This chapter takes a glance at the state of data-driven public sectors at the national level in Latin America and the Caribbean (LAC). It underlines policy achievements and key challenges in this area, with a foresight vision of the opportunities that can help to build regional data integration in the long term.
Digital Government Review of Latin America and the Caribbean
3. Building data-driven public sectors for regional data integration
Abstract
A brief overview of the OECD work on data-driven public sector
The OECD has developed a set of standard-setting instruments, analytical frameworks, and policy measurement tools to support member and partner countries in their efforts to advance towards greater digital and data maturity. For the analysis in this chapter, relevant OECD work includes:
The OECD Recommendations of the Council on Digital Government Strategies (2014[1]), on Artificial Intelligence (2019[2]) and on Enhancing Access to and Sharing of Data (2021[3]), which provide a set of guidelines government adherents can use to inform policy decisions. Thus, further paving the way to move towards coherent and interoperable data governance arrangements across sectors and borders, and human-centred and trustworthy data-intensive technology applications.
The OECD Digital Government Policy Framework (DGPF) (OECD, 2020[4]), and the Digital Government Index (DGI) (OECD, 2020[5])which cover and benchmark the key policy aspects governments need to advance towards digital government maturity. The data-driven public sector dimension of the DGPF and the DGI pays particular attention to the data governance arrangements governments and public bodies could take into consideration when deploying data-driven projects and initiatives in the public sector.
The OECD framework for data-driven public sector and its related data governance model (OECD, 2019[6]), which provide a more in-depth view of foundational data governance elements; the application of data for public service design and delivery, policy and decision making; and trust, including data protection, privacy, and ethics.
The Open, Useful and Re-usable data (OURdata) Index, which benchmarks open government data policies and their implementation across OECD member and partner countries (OECD, 2020[7]).
The Good Practice Principles for Data Ethics in the Public Sector (OECD, 2021[8]) and its implementation strategy which provide action-oriented guidelines to countries to operationalise data ethics within the public sector in line with crosscutting values and fundamental rights.
Analytical approach
In Latin American and the Caribbean (LAC), decisions made today on data governance arrangements at the national level, including in the public sector, can either help or obstruct data integration and cross-border government-to-government data flows in the future. Building the foundations for regional governance for data is key to advance in areas such as cross-border public service design and delivery, shared services between governments and to build trustworthy data infrastructures to inform data-intensive technologies, including Artificial Intelligence (AI).
At the same time, these actions can increase the available value base of digital public goods (e.g., open data, open standards, and open-source data infrastructures) in the region which in return can contribute to economic growth and digital innovation and to advance agendas such as the fight against corruption, climate change, democracy and AI at a regional scale.
The assessment and analysis presented in this chapter aims at raising the most current issues on data-driven public sectors in LAC as a means to provide proposals for action that can help to advance regional government-to-government data integration in the years to come.
For this purpose, this chapter follows the OECD model for data-driven public sector (Figure 3.1) and the OECD framework for data governance in the public sector (Figure 3.2) to assess the state of data-driven public sectors in LAC and identify opportunities for joint policy action in the region. In terms of data governance,1 this chapter unfolds the components of the OECD model for data governance (Figure 3.1) and follows a bottom-up analytical approach. Rather than starting with the strategic and tactical aspects of data governance (e.g., strategy, leadership, regulation) it starts by presenting observed practices at the technical level (e.g., interoperability, standards, data infrastructures) as described in the delivery layer of the data governance framework. It presents relevant practices implemented by governments and public bodies in LAC to provide the reader with the overall regional context in terms of policy achievements to date and challenges ahead.
It also pays particular attention to open government data policies and initiatives given the role of open data as a key element of the data value cycle and the value of open data as a digital public good for good governance, economic growth, and the digital economy.
In terms of trust, the chapter discusses the topics of personal data protection and data ethics throughout the chapter whenever relevant, namely in the section on regulatory, policy and institutional frameworks, and the correspondent final sections. The chapter finalises by providing a short non-comprehensive overview of identified application cases from interviews and the survey administered for the purpose of this report.
This chapter does not go into a detailed analysis of all policy issues presented for those would require a deeper level of understanding of every national context in the form of a dedicated national policy review. It also provides an updated and deeper level of analysis of that presented in the 2022 Report on Artificial Intelligence in Latin America and the Caribbean (OECD/CAF, 2022[9]) in terms of data governance in the public sector. Issues related to the application of data-intensive technologies in the public sector are discussed in Chapter 5 on digital innovation and are also analysed in-depth in the aforementioned OECD/CAF report on AI in LAC. Issues related to digital literacy and skills in the public sector, including on data, are addressed in Chapter 2 on public sector capacities, and therefore not covered in this chapter.
Lastly, evidence, information and data presented in this chapter are based on the surveys and interviews carried-out for the purpose of this report; data collected through previous and on-going policy measurement exercises for the calculation of the OECD Digital Government Index and the OECD Open, Useful, Re-sable data (OURdata) Index; previous policy country reviews and thematic reports on digital government and data in OECD countries and in the LAC region; and additional desk research.
Strengthening data interoperability and infrastructure
Overview
The achievement of user- and data-driven services and policies in the public sector implies advancing in the implementation of digital government principles such as once-only, streamlining of data access and sharing practices within the public sector and achieving data integration.
Once only and data integration are core to digital government as they reduce the burden on citizens and businesses by preventing them to provide the same information and data multiple times to public bodies. This triggers public efficiency and productivity as multiple organisations can access and retrieve data (e.g., such as registers) from a one single yet shared data source, reducing data fragmentation, eliminating data siloes, increasing data consistency and integrity across multiple data sources, and laying the data foundations for the application of data-intensive technologies such as Artificial Intelligence (AI) (see Chapter 5).
At a technical level, achieving once only and data integration, requires the availability - and common use - of shared digital public infrastructure such as interoperability buses and data centres as the highways for data flow (state-owned or provided by third parties); and the generation, collection, access to and use of reliable data that should be fed into those highways.
The mapping of data access and sharing processes, including the actors/roles involved across the various stages of the value cycle, is also critical to identify areas of opportunity and improve how actors interact and exchange data assets. Likewise, the availability, application and enforcement of data standards is critical to generate reliable data that can be accessed, shared, used, and re-used in later stages.
Evidence from surveys and interviews carried out in the context of this report show that governments in LAC are not oblivious to the importance of data integration and interoperability within the public sector, with the COVID-19 acting a wake-up call to further advance in these areas:
Argentina: The central government has invested significant efforts to improve data interoperability within the public sector. Initiatives to develop a data interoperability bus for the public sector materialised in INTEROPER.AR – a platform connecting registers from different public bodies in charge of areas such as social security, justice, and the population register (OECD, 2019[10]).
Brazil: The Secretary of Digital Government at the Ministry of Management and Innovation in Public Services has invested resources to promote real-time data access and sharing within the public sector through Application Programming Interfaces (APIs). These efforts aim at streamlining data flows within the Brazilian public sector through the CONECTA platform,2 and to facilitate data analysis, access and sharing and improve the delivery of user-driven public services.
Chile: Since the start of the COVID-19 pandemic, Chile has seen progress in terms of data access and sharing within the public sector. It advanced in streamlining the approval of data sharing agreements among public sector organisations and the National Service of Civil Registry and Identification, with the availability of new infrastructure and efforts on digital identity allowing for these changes to be implemented.
Colombia: The country has taken important steps to scale up the importance of interoperability beyond technical aspects – as shown in the Interoperability Framework3 developed by the Ministry of Information and Communication Technologies (MINTIC). Other efforts include the 2022 National Data Infrastructure Plan developed by MINTIC, the National Planning Department (DNP) and the Office of the President.4
Dominican Republic: The Normative Framework for ICT and E-government5 published in 2013, includes normative and implementation guidance on interoperability (NORTIC A4) and highlights the relevance of interoperability for public service design and delivery (NORTIC A5). Other efforts include the creation of the National Data Centre, as observed also in other countries, and the piloting of the national interoperability framework in social security.
Ecuador: The Ministry of Telecommunications and Information Society (MINTEL), as responsible body for data interoperability, provides guidance to public organisations in terms of interoperability and integration, from data generation to data consumption, so that data can be shared in the State’s interoperability bus. Also, in 2010, Ecuador, created a National System of Public Data Registers by law6 and set up an institutional structure (including the creation of the National Direction of Public Data Registers) to guide, co-ordinate and control the access, sharing, use and protection of data within and across the public sector. By 2020, the National System of Public Data Registers centralised data from 300 public sector organisations, and Ecuador was also working on creating a National Data Centre. These efforts have been led by the MINTEL.
Mexico: The platform InteroperaMX was an initiative that aimed to advance interoperability within the public sector, but it is not clear if this initiative is still current. Interoperability is also explored in the context of the Transparency, Open Government and Open Data Policy for the Federal Public Administration (2021-24)7..
Panama: Interoperability efforts are under the responsibility of the National Authority for Government Innovation (AIG). Yet, these efforts are still incipient thus currently focusing on increasing the number of public bodies connected to the interoperability bus. By 2021, the bus comprised a total of 10 public bodies. This work responds to the legal mandates created by Law 144 (2020), namely to those provisions touching upon interoperability, once-only and citizens´ consent.8
Paraguay: Paraguay´s Information Exchange System9 connects data registers across different areas (car register, public safety, and civil register) and helps addressing data discrepancies and inconsistencies resulting from the availability of multiple data records (e.g., personal or sensitive data) across the public sector. These efforts are led by the Ministry of Telecommunication and Information (MITIC), and draw upon the interoperability initiatives implemented by the former National Secretariat of Information and Communication Technologies (SENATIC).
Peru: By 2020, Peru - under the leadership of the Secretariat of Digital Government (SEGDI) - was also working on the project to set-up a National Data Centre, and on bringing together the National Interoperability Platform10 (NIP) and the open data platforms11 under one single tool. Also, by 2020, Peru reported having connected more than 300 public organisations to the NIP including those in charge of core data registers and justice.
Uruguay: the work of the Agency for Electronic Government and the Information and Knowledge Society (AGESIC) stands out in the region by working on improving interoperability for more than 10 years. AGESIC Interoperability Platform12 is at the core of Uruguay´s digital government strategy, and the platform stands as a foundational tool for public service design and delivery, public sector integration e.g., through web services, and digital security in line with predefined security standards and protocols.
Challenges
Despite on-going achievements, there is a tension between data centralisation vs. data federation.
In general terms, countries in the region are at cross-roads to decide between greater data centralisation and data federation. Whereas broader national governance arrangements (e.g., unitarian vs. federal countries) and diverse levels of digital government maturity can influence and define the way LAC countries address data governance in the public sector, most countries report the need for greater data centralisation but only a few highlight the benefits of decentralised data management or enforcing data standards and guidelines.
Data centralisation remains a core priority in most countries, which puts additional pressure on digital government and data bodies and somehow diverts the attention and responsibility from public bodies as data holders.
As LAC countries build greater data maturity in the public sector, digital government and data bodies should remain as providers of strategic, tactical and technical guidance and shared tools (e.g. interoperability buses, open source tools) and enforce their use and application. Yet, achieving data maturity requires data holders in the public sector (in particular those in charge of data registers and authoritative data sources) to be given greater responsibility and accountability in relation to data generation, distribution and consumption.
Emerging concepts such as data meshing and EU-driven actions (including data spaces) are starting to permeate the data ecosystem. Yet, moving from concepts to practice within the public sector will require a change of paradigm in terms of how LAC countries understand a data-driven public sector - one where the governance of data is shared and distributed with equal levels of responsibility of all players involved.
Data legacies and outdated data generation processes could be given further attention. Moving from paper-based data to digital data remain also a priority, including at the local level.
One other challenge which is not endemic to the LAC region is addressing the still persistent generation of data in analogue form rather being created digital by default - as reported by Paraguay. This specific issue has implications at different levels. One is related to how the data is generated and by whom.
For instance, structured data generated by municipalities and collected by the central government can be originally generated on paper, which requires data being then inputted in digital platforms at later stages, thus delaying processes and opening further room for human error. Such challenges can be observed for instance in relation to data assets such as civil registers managed at the local level but collected at the central level.
Yet, addressing these challenges would call for actions related to foundational aspects in terms of local capacity e.g., the availability or access to hardware and connectivity in remote and rural areas. In this respect, LAC countries should also acknowledge that digital inclusion has direct impact on how data registers are or are not generated at the very source (e.g., municipalities or local civil registers).
Data access and sharing is still restricted by time-consuming approvals, burdensome inter-institutional processes, and institutional resistance.
