IGF 2023 – Day 2 – Town Hall #91 Dare to Share: Rebuilding Trust Through Data Stewardship – RAW

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MELANIE GARSON: I have been until last week a researcher and also coordinator of a project at the center for UP policy studies in a Brussels‑based think tank.  I'm very pleased to moderate this session today on ‑‑ a town hall actually on a dare to share, rebuilding trust through data stewardship.  I would also thank the organizer Kevin who is here also with us and also Tony Blair for bringing us here together to discuss this very important topic.  I will also introduce the online moderator Taina Flor Bento Mota from the data protection authority in Brazil.  She would be also online with us.  So about today's session, this session will focus on as you already know exploring new ways to open up the value of data.  In fact, as we all know data is often referred to ‑‑ and also has become a double edged sword because while its abundance promises innovation and progress, it also raises serious concerns about private assess control and the ethical use and reuse of data.  It came to my mind that data sharing is similar to a dinner situation with friends.  We all love to be invited to dinner at our friend's place.  The only thing we need to do is to fine out how to get there and maybe we can inquire what we can bring for desert, but that's about it, right?  Really nice.

But on the other hand, I assume everyone also knows how it is to invite friends over and how much an effort it takes actually to prepare a dinner.  You need to find a special recipe, you buy ingredients, you have to set the table, you have to do the dishes afterwards.  Quite a series of things you need to do.  With data sharing it's quite similar.  We all know about the value of open data and we think we need to improve the access and so on, but actually it's challenging to get a functional open data ecosystem which also respects individual rights and is compatible or open to various forms of data and also to various sectors, so actually not so easy when you think about it twice.

This also visualized in the wonderful data made by the open data institute that we're now going to show on the slide.  I will invite you to actually check it out yourself online because it's a wealth of knowledge that is in this data map and let's see if we can get it on screen.  And then the link should open in just a second.  Yes.  We can maybe also try to put the link in the chat later or you can also find the map online.  And here you can see what looks like a normal map, but if you zoom in a little bit, and we can maybe zoom in and the collaborator that is in the center of the map, you can see that there are many descriptions of what the collaborator island actually consists of.  The collaborator symbolizes organizations or approaches that bring people together to collaborate around a shared component of data infrastructure, for example data marketplaces, data exchanges, trust, corporations, and so on.  This is what we are also going to explore today.  Will you maybe go a little bit more up.  Can we zoom a little bit in?  Perfect.

You see the shared view, for example, and the small series of islands which addresses approaches to research access schemes or data models that enable people to share data and to really collaborate on them through ecosystems.  For example, when we go to the bottom right of the map, you can also see this is basically a protest that enable humans to share data among each other and incentivizes people to open up the data sets.  For example, through personal data representatives, they tell individuals and so on.  There are also some interesting other areas.  For example, you have the bottom left center, the private cove or the forbidden aisle and the cove consists of ‑‑ which is illegal, theft, which is a form of data sharing and you have also the side steppers, for example, which is a region that has legitimate means of gaining access to close data, so approaches that aim to provide people or organizations with ways of gaining access to data, that the current data holder or steward would otherwise designate off limits.

I invite you to explore this map further.  I think it's a great piece of work.  It's also very nicely designed, so thanks again to the open data institute.  With that I think we are ready to go right into the topic.  And so I will just maybe quickly say that the session is structured around three key policy questions.  And I will introduce each of the policy questions beforehanding over to our distinguished panelists.  We have pairs of two.  And then at the end of the panelists we have 30 minutes more or less or questions and answers.

So the first key policy question I would like for you to answer today or get insight on is about the role of data governance stakeholders.  What should be the respective role of data governance stakeholders?  For example, stimulating experimentation and implementation governance design, and evaluating different data governance approaches.  For that we have two distinguished speakers.  Jack Hardinges, who is ‑‑ one.  So sorry.  We have one speaker onsite.  Asta Kapoor.  Thank you so much for joining us.  The floor is yours.

>> ASTHA KAPOOR: Thank you for this.  Thank you for the audience, too, for coming at this very early hour.  I guess to start off with the policy question, I think that we're trying to understand what we want to do here.  What we want to do here is to make sure that the value of data is realized at several different levels.  One is between individuals or at the individual level.  The second one is between individuals, so if you want to share data with, like, almost a B to B transaction.  The third one is within communities.  So if members of a community want to share data between each other, then that should be possible.  And then you sort of build up to that.

