Many digital insiders are suspicious of international institutions and have resisted new ones. Data corporations are generally hostile to regulation, which they see as stifling innovation and inimical to profits. One question that will be debated, therefore, is whether new rules require new institutions, or whether, where new rules are needed, they can be applied by institutions already established.
And, finally, what’s needed isn’t always possible. Geopolitics today are highly polarised, and it’s becoming harder to achieve global consensus even where it might seem easy. The three models of data sovereignty described above aren’t readily compatible. Lack of engagement by smaller and less developed countries in the world of data management will make it hard for them to influence outcomes that especially affect them. The problems addressed in UNCTAD’s report will not be easily resolved.
Image: Cover of the Digital Economy Report 2021.