Streamlining data access and sharing processes and breaking down data siloes might also benefit from paying further attention to data relationships (e.g., among data registers). This would also require mapping data access and sharing processes to understand a) what data public bodies exchange, b) through which processes, c) the barriers blocking data flows, and d) how shared data infrastructures such as interoperability buses could help to address existing challenges.
For instance, Chile reports approval times of data sharing agreements of up to 6 months. This does not have only an impact on data flows, but on the services (internal or public) that rely on these data. Better understanding the data relationships of core data registers and other relevant datasets could help to have a better overview of the problem and define priorities with a focus on improving public sector productivity.
Some countries show a strong focus on technical interoperability solutions and platforms, but semantic interoperability remain a challenge. The value of data as a service is not widespread.
Despite the ambition to advance data interoperability in the region, leading countries such as Uruguay and Colombia still report remaining challenges in this area. Uruguay, a country with great achievements in place in terms of technical data interoperability, acknowledge the importance of improving semantic interoperability within the public sector. In Colombia, the Interoperability Framework13 has been in place for almost a decade but according to information provided by the Colombian government, less than half of public bodies have advanced in terms of documenting data assets or in terms of implementing a reference data architecture useful to build the basis to build digital solutions within the public sector.
Defining and mainstreaming common data classification and categorisation schemes and definitions (e.g., sensitive/non-sensitive data, personal data, confidential data) can also help public officials and public bodies to make better and faster decisions in terms of data access and sharing. For instance, to improve data governance in the public sector, Chile is currently working closely with public bodies to help them develop data catalogues they can use to differentiate between sensitive and non-sensitive data and make decisions in terms of open data or the sharing of data through web services.
It is also essential to understand interoperability beyond data. In this respect, countries also face the issue of addressing the proliferation of multiple data access and sharing platforms in the public sector and the interoperability among those. For instance, In Ecuador, the availability of different interoperability platforms requires performing legal and technical analysis to decide which platform institutions should use to exchange data once a request for data access is filed. This can have a severe impact on data discoverability in the public sector for data, leading to public bodies requesting connections to multiple platforms rather than interconnecting the data directly through web services.
Making data-as-a-service (DaaS) relevant is also critical to advance efforts. Policymakers in Argentina and Peru stress the relevance of DaaS for the digital transformation of the public sector. Other countries carry-out actions which follow such an approach de facto, with semantics, metadata, standards, inventories, and web services being among technical topics most referenced during interviews carried out for the purpose of this report. Yet, DaaS is still an abstract and somehow diffuse concept in the mind of digital government officials and those outside digital government and data bodies. Besides conceptual discussions, leading bodies would benefit from investing further efforts to move away from a data discourse that relates to tacit value creation in order to invest further efforts to make potential and delivered impact explicit and measurable – in particular when the efficient delivery of public services is at stake.
Increasing knowledge on available data assets, and their quality requires building greater data capacity within the public sector.
Also, advancing data governance and management efforts at the technical level would require investing more efforts to assess the current state of data assets in the public sector, including in terms of data maturity and available data assets.
Running data maturity assessments as well as promoting and enforcing the availability of data catalogues is critical to increase the level of knowledge about available datasets to improve how data is generated by default, in what formats, under which rules, and through which platforms can be shared or accessed.
Further investment on digital identity tools is fundamental to enable a better governance of personal data, but the implementation of new data governance mechanisms for data access and sharing would need further exploration.
Governments’ collection, processing and use data is not restricted to internal data sources e.g., data registers, administrative data, but to data generated by citizens, businesses and through platforms such as social media or IoT devices.
As presented in the 2019 OECD report The Path to becoming a Data-driven public sector, “common data governance frameworks contribute to the effective implementation of cross-sector data collection, sharing and/or accessing initiatives” (OECD, 2019[6]). At the technical level, these requires setting shared and trustworthy tools for data access and sharing to better govern and shared data for a common purpose.
At an early stage, further investments on digital identity and authentication mechanisms and other tools such as citizens’ folders would benefit the operationalisation of transparency and consent in the use of citizens’ personal data and of those sensitive data from businesses (see section on Trust). Yet, in the mid- and long-term, data subjects will require access to new arrangement and mechanisms to transform them from passive to active players in the data governance field. Emerging mechanisms to be explored include tools such as data trusts14 and data collaboratives.15
The widespread use of shared tools for data access and sharing at the national level (e.g., open source) and strategic data harmonization can help to build the technical foundations towards digital and data integration at the regional level.
As noted in the OECD Digital Government Review of Argentina (2019[10]) country members of trade blocks such as that from the MERCOSUR are taking common steps to advance a common digital agenda16 in areas such as digital identity, personal data protection, open data, and the delivery of cross-border services - all of which require solid data governance foundations at the technical, tactical and strategic level.
Other forums advancing in these areas include the Working Groups on Interoperability17 and on Open Data18 of the E-Government Network of Latin American and the Caribbean (GEALC), and the activities of the Digital Nations (D9) which includes Mexico and Uruguay.
With this context in mind, LAC countries should understand that actions taken today would determine the feasibility of achieving regional digital and data integration in the future.
For instance, Chile, Colombia, Dominican Republic and Peru are following international lead by exploring the implementation of Estonia´s X-Road platform and its open-source code. Whereas these actions aim at advancing greater data interoperability and improving data flows within the public sector, the adoption of common and open-source data interoperability tools at the national level should be understood as a starting point to advance data access and sharing across borders in the region. Current gaps in terms of data interoperability platforms in specific countries should therefore be understood as an opportunity to take a leapfrog with a mind-set on regional integration by design.
Also, self-assessing efforts at the national level vis-à-vis well-grounded interoperability principles and frameworks such as the European Interoperability Framework19 (EIF) would help surface existing interoperability gaps at the national level, including those specific to semantic interoperability. Only Costa Rica reported using the European Interoperability Framework20 (EIF) to advance its public sector interoperability efforts based on best international practices and principles.21
Steering data policy change
Creating data-driven public sectors that are coherent and trustworthy require setting an enabling environment around data governance in the public sector. Such an environment can take the form of regulatory frameworks, co-ordination and collaboration mechanisms, advisory bodies, and formal institutional networks of practitioners in the public sector.
Regulatory frameworks
Overview
The scope of hard and soft regulatory instruments related to data governance and data access and sharing can be quite diverse. These can range from regulations on data interoperability within the public sector and a paperless government to guidelines on open government data, data anonymisation, privacy and personal data protection. Box 3.1 shows a non-comprehensive list of relevant regulatory developments on data governance at the regional level.
Box 3.1. Relevant regulatory instruments on data in LAC
Brazil
2021 Law 14.129: Digital Government Law (http://www.planalto.gov.br/ccivil_03/_ato2019-2022/2021/lei/L14129.htm)
2019 Law 13.853 creating the National Data Protection Authority (https://www.planalto.gov.br/ccivil_03/_ato2019-2022/2019/lei/l13853.htm)
2019 Decree on Data sharing within the public sector, the Citizen Register and the Data Governance Central Committee (http://www.planalto.gov.br/ccivil_03/_ato2019-2022/2019/decreto/D10046.htm)
2019 Decree on the Open Data Policy (https://presrepublica.jusbrasil.com.br/legislacao/729983345/decreto-9903-19)
2019 Updated Interoperability Standards (ePING) (https://www.gov.br/governodigital/pt-br/governanca-de-dados/padroes-de-interoperabilidade)
2018 General Law 13.709 on Data Protection (https://www.gov.br/cidadania/pt-br/acesso-a-informacao/lgpd)
2011 Law 12.527 on Access to Information (http://www.planalto.gov.br/ccivil_03/_Ato2011- 2014/2011/Lei/L12527.htm)
Chile
2019 Digital Transformation Law (21,180) (https://digital.gob.cl/transformacion-digital/ley-de-transformacion-digital/)
2014 Decree 14: E-documentation and e-signature (https://www.bcn.cl/leychile/navegar?idNorma=1059778&idParte=)
2012 Presidential Directive on Open Government (incl. open data) (https://transparenciaactiva.presidencia.cl/Otros%20Antecedentes/Gab%20Pres.%20N%C2%BA%20005.pdf)
1999 Law 19628 on the Protection of Private Life.( https://www.bcn.cl/leychile/navegar?idNorma=141599)
Colombia
2022 Decree 1389: General Guidelines on the Governance of the Data Infrastructure and the creation of the Governance Model of the Data Infrastructure (https://www.funcionpublica.gov.co/eva/gestornormativo/norma.php?i=191409)
2022 Ruling 460: National Data Infrastructure Plan
2021 Strategic Open Data Roadmap for the Colombian State (https://herramientas.datos.gov.co/sites /default/files/2021-07/Hoja%20de%20Ruta%20Datos%20Abiertos%20Estrat%C3%A9gicos%202021_1.pdf)
2020 Decree 620: General guidelines on the use and operation of digital services (https://www.suin-juriscol.gov.co/viewDocument.asp?id=30039155) (includes principles on data portability, consent, privacy and personal data protection)
2019 Interoperability Framework (http://lenguaje.mintic.gov.co/sites/default/files/archivos/marco_de_ interoperabilidad_para_gobierno_digital.pdf)
2015 Ruling 3564, including guidelines on open data
2014 Law 1712: Transparency and Access to National Public Information Law, including provisions on open data
2013 Decree 1377 on data protection (https://www.suin-juriscol.gov.co/viewDocument.asp?id=1276081)
2012 Law 1581 on personal data protection (https://www.suin-uriscol.gov.co/viewDocument.asp?ruta =Leyes/1684507#:~:text=La%20presente%20ley%20tiene%20por,el%20art%C3%ADculo%2015%20de%20la)
2008 Law 1266 on Habeas data and data protection. (https://www.suin-juriscol.gov.co/viewDocument.asp?ruta=Leyes/1676616)
Costa Rica
(Under development) Guide on open data publication
2018 Executive Decree 41190 on the Reform of Executive Decrees No. 38994 "Promotion of Open Government in Public Administration and Creation of the National Commission for Open Government", No. 40199, and Decree No. 39372 (http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1= NRTC&nValor1=1&nValor2=86815&nValor3=112831&strTipM=TC)
2017 Decree 40200 on Transparency and Access to Public Information (http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1 =1&nValor2=84166&nValor3=108486&strTipM=TC)
2017 Decree 40199 on Open Data publication (http://www.pgrweb.go.cr/scij/Busqueda/Normativa/normas/nrm_texto_completo.aspx?nValor1=1&nValor2=84004)
2012 Regulations of the Law on Personal Data Protection (http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?nValor1=1&nValor2=74352)
2011 Law 8968 on Personal Data Protection.(http://www.pgrweb.go.cr/scij/Busqueda/ Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nV alor2=70975&nValor3=85989#:~:text=Ninguna%20persona%20estar%C3%A1%20obligada%2 0a,la%20orientaci%C3%B3n%20sexual%2C%20entre%20otros)
Dominican Republic
(Under development) Open Data Policy
2014 General Law No. 200-04 on the Unrestricted Access to Public Information (https://presidencia.gob.do/sites/default/files/statics/transparencia/marco-legal/leyes/Ley-200-04.pdf)
2013-2020 Normative Framework on ICT and e-Government (https://ogtic.gob.do/wp-content/uploads/2019/02/Marco-Normativo-de-TIC-y-Gobierno-Electr%C3%B3nico-en-Rep%C3%BAblica-Dominicana.pdf), including the Norms on open data publication (NORTIC A3), Interoperability (NORTIC A4), and Security (NORTIC A7).
2013 Law No. 172-13 on Personal Data Protection.( https://indotel.gob.do/media/6200/ley_172_13.pdf)
Ecuador
(Under development) Open Data Guide
2021 Organic Law on Personal Data Protection
2020 Ministerial Agreement 011 on the Open Data Policy (https://www.gobiernoelectronico.gob.ec/wp-content/uploads/2020/04/Acuerdo-Poli%CC%81tica-Datos-Abiertos-17.04.20-v4-signed.pdf)
2019 Norm for the Creation of the Interoperability Services Platform’s Federation (https://www.gobiernoelectronico.gob.ec/wp-content/uploads/2019/11/Federaci%C3%B3n-de-Buses.pdf)
2012 Decree 1384: Public Sector Interoperability (https://www.gobiernoelectronico.gob.ec/wp-content/uploads/2018/10/Decreto-1384-Interoperabilidad.pdf)
2010 Law on the National System of Public Data Registers (https://www.telecomunicaciones.gob.ec/wp-content/uploads/2016/04/Ley-Organica-del-Sistema-Nacional-de-Registro-de-Datos-Publicos.pdf)
2004 Law on the Access to Public Sector Information.( https://observatoriop10.cepal.org/sites/default/files/documents/lotaip.pdf)
Mexico
2021 Agreement on the policies and provisions promoting the use and exploitation of information, digital government, information and communication technologies, and information security in the Federal Public Administration (https://www.dof.gob.mx/nota_detalle.php?codigo=5628885&fecha=06/09/2021#gsc.tab=0).
