Data sharing for good in business and governance: Principles behind the process
By Aapti Institute
The following is a summary piece on our paper titled Data Sharing for Public Good: Theoretical Bases and Policy Tools.
Institutions, businesses and governments across the world have tried various data-sharing and data-handling practices on for size. These are in keeping with their respective commercial and political interests, and have worked as much in tandem as they have in opposition. In the midst of all this, while data gets treated as an economic resource, the groups and individuals whom it belongs or pertains to, must also be considered an equal stakeholder in the process. This paper by the Aapti Institute looks at the various principles and factors behind prevalent data-sharing and data governance practices, how they square with the idea of data-sharing for public good, and how we can establish a shared terminology and foundations to make for a fruitful discussion on data stewardship as a regulatory choice.
As things stand, we have the precedent of compulsory licensing being used as a policy tool for data sharing, where one pays up a license fee to use a proprietary product. Exceptions such as Article 31 of the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS) allow for use of licensed data without authorisation in case of a public health emergency. Data Trusts, as seen in the UK, offer another policy model allowing national institutions as well as third parties to fairly and safely share data. Underpinning these mechanisms is how we view and conceptualise data within an economy.
Here, we look at three prevalent conceptualisations of data to understand our approaches to data sharing and stewardship. These are: the idea of data as a part of a “commons”, the idea of “data sovereignty” or data as a national resource, and the idea of data as a private asset or “private corporate data rights”. While this may not be an exhaustive list, it covers the broad strokes of premises guiding data governance efforts across sectors and locations.
The idea of the data commons relies on the premise that value derived from data belonging to a collective must be controlled by and primarily benefit the same collective. We see a form of this in operation in the European Union’s Open Data Directive, which applies to data collected by public sector entities and data collected using public funds. Any data where privacy laws don’t come into the picture must be made available for public use. Data that is available to state departments and official bodies must be shared freely for re-use. EU member states, in turn, can share among them “high value” datasets in the sectors of mobility, meteorology, statistics, corporate governance and geospatial data.
While the idea of the commons privileges the utility of the data by the public and their rights over it, the idea of data sovereignty, privileges a country’s sovereign interests when dealing with data generated or stored in its territory. We have seen how Russia, for example, introduced a new law last year mandating that all smartphones have local software and apps pre-installed. Countries like France and the United Kingdom, on the other hand, took the financial route by introducing a special class of taxes targeting big tech companies. Data sharing norms within this framework are directed towards consolidating the state’s claim and control over the data generated in its territory. India’s Draft National E-Commerce Policy of 2019, for instance, tried to make commercial datasets generated in the country available to local SMEs. In the Draft Personal Data Protection Bill of 2019, we see more attempts at creating mandatory data sharing norms directed by a central authority, through the proposals regarding data localisation and the regulation of non-personal and anonymised data. Here too, the chief targets are big tech companies with millions of users.
This brings us to the most dominant model in operation when it comes to handling, regulating, and even conceptualising data — that of private corporate data rights. Most of us are familiar with this model and its economic operation through the term “surveillance capitalism”. Here, tech and digital services companies harvest data of individuals, groups, communities or areas to build proprietary products. The data are owned by these private organisations and can be shared with or sold to third parties. Laws regulating these companies and the extent to which individuals, groups or governments can check overreach, vary by jurisdiction.
These three models co-exist and interact in a number ways. Data sovereignty often interacts with private database rights either in the form of negotiations paving the way for flow of data between private and state actors or in the form of conflict over control and “ownership”, often at the cost of individual rights. As far as data commons is concerned, models of data sovereignty may make a case for free sharing of data with SMEs or community bodies. As long as the state and the individuals and group of individuals it serves are on the same page, this interaction works out smoothly. However, it is possible for the intent behind such a move by the state to be at odds with those intended to be served by it. This, again, presents a possibility of conflict.
Directing the use of data towards public interest in such a case would require a non-interested party, or a ‘steward’, negotiating and accommodating the interests of various stakeholders and parties, decentralising decisions on data usage, and putting the interest of those the data is derived from, front and center.