At the moment, the regulation actually looks at individual data rights in their relationship with platforms and government.  And so as we think about the systems that need to be built both from the policy perspective but also from the institutional perspective, I think that we need to think about it more from a bottom up mechanism and to understand how individuals interact with data when it comes to interactions with each other as well as when the groups that we occupy.

So just as an example, we do a lot of work with cooperatives.  What we're trying to understand as women who occupy these cooperatives is a couple of things.  The cooperative, for instance, in the context of India will incur agricultural labor together.  They make decisions on agriculture also together.  They will distribute benefits from the board to all the members and those are all collective decisions and collective governance.  When it comes to banks seeking data from members of the cooperative, they break down these institutional boundaries and they interact with the individual only because financial institutions that are defined by the individual access to finance and individual data can only deal with them at the individual level.  So the bank will then aggregate all of this and see who as a group can get this loan or that loan and it doesn't reflect the meaning of the entire group.  And also in turn what you get is products that are not meant for you.  Get interest rates that are much higher than what you would be willing to pay.  What you also get, and this is an example we've seen very many times, is that women also don't know the data that they need to make certain kinds of decisions.

A cooperative that we work with needs to procure seeds but they don't understand the amount of seeds, et cetera, so they have no way of pulling demand from their members as well as a data question.  So what ‑‑ the point I'm trying to make is that there are multiple group decisions that happen with regard to data and there are existing institutions that also have historically enabled groups to come together and decide.  What we are seeing in the data economy is that a complete ‑‑ has been completely blind sided by the existence of groups in our real world.  And these groups are not just offline groups like the ones that I mentioned, but whether it's Facebook and everyone uses that example, but whether it's Facebook, what they also do is they put us into groups that we don't even understand, so there are groups of women with dark hair or women with light hair, and then they put out products for us on our platforms.  As a group, they are not interested in individual level data.  They're also organizing us in certain kinds of groups.  It's just that we don't know how the algorithm has defined us.

So as we start to think about data rights and, you know, what policy changes are required, I think that the idea of straddling some kind of group rights is definitely necessary.  There's a lot of work that has happened on group privacy.  There is a lot of work that has happened particularly in bioethics around ideas of data banks and biobanks because those are collective instruments and they need to be, but I think what we really need to think about is how do we codify this in existing laws.  You'll see it in the GDPR.  I can speak for the Indian context and several other legislations are looking at individual rights and they're looking at the idea that individuals will consent and that will be the end of that.

However, there are some legislations or at least legislative conversations that are coming up.  I know that in one of the alphabet soups, I think it's the DGA mentions data cooperatives in the context of India, there was an interesting government report that came out on non‑personal data which had a problematic definition which is all data that is not personal is non‑personal.  What they were trying to do is also think about community rights and to say that communities are ‑‑ can be both harmed and helped with the use of data and how do we define communities.

Unfortunately, while this island has very nice segregations, the human life is quite messy and we don't have segregations around where communities end, begin.  The individuals in this room are a community of individuals in this room, but then could also ‑‑ you know, all the tech that we have here impacts us in some way.  Voices are being recorded.  Faces are being recorded.  But we also occupy multiple different communities at the same time and so I as an individual might want to have a huge amount of control on the school community of my kid, which is ‑‑ because I am also a guardian for her data, whereas I may not want to be as involved in other kinds of data that I need.

In this context, different models of data stewardship become interesting because what we are trying to solve for is greater pulling of data rights and then the next step is thinking about what those institutional mechanisms that allow for pooling of data rights are and allow for a change of mind.  Today I want to be involved.  Tomorrow I don't want to be involved.

And there are some models that have been, you know, discussed over time.  Data trusts which we've looked at quite extensively.  I think that, you know, setting up of new institutions is potentially hard to do.  But I think the next set of questions is how do we think about existing institutions and I like cooperatives that can be made more resilient, that can be made more able to understand what these group dynamics are and how they can be actualized in the context of the digital economy.  I think policy is a little way off, because I think this is a complex question and what we know from policy documents so far is that everyone goes after the easiest least terrible thing to say and I think we need to in the last couple years before this conversation blows up is see what the substantiation of these group rights are and how we can ‑‑ how we can actualize them.

