How Can Multilateral Organizations Strengthen Global Data Governance Practices? Roundtable Summary

Cross-border data flows are governed through a patchwork of complex, overlapping arrangements and trade agreements. The absence of a more systematic approach to data governance at the global level may make it harder for low- and middle-income countries to participate in the global digital economy and develop their own frameworks for governing the use of data in a responsible manner. It also leaves them with limited leverage in negotiations with both Big Tech companies and wealthier jurisdictions.

This meeting is the third in a series of private roundtables convened by the Center for Global Development aimed at exploring the relationship between data governance and economic development. The first event examined whether current approaches to data protection and privacy are a good fit for resource-constrained countries. The second explored whether evolving digital trade rules support or hinder economic development. This third roundtable explored the role and limitations of multilaterals in promoting better data governance.

This document summarizes key takeaways from the meeting, including the remarks of four keynote speakers and themes raised in a discussion among 30 experts, who are listed in the appendix. The roundtable was moderated by Pam Dixon, founder and executive director of the World Privacy Forum, and co-chair of the working group for CGD’s Governing Data for Development project.

Key takeaways

Through the course of the roundtable, a handful of key themes emerged from the dialogue. These themes are summarized below.

• Promoting better data governance is now a top priority for multilateral organizations, as the risks of data misuse are high both in terms of the damage that could be done to communities they work with and reputationally to the organizations themselves.

• Multilaterals have a unique and important role to play in improving data governance, including:

• Gathering more and better “data about data”

• Funding initiatives to support greater transparency and accountability

• Countering the data localization trend and resolving differences between global and regional cross-border data-sharing initiatives

• Steering attention away from the newest and most exciting innovations towards the long-term investments needed to maintain strong national statistical systems

• Supporting governments in creating the conditions needed to foster community-led data collection and use initiatives.

• Multilateral organizations also face limitations when engaging on data policy due to their structure and role, noting that they are inherently top-down, slow to adapt, and struggle to address problems that stem from unequal power dynamics and historical inequities.

Keynote remarks

The roundtable opened with three keynote presentations. The following are summaries of the remarks made by Steve MacFeely (director of data and analytics, World Health Organization), Dr. Mahlet Zimeta (head of public policy, Open Data Institute), Njuguna Ndung’u (executive director, African Economic Research Consortium), and David Satola (lead counsel, Technology & Innovation, The World Bank).

Summary of remarks by Steve MacFeely, World Health Organization

The rapid increase in the amount of data that the world produces is matched by rapidly inflating expectations about what can be done with that data. At WHO, we have concerns about how to manage those expectations. We will be innovative but are committed to doing so in a way that does not breach the UN fundamental principles of official statistics.

WHO’s approach to data is undergoing a transformative process. Led by our executive board, we are assessing the fragmenting nature of data ecosystems and seeking to address the lack of an agreed understanding of what policies need to be in place to support the sharing of health data between different parts of WHO, between WHO and collaborating partners, and with universities to support research. This exercise is addressing questions like: What exactly do we mean by “data” and what do we mean by “sharing”? Under what conditions can data be shared? Who can we share data with? How should we share it?

Last year, WHO adopted five data principles:

1. WHO shall treat data as a public good. This principle may not sound revolutionary, but it’s very important because of the tensions that arise from contrasting formulations of data as a public good and data as a proprietary good.

2. WHO shall uphold Member States’ trust in data. Most of the data WHO receives is provided by Member States. Though we are increasingly looking at other types of data, we remain a Member State-driven organization.

3. WHO shall support Member States’ data and health information systems capacity. In addition to developing our own systems, WHO will help countries develop and strengthen their own information systems in parallel.

4. WHO shall be a responsible data manager and steward. It is essential for WHO to be considered a trusted repository.

5. WHO shall strive to fill public health data gaps. This is where some tension comes in because there is a large gap between the data available to WHO and expectations regarding what can be done with and to data.

To build on these principles, WHO convened two health data governance summits over the last year to explore appropriate models for multilateral organizations seeking to govern data in today’s complex and fragmented data world.

In addition to my role at WHO, I am also currently the chair of the Committee of the Chief Statisticians of the United Nations. This group has become increasingly interested in and concerned about how data should be governed at both the global and national levels. Recently, the World Bank and UNCTAD have published reports that touch on these issues. The UNCTAD 2021 Digital Economy report note that the WTO is beginning to regulate data. In this sense, organizations that focus on the economic aspects of data have taken a lead. But it is important to consider data governance from a broader societal perspective, as well. Over the last year, the chief statisticians have published a series of blogs and a chapter in the World Bank’s World Development Report 2021.