2021 Transparency, Open Government and Open Data Policy for the Federal Public Administration (2021-24) (https://funcionpublica.gob.mx/web/transparencia/Politica_de_Transparencia_Gobierno_Abierto_y_Datos_Abiertos_ de_la_APF_2021-2024.pdf)
2017 General Law on Personal Data Protection held by Regulated Entities(Ley General de Protección de Datos Personales en posesión de Sujetos Obligados) (https://www.diputados.gob.mx/LeyesBiblio/pdf/LGPDPPSO.pdf)
2015 General Law of Transparency and Access to Public Information (https://www.diputados.gob.mx/LeyesBiblio/pdf/LGTAIP_200521.pdf)
2015 Executive Decree on Open Data. (https://www.dof.gob.mx/nota_detalle.php?codigo=5382838&fecha=20/02/2015#gsc.tab=0)
2010 Federal Law on Personal Data Protection held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) (https://www.diputados.gob.mx/LeyesBiblio/pdf/LFPDPPP.pdf )
Panama
2020 Technical Implementation Guide on Open Data (https://www.datosabiertos.gob.pa/documentos/1-about-guia-publicacion.pdf)
2019 Law No. 81 on Personal Data Protection (https://www.gacetaoficial.gob.pa/pdfTemp/28743_A/GacetaNo_28743a_20190329.pdf)
2018 Resolution No. DS-3513-2018 defining the Transparency Policy on Open Government Data (https://transparencia.css.gob.pa/wp-content/uploads/2020/01/Resoluci%C3%B3n-No.-DS-3513-2018-de-17-de-enero-de-2018-por-la-cual-se-desarrolla-la-pol%C3%ADtica-p%C3%BAblica-de-transparencia-de-datos-abiertos-de-gobierno.pdf)
2017 Executive Decree No. 511 adopting the Transparency Policy on Open Government Data (https://transparencia.css.gob.pa/wp-content/uploads/2020/01/Decreto-Ejecutivo-511-de-24-de-noviembre-de-2017-que-adopta-la-pol%C3%ADtica-p%C3%BAblica-de-transparencia-de-Datos-Abiertos-de-Gobierno.pdf)
2016 Resolution No. 15 approving the Government Interoperability Schema of Panama (https://aig.gob.pa/descargas/2019/06/Resolucion15_2016ApruebaEsquemadeInteroperabilidadCNIG.pdf? csrt=14471955142736531)
2012 Law No. 83 regulating the use of electronic tools in government formalities, creating the National Interoperability and Security System (Article 15)
2002 Law No. 6 on Public Transparency, Habeas Data and other matters (https://www.antai.gob.pa/wp-content/uploads/2015/04/Ley-6-de-22-enero-2002.pdf)
Paraguay
2023 Decree 8942 publishing the National ICT Plan 2022-2030 (https://www.presidencia.gov.py/url-sistema-visor-decretos/index.php/ver_decreto/31861)
2022 Law 6822 on Trusted services for Electronic formalities and Electronic documents, including specific provisions on personal data protection (https://www.bacn.gov.py/leyes-paraguayas/10318/ley-n-6822-de-los-servicios-de-confianza-para-las-transacciones-electronicas-del-documento-electronico-y-los-documentos-transmisibles-electronicos)
2020 Law 6522 on a Paperless government (https://www.bacn.gov.py/leyes-paraguayas/9281/ley-n-6562-de-la-reduccion-de-la-utilizacion-de-papel-en-la-gestion-publica-y-su-reemplazo-por-el-formato-digital)
2018 Law 6207 creating the Ministry of Information Technologies and Communication (among others defining the responsibilities of the Ministry on public sector interoperability)
2014 Law 5282 on Citizens´ access to Public Information and Government Transparency (https://www.bacn.gov.py/leyes-paraguayas/3013/ley-n-5282-libre-acceso-ciudadano-a-la-informacion-publica-y-transparencia-gubernamental)
2013 Law 4868 on Electronic Commerce (including provisions on personal data protection)
2013 Law 1682 on Information classified as private (https://www.bacn.gov.py/leyes-paraguayas/1760/ley-n-1682-reglamenta-la-informacion-de-caracter-privado)
2010 Law 4017 granting legal validity to electronic signature, digital signature, data messages (transfers), and electronic files. (https://www.bacn.gov.py/leyes-paraguayas/3550/ley-n-4017-de-validez-juridica-de-la-firma- electronica-la-firma-digital-los-mensajes-de-datos-y-el-expediente-electronico)
Peru
2020 Urgency Decree Nº 007-2020 approving the Digital Trust Framework. The Digital Trust Framework addresses issues related to data protection, the ethical use of data and technology, and crated the National Data Centre (https://www.gob.pe/institucion/pcm/normas-legales/395322-007-2020)
2020 Urgency Decree N° 006-2020-PCM creating the National System of Digital Transformation. The Decree defines “data as a strategic asset” as a core principle of the National System of Digital Transformation (https://busquedas.elperuano.pe/normaslegales/decreto-de-urgencia-que-crea-el-sistema-nacional-de-transfor-decreto-de-urgencia-n-006-2020-1844001-1/)
2018 Legislative Decree 1412 approving the Digital Government Law (https://www.gob.pe/institucion/pcm/normas-legales/289706-1412) (Including provisions on data interoperability, open data, data governance and data protection)
2018 Ministerial Resolution N° 119-2018-PCM (https://www.gob.pe/institucion/pcm/normas-legales/2951-119-2018-pcm) & 2019 Ministerial Resolution N° 087-2019-PCM (https://www.gob.pe/institucion/pcm/normas-legales/267481-087-2019-pcm), creating the Digital Government Committee and defining its responsibilities, including in terms of advancing data sharing within the public sector, open data and data security
2017 Supreme Decree N° 016-2017-PCM defining the 2017-21 National Open Data Strategy and Peru´s Open Government Data Model (https://www.gob.pe/institucion/pcm/normas-legales/292314-016-2017-pcm)
2011 Law N° 29733 on Personal Data Protection (https://www.gob.pe/institucion/congreso-de-la-republica/normas-legales/243470-29733)
2011 Decree N° 083-2011-PCM, creating the State Interoperability Platform (PIDE). (https://www.gob.pe/institucion/pcm/normas-legales/292465-083-2011-pcm)
Uruguay
2021 Open Data Strategy 2021-24 (https://www.gub.uy/agencia-gobierno-electronico-sociedad-informacion-conocimiento/datos-abiertos)
2020 Decree N° 64/020 (https://www.impo.com.uy/bases/decretos/64-2020) and Article 40 of Law N° 19670 (https://www.impo.com.uy/bases/leyes/19670-2018/40) (2018) with regulation on personal data protection
2017 Decree N° 54/017 defining the Technical Guidelines for Open Data Publication (https://www.impo.com.uy/bases/decretos/54-2017)
2015 Law Nº 19.355 (Article 82) defining the obligation of publishing the national budget in open formats
2008 Law N° 18381 on the Right to Access Public Information
2008 Law on Personal Data Protection, creating the Regulatory Unit for the Control of Personal Data (https://www.impo.com.uy/bases/leyes/18331-2008#:~:text=%2D%20Toda%20persona%20f %C3%ADsica%20o%20jur%C3%ADdica,de%20la%20que%20es%20titular)
Source: Based on information collected through the survey administered for the purpose of this report and additional desk research.
Challenges
Evidence from the LAC region points to diverse levels of regulatory maturity, with some countries missing stronger legal foundations in areas such as data interoperability, open data or personal data protection. The Covid-19 pandemic and other events surfaced this existent gaps thus forcing some countries to take quick action to update their regulatory frameworks in these areas.
Peru´s and Brazil´s Digital Government Laws (see Box 3.1) stand as leading examples at the regional level in relation to the use of regulations as tools to improve data governance in the public sector and bridge the gap among specific areas.
Peru´s Digital Government Law provides the legal basis for the development of Data Governance and Management Framework for the Peruvian State. This achievement has led to current efforts implemented by Peru´s SEGDI including the development of the National Data Strategy for Peru and is in line with best practices observed in OECD countries such as the Netherlands, the United States, and Japan. Brazil´s Digital Government Law has helped to further link open data with digital government initiatives (e.g., the use of data for the co-development of public services), thus going beyond the traditional understanding of open data as a matter of public transparency (OECD, 2022[11]).
Nevertheless, whereas the availability of laws and regulations does not determine success, other countries are still lagging in terms of advancing on their efforts to develop solid data governance regulatory frameworks in the region.
Costa Rica and Panama could establish a stronger regulatory framework to advance data interoperability in the public sector. In 2018, Executive Decree N° 4095122 overturned the 2010 Decree on the Promotion of the Public Sector Interoperability Model (Decree Nº 35776 -PLAN-G-J)23 in Costa Rica. As a result, Costa Rica´s Ministry of Science, Innovation, Technology and Telecommunications (MICITT) is following a technical approach that focuses on the National Code of Digital Technologies but lacks stronger regulatory levers to enforce adoption. In Panama, AIG is working to bring public bodies to use the central Interoperability Bus (as defined in Panama´s 2020 Digital Agenda). Yet, despite the availability of technical guidelines, processes and requirements, the lack of hard-law instruments such as legislation and regulations in the area make enforcement a challenging task.
Last, despite earlier efforts and proposals to improve regulatory framework on open government data,24 Paraguay still lacks legal provisions and regulations in this area. Nevertheless, with the arrival of the Covid-19 pandemic the government, as many other countries worldwide, faced public pressure to release information and data of public interest. In this line, Paraguay´s 2020 Law 6524 (which declared the state of emergency in the country) mandated the MITIC to create an on-line portal where all public bodies could publish emergency budget expenditures as open data.25 Paraguay also lacks more solid legal framework for personal data protection despite the provisions included in the 2013 Law 4868 on Electronic Commerce.
Outdated or inexistent regulatory frameworks pose a challenge for greater regulatory interoperability in the region and therefore for the trustworthy integration, access and sharing of data across borders.
Data governance and its complexity is determined by the context in which data is accessed and shared (e.g., organisational, cross-sectoral, cross-border).
At the international level, instruments such as the European General Data Protection Regulation26 (GDPR), the European Directive on open data and the re-use of public sector information,27 and the European Data Governance Act28 are trailblazing data-related regulations worldwide. It is worth mentioning that, among all LAC countries, the European Commission has only recognised Argentina and Uruguay as providing adequate levels of data protection29 in line with EU regulations. Not in vain, countries worldwide are using GDPR to update their own national personal data protection regulations.
In LAC, outdated or inexistent regulations in areas such as open data, personal data protection and interoperability create an uneven field to tap on the growing availability of data sources for regional digital innovation and (cross-border) service design and delivery. This, while observing and protecting the legitimate interests of individuals, businesses and communities.
From this perspective, advancing in areas such as the availability of harmonised regulatory frameworks at the regional level should remain a priority for LAC countries for the years to come.
Co-ordination and collaboration
Overview
“Good data governance […] benefits from the adoption of open, inclusive, iterative, collective and value-based approaches to its definition, implementation, evaluation and change. […]. Stakeholder engagement can help to better identify data policy priorities and data needs, and to assess the current context in terms of data capability within the public sector (OECD, 2019[6]). In this light, co-ordination and collaboration with internal and external stakeholders is critical to, among other objectives, identify changing trends and emerging needs; co-develop, design and understand the rules and tools supporting good data governance (e.g. to balance personal data protection with open data); and to foster the use of common data tools, infrastructures, and standards across the public sector.
In terms of whole-of-government co-ordination, relevant examples include that of Brazil´s Central Committee for Data Governance30 (CCGD), which was created by decree in 2019 to promote better co-ordination around specific data-related policy topics such as data access and sharing within the public sector, open data, data protection, and the citizen register. The CCGD is integrated only by representatives from public bodies, plus two representatives from civil society organisations with experience and proven performance in the field of personal data protection.
Co-ordination on data-related topics is also observed at the sectoral level. For instance, in 2020 Colombia´s Statistics National Administrative Department (DANE) created the Data Management Committee with the objective of promoting the governance of data access and sharing for statistical purposes.31
Co-ordination on data-related issues can take place nevertheless in fora with a broader focus on digital government. In Peru, and in line with the recommendations provided by the OECD (OECD, 2019[12]), Ministerial Resolution N° 119-2018-PCM32 mandates the creation of a Digital Government Committee within each public body with the task, among other responsibilities, of promoting the exchange of data and information within the organisation and with other organisations.