>> MELANIE GARSON: Thank you so much.  That was super interesting and you already gave us great insight into the current challenges that we see, that the reality poses to a system that maybe is not fit for the current developments and n data and how quickly it's produced and shared and repurposed eventually.

Moving on, you had already mentioned policy is a little bit off.  So I think this fits perfectly to the next speaker who joins us online.  His name is Thiago Moraes.  He will answer to a second policy question which is WCU.  Hi.  Good to see you.  I will ask you to address the second policy question, which is how different regulators could or should approach challenges related to data sharing.  And Thiago, we will be looking forward to hearing your opinion on these topics.

>> THIAGO MORAES: Can you hear me?  I'd like to thank the institute for this partnership on organizing this session.  Data sharing is definitely a very relevant topic more than ever considering all the developments that we have been having with not only in terms of technological innovation, but also this new transfer regulation that are coming over from different versions.

To answer this question, which of course is a very complex question and would take way more than six or seven minutes that I have, I decided to go with a specific use case that we had in Brazil regarding that the sharing in the context of golf tech.  I prepared a very small PowerPoint presentation.  Maybe you could share it in screen.  Is that possible?

>> MELANIE GARSON: It's shared.  I think it's not yet shared because we don't see it on the screen.

>> THIAGO MORAES: Can I share the one I have with me or the one that was sent to the organization?

>> MELANIE GARSON: We have the presentation here and we're trying to set it up now.  One moment, please.

>> THIAGO MORAES: If it would make it easier, I can try to share from my Zoom screen.  I don't know if that makes things easier or not.

>> MELANIE GARSON: I think you can definitely try.  I don't know if you have the correct rights.  Thank you so much.  You can see the presentation.

>> THIAGO MORAES: Well, that was the question that was asked for me to answer.  As I said, I cannot answer for all kind of regulators, but I can share a little bit of the, for instance, what we have as the authority, a case regarding golf tech in Brazil.  In the executive branch we have several ministries.  One of those ministries is currently engaged in innovation for the public sector.  So golf tech initiatives and so on.  And to support the idea of trading interopbecause that was the main idea of the project they were developing, this ministry, the ministry of innovation public sector, provide the rules in this decree that is mentioned here in this 2019, right?  And by the time it was published, it was still not yet enforced.  The Brazilian law, but as it came in for us it was very clear that there was a lot of inconsistencies with the decree of sharing rules that was required, which is very similar to the European model of the GPR.  Because of that, and several other issues that were related with this decree, because it provided, for example, for this database which supposedly was a huge database of all data collected from very different government platforms.  And for everyone who knows a little bit of that protection history, we know that many of the protection laws and authorities have asserted, due to the fact that having all the data of citizens data with just one single entity is very, very dangerous.  So this, of course, caused a lot of tension.  Some entities, private entities, required constitutional action at the Brazilian Supreme Court and this was a case that followed from 2020 until 2022.

It's important to say this only came in 2020 because that was also when the Brazilian protection law came into force, so it gave us a lot of room for getting the discussion up to the Supreme Court.  And the background case was about the sharing that was happening in this platform that was being created between our intelligence agency and the transportation agency.  And in the next light, I'll make it more clear, but just so you know, we had here several discussions that resulted in the man fes indication of a court that there was several obligations that needed to be changed in this decree because it was not fit the purpose of the specification of the Brazilian protection law and didn't provide for rules and was not transparent of how the share of operations were happening.

So because of all this that was missing, the Court decided that a new rule should be updated, so could attempt for all the requirements.  That's also the same time there was a committee that was supposed to manage all this data governance rules between this data sharing platform and one issue of the structure is because it was only composed by agents of the government.  It gave no room for civil society to pledge their interest.

So what happened is that with this new decree, this transfer of rules and also rules that were fit to the purpose, specification and principle came into force in 2022 and also there was a restructuring of this committee.  So this minister of committee, so before we only had members of the government.  They also added a layer for civil society participants to be a part of.  This committee is the one that is ‑‑ has a role of deciding which questions regarding the integrity, the quality, and consistency of all this data that was being collected was being ‑‑ how it would work, so all the data governance mechanism and also what ‑‑ which kind of data might be included in this database.  Basically they assumed the role of the data steward here, right?  As it was mentioned, this comfort of data stewardship is very relevant in this ecosystem of data sharing, and this committee was the one supposed to do this job.

