The ubiquitous collection, use and sharing of data that power today’s economies challenge existing governance frameworks and policy approaches. Drawing on the extensive research and analysis by the OECD on data governance, and the OECD legal instruments in this area, this Going Digital Guide to Data Governance Policy Making (hereafter the Guide) aims to help policy makers navigate three fundamental policy tensions and objectives that characterise most, if not all, efforts to develop, revise and implement policies for data governance in the digital age. The tensions and objectives relate to balancing data openness and control, while maximising trust; managing overlapping and potentially conflicting interests and regulations related to data governance; and incentivising investments in data and their effective re-use. For each, the Guide outlines underlying issues and presents promising approaches that can help address them. The Guide also contains a checklist of questions to orient policy makers as they develop and revise effective policies for data governance. Finally, it includes a number of policy approaches and real-life policies as examples.

Data openness brings both benefits and risks. Policies need to reconcile how to: foster a culture of risk management and transparency across the data ecosystem; leverage the full spectrum of the data openness continuum to balance risks and benefits; enhance users’ agency and control over data through legal means; support adoption of technological and organisational measures to enhance control; and enhance technical interoperability for data openness.

Multiple parties are involved in data-driven contexts with potentially conflicting interests at different phases of the data value cycle (data collection, analysis, use, deletion). The engagement of different policy communities in data governance thus gives rise to multiple, and sometimes overlapping, policy and regulatory frameworks that focus on concerns mainly relevant to those policy communities. These frameworks can be both sectoral or cross-sectoral, as well as national and international.

While the marginal costs of transmitting, copying and processing data can be close to zero, substantial investments are often required to generate and collect data and to enable data sharing and re-use. Investments may also be needed for data cleaning and data curation, often beyond the scope and timeframe of the activities for which the data were initially collected. In many cases, complementary investments are also needed in data-related skills and competencies, as well as in information communication technologies. This includes investments in algorithms and software along the data value cycle (from generation and collection to processing and re-use). Indeed, evidence shows that firms are increasingly buying start-ups to secure access to data and other complementary assets that may be critical for the development of their data-driven business.

Policies should seek to maximise the benefits from data access, sharing and re-use across organisational and national borders while addressing related risks, including the violation of the rights of individuals and organisations. To this end, data governance policies can:

• foster a culture of risk management and transparency across the data ecosystem

• leverage the full spectrum of the data openness continuum

• provide legal options and tools to enhance right-holders’ agency and control over data

• support development and adoption of technological and organisational measures to enhance control of stakeholders over data

• enhance interoperability of data across organisations and sectors.

Policies should balance the interests of different stakeholders, while ensuring consistency across different policy and regulatory frameworks. To this end, data governance policies can:

• identify and consider the contribution of different stakeholders throughout the data value cycle including by promoting multi-stakeholder engagement

• support cross-agency co‑operation to help reconcile different domestic frameworks

• promote model contracts, contractual clauses, public procurement, codes of conduct and ethics frameworks to leverage contracts as means to clarify overlaps in data governance frameworks

• reconcile varying data governance frameworks across countries, promote international regulatory co‑operation, including cross-border enforcement co‑operation, to enable cross-border data flows with trust.

Policies should incentivise investments in data and their effective re-use for data-driven solutions and a thriving data ecosystem, among others. To this end, data governance policies can:

• promote appropriate knowledge and skills for responsible data sharing and use

• encourage investments in and adoption of financially viable information and communication technology infrastructures for data openness

• foster competition in data-driven markets and address barriers to entry for new firms

• promote standardised approaches for evaluating the social and economic value of data.