Challenges
Co-ordination and collaboration at all levels (from decision-makers to technical staff) is needed to advance efforts towards more data-driven governments. Tapping on communities of practice is fundamental to build public sector data maturity from the bottom up.
One of the key challenges LAC countries faces is to ensure all relevant stakeholders within and outside the public sector are aware, co-ordinate and collaborate around data-related or data-intensive initiatives. Evidence collected during interviews shows that whereas in some instances co-ordination takes place at the political or decision-making level, this practice is less extended to data-savvy players in the public sector or actors outside the public sector. These can include officials and bodies in charge of the actual implementation of data-driven initiatives, data stewards (if available), those bodies holding the responsibility of administering registers in the public sector, and grassroots organisations. If co-ordination takes place, it is mostly ad hoc and project specific.
As presented in Figure 3.2, data governance is multi-faceted, and depending on the context of its implementation, multi-level. As such, different actors have different responsibilities depending on their roles and position. Ensuring co-ordination takes place at all levels is needed to make sure policy goals translate into coherent actions during the implementation stage. Clarity in terms of attributions of roles and responsibilities at the institutional level is however a precondition for success in this area (see Section on Data roles and responsibilities).
At the same time, collaboration through communities of practice were not often cited among interviewed actors. Earlier work in the LAC region by the OECD shows the impact changes of political administration can have on public officials’ stability and as such on the continuity of specific data initiatives such as open data. One way of addressing this challenge is to give further importance to informal communities of practice within the public sector so that knowledge on what works and what does not is widespread, data and tech tools re-used, and a data access and sharing culture built from the bottom up.
Good data governance is collaborative and open. In LAC, co-ordination and collaboration should take place beyond the public sector to engage with external communities of practice and with those impacted by data projects and initiatives.
In LAC, evidence show that the participation of actors from outside the public sector in co-ordination bodies (e.g., human rights watchers, start-ups, civil society) is not common practice. This “open” governance of data is relevant in particular when data access and sharing has implications in terms of personal data protection, privacy and consent. Addressing this gap would be critical to ensure that data-related strategies, projects and initiatives are inclusive, representative and integrate all voices, in particular the ones of those who will be affected first-hand by their implementation, including vulnerable groups and minorities.
Data roles and responsibilities across public bodies
Overview
Defining clear roles for data leadership and management (ranging from data protection to data openness) is a precondition for the sound implementation of a data strategy. Having clarity about roles:
Facilitates co-ordination, reduces the risk of duplication, and increases awareness as public officials know who is responsible of specific tasks and as such, know to whom address specific questions when in doubt.
Makes the distribution and attribution of responsibilities clear to all actors involved in data management, access and sharing.
Sheds further light in terms of the accountability of public officials in charge of a specific data management task.
In terms of the distribution and attribution of roles and responsibilities, the most relevant examples are observed in the governance arrangements for personal data protection, as defined in available legislations and formal requirements.
In Barbados, the 2019 Data Protection Act33 (DPA) created a Data Protection Commissioner for the public sector and mandates public agencies to appoint a Data Protection Officer. Brazil’s 2018 Personal Data Protection Law also defined a similar specific role to channel communication between data controllers, data subjects and the National Data Protection Authority (ANPD). Both Barbados’ and Brazil’s data protection regulations have also introduced the concepts of “data comptroller” and “data processor” in line with European regulations. In Uruguay, Law 19.670 (Article 40) of 2018 mandates public bodies to appoint a Data Protection Delegate. The responsibilities of data protection delegates are further detailed in Decree N° 64/020 of 2020. The appointment of these data protection positions within public bodies helps also in co-ordinating with data protection authorities, as available.
Challenges
The appointment or allocation of roles and responsibilities is not formalised in some instances whereas in other cases it is rather organic and leverages existing governance structures.
The stages of the data value cycle include, but are not limited to, data generation, collection, selection, curation, storage, protection, disposal, access, sharing, and use (OECD, 2021[8]). Whereas it would be not feasible to derive a specific role or position from the tasks that result from each of the aforementioned stages, some tasks can lead to the definition of tactical roles such as data protection, privacy, information and open data officers. In practice, these roles (should) interact and be co-ordinated to make sure data delivers value within the context of available legislation and in the respect of values and rights.
In LAC, the implementation of data protection and privacy regulation, which one may consider quite straightforward in terms of scope and goal, has been translated into the definition or appointment of personal data protection roles in the public sector by law as described before. Yet, in practice, the appointment of personal data protection roles translates into the allocation of the role as a new responsibility or task of an existent official.
Another challenge arises in relation to other stages of the data value cycle which can be often perceived as more complex or at the intersection of different policies.
For instance, in LAC the institutional arrangements for the implementation of open government data policies are deeply connected with transparency efforts. This trend was reported by the OECD in earlier studies, namely the 2015 Report on Open Government in Latin America (OECD, 2014[13]). This connection, (which also results from the inclusion of open data goals in the context of Open Government Partnership’s Action Plans in the region) has made some LAC countries to tap on the governance arrangements for public sector transparency as the main channel to deliver on their goals or commitments on open government data (see section on open government data).
Examples of the above include Panama, where Resolution DS-3513 (2018)34 states that open data implementation is the responsibility of agencies’ public information officers (Article 15). In Costa Rica, the absence of specific regulations on open data makes Access to Information Officers (as defined in the 2017 Decree 40 200 on Transparency and Access to Public Information35 de facto implementers of open data efforts across the public sector as reported by Costa Rica. In other countries such as Brazil and Mexico regulatory instruments such as open data decrees do define the role of public bodies in terms of open data publication, without providing further detail in terms of whom within public bodies oversees implementation. Thus, leaving room for public bodies’ discretion in the allocation of the open data responsibility internally. In Peru, evidence collected through the survey administered for this report point to institutional Digital Government Leaders (a formal position created by the Digital Government Law) as the implementers of open data initiatives.
Tendency to link open data to public sector transparency has had an impact on the understanding of the goal of open government data policies in LAC, which sometimes can focus largely on data publication and not to the same extent on the value that public sector data can create beyond openness and transparency, such as through its reuse. Besides, the lack of more detailed or secondary regulations in the area paired with discretionary decision making in terms of allocating open data responsibility can make that incentives focus on compliance rather than value creation. In general terms, the allocation of the open data responsibility to public officials with diverse backgrounds can also make difficult to find common ground for co-ordination and collaboration, making data publication the main outcome rather than a mean towards value creation.
At the same time, and as showed in the 2019 Open, Useful, and Re-usable data (OURdata) Index (OECD, 2020[7]), the emergence and growing adoption of data-intensive technologies such as artificial intelligence (AI) (see Chapter 5) have shifted policy priorities, with some countries investing greater efforts in building capacity for data use within the public sector.
The abovementioned trend, however, requires further efforts to close existing data governance gaps i.e. taking a more cohesive approach to data governance capability within public sectors. This, as applying data and retrieving value from it requires order and structure - from defining standards for data generation and selecting a trustworthy data source to securing data integrity and deciding if a specific dataset is fit for public sharing.
Institutional data stewardship is needed to bring all pieces together and ensure cohesion and co-ordination.
It is important to understand the data value cycle as a continuum of interlinked stages and tasks which, as mentioned earlier, are often fragmented in different roles and organisations. In LAC, fragmentation is not only related to data siloes but also to the limited co-ordination among existent roles or those that will be created as an effort to better manage, control, protect, open or re-use data. In this context, as observed with the adoption of National Data Strategies, there is a generalised need to bring closer different data responsibilities and increase data literacy within the public sector so that policies, actions and decisions are coherent and do not conflict or interfere with each other (e.g., data protection and open data).
Achieving this integration would require defining more strategic and cross-cutting roles such as institutional data stewards and/or leaders. Such roles can help connect different data responsibilities with both an understanding of the more strategic aspects of data efforts (as defined by central authorities) and an action-oriented, tactical and advisory mind-set of what must be done within the public body and how that can be achieved. These roles would also help to facilitate co-ordination of national and institutional data strategies if available.
Evidence from LAC show that strategic institutional data leadership roles are mostly absent from public bodies.
Peru is the only country reporting the formalisation of such a role (Data Governance Official) in public bodies by law. Whereas in practice data governance officials have been translated into task attributed to existent positions and not necessarily as a formal position, data governance officials should oversee different tasks including fostering a data culture within public sector, promoting better data management and quality, and co-ordinating with officials in charge of open data, the use of data for services, interoperability, and data protection (2021 Regulations of the Digital Government Law).36 Brazil reports the absence of these positions in practice. In Panamá, these networks are available but only in relation to Information Officers and in connection to open data efforts with a focus on transparency. A similar context in observed in Colombia, where these roles are mostly focused on open data. In Chile, public officials interviewed for the purpose of this report expressed that only 20% of public sector bodies have a leadership role for data e.g., chief data officers, but these are mostly technical.
While the underlying causes behind the abovementioned context would require further research and data collection, the lack of resources (in particular in smaller public institutions or at the local level) could have an impact on the actual capacity of public bodies to create additional formal positions and allocate further resources (e.g., salaries) for that purpose. In turn, this creates an environment where public officials take given extra responsibilities in addition to their regular roles. Consequence, extra workload could lead to a compliance-based public culture and a lack of the necessarily knowledge to make decisions on issues such as data protection, privacy, or data access and sharing.
Data leadership and strategies
At the more strategic level, public sector data governance requires whole-of-government leadership and clarity in terms of expected outcomes, as well as milestones and actions needed to achieve those outcomes and deliver value. Adopting a whole-of-government approach to data access and sharing is among the key provisions of the OECD Recommendation on Enhancing the Access to and Sharing of Data37 adopted by the OECD Council in October 2021. In this line, the Recommendation stresses how national data strategies and leadership at the highest level can help to “foster data access and sharing within and across society, public and private sectors, and jurisdictions” and enable “policy co-ordination and implementation” (OECD, 2021[3]).
Whole-of-government data leadership
Overview
Whole-of-government leadership is fundamental for digital and data governance. As detailed in the OECD E-leaders Handbook on the Governance of Digital Government (OECD, 2021[14]), and the OECD Report The Path to Becoming a Data-Driven Public Sector (OECD, 2019[6]) national contexts can determine how the whole-of-leadership function is attributed in terms of location (e.g., at the centre of government vs. ministry), institutional arrangement (e.g., an agency vs. an internal unit, one-person leadership vs. group-led strategy), and the influence or type of leadership sought for (political, administrative or technical). The available governance arrangements for digital government also play a significant role as they can also influence how the whole-of government data leadership is attributed. For instance, as a task or function of the digital government leading body rather than a stand-alone formal position.
Comprehensive data leadership positions, in the form of formal, stand-alone, one-person roles, are mostly absent from public sectors in LAC (e.g. a Government Chief Data Officer as observed in Estonia). Yet, practice in the LAC region shows a close connection between governance structures for digital government (as discussed in Chapter 1) and the attribution of the responsibility for the whole-of-government leadership for data.
In LAC, overall data leadership is often attributed as a task of the body in charge of the digital government strategy and has a strong focus on interoperability. This confirms the strategic value of data for public service design and delivery, policy making, and public sector efficiency. However, the leadership and/or mandate on personal data protection and open government data often fall in different bodies across LAC countries (see Table 3.1).
Table 3.1. Distribution of the data leadership task in LAC
Institution |
Institution is in charge of: |
|||
---|---|---|---|---|
Interoperability |
Open data |
Personal data protection |
||
Argentina |
Secretariat of Public Innovation, Chief of Cabinet Office |
Yes |
Yes |
No - Public Information Access Agency |
Barbados |
.. |
.. |
.. |
.. |
Brazil |
Secretary of Digital Government, Ministry of Management and Innovation in Public Services |
Yes |
No - Office of the General Comptroller |
No - National Data Protection Authority |
Chile |
Digital Government Division, Ministry General Secretariat of the Presidency |
Yes |
Yes |
No - Task not clearly attributed |
Colombia |
Direction of Digital Government Ministry of Information and Telecommunications |
Yes |
Yes |
No - Superintendence of Industry and Commerce |
Costa Rica |
National Agency of Digital Government |
Yes |
No |
No - Personal Data Protection Agency |
Dominican Republic |
Government Office of Information Technologies and Communication (OGTIC) |
Yes |
No - Government Ethics and Integrity General Direction |
No - Task not clearly attributed |
Ecuador |
Ministry of Telecommunications and Information Society |
Yes |
No |
No - Task not clearly attributed |
Jamaica |
.. |
.. |
.. |
.. |
Mexico |
Co-ordination of the National Digital Strategy, Office of the President |
Yes |
No - Ministry of Public Administration |
No - National Institute of Transparency, Access to Information and Personal Data Protection |
Panama |
National Authority for Government Innovation |
Yes |
Yes |
No - National Authority of Transparency and Access to Information |
Paraguay |
Ministry of Information Technologies and Communication |
Yes |
Yes |
No - Personal Data Protection Agency (to be created) |
Peru |
Secretariat of Digital Government, Presidency of the Council of Ministers |
Yes |
Yes |
No - Personal Data Protection National Authority |
Uruguay |
E-government and Information Society Agency (AGESIC) |
Yes |
Yes |
No - Personal Data Regulatory and Control Unit |
.. : Information not available/unclear.