By now we have also members of civil society.  It's still a bit uneven I would say, the composition, but at least now there is room, because the members of this civil society, they can represent the voice of several civil society organizations that exist in Brazil.  We even have a very strong coalition that you probably might see on other panels of IGF because there are several members of this civil society organizations at the IGF.  Because of that, they have voice to discuss and help supervising what is happening on the decisions regarding how this data is being shared.

The data protection authority, although it was not ‑‑ did not have an active role in all of that because we were still growing maturity in the background.  We assisted the ministry of innovation public sector to approve this new decree that I mentioned that came with all the new rules.  So we were helping them in the background to make all the rules more compatible with data protection law.

With that, we can see, of course, there is a lot of possibilities and opportunities that we can bring from this.  That's why it's something that we couldn't just prohibit.  That's why the Supreme Court decided it was not going to prohibit the data sharing, but making it happen in a compatible way with data protection principles and rules and as we can see here, just this G2G APIs that exist in the context of this platform has saved half a million dollars in this last year because of the business, how data is being shared and the economy, the savings that comes for having in interoperability running.  It's very important to attend to the principles of the organization, because this avoids that ‑‑ all the information is being shared with all the agencies.

So what we have right now in Brazil is different ministries, when they require certain information, we have this committee acting as a steward and they're going to see if this sharing is happening following all the principles that I just mentioned and guaranteeing that only the necessary information is being shared.

Of course, this is still a work in progress in the sense that there is still a need to check how the committee is doing its work, but it's interesting to see that the case was so relevant that it reached the Supreme Court and it came with the decision quite fast for what we used in Brazil, because of the relevance of this activities of data sharing for creating more efficiency to the public sector, but at the same time, of course, needing to respect all the data protection and fundamental rights.

That's it for my presentation.  I hope I didn't take that long.  But if you need me for the second round, I'll be here.

>> MELANIE GARSON: Thank you so much, Thiago.  That was super insightful.  It seems that you found actually an interesting and new way how to handle the data that is requested by the government from citizens, and this actually brings us already to the next policy question, the third one, which looks a bit more institutional models.  So innovation and we had already one, but there are many, many other ones, and the two next speakers will be explaining a bit more their research and their views on which new institutional models are best suited to support innovation around data while also at the same time ensuring the protection of fundamental rights such as privacy.  For that I will invite first Kevin from the Tony Blair institute to give us his insights.  And then I'll pass it on to Dr. Alison Grillwald who is joining us online.  First Kevin the floor is yours.

>> KEVIN ZANDERMANN: Thank you very much.  Can I share the presentation on Zoom?  It's disabled.  I would like to thank the institute.  We recall your last slide, the public services or in the context of the strategic state meaning to exactly avoid this kind of waste of time for my citizens when we have to constantly fill for them.  Brazilian citizens are quite lucky there.  You guys are clearly on the right track.  As a side note, I will reach out to you to kind of have ‑‑ okay?  All good?  A more in‑depth understanding of it.  I'm not able to share it.  Apologies.  Thank you for your patience.  Wonderful.

Can people see it?  No?  I'll try again.  Sorry.  One second.  Sorry.  So I'll speak in the meantime.  What we've been trying to do at the institute is to essentially make sense of the past 10 years in the governance space.  In the beginning, like, two elements became quite clear and I'm sure most people, you know, both in the onsite and online are aware, first of all of the goal of perforation and colorization laws and the passing of very important privacy legislation with GDPR gradually becoming the gold standard all over the world.  At the same time, we also quickly realized that was only one part of the governance story and that while this data colorization laws were being passed throughout the globe and very important privacy legislation was being passed, a series of grassroots initiatives such as the ones that Astha was describing or Jack unfortunately couldn't join, but a series of pioneering institutions began theorizing were also taking place.  And we're not necessarily especially around the early ‑‑ the early 2010.  We're not actually getting the right attention from the policymakers, but like throughout the last decade, we gradually got there.  There's been a sort of process of sedimentation where this grassroots initiatives gradually got more and more attention.  Since we near Japan, I think a very important milestone has been that the free flow trust initiative which was part of the G20 Summit in 2019 and was then repurposed for the G7 as part the process.