To this end, the United Nations Chief Executives Board for Coordination have asked the chief statisticians group to develop a proposal for a UN Global Data Compact, based on the concepts put forward in the blogs.

Summary of remarks by Dr. Mahlet Zimeta, Open Data Institute

I will offer a counter perspective by focusing on the limits that multilateral organizations face in supporting better data governance in the countries they work with due to their structure and their role in the ecosystem .

First, we are talking about data governance for development, but development does not happen in a vacuum separate from history and politics. Multilaterals struggle to address problems that stem from unequal power dynamics and historical inequities because doing so risks alienating the vested interests whose support they need to be effective. However, if they do not speak to these historical or political drivers, they risk not being trusted by those most disadvantaged by the status quo. A recent example of this tension can be found in the global response to the pandemic, which exposed gaps in international cooperation and brought to the surface some of the reasons for those gaps.

Second, multilaterals, by their very nature, are top-down rather than bottom-up and rely on processes and frameworks that suit hierarchy. This is often for good reason because these structures support a certain kind of accountability, oversight, transparency, and rigor, which are foundational for the trust that countries and people have in multilaterals. But in the field of data governance, the future may lie in bottom-up data governance approaches. For example, data gaps tend to exist in communities that are be hard for governments and other established authorities to reach because of the history of how hierarchy has been created and used against them. Those communities may need a bottom-up data governance approach that support local data collection and stewardship.

Third, and relatedly, it can be difficult for multilaterals to adapt quickly or to take actions that are not based on crossing a certain threshold of evidence. But data policy is a field where the evidence base can be small, and developments can be rapid. Consequently, you do not always have the evidence you need to justify large-scale or long-term interventions. Equally paradoxically, however, the way to generate relevant evidence is to act quickly to make an intervention, or be prepared to act quickly in mitigation, but that is not how multilaterals work. As such, it is challenging for them to act effectively in the space while retaining the trust of their stakeholders.

When we talk about data governance, we are talking about trust. Trust in the provenance of data and trust in how that data is going to be used. At the ODI, our research has shown that the conditions that give rise to trust are not static. They are dynamic, contextual, and relational depending on the stakeholders, the use case, and on what else is happening around the use case. Maybe the question for multilaterals should not be “what law or framework should we have or promote?”; but rather, “how can we work with different mechanisms of trust, and with mechanisms of trust that can be agile?”

Summary of remarks by David Satola, World Bank

Data is not a monolith. It is multi-dimensional, dynamic, and highly contextual. There are different types of data transactions and various data actors. Occasionally, what begins as a particular type of data might transform into a different type of data. As such, data categorization is a difficult but important task.

Trust in data protection, data actors, and data transactions is key, especially when we discuss using data to support development. In the 2021 World Development Report (WDR), the World Bank makes the case for a new social contract for data use. The social contract for data needed today is different than it was 20-25 years ago when the OECD released their groundbreaking Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Trying to address the legal issues around this fast-moving, dynamic problem that data represents is a challenge. In Chapter Six of the WDR, we put forward a basic construct that, regardless of the type of data, there are enablers that facilitate the use and reuse of that data. Additionally, there are safeguards—provisions that help generate trust in the data process and the data actors.

The WDR argues that personal data should primarily be governed by a rights-based framework that sets out who has the rights and obligations to use and reuse that data. Concerning non-personal data, we posit that the balance between safeguards and enablers can be looked at through an economic balance-of-interests approach. It becomes challenging, however, when these certain types of data morph into other types of data.

In Chapter Eight, we explore the concept of multi-stakeholder governance of the data economy. Since World Bank borrowers are developing countries, we recognize that one size does not fit all. However, there are fundamental principles that need to be respected in any case. Rather than imposing a legal framework in a country or transposing a legal framework from one environment to another, we need to pay attention to the government's policy objectives. Once the policy debate has been conducted, the law can be looked at as a way to ensure the creation of institutions, regulations, and remediation processes.

Beyond having a legal framework in place, it is also critical to direct enough resources to support the institutions and processes established to protect data rights and encourage the use of data. Without adequate resources, all our other efforts to strengthen data governance will ring a bit hollow.

Summary of remarks by Njuguna Ndung’u, African Economic Research Consortium

In the era of big data, data governance is increasingly vital. However, big data poses significant challenges for national governments, especially in Africa. There are four elements of this challenge:

1. Availability. Governments often have limited access to valuable data created within their own jurisdiction, resulting in market imperfections and distortions because they are unable to harness the benefits of the data.