Source: OECD-CAF Going Digital Government in LAC Survey (2021) and desk research.
For instance, in Brazil, the Secretary of Digital Government under the Ministry of Management and Innovation in Public Services owns the operational leadership in terms of data governance and interoperability. This role was previously executed in close collaboration with the former Special Secretary of State Modernisation located at the Office of the President (which acted more as the political arm of the digital government agenda). The Special Secretary of State Modernisation disappeared in 2023. The mandate for open data, however, is located at the Office of the General Comptroller (CGU) (OECD, 2018[15]). The Secretariat of Digital Government chairs the Central Committee for Data Governance38 (see section on co-ordination).
In Colombia, MINTIC’s Direction of Digital Government oversees diverse aspects related to data interoperability and open data (OECD, 2018[16]). MINTIC’s role is implemented in close collaboration with the DNP and the Office of the President. Similar scenarios are observed in Ecuador, and Paraguay, where the respective Ministries in charge of Information Technologies and Communication lead the digital government agenda, including interoperability.
In Uruguay, the AGESIC integrates data interoperability and open data as part of its responsibilities. A similar scenario is observed in Peru where SEGDI leads interoperability and open data efforts in the public sector. While different in terms of arrangement (one being an agency, the one other an office), the location of AGESIC and SEGDI within the Centre of Government (CoG) gives these bodies the political lever and operational leadership needed to advance digital government and data efforts in the public sector (see OECD (2017[17]); (2019[12]); Chapter 1).
In the Dominican Republic, the data leadership task (in terms of interoperability) is under the responsibility of the Government Office for Information and Communication Technologies (OGTIC). OGTIC co-ordinates with the Governmental Ethics and Integrity General Direction in the area of open data.
In Panama, data governance, interoperability and open data are under the responsibility of AIG, which has also a specific internal unit focusing on advancing data science in the public sector.
In Chile, the responsibility for interoperability is under the Digital Government Division (DGD) at the Ministry General Secretariat of the Presidency (MINSEGPRES). DGD has a specific area in charge of data governance in the public sector and is also in charge of the strategic and operational aspects of open government data, including the management of Chile’s open data portal.
In Argentina and Mexico, changes of central administration shifted the attribution of data-related responsibilities in recent years. In Argentina, interoperability is under the responsibility of the Secretariat of Public Innovation at the Chief of Cabinet Office. Open data is intricately connected to the open government agenda for the Secretariat of Public Innovation’s Open Government National Direction leads the open data agenda. Formerly, the National Direction of Public Data and Public Information “acted as a de facto chief data officer for the government” (OECD, 2019[10]), thus, advancing data management, interoperability and open data efforts in connection with the digital government agenda. It is not clear if this integrated data leadership approach is still in place in the Country according to evidence provided.
In Mexico, the Co-ordination of the National Digital Strategy (CEDN) at the Office of the President leads interoperability efforts, whereas open data is under the responsibility of the Ministry of Public Administration (SFP) and personal data protection under the National Institute of Transparency, Access to Information and Personal Data Protection (INAI). Formerly, open data in Mexico sit at the Office of the President (2012-18) which gave this policy area a strong policy lever (see OECD (2016[18]); (2018[19])). The CEDN was also located at the Office of the President for the period 2012-2018 but acted more as the political lever of the digital government and agenda, whereas the Unit for Digital Government at the SFP acted as the operational arm for the digital government, including the needed support for open data between 2012 and 2018.
Challenges
Whole-of-government data leadership is often attributed as a task of the body in charge of digital government and has a strong focus on interoperability. Therefore, it can be perceived as strictly technical and operational. The attribution of data leadership roles in areas such as open data and personal data protection is driven by national contexts and governance arrangements. This allocation of the data leadership task call for a more integrated and shared vision in the public sector.
Evidence presented in the previous section shows the diverse and sometimes ambiguous institutional frameworks for whole-of-government data leadership, and their relationship with other agendas that might fall under other bodies’ responsibilities (open government data and personal data protection) (see Table 3.1).
In terms of personal data protection, these leadership roles are normally allocated to stand-alone bodies such as Data Protection Offices (e.g. Brazil’s National Authority of Data Protection, Mexico’s INAI, or Costa Rica’s Personal Data Protection Agency), but in some instances, the mandate and therefore leadership for personal data protection is still blurry as the organisational leadership task is not clearly attributed to a public body.
In terms of open government data, institutional arrangements are highly uneven among LAC countries for the mandate and leadership task can be attributed to an internal unit within digital government body or to other public bodies in charge of access to public information, transparency, or open government.
As discussed in previous sections, the more distributed data leadership roles are (data interoperability, open data, data protection) the more need for closer co-ordination and coherence. Yet, the heterogeneous governance arrangements observed in open government data and personal data protection stress the importance of clarifying institutional frameworks and the attribution of the leadership task in some countries. This is also relevant in the context of other data-intensive areas such as artificial intelligence (AI).
Clarity and co-ordination among those bodies and leaders in charge of personal data protection and open data (if not defined as a task of the digital government body) would help avoid moving towards the appointment of one-person data leadership models - which might not be feasible in specific contexts or conflict existing digital government and data roles if positioned at the same level. Improved co-ordination of existing bodies and roles would be more organic as it would fit into current governance structures available in some countries.
Nevertheless, in some countries a stronger political leadership for digital government (which often includes the data leadership task) can also help in advancing strategic ambitions besides the technical aspects of digital government, data-driven public sectors and data governance as a whole (see Chapter 1 on governance).
National data strategies
Overview
Earlier OECD policy and measurement work on digital government, including the OECD Digital Government Index (OECD, 2020[5]) and the OECD 2019 Report The Path to Becoming a Data-Driven Public Sector (OECD, 2019[6]) provided evidence on how OECD member and partner countries have moved towards greater coherence of national data efforts by developing national data strategies or embedding these within policy instruments such as digital agendas and other instruments such as AI strategies.
National data strategies (as those put in place by Australia,39 Germany,40 Japan,41 the United States,42 Ireland,43 the Netherlands44 and Sweden)45 have often a broader scope for their aim is to bring together relevant data policy areas, including data access and sharing within the public sector and across sectors, interoperability, data management, open data, data protection, data ethics, and data security.
Following up on and in line with the findings presented in the 2022 OECD/CAF Report The Strategic and Responsible Use of Artificial Intelligence in the Public Sector of Latin America and the Caribbean (OECD/CAF, 2022[9]), single national data strategies or policies are not standard practice in LAC countries (see Figure 3.3). According to evidence provided and further research, Colombia, Peru, and Uruguay are the only countries with similar policy instruments in the region.
Colombia’s National Policy on Data Exploitation (or CONPES 392046 on Big Data from 2018) developed by the ministerial-level DNP defines the main goals and actions to be implemented by actors from different sectors to tap on the value of data for social and economic development. For this purpose, the CONPES 3920 includes 11 action lines in the areas of data infrastructure, open data, data classifications and legal certainty, public-private data sharing, public sector capacity, data markets and data sandboxes, among others. CONPES 3920 is linked to the goals of the National Policy for Digital Transformation and Artificial Intelligence (CONPES 397547 from 2019). In 2022, Colombia also published the National Data Infrastructure Plan (PNID) developed by MINTIC, DNP and the Office of the President.
Uruguay’s national data policy was launched in 2019 and set a group of general and specific principles for data management in the public sector in connection with Uruguay’s 2020 Digital Agenda (AGESIC, 2019[20]). In 2021, Peru underwent a process to develop a national data strategy in line with the provisions of its Digital Government Bill. In 2023, Peru’s issued its national data strategy, which is organised around six main axes: data as an asset, data management, data infrastructure, ethics, talent, and data ecosystem (see PCM (2021[21]), Government of Peru (2021[22]) and (2023[23])). Peru’s and Uruguay’s data strategy/policy are deeply rooted and connected to digitalisation efforts in the country and the digital government agenda.
In most cases, data-related strategies are included as a sub-component of broader digital government strategies or similar, or specific to areas such as open government data. As a result, this type of strategies could have a narrower scope than dedicated national data strategies and provide less clarity in terms of timeframes and actions:
Argentina: In the Digital Agenda 2030,48 published by decree in November 2018, the Argentinian government included specific goals related to personal data protection and data infrastructure. The Annex of the Agenda highlights data use by public bodies and open data as key actions of its digital government component. Data-related goals such as open data and the finalisation of the National Public Data Infrastructure Programme (INDAP) are also included in the 2022-24 Argentinian OGP Action Plan.49
Brazil: Objectives on data interoperability and open data are included in the 2020-22 Digital Government Strategy (Decree 10,332 from 2020),50 and further detailed on other legal instruments such as Decree 10.046 on Interoperability (2019) and Decree 8.777 (2016) on Open Data Policy (see section on regulatory frameworks).
Chile: Chile’s 2018-22 Digital Transformation Strategy51 includes data-driven public sector as one out of its five action lines, covering issues related to open data and data use in the public sector. Data also is one out of the tree enabling axis of the 2021-2030 National AI Policy,52 integrating issues and specific actions related to personal data protection, open data, science and research, and data communities. The National AI Policy is under the leadership of the Ministry of Science and Technology, and thus a different body of those in charge of digital government. In 2023, the Chilean government launched a public consultation to inform the development of its national data strategy.
Costa Rica: The Country’s Digital Transformation Strategy 2023 - 2027 proposes actions in six thematic areas, namely certified digital signature and digital identity, digital services, digital skills, data governance, interoperability, and the updating of the regulations on digital transformation.
Dominican Republic: In 2022, the Dominican Republic published its 2030 Digital Agenda,53 including also specific elements related to data interoperability, data protection and open data. Notably, the Dominican Republic issued an Action Plan for 2021-2454 as means to operationalise the goals defined in the Digital Agenda (including those related to data), and attribute responsibilities to public bodies in this regard.
Ecuador: Ecuador has also followed regional leaders an in 2021 the Country issued a biennial Digital Agenda55 (2021/22) including topics and objectives on open data, interoperability, data protection and big data.
Panama: The 2020 Digital Agenda56 includes both clear policy actions related to interoperability, data protection and open government data, and explicit policy goals related to data governance, open data and AI - all with the objective of making the Panamanian public sector data-driven.
In its ICT Directive Plan57 Paraguay included specific actions (mostly technical) related to interoperability and similar, but it is unclear if this policy document has been updated since its publication in 2011. In September 2021, Mexico published the National Digital Strategy for 2021-24.58 Yet, the document briefly touches on data, besides including the importance of integrating structured databases within the public sector.
No information was available for Bolivia, Barbados, Jamaica, Trinidad y Tobago, and Venezuela.
Challenges
The understanding of national data strategies is still narrow in some cases, and often focuses on siloed policy aspects e.g., interoperability, open government data.
In some countries, a coherent and broader view is needed to integrate aspects related to interoperability, open data, data ethics, personal data protection, data security/protection, and cross-sectoral/border data sharing under cohesive policy instruments and common actions. At the same time, such coherent approach can help to further bridge the understanding of “data as a right” present in the region (the right to access data, personal data protection) with the policy discourse that calls for the understanding of data as an asset, and as a digital public good.
Also, during fact-finding interviews, public officials and decision makers often confused legal instruments (such as open data decrees or Access to Information laws), and other softer instruments (such as OGP action plans) with comprehensive national data strategies which may confirm the absence of an integrated view to data at a more conceptual level.
In LAC, national data strategies are somehow de facto instrument to translate the vision into a set of policy tools and initiatives (as opposed to action-oriented instruments). Digital agendas (when available) have further paved the ground to bring data-related policy issues under one single policy instrument. However, countries in LAC could take a step ahead and explore if tools such as national data strategies could help to support policy implementation and shed further clarity in terms of actions, timeframes, responsibilities and accountability, while also acknowledging their relevance in the context of AI strategies. Alignment and adherence to international instruments such as the OECD Recommendation on Enhancing Access to and Sharing of Data (OECD, 2021[3]) could also help in this regard.
Current efforts are incipient but can help to build the basis for data integration at a regional scale in the long run.