On one side, policymakers data protection authority and on the other pioneering leading thinkers such as Astha and Jack that have begun this kind of work, have begun to theorize and formalize, experiment with the notion of the institutions, and we mean by the institutions, data stewardship in the loosest sense that one can imagine.

As part of ‑‑ we then try to systematize in a map which you should be able to see.  It's not on the website yet.  So I guess we can just use it soon.  Can people see it like this?  I think we'll just do it like that.  Otherwise we'll waste too much time.  Anyway, we've been trying to ‑‑ we've been trying to systematize like this you see here.  We basically looked at all the data strategies throughout the global.  We've systematized the series of stakeholder engagements that we've had and we put them on the map.  The reason for that is that mapping in many ways helps visualize something like the data sphere that can be quite archaic.

We see here five different layers or lines.  The technology one, the regulatory one, data infrastructure one, physical one and institutional one.  Now, this is by no means exhaustive and it's, again, we have to simplify by economy of time, but what's being ‑‑ what's kind of come out very clearly is that the institutional component is the one that actually requires most of what ‑‑ most of the work.  Particularly in terms of conceptualizing what this data institutions can mean.  Like Astha was referring to, like data cooperatives, sometimes we've forgotten it as policymakers, there is a long tradition in the study of commons.  A nobel prize winner that has dedicated her whole life to the study of commons and the management, like, completely sort of demystifying the myth of the so‑called tragedy of the commons.  It is quite different in the data space because in many ways we are not dealing with finite resources, and that's why the sort of earlier narratives around equating data's oil have been profoundly damaging, because they have been obscuring, again, this grassroots initiative and have been obscuring a potential different model.

At the same time, as part of the sedimentation process, like Astha was talking about and was referring to gradually got to the policy level.  It did take quite some time.  I know some of my friends in Brussels in reference to the data governance sector you were referring to, I remember one time we did have a debate about whether the EU sort of had been ‑‑ had arrived there too early or too late.  I think it got there too late.  But I think the data governance sector is a very important step in terms of actually giving prominence to an alternative way of providing an institutional framework steward data.

The context that we're dealing with now is that the way data is produced is very different.  We can have far more agency.  Data is now produced, like, if we wearables, by adding wearables.  There is a huge part of the data ecosystem that is actually not ‑‑ doesn't necessarily have to go through large tech companies.  We do need institutional models that empower people and give agency to people to use that data for the aims that they deem suitable or that they deem closest to their sensitivity.  I don't want to go too much into detail about it, but you see here the main four elements that I think are really important.  The first one is the reuse of data held by public sector bodies which will be really important, especially for AI development being essentially, again, this covers a policy vacuum, because the open directive of the EU was covering ‑‑ was legislaturing author thoroughly about essentially known personal data.  But at the same time public authorities have a lot of personal protection data and which could not be reused.  With the government sector, we'll see how it goes.  It will be applicable from this month onward.  We'll see how that's going to go.

Then point two and three actually certifying data intermediaries, giving them the prominence that they haven't had in the past.  So in particular, I want to concentrate on data algorithm, which has been the result of a lot of advocacy work, particularly I can think of the European association of rare diseases, rare diseases is a classic textbook example where data sharing is proportionately valuable because it's very difficult to build a data set that's large enough for a disease for it to actually be significant and useful for research.  They have been at the forefront in terms of advocacy work for the EU to actually provide a mechanism that can empower, for example, people that suffer from rare disease to actually with their decent to being able to share the data for research purposes.

So the fact that we now have this institutional framework which, again, can be debated, we can debate how effective it's going to be, my ‑‑ the concern that I have in particular with data altruism is that it's so, particularly in Europe, it's so associated with contact tracing apps.  Like during COVID, there is a political element.  Obviously, those apps became extremely politicized, but also a psychological element because COVID in many ways has been such a psychological trauma for people and we're almost in denial about it where we don't want to talk about it.  My fear is that these emotions will affect quite a lot actually the ‑‑ like this framework for altruism, so I think we need quite a political campaign to promote the altruism given the broader context.

These are just a few thoughts about the work we've been doing.  We're very much open to engage with, again, grassroots initiatives, data protection authorities, think tanks, and I do invite the online audience to reach out, because it's very much a work in progress and thank you for your attention.  Now we'll move to Alison for the concluding remarks.