2. Usability. The COVID-19 pandemic has highlighted the deep digital divide between low- and high-income countries in the ability to create and use data and digital tools. Countries that have lower internet penetration and broadband capacity were less able to depend on internet-based services to survive lockdowns and made it hard for governments to draw insights from data to guide their policy response.

3. Integrity. Our research revealed that many African citizens perceive official statistics on the continent as being low quality, inaccurate, untimely, incomplete, inconsistent, and inaccessible. This has implications for the quality of policy analysis and confidence in data-based forecasts. African governments need to build a stronger foundation.

4. Security. Governments need to address the privacy and national security risks that society’s greater reliance creates, in part because data flows so easily across borders. In the African context, there is a high risk of personal information leakage and privacy infringement due to a lack of laws and enforcement power capable of protecting data from unauthorized access.

To address these challenges, we need an evidence-based and data-driven understanding of the landscape to create effective and innovative solutions. The AERC is currently undertaking a scoping research project funded by the Hewlett Foundation that examines how Africa’s data policy and governance have evolved and should evolve. As part of the project, we have brought in multiple experts to offer their insights into different facets of data governance including (1) statisticians to examine the data value chain from production and collection to the consumption of data; (2) data technologists to identify gaps where governments are failing to keep up with rapidly evolving technologies; (3) economists to explore the use and value created by data; and (4) lawyers to identify where regulatory reforms may be needed.

What we have found so far reveals that most African countries are in early stages of addressing data protection, data governance, and other data policy issues, and are at risk of falling further behind countries in other regions. After all, it was only in 2014 where the African Union established a legal framework for cybersecurity and personal data protection on the continent called the Malabo Convention. At present, only 14 out of 55 countries have signed the Convention.

Our work is part of a broader global movement to understand how governments can best approach comprehensive data policy and data governance. Africa has a long way to go, and AERC cannot bridge the gap alone. Multilateral organizations play a critical role in helping to address some of the binding constraints that these countries face in establishing better data governance.

Roundtable discussion

The keynote remarks were followed by a moderated discussion focused on issues raised by the opening speakers. The following are key themes that emerged from the discussion.

Multilateral organizations have a unique and important role to play

Roundtable participants agreed that multilaterals have a critical role to play in promoting better data governance at global, regional, and national levels. Discussion focused on the following four ways multilaterals can fulfil this role:

Gathering more and better “data about data”

Debates over how to improve public sector use of data are hampered by a lack of evidence. As several participants noted, the limited amount of “data on data use” hinders efforts to better understand which policies and approaches work and which need reform. New metrics are needed to better understand the relationship between data governance policies and economic outcomes, including on how well or poorly governance and protection measures are implemented, the effect of these measures on protection and investment outcomes, and the value created by key data ecosystems, cross-border data flows and data-driven innovation more broadly.

Multilaterals are well-positioned to deploy resources and expertise to support the design and collection of metrics that build an evidence base on data use practices by both the public and private sectors and are comparable across countries. Participants discussed several early efforts to measure the value of data and data use in a cross-country manner, including UNCTAD’s 2021 Digital Economy Report and the Global Data Barometer.

Funding initiatives to support greater transparency and accountability

Participants emphasized the difficulties that data protection authorities (DPAs) face, particularly in lower income countries where they often lack the resources needed to effectively enforce data protection laws and, in some cases, operate without institutional autonomy from the executive branch or other ministries. Participants discussed findings from a recent Open Government Partnership report on the evolution of data protection in 14 African countries, which highlighted how a lack of adequate resources and institutional autonomy made it difficult for several DPAs to function, undermining transparency and accountability in government use of data.

Multilaterals can support effective, accountable, and transparent data governance systems by working to strengthen DPAs in their member countries through funding support, information sharing, and technical assistance.

Countering the data localization trend

Several participants noted the tension between the desire expressed by many governments to strengthen their domestic economies by tapping into the value of the global digital economy and the growing number of governments who have embedded measures that restrict the cross-border flow of data in their data protection frameworks. While policymakers often justify such measures on the grounds of strengthening law enforcement and national security, most participants believed that they are usually enacted to facilitate data surveillance and hinder foreign competition — often at great cost to domestic companies that rely on foreign cloud-based services that are cheaper and more secure than domestic alternatives.

There was broad consensus on the need for a global (or nearly global) approach to governing data and data flows to prevent further fragmentation, but disagreement on the best way forward, including a lively debate on whether initiatives to establish standards for cross-border data flows at a regional level would promote or hinder greater global cooperation. While most participants believed that regional initiatives to improve harmonization of data rules and interoperability of data systems were necessary, others worried that they could lead to regional blocs with different standards that would effectively wall in data at a regional level.