Whereas moving towards a common data strategy for the region is ambitious in the long term, and the harmonisation of rules, institutions, systems and data much needed as discussed in previous sections, in LAC, the appetite for regional data integration and cross-border data exchange is reflected on the actions taken in fora such as GEALC Network and the Digital Nations group, and trade blocks such as the MERCOSUR (as discussed earlier in this chapter). Other efforts are observed in ECLAC’s eLAC2022 strategy, which includes objectives to achieve regional data flows with trust.59
At the international level, the EU Data Strategy60 has set a precedent as an instrument for data access and sharing at the regional level. In particular, its objective of creating data spaces in strategic sectors (including energy, mobility, health, and agricultural data, and a specific data space for public administrations, starting with public procurement data) (EC, 2020[24]) underlines the relevance of this instrument as a driver of trustworthy data access and sharing.
Along these lines, potential medium-term actions in LAC could consider the creation of similar mechanisms for data access and sharing in the region building on common priorities and interests. For instance, in the short term, promoting the further adoption and implementation of international open standards in areas such as public contracting, beneficial ownership, and public infrastructure can help create a common (open) data space in the region to fight corruption across borders. Also, sustaining close co-ordination among national governments with data holders from outside the public sector (incl. citizens, indigenous communities, and the private sector) will be instrumental to avoid creating national data governance arrangements which are neither interoperable by design nor respond to current and future needs in terms of data access and sharing, including across sectors and borders.
Open government data
Overview
Data from the 2019 edition of the Open, Useful, and Re-usable data (OURdata) Index showed significant gaps on open data availability, accessibility and re-use by 2019 (OECD, 2020[25]), with Colombia, Mexico and Brazil leading, back at the time, open data efforts in LAC. Recent evidence collected for the purpose of this report shows that in some instances, LAC countries have increasingly reinforced the regulatory and institutional governance arrangements for open government data (see section on steering policy change). Yet, progress is still uneven in terms of compliance, implementation and value co‑creation (e.g. good governance and economic growth). Monitoring impact is still a challenge.
Important developments at the national level have taken place mostly in terms of the governance for open government data. In Brazil, instruments such as the revised version of the open data policy (2019), the Open Data Monitoring Panel (2019), the updated National Digital Government Strategy (2020) and the Digital Government Law (2021) have improved the governance foundations for open government data in the Country, also broadening its reach to the digital transformation of the public sector (OECD, 2022[11]). Other example if that of Ecuador’s 2020 Ministerial Agreement 011 on the Open Data Policy, and Panama’s 2020 Technical Implementation Guide on Open Data.
As discussed in earlier OECD studies on digital government and data in the region61 open government data policies in LAC were and, in some cases, still are deeply connected to the “data as a right” policy discourse and are therefore driven by public sector transparency and open government agendas – in particular the latter which, in the context of the OGP, remains a driver for open data in the region.
Drawing on the recommendations of the 2019 OECD Open Government Review of Argentina (OECD, 2019[26]), in 2020 the country launched its first Strategic Plan on Open Government (2020 – 23), including specific goals on open data. Costa Rica has tapped on its 4th OGP Action Plan (2019-22)62 to sustain open data efforts at the national level. Specific policy sectors are also priority targets in LAC. Uruguay’s 5th OGP Action Plan63 has helped secure the implementation of open data initiatives and paved the way for the definition of Uruguay’s Open Data Strategy for 2021-24 (goal 1.9), which aims at tackling social and policy changes in areas such as anti-corruption, environment, and gender.
The publication of open data to fight corruption is also preponderant in the region. Evidence from the interviews conducted in the context of this project point to the fact Colombia, Costa Rica, Ecuador, and Paraguay are investing on open data efforts to fight corruption, in collaboration with actors such as the Open Data Charter and the German Agency for International Co-operation (GIZ), and in line with the Organisation of American States (OAS) Inter-American Programme on Open Data to Prevent and Fight Corruption (PIDA). In Colombia for instance PIDA´s implementation was included in Colombia´s fourth OGP Action plan. In Mexico also the 2021-24 Transparency, Open Government and Open Data Policy underlines its connection and alignment with the fight against corruption.
In terms of promoting re-use of data, Peru is working on further exploring public-private partnerships to increase open data re-use and improve services for citizens, in line with the Peru’s National Open Government Data Strategy 2017-21. Argentina organised workshops to design its most recent OGP Action Plan for 2020 – 24. Costa Rica also created the National Commission of Open Data, a multi-stakeholder co-ordination group in charge of steer the open data Policy in the country.64 Paraguay and Dominican Republic have also invested efforts to further engage with data users to identify demand in the context of worktables with the private sector and hackathons.
In 2021 and 2021, Mexico’s National Institute of Transparency, Access to Information and Protection of Personal Data (INAI) in partnership with other organisations from the public sector and the civil society has organised the National Open Data Conference (DATACON). The DATACON was an on-line effort to bring experts from different sectors to collaborate to address policy challenges through open data. More recently in 2023, the INAI launched Open Mexico65 – a multi-stakeholder initiative aimed at developing a National Open Data Policy.
Panama reports the absence of a systemic interaction with data users that can help to identify demand and promote reuse. Yet, it also points to initiatives such as partnerships with universities that aim to address this challenge.
Challenges
Transparency and open government are the main drivers for open data agendas in LAC. This misses the role of open data as a digital public good and its contribution as a key policy lever to address pressing and emerging regional policy challenges, and as an asset for data-intensive technologies such as AI and business models.
In LAC, the strong connection of open data with public transparency remains a key driver of open data initiatives but in some cases it has not evolved in line with developments at the international level.
For instance, the contribution of open data to foster the data economy and the development of services, or as tool to support or address democratic processes challenges such as elections and the fight against mis- and dis-information is still not central nor widespread. As discussed earlier in this chapter, countries like Brazil and Peru have made efforts to further connect open data to digital government efforts, including areas such as service design and delivery by embedding open data in digital government legislation. However, this understanding is not widespread in the region yet.
At the same time, emerging global challenges such as the protection of democracy would require exploring the contribution that open data can play in this area at a regional level. Broader initiatives such as C40, the World Organization of United Cities and Local Governments (UCLG), and the Cities Coalition for Digital Rights would also offer an ideal platform to further promote the role of local governments in the region as key players in priority policy areas such as sustainable development, climate change and democracy and scale up the potential and value of digitalisation and data in these areas.
Public decision makers would need to evolve their policy discourse and implement concrete actions and initiatives to ensure that open government data policies and initiatives respond to new policy challenges. This would help also to open data initiatives are further integrated with broader digitalisation agendas (including AI strategies) and policy issues of relevance in the current global context.
Initiatives to collaborate and engage with internal and external actors to promote data re‑use have increased but are not mainstreamed. In some other cases, efforts on open data re-use have stagnated.
Despite the abovementioned initiatives, mainstreamed engagement to promote data re-use with communities of practice and data users (including within the public sector) remains a challenge. This is a long-standing challenge in the LAC that requires concrete actions and a clearer understanding that data publication is only a means towards a broader goal within policy and decision makers. Recent results from the Global Data Barometer confirm these findings.66
Moreover, several issues are observed in some LAC countries that have stagnated open data policies, such as the lack of high-level commitment, changes of political administration, lack of understanding by decision makers, or resistance in some sectors.
In Chile, the 2012 Presidential Directive on Open Government mandated the implementation of open data by public sector institutions, including in areas such as procurement and public budgeting. However, the country failed to maintain momentum or increase its efforts to promote data re-use, as the results of the 2017 and 2019 editions of the OURdata Index show.67 Also, evidence from the survey and the interviews carried-out for the purpose of this report point out the lack of a clear strategy and systematic practice, with the open data portal being only a dataset repository rather than an instrument to co-create value. Yet, despite the lack of a continuous central push to the open data policy, sectoral initiatives such as those by Chile’s Ministry of Science on open data for research and development, and other initiatives in budgeting and energy sectors have maintained practice on-going.
Open data and data governance at the local level remain incipient. Smart cities are taking an increasing role in the multi-level data governance, but the role of cities as key actors in the open data ecosystem is still missing from the broader public discourse in the region.
Cities like Buenos Aires (Argentina), Lima (Peru), Bogotá (Colombia), and Mexico City (Mexico)68 have been long standing leaders in the region in terms of digital government and open data at the local level, but much remains to be done in the region in this area beyond these and other metropoles.
Whereas this specific area would require further research, initiatives such as the Metropolitan Network of Municipalities and Local Governments by the Ministry of Finance in Paraguay, País Digital in Argentina, Mexico’s DATACON (which includes the participation of local authorities) and other similar practices in place can help to advance open data efforts at the local level. This would need close co-ordination with the central level and solid data federation and multi-level governance arrangements to avoid fragmented practices and policies. Addressing challenges related to connectivity, lack of capacity at the local level of government, access to rural communities will play a decisive role to advance in this regard.
Trustworthy data access and sharing
Overview
In relation to regulatory arrangements, the application of habeas data mechanisms is widespread in LAC, thus being present in most personal data protection regulations in the region (Fernandez Nieto, 2022[27]). Yet, as detailed in previous sections, countries are still in the process of either building or consolidating regulatory and institutional arrangements at the national level for personal data protection and privacy (see section on steering policy change).
In this regard, recent national developments include Panama’s Law No. 81 on Personal Data Protection69 (2019), Colombia’s Decree 620 from 2020 that provides general guidelines on the use and operation of digital services70 (including on data portability, consent, privacy and personal data protection), and Ecuador’s Organic Law on Personal Data Protection71 from 2021.
At the same time, while the COVID-19 pandemic further underlined the relevance of data access and sharing within the public sector and across sectors and borders, it also stressed the importance of these actions to take place within a context of trust guaranteeing data security and safeguarding personal privacy. For instance, Peru’s Emergency Decree 007-2020 established the Digital Trust Framework, which focuses on privacy by default, and highlights public-private collaboration to secure public trust in digital services.
In terms of whole-of-government institutional arrangements to ensure and enforce data protection, examples in this area include Uruguay’s Personal Data Regulatory and Control Unit (URCDP),72 Costa Rica’s Population Data Protection Agency (PRODHAB),73 and Peru’s Personal Data Protection National Authority (a body within the Ministry of Justice).
Another case is that of Mexico’s INAI.74 It is worth mentioning that in June 2022, INAI launched a set of guidelines for the management of personal data in the context of artificial intelligence75 which confirms the relevance of advancing or modernising personal data protection regulations and supportive soft-instruments in line with technological development.
For more information of the current regulatory and institutional arrangements for personal data protection in LAC see section on steering policy change, Table 3.1 and Box 3.1.
Challenges
Making personal data protection operational implies providing citizens with the right mechanisms to exert their rights. Digital public infrastructure such as digital identity can help to advance transparency efforts on the use of personal data in the public sector.
Despite advancements, some LAC countries are still struggling to advance implementation efforts and to proactively provide citizens with tools they can use to know how their data is being used within the public sector, for what purpose and by whom.
For instance, Brazil’s 2018 General Law 13.709 on Data Protection76 defined requirements for public sector organisations to appoint Data Protection Officers to address past issues where responsibility and accountability in the area of personal data protection was not clearly attributed. Brazil established a Council on Data Protection to co-ordinate decisions relevant to personal data protection and privacy, and in 2022, Brazil´s National Data Protection Authority also published the Guidebook on Personal Data Processing by Government Entities.
As regulatory and leadership arrangements are further clarified in specific countries, implementation would also require defining and attributing clear responsibilities and appointing roles across public sector organisations. Similarly, it would require to increase digital literacy on personal data protection within public bodies, so that goals and ambitions are translated into real-world action and preventive actions at the institutional level.
At the same time, enablers and tools such as digital identity (authentication and signature), digital wallets, and citizens’ folder mechanisms are fundamental to empower citizens and grant them with agency to timely and proactively access information regarding personal data held and used by public bodies and facilitate the provisions of consent when required.
Furthermore, recent cases in the region related to the potential use of specific software and data analytics by government bodies77 stress the need for transparency in the use of techniques and tools implying the processing of personal data should be equally and proactively informed to the general society. The latter takes a predominant importance given the risks these applications can pose in terms of social surveillance, the monitoring of actors such as journalists, activists, other actors in society, and the protection of the civic space.78
Data governance efforts, including in terms of clearly communicating rights, consent requirements and exemptions to data subjects and increasing digital literacy, need to further stress and raise awareness on consent requirements and exemptions.
The GDPR set a global reference on personal data protection and brought to the public attention the importance of consent in the use of personal data and personal sensitive data by data controllers.79 Nevertheless, the operationalisation of consent should further acknowledge that, in principle, consent might not be always needed, particularly in the context of governments´ and public bodies´ operations.