>> MELANIE GARSON: Thank you for the policies of what happens in Brussels and elsewhere.  And the way of visualizing the way data can be shared.  With that I'll hand it over to Alison.  You will be joining us also online and you are with the research ICT Africa.  The floor is yours.

>> ALISON GILLWALK: Thank you so much.  I suppose my answer will cut across all those three very interesting questions.  And not focus only on innovation.  Partially because a lot of the kind of lobbying around data extract and getting unprotected access to data has been around this experimentation and kind of the dominance that certain groups have, so I think issues of data sharing are really significantly about these asymmetrical power relations that we have between north and south, different countries, and of course within countries themselves.  So I think we're going to set up a policy framework and environment that allows for the benefits of shared data and as I said, in policy there are, you know, founded benefits of public data and the value of public data and working very interestingly about the Brazilian stewardship that's happened around public data.

I think speaking specifically from the African context, the first thing we have to do is just acknowledge the complete lack of access to data.  A lot of the frame works that are being used across ‑‑ we've been sort of cutting and pasting in many other parts of the world, assume that we have large numbers of people online, the majority of people online that there is universal access to services, to government services and data.  So I think the first important thing about data sharing is acknowledging that the asymmetrical power relations that go with that, if you're in a position to hold lots of data, you're in a much stronger position to negotiate how that's used or you don't have access to it at all which I will come back to in a moment.  I do think, you know, just referring to both what Astha has said and Thiago that the current regimes, which are important to ensure data protection and privacy of personal data need to be understood also in the context of broader data governance and that, you know, the current sort of negative regulation that we have basically the compliance regulation quite individualized notions of only first generation rights as said that need to be in, you know, in public good common rights that you might need in your data policy frameworks.

I'm referring specifically to the data justice frameworks we've been trying to do to develop on artificial intelligence but also that we carry through in the work that we supported that the technical assistance we've provided to the African union data policy framework which unlike GDPR or even some of the legislation that's coming out at the moment, but it tries to extend the regulatory concerns or the policy concerns simply from those first generation rights that concerns primarily with privacy to second and third generation rights, so actually ensuring the economic and even third generation environmental rights collectively enjoyed while those first very important privacy and first protection ‑‑ first generation rights are ensured.

This really goes to the important part of managing data within particularly an African context but I think globally too which is not only about ensuring the regress of the uneven distribution currently of harms from these data driven technologies but also the uneven distribution of opportunities, so basically we've got these E norm outly asymmetrical data flows, 80% of data flows outside the continent roughly apportion 20 in and within countries, large numbers of people simply offline.

So ensuring that there is an environment that can benefit Africans and citizens and also in terms of engaging internationally that we might have a bigger influence if we can get the kind of economies of scale and scope that you need for data within the African continental free trade area, there was a big ‑‑ in the context of the African union data policy framework, there is a big push for us to ensure interoperability at least on the content and this would allow us some sort of leverage in terms of international flows and international markets quite honestly.

So these are sort of important considerations that I think we're speaking a little bit about how at the moment it's kind of a governance framework is it's quite difficult to regulate.  It's obviously very difficult to enforce.  But the potential of Harmonization through the African continental free trade would provide the interoperability that would allow for the flows of data and of course specifically shared data that's currently Africa has very uneven access to and could really promote which we do very strongly within the African continental ‑‑ sorry, within the African union data policy framework the idea of a greater interoperability, a single market, and the use of the data for development.  And very strongly the idea of, of course, unleashing data for commercial value creation, but very importantly also for public value creation.  A lot of the data that does exist in Africa is bound in public ‑‑ you know, in public entities and firstly digitizing that, a lot of that is not digitalized in Africa and that is a problem, but allowing the data to flow for public value creation is quite an important aspect of this.

So there are aspects of open data requirements, for example, within a protected environment in the framework that are proposed and also the acknowledgement that we also need to access the public data that is available in help by private companies.  In this regard in terms of data sharing we also have another project through the action coalition on transparency GNI which is also trying get equitable access to the kind of requirements that the digital services makes of a big tech companies for European researchers and I think the importance of extending these kinds of rights is critical to not perpetuating the fact to access resources, to access knowledge systems, African researchers and intellectuals have to work through European or northern hemisphere researchers with access to data, even the informal systems set up by Google for accessing data is set up through Michigan University with a number of accredited people throughout the world, very few in African.  Two in Ghana and three or four in south Africa to get that kind of access.

