Session
Organizer 1: Civil Society, African Group
Organizer 2: Civil Society, Asia-Pacific Group
Organizer 3: Civil Society, African Group
Organizer 4: Technical Community, Asia-Pacific Group
Speaker 1: Chetty Pria, Civil Society, African Group
Speaker 2: Malik Payal, Civil Society, Asia-Pacific Group (remote)
Speaker 3: Souhila Amazouz, Intergovernmental Organization, African Group
Speaker 4: Linder Thomas, Civil Society, African Group
Speaker 5: Andrew Vennekotter, Private Sector, Western European and Others Group (WEOG)
Speaker 6: Mariana Rielli, Civil Society, Group of Latin America and the Caribbean (GRULAC)
Theater
Duration (minutes): 60
Format description: A 60 minute, theatre-style workshop allows for the two components of our session to run most effectively. The first component will be a discussion among our speakers representing government, civil society and the private sector. Here, the speakers will highlight issues around DPI data governance that are most relevant to their sector. They will also bring up case studies which will feed into the second component. The second component will be an interactive discussion that will incorporate the large number of participants both in person and online. The audience will be able to respond to speakers’ input as well as highlight their own experiences. The size of the venue will also facilitate breakout sessions (which will be replicated online) and more dynamic engagement.
How can national and international regulatory data governance frameworks be strengthened to address privacy, security, transparency, competitive markets and accountability in DPI-driven decision-making processes? How can data governance be used to ensure equitable and sustainable data access within DPI, enabling open innovation and local innovation through open data, open standards and interoperability? How can innovative models such as federated data platforms, data trusts, and decentralized edge solutions contribute to secure, interoperable, and innovation-driven DPI ecosystems?
What will participants gain from attending this session? Participants and attendees take away insights, diverse perspectives, understanding and practical guidance for effective data governance. This includes the need for adequate national and international data governance frameworks, decentralised data-sharing mechanisms, open standards, and regulatory safeguards for data protection and safeguarding and ensuring a competitive data ecosystem. Speakers will discuss innovation options such as data trusts that can provide a mechanism for secure data pooling, balancing public and private interests while maintaining compliance with data protection regulations. Case studies drawn from African countries, India, Canada and public private-sector-driven DPI models will be discussed. Participants and audience will have an opportunity to discuss policy and regulatory options including the need for data governance oversight, interoperability mandates, and equitable data-sharing mechanisms to protect digital rights, and foster open innovation.
Description:
Digital Public Infrastructure (DPI) is a key driver of national digital transformation, fostering inclusive innovation and sustainable development. However, achieving its full potential requires a governance framework that balances efficiency with equity, openness with security, and innovation with accountability. How data is governed is, furthermore, a key determinant of whether DPIs can deliver on their promise of fostering innovation, local public and private value creation, a digitally empowered citizenry, and sustainable development through digital transformation. Data governance frameworks should provide for essential digital and data rights and equitable and beneficial data access and protection for all. Ensuring transparency, accountability, responsible data use and redress for bias and violations of rights are essential. Prioritizing high-value datasets and strengthening data-sharing frameworks can significantly enhance the efficiency of digital services while protecting citizen rights. Stronger oversight, interoperability mandates, and equitable data-sharing mechanisms are needed to prevent monopolization while fostering open innovation. This session discusses existing data governance principles and frameworks including recommendations from the G20 and T20 processes, the African Union Commission Data Policy Framework, and UN Universal DPI safeguards. The session speaks to the best practices and innovative case studies operationalising DPI data governance. Concretely, the session will showcase approaches in the global north and global south, in a multistakeholder discussion, including public and private sector and national and regional experts, to bring diverse perspectives to balancing data safeguarding, data rights protection and equitable and beneficial data access for all. This session directly aligns with Theme 2: IGF's focus on sustainable and responsible innovation by addressing the crucial intersection of data governance, DPI, and development. It contributes to the broader discussion on ensuring that digital technologies are used to promote inclusive and equitable outcomes for all.
- Increased awareness of the critical role of data governance in ensuring sustainable and responsible DPI. - Enhanced understanding of existing data governance principles and frameworks. - Identification of practical strategies and regulatory updates for operationalising these principles into national policies and regulations. - Identification of innovative technology and governance options for secure, interoperable and innovation driven data governance for DPI implementation. - Development of actionable recommendations to promote equitable and inclusive DPI data governance. This session builds on data governance papers and recommendations by specific speakers in T20 and G20 processes, UN fora, AU fora and national policy processes in India and Africa. The outputs of this session will further the work of the speakers and participants of the session in such fora to input in practical terms on operationalising balanced data governance approaches in DPI implementation.
Hybrid Format: The proposed session format will create an environment for meaningful exchange through multiple, complementary elements. The session will feature a discussion with experts spanning government, civil society, academia, and industry who will share their diverse perspectives and insights. This discussion is then enhanced by an interactive segment that enables direct audience participation to address specific issues through live polls, breakout rooms (online and onsite) and whiteboard brainstorming. Almost half of the session will be for audience engagement. Use of this format will also incorporate relevant case studies relevant to the speakers that provide practical, real-world examples of both successful and challenging DPI data governance initiatives. Throughout the session, we will work towards developing actionable recommendations that participants can implement, ensuring that everyone leaves with concrete guidance they can apply in their respective contexts. This comprehensive, dynamic structure maximizes the available time.