The legal, regulatory and policy obligations of public bodies, as data controllers within the public sector, can imply the processing of personal data. Facilitating these data flows is inherent to achieve the mission of the public service and the public administration. The main purpose behind personal data processing can be related to the implementation of public policies, regulatory compliance or to perform a specific public function. These purposes are also linked to the implementation of principles such as once only (its application requires personal data to be shared among public organisations), to data governance and management practices related to data interoperability (e.g., population registers), and to decisions on citizens’ access to public services. For instance, Article 9 of Uruguay’s Law on Personal Data Protection (Law N° 18331) list the exemptions on which consent from the data subject is not needed,80 including in the context of the functioning and responsibilities of the state.
Considering the above, investing on data literacy among population and public officials is needed so that consent requirements and exemptions are better understood by all relevant parties, including data subjects. These efforts shall complement the provision of tools (e.g. citizens’ folders) data subjects can use to exert their right to privacy and transparency in the use of their data by public authorities.
Data ethics is still an emerging area, which is commonly understood with a narrower focus on personal data protection.
Interviews and information collected through the survey undertaken in the context of this report indicate data ethics81 is an area that requires further attention in LAC. In most cases, public officials seemed to understand data ethics and personal data protection as interchangeable concepts which might limit the possibility of advancing efforts in this area.
The importance of generating public sector data, and consequently open government data, which is inclusive and representative of key societal challenges and communities is intrinsic to data ethics and could have a more prominent role in countries’ actions. As mentioned during interviews, advancing open data efforts in critical areas of concern in the region such as gender violence, feminicides, access to justice, violence against LGBTQ+ communities and other vulnerable groups, crime rates, climate change, deforestation and illegal logging, and the sovereignty of data by indigenous communities will require strong commitment at the highest policy and political level in the short term, solid regulatory and institutional frameworks across the public sector, co-ordination beyond borders, and continuity across political administrations and changing political agendas.
OECD tools such as the Good Practice Principles for Data Ethics in the Public Sector (OECD, 2021[8]) can provide further guidance in this area, including in terms of data management and AI governance practices. This includes ensuring data is representative, inclusive, and when possible disaggregated and granular, and its sources transparent, recorded, and traceable when needed so that the generation, selection, and use of data does not contribute to perpetuate social inequalities and disparities, including in the context of AI systems.
The COVID-19 pandemic and the overnight digitalisation of public services placed data security higher in the policy agenda, but there’s still a need to invest more efforts to better prepare, manage and respond to digital risks.
LAC countries could pay further attention to data security and to take a more proactive and preventive stand against digital risks rather than reactive one. A joint study from the IDB and OAS found that by 2020, the LAC region “was not sufficiently prepared to handle cyberattacks” with only 7 out of 32 countries having “a critical infrastructure protection plan” and 20 having “established cybersecurity incident response teams, often called CERTs or CSIRTs, which limited countries “ability to identify and respond to attacks” (IADB/OAS, 2020[28])
In May 2022, Peru created the Digital Trust Operational Unit in response to a personal data breach that took place in the Country.82 This Unit, which operates under the Secretariat of Digital Government, will help to better co-ordinate efforts between the National Digital Security Centre and other actors such as the Personal Data Protection National Authority, the High-Tech Crime Investigation Division, and the Specialized Prosecution Unit on Cybercrime (PCM, 2022[29]). These efforts are in line with Peru’s National Digital Security and Trust Strategy (2021).83
Also relevant is the case of Ecuador, which adopted the Organic Law on Personal Data Protection in 2021. Thus, addressing a long-standing policy issue that gained further traction in 2019 due to a major personal data breach in the country.
Application cases
Table 3.2 presents a group of projects and/or initiatives showing the practice of using data to achieve specific outcomes among LAC countries. These projects and initiatives were collected from the interviews carried out with countries, through surveys, and from earlier OECD work in LAC at the national level. Examples are neither exclusive nor extensive and are limited only to the projects and/or initiatives raised by interviewees and survey respondents or identified by the Secretariat in the context of earlier, current and broader OECD work and collaborations on digital government, innovation and digital transformation.
Table 3.2. Identified practices relevant to data-driven public sector
Country |
Initiative |
Brief description |
Source/link |
---|---|---|---|
Argentina |
Open data portal |
Central open government data portal |
|
Brazil |
Emergency Aid program |
In Combating COVID, Brazil implemented the Emergency Aid program, which benefited around 118 million citizens (55.8% of Brazilians citizens). 67.9 million individuals received the benefit directly. Databases containing information of lower-income citizens, already in place before the pandemic, helped to reach out for the target-public. In addition, the Emergency Aid was publicized on a web portal and an app was designed to get citizens request for the benefit. |
Fact-finding interviews. Text adapted from: G20 Compendium on the use of digital tools for public service continuity (OECD, 2021[30]) |
Open data portal |
Central open government data portal |
||
Chile |
Open data portal |
Central open government data portal |
|
Colombia |
Open data portal |
Central open government data portal |
|
Dominican Republic |
Open data portal |
Central open government data portal |
|
SIUBEN pilot |
Pilot project aimed at using data in the context of social security, and used as testing case of the National Interoperability Framework |
Fact-finding interviews. https://siuben.gob.do |
|
Vivienda Feliz |
Collection and use of data from various sources to make decision on personal loans. Includes the collection of sensitive personal data (e.g., salaries) |
Fact-finding interviews |
|
Ecuador |
.. |
Pilot project to explore data exchange between the Judiciary and other bodies to make judicial procedures more efficient |
Fact-finding interviews |
Health appointments |
Data interoperability across the public sector to improve the process of making appointments with public health providers and reduce the burden on citizens |
Fact-finding interviews |
|
Open data portal |
Central open government data portal |
||
Huella Social |
.. |
.. |
|
Mexico |
National Digital Platform of the National Anti-corruption System |
The National Digital Platform of the National Anti-corruption System access and federates data from different public bodies (including from the local level) to monitor progress of anti-corruption efforts in the Country |
Fact-finding interviews https://www.plataformadigitalnacional.org |
Open budget data |
Mexico’s budget transparency portal provides data in CSV formats in areas such as budget planning and execution, population subsidies, and social programmes. |
https://www.transparenciapresupuestaria.gob.mx/ |
|
Panama |
Data sharing platforms |
AIG has developed a number of platforms that underpin the collection and exchange of information, including the National Health Electronic Management (Gestión Electrónica de Salud Nacional), the National Agro-commercial Integrated System (Sistema Integrado Agrocomercial Nacional, SIAN), and the National Intelligent System to Monitor Alerts (Sistema Inteligente Nacional de Monitoreo de Alertas, SINMA). |
Adapted from OECD Digital Government Review of Panama (OECD, 2019[31]) |
Open data portal |
Central open government data portal |
||
Paraguay |
Datatón 2020 |
Multi-stakeholder effort organised by the civil society in collaboration with Paraguay’s National Innovation Strategy to advance open data initiatives and promote data use |
Fact-finding interviews |
Open data portal |
Central open government data portal |
||
.. |
Data analysis and lineage to track and monitor public procurement processes and identify potential corruption risks. Based on the application of the open contracting data standard. Initiative led by the National Direction of Public Contracting. |
Fact-finding interviews |
|
Peru |
Covid-19 data |
Use of Covid-19 data for foresight and pandemic impact assessments |
Fact-finding interviews |
Peru’s Geodata Infrastructure |
Coherent ad co-ordinated publication and sharing of geodata by public bodies (data hubs or nodos) in different portals at the central and local level |
Fact-finding interviews |
|
Open data portal |
Central open government data portal |
||
Uruguay |
Open data portal |
Central open government data portal |
|
.. |
Data integration and interoperability between the Ministry of Health and the civic register for birth certificates automated generation and issuing. |
Fact-finding interviews |
..: Missing value or not available.
Source: Based on information and data from indicated sources.
References
[20] AGESIC (2019), Política de Datos para la Transformación Digital, Agencia de Gobierno Electrónico y Sociedad de la Información y del Conocimiento, https://www.gub.uy/agencia-gobierno-electronico-sociedad-informacion-conocimiento/comunicacion/noticias/uruguay-politica-datos-para-transformacion-digital (accessed on 15 March 2022).
[24] EC (2020), A European Strategy for Data, European Commission, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020DC0066 (accessed on 5 July 2022).
[27] Fernandez Nieto, B. (2022), Habeas Data and Personal Data Protection in Latin America, Data-pop Alliance, https://datapopalliance.org/habeas-data-and-personal-data-protection-in-latin-america/ (accessed on 19 June 2023).
[32] Global Data Barometer (2022), Global Data Barometer Report 2022, https://globaldatabarometer.org/the-global-data-barometer-report-first-edition/ (accessed on 11 July 2022).
[23] Government of Peru (2023), Estrategia Nacional de Gobierno de Datos, https://www.gob.pe/15777-estrategia-nacional-de-gobierno-de-datos (accessed on 20 June 2023).
[22] Government of Peru (2021), Estrategia Nacional de Gobierno de Datos, https://www.gob.pe/15777-estrategia-nacional-de-gobierno-de-datos (accessed on 15 March 2022).
[28] IADB/OAS (2020), 2020 Cybersecurity Report: Risks, Progress, and the Way Forward in Latin America and the Caribbean, Inter-American Development Bank, Washington, https://doi.org/10.18235/0002513.
[11] OECD (2022), Open Government Review of Brazil : Towards an Integrated Open Government Agenda, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/3f9009d4-en.
[14] OECD (2021), E-leaders Handbook on the Governance of Digital Government, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/ac7f2531-en.
[30] OECD (2021), G20 Compendium on the Use of Digital Tools for Public Service Continuity: Report for the G20 Digital Economy Task Force, Trieste, Italy, August 2021, OECD Publishing, Paris, https://doi.org/10.1787/6f800fd5-en (accessed on 12 July 2022).
[8] OECD (2021), Good Practice Principles for Data Ethics in the Public Sector, OECD, Paris, https://www.oecd.org/gov/digital-government/good-practice-principles-for-data-ethics-in-the-public-sector.htm (accessed on 14 April 2021).
[3] OECD (2021), Recommendation of the Council on Enhancing Access to and Sharing of Data, OECD/LEGAL/0463, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0463 (accessed on 20 January 2022).
[5] OECD (2020), “Digital Government Index: 2019 results”, OECD Public Governance Policy Papers, No. 03, OECD Publishing, Paris, https://doi.org/10.1787/4de9f5bb-en.
[25] OECD (2020), Government at a Glance: Latin America and the Caribbean 2020, OECD Publishing, Paris, https://doi.org/10.1787/13130fbb-en.
[7] OECD (2020), “Open, Useful and Re-usable data (OURdata) Index: 2019”, OECD Policy Papers on Public Governance, No. 1, OECD Publishing, Paris, https://doi.org/10.1787/45f6de2d-en (accessed on 12 May 2021).
[4] OECD (2020), “The OECD Digital Government Policy Framework: Six dimensions of a Digital Government”, OECD Public Governance Policy Papers, No. 02, OECD Publishing, Paris, https://doi.org/10.1787/f64fed2a-en.
[12] OECD (2019), Digital Government in Peru: Working Closely with Citizens, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/0c1eb85b-en (accessed on 26 August 2019).
[10] OECD (2019), Digital Government Review of Argentina: Accelerating the Digitalisation of the Public Sector, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/354732cc-en (accessed on 24 June 2019).
[31] OECD (2019), Digital Government Review of Panama: Enhancing the Digital Transformation of the Public Sector, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/615a4180-en.
[26] OECD (2019), Open Government in Argentina, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/1988ccef-en.
[2] OECD (2019), Recommendation of the Council on Artificial Intelligence, OECD Legal Instruments, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449 (accessed on 26 April 2021).
[6] OECD (2019), The Path to Becoming a Data-Driven Public Sector, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/059814a7-en.
[15] OECD (2018), Digital Government Review of Brazil: Towards the Digital Transformation of the Public Sector, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/9789264307636-en.
[16] OECD (2018), Digital Government Review of Colombia: Towards a Citizen-Driven Public Sector, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/9789264291867-en.
[19] OECD (2018), Open Government Data in Mexico: The Way Forward, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/9789264297944-en.
[17] OECD (2017), Public Procurement in Chile: Policy Options for Efficient and Inclusive Framework Agreements, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/9789264275188-en.
[18] OECD (2016), Open Government Data Review of Mexico: Data Reuse for Public Sector Impact and Innovation, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/9789264259270-en.
[13] OECD (2014), Open Government in Latin America, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/9789264223639-en.
[1] OECD (2014), Recommendation of the Council on Digital Government Strategies, Public Governance and Territorial Development Directorate, OECD, Paris, http://www.oecd.org/gov/digital-government/Recommendation-digital-government-strategies.pdf.