So at the moment, the calls for kind of just opening up data out of kind of very unregulated environments, just allowing the free flow of data in our view would very much perpetuate the status quo and would allow those with dominant positions in markets and research institutions and various things to gain that access whereas others may not.

These are various mechanisms, these are various institutional arrangements, these are various regulatory interventions that we believe are necessary not to just ‑‑ not to have a sort of compliant safeguard regime, but it actually would ensure not only safe outcomes, but actually just outcomes.  And I think that's a really important part of looking at this.  That of course these alternative data stewardship models are very important because of the big kind of informed consent models aren't working, but we're not going to solve the scale of the problems with microsolutions for different kinds of communities.  We really do need strong regulation of these digital public goods and global gov and cooperation in ensuring enforcement of the big tech companies that are holding a lot of this data, ensuring that we've got enabling environments in our regional jurisdictions or in our countries to safeguard citizens opportunities, but also to create local opportunities through entrepreneurial access to public data, through the better use of public data by governments, more effectively servicing their citizens, and enabling us to create viable data economies and data markets by having a not only a safe and secure data economy, but also having ones that are more just.

>> MELANIE GARSON: Thank you so much.  That was super insightful and also I think has taught us a lot about how data, open data and data access is actually quite still equal around the world.  If you say the EU has a wonderful framework in place, but everyone has a completely different ecosystem and also conditions that need to be respected when people or governments think about how they can enable or increase access to data sharing.

Okay.  That brings us to the end of the speakers presentations.  We have three minutes left for questions.  So I will also check online if we have any questions at all from the online audience?  I will also ask the online moderator to flag if there are any questions regarding these and if not I will also look around the room and see if there are any questions that people would like to ask?  Yes, the microphone, please.

>> So my question is just kind of.

>> MELANIE GARSON: Can you introduce yourself.

>> I'm Pete Furlong.  I'm a colleague of Kevin at the Tony Blair institute.  My question is kind of there is a lot of focus on the mechanisms and frameworks and policies that need to be in place to support effective data sharing, but I think something that, like, maybe often missed is kind of the enforcement capacity that's needed to support that.  I look to the U.S. is maybe a good example of kind of a place where we've struggled with that.  You know, we do actually have some data protection laws in the U.S., especially when it comes to things like medical data.  How well enforced those things are may be in question.  So I think maybe just a question for the panelists in terms of how they think about the importance of enforcement and kind of what that should look like.

>> MELANIE GARSON: Thank you.  I don't see at the moment any other questions from the online audience.  I would hand this back to the speakers, both in the room and also online.  I don't know if there is anyone online that would like to quickly intervene.  If not, maybe we can go first and see if there is someone online.

>> ASTHA KAPOOR: This is a conversation I was having outside yesterday as well.  I think what we're realizing is that so many laws are being developed and such a break neck speed that we haven't really thought about implementation.  I think to your point of did it come too soon or too late is likely also too late.  What we've been also thinking about adopting is how do we build processes of consultation early on in the development of the laws so that there's increased buy‑in so that you can understand what the implementation opportunities are.  We've learned from GDPR that implementation is a real nightmare.  The companies that have the big lawyers can work around it, but the ones that don't actually have to leave the EU, so I think that what we've seen, and this is an example from India, is that our telecom regulating authority was built on the back of private sector demand and incredible amounts of consultation.  What ended up happening is that all of these values are then coded into the institution itself that has been set up for success in some ways, so because the private sector was brought in, civil society was brought in, because people understood how they needed to work together through the process of building out, and I've become a big promoter of building institutions through these long processes but what it helps do then and we've done this analysis across different regulating authority system that it makes implementation and enforcement much easier because of that multistakeholderrism from the very beginning.

>> KEVIN ZANDERMANN: Considering we have an actual regulator, Thiago, you would like to answer about enforcement?

