Tim participated on the panel for a webinar titled “Data, Human Groups, and Norms: An Exchange on International Law and the Datasphere” for the International Law & Technology interest group of the American Society of International Law.
The session included inputs on the Datasphere Initiative, and it’s founding publication, We Need to Talk About Data, from Bertrand de La Chapelle of the Internet & Jurisdiction Policy Network; updates on the Africa Dialogue processes being carried out by Datapshere Initiative from Tracy Sinkamba Faustin; and insights into developments in EU including the Data Governance Act and Data Act from Francesco Vogelezang of Open Future Foundation.
A couple of themes I took particular notes on:
Betrand outlined the current polarisation of policy debates around data, with tensions between promoting free flow of all kinds of data (including so-called non-personal data), and arguments for data localisation to ensure existing laws are not undermined as data becomes disconnected from the jurisdictions where the impacts of its collection, use or exploitation are felt.
The introduction of the concept of ‘The Datasphere’ (drawing on the analogy of the atmosphere or lithosphere: connected and complex systems that cross jurisdictional boundaries) aims to provide narratives that support responsibly unlocking the value of data and securing more equitable distribution of value. In calling attention to the interaction between data, human groups and norms, it suggests a need to move beyond traditional tools of regulation, and to develop more agile frameworks with greater participation of different actors.
There’s a strong connection to be made between agile regulation, and public participation. Too often laws and regulations are made by getting only ‘experts’ in a room, but failing to include a wider set of stakeholders. This can lead to inflexible rules that try and anticipate their effects, but often fail to do so. Instead, opening up the regulatory process, and accepting it will be iterative, may be important to allow governance to move at the speed of data.
Francesco set out the background to the Data Governance Act and Data Act, and their implications for restricting international transfers of non-personal data unless certain arrangements are in place, such as judgements of the adequacy of a third-countries legal regime, or model contractual clauses being in place. He described how a driver for these agendas is a sense that the EU has ‘lost the battle for personal data’, but can ‘win the battle for industrial data’: seeking to create a regime in which value from that industrial data is primarily generated in the EU, rather than ‘lost’ overseas.
Francesco also noted that some of the structures proposed by the acts, such as the European Data Innovation Board, whilst offering some template for participatory engagement in shaping data governance, have very limited citizen representation at present - being dominated more by government and industry actors. One question from the floor in the session drew attention to perceived failures of multi-stakeholderism in Internet Governance, where there is a sense that civil society voices have often only been given space in the ‘talking shop’, and not in industry-dominated decision-making, which may raise some important points of learning and challenge for the design of collective and participatory data governance policy.
In my inputs I talked about the learning emerging from the literature review I’m working on for Datasphere Initiative (short version: data governance is a growing field of study, but with some distinct disciplinary silos, and little unified conversation at present; new models of governance are being introduced by the grey literature, by there is a lag before we see academic evaluation of these models; the health sectors provides a particularly rich set of work on data governance, including on approaches to participatory data governance), and made the case for ensuring those most affected by data governance decision have a clear role in governance processes. In particular, because of our focus in the panel on international law, and the critical lense a Datasphere perspective brings to thinking about the world solely in terms of states, we briefly discussed the importance of governance models accommodating that individuals may have multiple citizenships, community memberships and identities, and that these need to be taken into account when thinking both about jurisdiction, and about opportunities for participatory governance.