One participant specifically expressed concerns about the possibility of the African Union (AU) developing a regional data-sharing framework that could create standards that conflict with the de facto global standards inspired by the European Union’s General Data Protection Regulation (GDPR). This point was challenged by another participant who noted that, although the EU broke new ground with the GDPR, governments in Africa (and other regions) should have the freedom to develop approaches that meet their own needs. Another participant welcomed the AU initiative, arguing that there is a tremendous opportunity for the continent to be a laboratory of fresh thinking on data sharing across borders.

Given their global role, multilaterals are well-positioned to help resolve differences across regional and global data policy initiatives with the aim of creating a common set of standards to govern cross-border data flows.

Rethinking approaches to global data governance

There was an open-ended discussion on the role multilaterals can play in facilitating new approaches to data governance at both the national and global levels. Below are some of the themes discussed.

Building trust through better stewardship

Staff from several multilateral organizations noted that promoting better data governance is now a top priority for their organizations, as the risks of data misuse are high both in terms of the damage that could be done to the communities they work with and reputationally to the organizations themselves. Much of the conversation focused on need for multilateral organizations to set an example by using data transparently and accountably.

Several participants noted the importance of shifting the dialogue on using data for development from a stance that emphasizes “protecting” and “guarding” data to one that focuses on “stewarding”— a reframing that shifts the emphasis away from restricting or controlling access to data towards considerations of how data can be used responsibly to yield better outcomes.

Fostering an experimental mindset

Participants agreed that governing data policies at the global level will require new institutions and new mechanisms that have little precedent because of data’s multidimensional nature, noting that data policies impinge on economic, national security, privacy, and human rights concerns. For that reason, policymakers should adopt an experimental mindset. One participant argued that the development sector should seek to mimic the ethos of technology companies of not shying away from failure and seek to create the conditions needed to support community-led experimentation. Another highlighted that the shift towards a more open and experimental approach is already taking place in some national statistical offices that are, for example, exploring how they might use citizen-generated data as an input to national statistics.

Several participants emphasized that the multidimensional nature of data calls for a collaborative approach to governance — like the multi-stakeholder approach used to govern the internet — that includes not only state actors but also civil society and the private sector. Others noted difficulty of conducting truly multistakeholder dialogues at the global level.

Taking the long view

Creating a robust health information system or national statistical system takes years of investment and resources. But policymakers and donors alike often lose sight of the importance of strengthening national statistical systems as their attention gets drawn towards financing the newest and most exciting data innovations. Against this backdrop, the private sector is producing data at an ever-accelerating rate, which leaves governments increasingly reliant on actors operating outside national statistical systems to provide the information needed to guide policy decisions (this includes government use of data collected by Big Tech companies and mobile network operators to guide their policy responses to the COVID-19 pandemic). Several participants argued that multilaterals should help steer attention and resources back towards the longer-term investments needed to create and maintain strong national statistical systems.

Next steps

This event was the third and final in a series of private roundtables hosted by the Center for Global Development to explore the relationship between data governance and economic development. The insights shared in the roundtable discussions were used to inform CGD’s Governing Data for Development Working Group and a final paper that offers suggestions for policymakers seeking to regulate data use while keeping up with rapidly evolving digital practices and recommendations for how the international development community and high-income countries can promote a more inclusive and level playing field.

Roundtable participants

Adedeji Adeniran, Centre for the Study of the Economies of Africa

Adele Moukheibir Barzelay, The World Bank

Aretha Mare, Smart Africa

Arndt Husar, Asian Development Bank

Arturo Muente-Kunigami, Inter-American Development Bank

Bitange Ndemo, University of Nairobi

Burcu Kilic, Public Citizen

David Medine, Consultant (Formerly CGAP)

Deon Woods Bell, Gates Foundation

Dianah Ngui Muchai, African Economic Research Consortium

Emily Jones, University of Oxford

Fabrizio Scrollini, Open Data Latin American Initiative

Henry Gao, Singapore Management University

Irũngũ Houghton, Amnesty Kenya

Isaac Rutenberg, The Centre for Intellectual Property and Information Technology Law

Martina Barbero, Global Partnership for Sustainable Development Data

Melissa Omino, The Centre for Intellectual Property and Information Technology Law

Olasupo Oyedepo, African Alliance of Digital Health Networks

Pilar Fajarnes Garces, United Nations Conference on Trade and Development

Rachel Sibande, UN DIAL

Rohan Samarajiva, LirneAsia

Rutendo Tavengerwei, University of Oxford

Sone Osakwe, Centre for the Study of the Economies of Africa

Suyash Rai, Carnegie India

Théophile Azomahou, African Economic Research Consortium