>> THIAGO MORAES: Sure.  Although I am not part of the enforcement team, I know a lot about the work.  What I can tell is that first of all, before even enforcement comes, it's very important to have this sharing of knowledge, right?  Besides the data sharing, sharing how data regulates, data protection regulation that the governance regulation in general work.  I think it's very important first step and we can give our case as an example because in Brazil before the LGBD not many people have heard, and I would dare to say that even today there's still not as many as we would like that are aware about what are data subject rights, what are data principles, et cetera.

So sharing this with the regulating, with the citizens, data subjects, et cetera, is very important.  So people can be in part about their rights and the data control processors are aware of the regulations and how they should comply.  After this happens, the work for enforcement, it gets way more easier, because after this knowledge is shared about how rules on that protection works, we have more easiness to guarantee compliance, for example, for notification ‑‑ for coming ‑‑ receiving initiatives like privacy compliance, so just like the example I was giving, there was a huge difference after it was created for this golf tech experience, because even though we are not part of the committee that I mentioned, we have worked in the background.  This explains why we are not part of the committee, because the committee are data controllers, because they're the stewards in this case.  We could not be part of that committee, right?  We were working the background.  And sharing information.  So instead of trying to enforce sanctions or any kind of more traditional role of regulator, adopting this approach of sharing knowledge first was a way of making things ‑‑ steering things to the right way, I'll say like that.  That's the experience that we have been having here in our authority.  So far we only had two sanctions.  One was just enforced last week, and since it was for a public body and it was not a very grave case, it was just like ‑‑ I forgot how to say ‑‑ a warning.  It was a warning.  Because it was a way of calling attention and it's a first step because if the ‑‑ what the public body was doing was not corrected, then of course we can suspend the data sharing, the activities, the data processing they were doing.

>> MELANIE GARSON: Thank you.  Thank you for your insight.  Two very good points already on the point of enforcement.  I don't know if anyone else would like to add anything?

>> ALISON GILLWALK: If I could on the enforcement issue, I think it's a very important question and I was raising it as a challenge for us currently in the broader data governance environment that we're in.  I think as Thiago points out, many of us have some of the data protection regulation enforcement which can happen at the national level under control.  What we don't have is this broader data governance issue.  For example, we have a very strong data protection and information regulation in south Africa also responsible for access to information which is a very nice balance to have in terms of balancing rights who's acted strongly against what's happened, various groups.  I think a strong informed democratically institutionalized protected data can operate effectively.

I think what we're really struggling with is the broader concept of data governance was speaking about before in terms of who actually creates the ‑‑ who's actually going to be doing some of the economic regulations.  There's some obvious competition regulation that happens within the competition authority and some underlying issues in various other regulators.  But actually combining that in terms of creating, you know, an enabling environment for local innovation, creating an environment for access to public data, for entrepreneurs, et cetera, I think these big economic justice issues or economic regulation issues are far more challenging.

Then of course I think the biggest challenge is actually the international regulation and getting that big data that we all want from, you know, from the big operators.  As I said, I think the only way we can address this is through global governance and global cooperation around equitable access to the data, not the preferential' decision being made by the tech companies themselves of who gets ‑‑ who they share their data with.  So I think that's really the challenge for us is that cooperation.

Perhaps just to add one other thing, trying to build multistakeholder public participatory processes for these, which I think Brazil, India, South Africa have been part of, firstly, don't translate it certainly across the African continent based on absence of civil society participation in many of the public processes and it's not required in terms of administrative law justice in many of those countries so it's very, very absent.  I think I would agree it was implicit in what you were saying.  While it's opened up these institutions that were theoretically autonomous anyway and to get multistakeholder participation and then in fact the private sector that telecom companies have been so powerful as the tech companies have been in these public processes that very often their interests are the outcomes that we see in these processes.  So really trying to enforce public participation and resource researchers in order to access that information that can inform these processes.  You have multiple views on this that are enjoyed in many of the economies around these public processes would be an important part of the sharing in the first place?

>> MELANIE GARSON: That would have been one of my questions but we're eight minutes over time.  That says we had a very good discussion and very insightful points that we were able to exchange today.  I would like to thank everyone, especially again to Tony Blair institute for hosting us and to all the speakers both onsite and online for joining us.  As I shared, we have shared a lot of resources.  Please do access them and do get in touch with all the speakers if you would like to discuss this topic further.  And for those present, and for those online, see you the next time.  Thank you so much and have a wonderful evening/day.  Bye.