I’ve spent much of the last week discussing data governance. The discussions were fascinating. The issues are complex, the challenges enormous, the risks of getting things right or wrong (whatever your perspective) great.
Last week I wrote about digitalisation and geopolitics. This week, a closer look at one aspect of that: the tussle between global data management and national sovereignty.
Data depths and data shallows
Discussing issues like data governance in depth shows how difficult they are, and how diverse requirements and impacts are likely to be in different countries. It emphasises, too, how shallow much of the literature about this is, particularly that from those with vested interests.
Much of this literature is built around reducing options down to binaries: to this, or that, but not to something in between. Binary choices usually end up separating out winners and losers. If you’re looking for ways to ensure that ‘no-one’s left behind’ – the UN’s central goal these days – you’re more likely to find those ways in spaces in between - and by thinking about goals and impacts in multiple dimensions, not just one.
Where should we put our data?
Much of the literature about data governance centres on where it should be held.
Should the default be free flow of data – that data from anywhere can be transmitted anywhere, held anywhere, managed, governed and exploited anywhere – unless there are good and special grounds for restricting them?
Or should the default be that data should be held and managed locally, – unlessthere are good and special grounds for making access open?
Advocates of the free flow of data argue two things in particular. (They have more arguments, of course, but I have little space.)
First, they argue that free flow’s inherent to the internet. Data aren’t physical: like air and water they flow naturally through international borders. Restricting them’s a restriction on the internet that may threaten its global character and value.
Second, they argue that free flow’s economically of benefit to all. Managing data in massive data centres outside national territory is more efficient and secure, they say, for almost every country. It enables more effective use (exploitation or leveraging, depending on your take) of data in ways that will promote prosperity and public welfare. It fosters innovation. Governments that localise their national data will miss out on growth and opportunity; they’ll fall behind in the race towards the digital society.
What’s the issue?
The challenge to this argument is threefold.
First, there’s a certain contradiction in it. It argues that geography should be irrelevant (data can and should be held anywhere) but also that it’s highly relevant (localisation will bring fewer benefits). That points to the underlying anomaly I wrote about last week: that ‘cyberspace’ is actually earthbound, not independent of physical infrastructure or the geopolitical constraints that go with it but inextricably entwined with them.
Second, it assumes that economics should trump other arguments – but that’s not so, or not fully so at least, for most people.
It’s not so partly because people value other things alongside and often more than personal prosperity: family and community, for instance; access to health and education; protection against crime; personal privacy and lifestyle choices; the preservation of local cultures in a globalising world; the scope for national digital sectors to develop, serve local communities and export services alongside global corporations; long-term as well as short-term economic benefits.
It’s not so partly because economic and social outcomes aren’t as separate from one another as econocentric visions of society imply. I may have less disposable income in a society with social medicine and free education, but I’m better off than I would be if I had to pay for commercialised medicine and fee-paying schools.
And it’s not so partly because prosperity is about distribution at least as much as economic growth. Data governance models that increase disparities between wealthy and less wealthy countries, companies or individuals are more likely to bring geopolitical and social dislocation and resentment than the warm glow of sharing in prosperity. Polarised societies are less happy and they’re less sustainable.
Third, too many free flow advocates imply that sovereignty’s irrelevant or folly. Again, that isn’t how most people (and most governments) see things.
All that I’ve just mentioned will play out differently in different countries, according to their economic and social structures, their politics, their frameworks of laws and values, their history. Different economies, different levels of connectivity and internet engagement, different Gini coefficients, different legacies.
National security matters too: few countries, no matter how committed to free flow of data, want their data held in countries ruled by those they see as foes or in which they think cybersecurity standards are too poor to protect them from cybercriminals (not to mention interference in democratic processes).
And sovereignty matters to people. As I said last week, this ever more digital age is also one in which nationalism (rather than internationalism) has flourished. It’s seen governments and people become more, not less, attached to national identities. Many countries, also, are still affected by the impact of colonialism, have legacies derived from that, from structural adjustment programmes imposed by outside actors, and from what they see as unequal participation in economic power structures. These things matter, alongside making bucks.
So what’s non-binary?
All of which is meant to say: this isn’t simple and it isn’t binary. The economic case for free flow of data – in terms of greater beneficial economic outcomes – is strong, but those beneficial economic outcomes are only meaningful in a wider context of relationships between and within countries: if the distributional issues are addressed, and if they don’t challenge peoples’ and people’s rights to choose their own ways to live.
Where data are held is going to matter here precisely because it isn’t just about maximising economic value. There are jurisdictions in which I would feel my personal data were more likely to be treated with respect for privacy – and not exploited for purposes I don’t intend – than others. Governments likewise. Whole countries too. This applies not only to issues such as privacy and data protection, but also to issues of cultural autonomy and the independence of national political and social welfare systems, to tax and competition policy.
Not where but why, how and with what impact
What seems to me most crucial here is not finding a one-stop binary default – free flow or not free flow - but finding modes of governance that enable the different needs of different people in different countries to be met in ways that suit their different contexts and their different circumstances.
It’s not so much about where data are held, therefore, but about why and how they’re held and with what impact.
Governance frameworks should certainly seek to enable economic value to be added through efficient data management. (That value add was usefully explored in UNCTAD's 2019 Digital Economy Report) But they should also seek ways to ensure that value is distributed fairly rather than appropriated by the most powerful actors in the game.
They should recognise the inter-relationship between economic, social and cultural impacts arising from them: not just economic value, but the range of values and objectives set out in the SDGs and in international rights agreements (the ICESCR as well as the ICCPR, and also the conventions concerning race, women and children) and in the democratic preferences of the people whose data are in question. They should pay attention, too, to environmental impact (how much carbon?, how much management of carbon?).
They should include high standards of cybersecurity and protection against exploitation of data sets in ways that are not accepted by those whose data are involved – including exploitation derived from multiple data sets that can be leveraged only by those with access to those multiples.
A key issue here is the risk of what has been called ‘data colonialism’ – a situation in which governments, businesses and citizens in developing countries provide raw data to companies outside their legal jurisdiction, which can then exploit them without sharing their value with those countries, companies and people that produced the data in the first place.
Am I optimistic?
I’m encouraged that the debate around these issues is becoming more sophisticated and more nuanced, but discouraged that so much of it is still so binary.
The digital sector is highly concentrated, and decisions are being made within a narrow subset of the world economy (digital corporations originating in a few countries and answering to a limited range of governments). Standards that will affect the future are being set by powerful actors in the digital economy without much reference to developing countries’ different contexts and requirements. Geopolitical consensus is hard to achieve at the best of times, particularly hard today. But a framework for data governance that reflects complex needs rather than vested interests is a goal that’s worth pursuing.
Image source: Traffic Lights at night, by @error420 on Unsplash.com