The COVID-19 pandemic has thrust digital issues into the spotlight by highlighting the importance of government access to accurate and timely information for public health surveillance and accelerating the shift towards a digital-first approach in many countries, due to the need to provide services at a distance. It has also brought to the forefront difficult questions about the limits that should be placed on governments and companies that seek to use potentially sensitive data to monitor the spread of disease and target public health efforts.
In doing so, the pandemic has held up a mirror to a world in which countries and communities are advancing unevenly on a path of digitalization while grappling with fundamental questions about how much governments and businesses should know—or be able to predict—about their citizens and customers.
Although countries are digitalizing at different speeds, the trend towards greater reliance on digital tools and data is unidirectional. In many countries, national governments are the primary catalyst of this transformation through their increasing use of digital systems (including mobile applications, digital payments, and digital ID) to deliver services and provide social support.
At the same time, there is growing interest among government officials to draw insights from data that are more granular and produced at a higher frequency than traditional official statistics, including data collected by the private sector. For example, governments have used aggregated mobile location data provided by telecommunications companies for a variety of purposes during the pandemic, including identifying potential “hot spots” for transmission, assessing compliance with social distancing requirements, and modelling disease spread. While using this data can help governments fill knowledge gaps, it also raises novel ethical, legal, commercial, and regulatory concerns for policymakers to contend with.
Thinking critically about the role of data governance with a new working group
At CGD, we launched a project, Governing Data for Development, that aims to better understand how governments can use new data types and ecosystems to support evidence-based policymaking while protecting citizens from harm, with a focus on approaches that meet the needs and priorities of low- and lower-middle income countries. The project will draw insights from a broad range of data policy experts and create opportunities for sharing knowledge across different communities of practice—including the “data for development” and the data protection and privacy communities, which have not yet engaged with each other in a sustained manner. A working group composed of experts from government, civil society, development organizations, and the data privacy community will guide these efforts.
To lay the groundwork for the project, we conducted interviews from May to September 2020 with over 40 data policy experts to gather their views. Today, we are publishing the result of that scoping exercise in a paper titled “Governing Data for Development: Trends, Opportunities, and Challenges” that synthesizes the views shared with us into key themes and explores questions that a policy and research agenda aimed at supporting effective and responsible government data use should consider.
Why data governance matters for development
To fully reap the benefits that digital tools and data integration offer, governments must create and maintain trust by embedding accountability and transparency into public data systems and by creating clear and enforceable rules to protect citizens’ rights that fit the technological, legal, and cultural context of their country. Doing this well requires a new set of skills, roles, and institutions and the resources necessary to support these efforts, as well as the flexibility to respond to the rapidly changing nature of digital technology.
This task is demanding for all countries, particularly those where resources are more limited and technical expertise is scarcer. A 2014 paper by CGD and the African Population and Health Research Center (“Delivering on the Data Revolution in Sub-Saharan Africa”) found that many sub-Saharan African countries lacked foundational “data building blocks” and often did not collect “data that are intrinsically important to the calculation of almost any major economic or social welfare indicators,” including “data on births and deaths; growth and poverty; taxes and trade; sickness, schooling, and safety; and land and the environment.” More recent work by the World Bank and OECD suggests that public data systems in other regions also rest on weak foundations and that progress to strengthen them has been slow and uneven over the last ten years.
While the need to use data responsibly has been part of the “data for development” conversation since at least the early 2010s, most development organizations have focused more on supporting the use of data and digital tools than they have on working with governments to develop frameworks for governing the use of data. This is changing, however, in line with a broader shift in societal views about privacy and the risks of data misuse, including mounting concerns about the global expansion of AI and machine learning surveillance and awareness of how predictive analytics can lead to discrimination through poor or purposeful design.
Recent signs of this shift in the development community include:
The World Bank’s decision to dedicate several chapters of its upcoming World Development Report (“Data for Better Lives”) to data governance issues and the commitment made in 2019 by the World Bank’s International Development Association (IDA) to support a new initiative on “Data for Policy” aimed at supporting the development of national statistical systems.
The United Nations Development Group’s issuance of guidance on data privacy, data protection, and data ethics for using big data to achieve the 2030 Agenda for Sustainable Development.
The African Union and the Internet Society’s launch of the 2018 “Personal Data Protection Guidelines for Africa” to facilitate implementation of the Union’s Convention on Cyber Security and Personal Data Protection established in 2014.
Going forward, development organizations and multilateral institutions will likely play an increasingly important role in determining how their member countries design and implement rules related to data governance. For example, the World Bank is reportedly developing a set of minimum data privacy standards that it will require countries to adopt or maintain before funding digital- and data-related projects.
Assessing data governance through a development lens
The concept of data governance has existed since the 1960s when companies began to adopt data processing systems. It’s generally used to describe the practices and frameworks private corporations use to manage data as an asset. Recently, however, the term has been extended to refer to the laws and policies governments enact to govern the use of data in society. While most data governance activities are highly technical, they have become politically salient because they collectively determine how organizations use and share data, including potentially sensitive data. For that reason, most public debate on data governance has centered on data privacy.
Over the last decade, the adoption of data privacy and protection laws has accelerated dramatically, catalyzed by growing concerns about surveillance and the passage of the European Union’s General Data Protection Regulation (GDPR), which became enforceable in 2018 and now stands as the benchmark for all national data privacy frameworks. Since 2010, 64 countries—most of which are classified as low- or lower-middle income—have enacted new data privacy laws, bringing the total number of jurisdictions with such laws up to 144. But even in countries with well-established data privacy regimes, the gap between having laws on the books and implementing them effectively remains vast.
Poorly designed and implemented data laws can hinder effective data use in both the public and private sector by undermining trust and contributing to regulatory uncertainty. Addressing these barriers will become more critical as economies accelerate their shift to digital.
Figure 1. Recent adoption of data privacy laws driven by low- and lower-middle income countries
Note: Data from Greenleaf’s Global Tables of Data Privacy Laws and Bills (6th Ed January 2019) and Greenleaf and Cottier’s 2020 Ends a Decade of 62 New Data Privacy Laws. Additional research conducted by World Privacy Forum (2020).
Figure 1 was updated after publication to add countries that have pending legislation and to remove countries that passed laws before 2010, due to some ambiguities in the data.
Over the next year, the Governing Data for Development Project will examine the approaches governments are taking (and can take) to increase transparency, accountability, and trust in public data use and how those approaches might affect their ability to meet broader socioeconomic goals. As part of this exercise, we will review emerging best practices among low- and lower-middle income countries to tailor global standards on data protection and privacy to their own needs and priorities. Finally, we will bring together experts from the development and data privacy communities to work towards a shared understanding of the reforms, institutions, and resources needed to support better data governance, with a focus on ensuring that policymakers, experts, and civil society advocates from countries outside of the G-20 have a voice in global debates on the topic.
Stay tuned for more insights from this project as we kick off a series of blogs from working group members and outside experts, online events, and a final report that draws together our findings over the coming months.
Pam Dixon is the Founder and Executive Director of the World Privacy Forum. Benno Ndulu is a Professor of Development Economics at University of Dar-es-Salaam and was formerly the Governor of the Central Bank of Tanzania.
CGD blog posts reflect the views of the authors, drawing on prior research and experience in their areas of expertise. CGD is a nonpartisan, independent organization and does not take institutional positions.