The Going Digital Guide to Data Governance Policy Making (hereafter the Guide) aims to advance the development, revision and implementation of policies for data governance, by helping to overcome key related policy tensions. Addressing the complexities arising from the nature of data as an intangible infrastructural resource of global strategic importance, the Guide helps policy makers design effective, technology-neutral, forward-looking and coherent data governance policies across sectors, policy domains and jurisdictions. It proposes a set of questions and highlights promising policy approaches based on three policy tensions and objectives that characterise data governance policy making: balancing data openness and control while maximising trust; managing overlapping and potentially conflicting interests and regulations related to data governance; and incentivising investments in data and their effective re-use.
Going Digital Guide to Data Governance Policy Making
1. Introduction
Abstract
Data are an intangible infrastructural resource that have significant potential spillover benefits across sectors and policy domains (OECD, 2015[1]; 2022[2]). Global economies are increasingly powered by digital technologies, and the ubiquitous collection, processing, use and sharing of data are challenging governance frameworks and policy approaches. For individuals, businesses and governments, these developments provoke fundamental questions. How can data be open while still controlled to maximise trust? How can overlapping and potentially conflicting interests and regulations related to data be managed? How can investments in data and their effective re-use be incentivised? In this context, a field of policy practice has emerged, broadly referred to as “data governance” (Box 1.1).
Box 1.1. What is data governance?
In the context of the OECD Project on Data Governance for Growth and Well-being, “data governance” refers to diverse arrangements, including technical, policy, regulatory or institutional provisions, that affect data and their creation, collection, storage, use, protection, access, sharing and deletion across policy domains and organisational and national borders. Efforts to govern data take many forms. They often seek to maximise the benefits from data, while addressing related risks and challenges, including to rights and interests.
Source: OECD (2022[3]), Going Digital to Advance Data Governance for Growth and Well-being, http://dx.doi.org/10.1787/e3d783b0-en.
Although policy and regulatory co-operation on data governance has been steadily improving, approaches remain largely siloed. Policy makers and regulators naturally tend to focus on their respective policy domains and country contexts. As such, they often fail to benefit from experiences in other policy domains. Furthermore, they face difficulties in fully accounting for the unintended consequences of their policies for stakeholders beyond their competence. In addition to benefiting from cross-disciplinary approaches, policy makers and regulators could also do more to manage overlaps and potential conflicts between multiple policy frameworks applying to the same data. All these challenges add to difficulties in defining a common ground and language on data governance at the national and international level.1
Governance challenges relating to data are particularly significant in a context of fast technological developments. Emerging technologies include cloud computing, big data analytics, artificial intelligence (AI), the Internet of Things (IoT), immersive environments and distributed ledger technologies. For example, the combination of big data analytics, AI and the IoT has enabled development of digital environments where personal data collection and processing are increasingly comprehensive and pervasive. These developments require innovative policy thinking in terms of privacy and personal data protection. This, in turn, raises questions about the role of informed consent or the applicability of principles such as purpose specification and use limitation, when not challenging the definition of personal data altogether (OECD, 2021[4]; 2019[5]; 2015[1]).2
Against this background, the Guide is conceived as a practical tool for data governance policy makers, complementing the OECD (2022[3]) report Going Digital to Advance Data Governance for Growth and Well-being. Chapter 2, which is key for using the Guide, presents a checklist for policy makers in different domains to review data governance policies.3 Using the checklist, they can assess whether policies are fit for purpose to address the three fundamental tensions in data governance policy making and achieve related objectives. Chapter 3 elaborates the three cross-cutting policy tensions and objectives of data governance. For each one, the chapter presents possible governance approaches and relevant provisions of OECD Council Recommendations on data governance that support these approaches (Box 1.2). It also provides examples of how governments and the private sector have been implementing these approaches.4
Box 1.2. The OECD approach to data governance as reflected in its legal instruments
Throughout the Guide, the following OECD Recommendations are highlighted to provide direction in data governance policy making (Figure 1.1):
Figure 1.1. OECD Recommendations relating to data governance
The OECD (2021[6]) Recommendation of the Council on Enhancing Access to and Sharing of Data provides the foundation of the OECD approach to data governance and is the most recent and overarching instrument in this field.
The OECD Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data launched in 1980 (revised in 2013) was the first internationally agreed-upon set of privacy principles.
In addition, some OECD legal instruments provide domain-specific guidance on data governance:
The OECD (2021[7]) Recommendation of the Council concerning Access to Research Data from Public Funding provides guidance on enhancing access to research data and other research-relevant digital objects from public funding.
The OECD (2016[8]) Recommendation of the Council on Health Data Governance calls for national health data governance frameworks to encourage the availability and use of personal health data to serve health-related public interest purposes while promoting the protection of privacy, personal health data and data security.