Report
This workshop brought together experts from the public and private sector, and civil society perspectives to address how data governance must evolve to support equitable and inclusive DPI outcomes.
Core discussion points and calls to action
Preventing Data Extractivism and Monopolistic Control of DPI
While public-private partnerships are essential for innovation, they risk transforming public digital infrastructure into private data extraction mechanisms. Given DPI's natural monopoly characteristics—particularly in foundational identity, payments, and data exchange platforms—there is significant risk that partnerships may grant excessive operational control to incumbent firms, enabling them to monetise public data with minimal societal return.
The challenge lies in designing contractual arrangements that maintain DPI as shared public infrastructure whilst enabling innovation through private sector partnerships, without creating new forms of digital colonialism or data hegemony. While many data protection laws move beyond individual rights and consent, additional safeguards, including accountability mechanisms, must be considered to address structural harms arising from excessive private control over public data.
Building State Capacity for Integrated Data Governance
Traditional public administration structures often remain siloed and outdated, creating barriers to developing all-of-government infrastructure capabilities. The transition from departmental silos to integrated digital infrastructure requires not only technical expertise but also new governance models that can manage data standardisation, sharing protocols, security, and privacy across multiple sectors and stakeholders while maintaining democratic accountability and public oversight.
Implementing Participatory Governance
Externally developed, technocratic approaches often fail to achieve sustainable development goals and may reinforce existing inequalities. It is important to learn from and build upon existing successful projects in their local context, and then create governance mechanisms that involve local stakeholders, acknowledge diverse conceptions of data rights, varying levels of digital literacy, and local socio-technical contexts. The challenge becomes maintaining the scalability and interoperability that make DPI effective.
Perspectives from Panellists
Public Sector Perspective (Souhila Amazouz)
DPI represents a game-changer for public service delivery, supporting integration and accelerating the attainment of interoperability to improve citizens' lives by closing digital divides. The AU Data Policy Framework provides a foundation for data exchange at national level, but implementation remains the central challenge. Capacity building and infrastructure development are essential obstacles to overcome for successful DPI deployment.
Technical Innovation Perspective (Andrew Vennekotter)
Organisations must prioritise data governance and security for digital public infrastructure (DPI) to benefit from new technologies like AI. This is also key to bridging gaps between technical and non-technical experts working on emerging challenges.To support this, harmonising standards is essential. Technologies cross borders, and shared standards help manage risks and support collaboration between the public and private sectors. Regulation should be based on risks and principles, not rigid checklists. At present, compliance accounts for around 40% of IT spending in Europe. Aligning standards across countries would make it easier and more cost-effective to scale. We must also be cautious when introducing new standards, as they risk locking the industry into outdated technologies.
Competition and Public Interest Perspective (Payal Malik)
DPI's transformational potential creates inherent network characteristics that can lead to "winner takes all" outcomes. The critical question is how to prevent data extraction whilst maintaining DPI as shared public infrastructure. Current competition law and data protection frameworks are insufficient to address these threats. There is a need for contractual and institutional arrangements that hold private partners accountable to public obligations and prevent the creation of data hegemonic entities. This requires moving towards enforceable rules on data usage, including fair access, purpose limitation, and benefit-sharing obligations. Such safeguards can prevent anti-competitive entrenchment and ensure DPI-generated data remains a public good rather than a source of private monopolisation.
Civil Society Perspective (Thomas Linder)
Civil society organisations are in a unique position to offer a third, balancing dynamic to the private-public relationship. Dominated neither by the profit motive of the private sector, nor the universalism of the government, civil society organisations can empower local and/or contextual voices, aid communities’ and groups’ access to the design and implementation of DPI, and champion marginalised people’s access to justice. There are several established avenues for civil society organisations to do this. First, through research, policy work, and activism, organisations can campaign for change and tackle digital inequality. As technology continuously evolves, so too do the challenges. As such, agile, grassroots groups are needed to identify new goals and push for progress. Secondly, civil society groups can act as data and tech collectives—managing data on behalf of their communities and giving people more say over how their data is used, by whom, and for whose benefit. Data trusts with the right licensing (like NOODL) can make data available for good use while ensuring fair compensation for data producers.
Rights-Based Technical Perspective (Mariana Rielli)
DPI governance must be built into the technical architecture from the outset, promoting fundamental rights and ensuring multiple stakeholders are held accountable. While data protection frameworks do not account for all the challenges arising from DPI data governance, they are an important piece and can provide both principles and concrete accountability tools to be integrated to other approaches with a focus on transparency, public value creation, and developing trust through ensuring people know how their data is being used. The economic value of data does not necessarily address public value needs if people's rights are not respected.
Recommendations
Establish Fit-for-Purpose Legislation: Governments should develop legislation tailored to DPI's unique characteristics, addressing interoperability, large-scale cross-sectoral data processing, and the need to enhance data protection while ensuring public benefit access.
Implement Contractual Safeguards: Develop model concession agreements for DPI public-private partnerships with enforceable clauses on open access, data portability, benefit-sharing, and purpose limitation, including fiduciary obligations for private partners.
Create Participatory Governance Infrastructure: Establish regulatory sandboxes to test participatory data governance approaches, providing Data Protection Authorities with funding and support to trial bottom-up governance models before scaling.
Enhance Regulatory Coordination: Develop co-regulatory structures between competition and data protection authorities with joint enforcement mechanisms to prevent market concentration and ensure competitive data use.