[9] OECD/CAF (2022), The Strategic and Responsible Use of Artificial Intelligence in the Public Sector of Latin America and the Caribbean, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/1f334543-en.
[29] PCM (2022), “PCM anuncia creación de Unidad Funcional de Confianza Digital para fortalecer estrategia de prevención y mitigación de riesgos digitales”, Presidencia del Consejo de Ministros, Government of Peru, https://www.gob.pe/institucion/pcm/noticias/608641-pcm-anuncia-creacion-de-unidad-funcional-de-confianza-digital-para-fortalecer-estrategia-de-prevencion-y-mitigacion-de-riesgos-digitales (accessed on 26 July 2022).
[21] PCM (2021), “Documento de trabajo para la Estrategia nacional de gobierno de datos”, Presidencia del Consejo de Ministros, Government of Peru, https://www.gob.pe/institucion/pcm/informes-publicaciones/2046259-documento-de-trabajo-para-la-estrategia-nacional-de-gobierno-de-datos (accessed on 15 March 2022).
Notes
← 1. See for instance the digital government reviews done in countries like Sweden (OECD, 2021[14]) and Argentina (OECD, 2019[10]), and the 2019 OECD Report The Path to Becoming a Data-Driven Public Sector (OECD, 2019[6]).
← 2. For more information see: https://catalogo.conecta.gov.br/conectagov/.
← 3. For more information see: https://mintic.gov.co/arquitecturati/630/w3-propertyvalue-8117.html.
← 4. For more information see: https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/198952:MinTIC-expide-el-Plan-Nacional-de-Infraestructura-de-Datos-que-impulsara-la-transformacion-digital-del-Estado.
← 5. For more information see: marco_normativo.pdf (optic.gob.do).
← 6. For more information see: https://www.telecomunicaciones.gob.ec/wp-content/uploads/downloads/2012/11/LEY-DEL-SISTEMA-NACIONAL-DE-REGISTRO-DE-DATOS-PUBLICOS.pdf.
← 7. For more information see: https://funcionpublica.gob.mx/web/transparencia/Politica_de_Transparencia_Gobierno_Abierto_y_Datos_Abiertos_de_la_APF_2021-2024.pdf.
← 8. For more information see: https://www.gacetaoficial.gob.pa/pdfTemp/29003_A/GacetaNo_29003a_20200415.pdf.
← 9. For more information see: https://www.mitic.gov.py/viceministerios/tecnologias-de-la-informacion-y-comunicacion/servicios/sistema-de-intercambio-de-informacion.
← 10. For more information see: https://www.gob.pe/741-plataforma-de-interoperabilidad-del-estado.
← 11. For more information see: https://www.datosabiertos.gob.pe/.
← 12. For more information see: https://www.gub.uy/agencia-gobierno-electronico-sociedad-informacion-conocimiento/que-es-la-plataforma-de-interoperabilidad.
← 13. For more information see: https://mintic.gov.co/arquitecturati/630/w3-propertyvalue-8117.html
← 14. For more information see: https://datatrusts.uk/blogs/data-trusts-and-the-eu-data-strategy#:~:text=Data%20trusts%20offer%20a%20tool,a%20framework%20for%20data%20governance.
← 15. For more information see: https://datacollaboratives.org/.
← 16. For more information see: https://www.mercosur.int/temas/agenda-digital/.
← 17. For more information see: https://www.redgealc.org/lineas-de-trabajo/interoperabilidad-transfronteriza/.
← 18. For more information see: https://www.redgealc.org/lineas-de-trabajo/datos-abiertos/.
← 19. For more information see: https://ec.europa.eu/isa2/eif_en.
← 20. For more information see: https://ec.europa.eu/isa2/eif_en.
← 21. For more information see: https://www.micitt.go.cr/wp-content/uploads/2023/03/CNTD.pdf.
← 22. For more information see: http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nValor2=86321&nValor3=111948&strTipM=T#:~:text=N%C2%B040951%2DMP%2DMIDEPLAN&text=%2DQue%20la%20organizaci%C3%B3n%20sectorial%20del,rector%C3%ADa%20sobre%20la%20organizaci%C3%B3n%20sectorial.
← 23. For more information see: http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nValor2=67348&nValor3=111956&strTipM=TC.
← 24. For more information see: https://observatoriolegislativocele.com/paraguay-proyecto-de-ley-de-datos-abiertos-2018/.
← 25. For more information see Article 45 of Law 6524 at: https://www.bacn.gov.py/leyes-paraguayas/9156/ley-n-6524-declara-estado-de-emergencia-en-todo-el-territorio-de-la-republica-del-paraguay-ante-la-pandemia-declarada-por-la-organizacion-mundial-de-la-salud-a-causa-del-covid-19-o-coronavirus-y-se-establecen-medidas-administrativas-fiscales-y-financieras#:~:text=libros%20do%20...-,Ley%20N%C2%BA%206524%20%2F%20DECLARA%20ESTADO%20DE%20EMERGENCIA%20EN%20TODO%20EL,MEDIDAS%20ADMINISTRATIVAS%2C%20FISCALES%20Y%20FINANCIERAS.
← 26. For more information see: https://gdpr-info.eu/.
← 27. For more information see: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1561563110433&uri=CELEX:32019L1024.
← 28. For more information see: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020PC0767.
← 29. For more information see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
← 30. For more information see: Comitê — Português (Brasil) (www.gov.br) .
← 31. For more information see: https://www.sen.gov.co/conozca-el-sen/instancias/cad.
← 32. For more information see: https://www.gob.pe/institucion/pcm/normas-legales/2951-119-2018-pcm.
← 33. For more information see: https://www.barbadosparliament.com/bills/details/396.
← 34. For more information see: https://transparencia.css.gob.pa/wp-content/uploads/2020/01/Resoluci%C3%B3n-No.-DS-3513-2018-de-17-de-enero-de-2018-por-la-cual-se-desarrolla-la-pol%C3%ADtica-p%C3%BAblica-de-transparencia-de-datos-abiertos-de-gobierno.pdf.
← 35. For more information see: http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nValor2=84166&nValor3=108486&strTipM=TC.
← 36. For more information see: https://cdn.www.gob.pe/uploads/document/file/1680865/DS%20029-2021-PCM.pdf.pdf.
← 37. For more information see: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0463.
← 38. For more information see: Comitê — Português (Brasil) (www.gov.br) .
← 39. For more information see: https://ausdatastrategy.pmc.gov.au/.
← 40. For more information see: https://www.bundesregierung.de/breg-en/service/information-material-issued-by-the-federal-government/data-strategy-of-the-federal-german-government-1950612.
← 41. For more information see: https://www.digital.go.jp/assets/contents/node/basic_page/field_ref_resources/0f321c23-517f-439e-9076-5804f0a24b59/20210901_en_05.pdf.
← 42. For more information see: https://strategy.data.gov/.
← 43. For more information see: https://www.gov.ie/en/publication/1d6bc7-public-service-data-strategy-2019-2023/.
← 44. For more information see: https://www.nldigitalgovernment.nl/overview/new-technologies-data-and-ethics/data-agenda-government/.
← 45. For more information see: Data – en underutnyttjad resurs för Sverige - Regeringen.se.
← 46. CONPES documents are policy instrumenrs developed by the National Planning Deparment’s National Council for Economic and Social Policy. For more information see: https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3920.pdf.
← 47. For more information see: https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3975.pdf.
← 48. For more information see: https://www.boletinoficial.gob.ar/detalleAviso/primera/195154/20181105.
← 49. For more information see: https://www.opengovpartnership.org/members/argentina/.
← 51. For more information see: https://cms-dgd-prod.s3-us-west-2.amazonaws.com/uploads/pdf/Estrategia_de_transformacion_digital_2019_.pdf.
← 52. For more information see: https://minciencia.gob.cl/areas-de-trabajo/inteligencia-artificial/politica-nacional-de-inteligencia-artificial/.
← 53. For more information see: https://agendadigital.gob.do/wp-content/uploads/2022/02/Agenda-Digital-2030-v2.pdf.
← 54. For more information see: https://agendadigital.gob.do/wp-content/uploads/2022/02/Plan-de-Accion-2021-2024-v2.pdf.
← 55. For more information see: https://www.telecomunicaciones.gob.ec/wp-content/uploads/2021/05/Agenda-Digital-del-Ecuador-2021-2022-222-comprimido.pdf.
← 56. For more information see: https://aig.gob.pa/descargas/2019/12/agenda-digital-2020-visual.pdf.
← 57. For more information see: https://www.senatics.gov.py/plan-director-tic.
← 58. For more information see: https://dof.gob.mx/nota_detalle.php?codigo=5628886&fecha=06/09/2021#gsc.tab=0.
← 59. For more information see: https://www.cepal.org/es/agenda-digital-america-latina-caribe-elac2022/agenda-digital-2022.
← 60. For more information see: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020DC0066&from=EN.
← 61. See OECD (2014[13]), (2016[18]), (2018[19]), (2018[16]), (2018[15]) (2019[10]), (2019[12]) and (2019[31]).
← 62. For more information see: https://www.opengovpartnership.org/wp-content/uploads/2020/01/Costa-Rica_Action-Plan_2019-2022_Revised_EN.pdf.
← 63. For more information see: https://www.opengovpartnership.org/wp-content/uploads/2021/12/Uruguay_Action-Plan_2021-2024.pdf.
← 64. For more information see: http://www.pgrweb.go.cr/scij/Busqueda/Normativa/normas/nrm_texto_completo.aspx?nValor1=1&nValor2=84004.
← 65. For more information see: Proyectos asociados – Abramos México (abramosmexico.org.mx).
← 66. For more information see the Global Data Barometer Report 2022, Regional Analysis, Latin America and the Caribbean (Global Data Barometer, 2022[32]) at: https://globaldatabarometer.org/wp-content/uploads/2022/05/GDB-Report-English.pdf.
← 67. For more information see: https://www.oecd-ilibrary.org/governance/government-at-a-glance-2019_38029ced-en.
← 68. For more information see for instance the OECD Digital Government Reviews of Argentina, Peru, and Colombia and the OECD Open Government Data Reviews of Mexico at https://www.oecd.org/gov/digital-government/digital-government-publications.htm.
← 69. For more information see: https://www.gacetaoficial.gob.pa/pdfTemp/28743_A/GacetaNo_28743a_20190329.pdf.
← 70. For more information see: DECREE 620 OF 2020 (suin-juriscol.gov.co) .
← 71. For more information see: https://www.consejodecomunicacion.gob.ec/wp-content/uploads/downloads/2021/07/lotaip/Ley%20Org%C3%A1nica%20de%20Protecci%C3%B3n%20de%20Datos%20Personales.pdf.
← 72. For more information see: https://www.gub.uy/unidad-reguladora-control-datos-personales/.
← 73. For more information see: http://www.prodhab.go.cr/.
← 74. For more information see: https://home.inai.org.mx/.
← 75. For more information see: https://home.inai.org.mx/wp-content/documentos/DocumentosSectorPublico/RecomendacionesPDP-IA.pdf.
← 76. For more information see: https://www.gov.br/cidadania/pt-br/acesso-a-informacao/lgpd.
← 77. See for instance https://www.reuters.com/article/uk-costarica-president-idUKKCN20M2ZI and https://www.reuters.com/article/mexico-tech-surveillance-idUSL8N2PD6BQ for recent cases in Costa Rica and Mexico.
← 78. For more information on the OECD work on civic space see: https://www.oecd.org/gov/open-government/civic-space.htm.
← 79. According to the GDPR, “the data controller determines the purposes for which and the means by which personal data is processed”. For more information see: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controllerprocessor/what-data-controller-or-data-processor_en#:~:text=The%20data%20controller%20determines%20the,it%20is%20the%20data%20controller.
← 80. For more information see: https://www.impo.com.uy/bases/leyes/18331-2008/9.
← 81. For a definition of data ethics see the UK Data Ethics framework at https://www.gov.uk/government/publications/data-ethics-framework; Floridi & Tadeo (2016) ‘What is data ethics?’ at https://royalsocietypublishing.org/doi/10.1098/rsta.2016.0360; and the definition provided by the Open Data Institute at https://theodi.org/article/data-ethics-canvas/#1562602644259-1d65b099-ea7b.
← 82. For more information see: https://www.gob.pe/institucion/pcm/noticias/608641-pcm-anuncia-creacion-de-unidad-funcional-de-confianza-digital-para-fortalecer-estrategia-de-prevencion-y-mitigacion-de-riesgos-digitales.
← 83. For more information see: Estrategia Nacional de Seguridad y Confianza Digital v1.5.pdf.pdf (www.gob.pe) .