The OECD (2014[9]) Recommendation of the Council on Digital Government Strategies and the OECD (2008[10]) Recommendation for Enhanced Access and More Effective Use of Public Sector Information supports the development and implementation of digital government strategies and the access and use of public sector information, including data.
Source: OECD (2022[11]), “OECD Legal Instruments”, https://legalinstruments.oecd.org (accessed 4 November 2022).
References
[17] OECD (2022), “Data shaping firms and markets”, OECD Digital Economy Papers, No. 344, OECD Publishing, Paris, https://doi.org/10.1787/7b1a2d70-en.
[15] OECD (2022), “Fostering cross-border data flows with trust”, OECD Digital Economy Papers, No. 343, OECD Publishing, Paris, https://doi.org/10.1787/139b32ad-en.
[3] OECD (2022), Going Digital to Advance Data Governance for Growth and Well-being, OECD Publishing, Paris, https://doi.org/10.1787/e3d783b0-en.
[2] OECD (2022), “Measuring the value of data and data flows”, OECD Digital Economy Papers, No. 345, OECD Publishing, Paris, https://doi.org/10.1787/923230a6-en.
[11] OECD (2022), OECD Legal Instruments, https://legalinstruments.oecd.org (accessed on 4 November 2022).
[16] OECD (2022), “Responding to societal challenges with data: Access, sharing, stewardship and control”, OECD Digital Economy Papers, No. 342, OECD Publishing, Paris, https://doi.org/10.1787/2182ce9f-en.
[7] OECD (2021), Recommendation of the Council concerning Access to Research Data from Public Funding, OECD/LEGAL/0347, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0347.
[6] OECD (2021), Recommendation of the Council on Enhancing Access to and Sharing of Data, OECD/LEGAL/0463, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0463.
[4] OECD (2021), “Report on the Implementation of the Recommendation of the Council Concerning Guidelines Governing The Protection of Privacy and Transborder Flows of Personal Data”, OECD, Paris, https://one.oecd.org/official-document/C(2021)42/en.
[5] OECD (2019), “Challenges to consumer policy in the digital age”, Background Report G20 International Conference on Consumer Policy, OECD, Paris, https://www.oecd.org/going-digital/topics/digital-consumers/challenges-to-consumer-policy-in-the-digital-age.pdf.
[12] OECD (2019), “Vectors of digital transformation”, OECD Digital Economy Papers, No. 273, OECD Publishing, Paris, https://doi.org/10.1787/5ade2bba-en.
[13] OECD (2018), Digital Government Review of Sweden: Key Findings, OECD Publishing, Paris, http://www.oecd.org/governance/digital-government/key-findings-digital-government-review-of-sweden-2018.htm (accessed on 13 July 2018).
[8] OECD (2016), Recommendation of the Council on Health Data Governance, OECD/LEGAL/0433, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0433.
[1] OECD (2015), Data-Driven Innovation: Big Data for Growth and Well-Being, OECD Publishing, Paris, https://doi.org/10.1787/9789264229358-en.
[9] OECD (2014), Recommendation of the Council on Digital Government Strategies, OECD/LEGAL/0406, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0406.
[10] OECD (2008), Recommendation of the Council for Enhanced Access and More Effective Use of Public Sector Information, OECD/LEGAL/0362, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0362.
[14] OECD (forthcoming), “Emerging privacy enhancing technologies: Maturity, opportunities and challenges”, OECD Digital Economy Papers, OECD Publishing, Paris.
Notes
← 1. This is the case for instance for privacy-enhancing technologies that have long been promoted to address domestic challenges in the field of privacy and data protection (OECD, forthcoming[14]) and that are now also increasingly discussed as a means to address data governance challenges in other, international, contexts (OECD, 2022[16]; 2022[15]; 2022[17]). Similarly, sectoral governance arrangements such as in the domain of geodata could be scaled up for use of those data in other sectors, like the public sector (OECD, 2018[13]).
← 2. Another example in the area of trade relates to the rules governing digital trade, which include issues related to cross-border data flows (OECD, 2022[15]).
← 3. Compare with OECD (2019[12]) that presents the “vectors of digital transformation” including “a checklist against which existing and new policies can be reviewed to see if they are appropriate and fit-for-purpose in the digital era”.
← 4. Three complementary surveys by the OECD on data governance informed the collection of examples. These surveys were undertaken in context of respective work related to the OECD (2021[6]) Recommendation of the Council on Enhancing Access to and Sharing of Data, the OECD (2021[7]) Recommendation of the Council concerning Access to Research Data from Public Funding, and the OECD (2014[9]) Recommendation of the Council on Digital Government Strategies.