From data revolutionary to data governance advocate and back again: Three lessons from the journey

I arrived at the Hewlett Foundation as a new program officer in January 2014. I quickly became a data revolutionary, supporting African governments’ use of data to improve decision making and advance the Sustainable Development Goals as part of our Evidence-Informed Policymaking (EIP) strategy. Along the way I learned that government use of data can also bring genuine risks, and that managing these risks requires better policies and practices. So, I became an advocate for better data governance.

In the context of our EIP grantmaking, “data governance” refers to the set of laws, policies, regulations, authorities, and decision-making structures that guide how governments collect, share, and use data to inform decisions. I see “balanced data governance” as actively managing the tradeoffs among the many benefits and risks of data use. Failure to strengthen balanced data governance not only leads to harms and infringement of rights, but curtails innovation, restricts economic transformation, and undermines our most fundament EIP goal — that governments use data in a routine and safe way to inform policy decision making to improve outcomes for people.

At the end of my eight-year term at the Hewlett Foundation, I leave as both a data revolutionary and an advocate for data governance, knowing that promoting data use also requires governing how data are collected, shared, and used. Along this journey I have learned three big lessons:

Lesson 1: Data governance is the second wave of the data revolution

The “data revolution” refers to at least three elements: (a) the exponential increase in the volume, quality, and types of data available, including from nongovernmental sources like telecommunications firms, satellites, social media, and financial transactions; (b) new technologies that permit faster processing of larger data sets, enable new statistical methods, and allow new data sources to interact with and complement traditional ones; and finally, (c) the growing expectation — at the highest political levels and among citizens — that both traditional and new sources of data will be available and used to make better government decisions.

The first wave of the data revolution in the international development sector was powered by the Sustainable Development Goals (SDGs). Its declaration came from the 2014 report, “A World That Counts: Mobilising the Data Revolution for Sustainable Development.” The breadth of the SDG agenda, its “leave no one behind” principle, and, more recently, the extreme urgency for timely COVID-related data, puts new demands on national statistical systems that cannot cost-effectively be met by traditional methods. National statistical systems have been under pressure to “modernize” and “innovate” including through data sharing with businesses and other public agencies. Many governments are establishing digital ID systems that aspire to improve public service delivery and put an unprecedented amount of personally identifiable data in the hands of government. In addition, many countries have digital transformation agendas, which both draw on and produce data in ways that other economic activity and governing do not.

With this opportunity to leverage new forms of data and analytical techniques comes significant complexity in terms of data governance. As experts from the Centre for the Study of African Economies argue, balancing the opportunities and challenges from the digital economy requires having sound data governance frameworks. Scholars from the Center for Global Development have a nice summary of why data protection matters for development.

Governments around the world are scrambling to establish and effectively apply policy and regulatory approaches to manage this complexity. Those that do, like the European Union, will have an outsized impact on policies around the globe. Through the General Data Protection Regulation (GDPR), the E.U. has developed norms and practices that are reference points for other countries, while African countries are more likely to be “standards takers,” adapting, adopting, and striving for “adequacy” with frameworks set elsewhere. Yet African policy experts have largely been excluded from global data governance deliberations, and policy reference points from afar may not strike a balance that is appropriate for their contexts. For example, the GDPR and the many frameworks it is inspiring focus primarily on protecting personal privacy while remaining silent on mitigating population-level societal harms that can be caused by data use.(1) It concentrates on preventing data misuse by private companies, but governments can also be data-driven abusers. Furthermore, as national governments jockey to align with major partners, the geopolitics of data governance further complicate national policy decisions.

In the absence of reliable data protection, citizens will rightly resist government use of personally identifiable data. Indeed, citizen fears about government misuse of personal data have fueled campaigns against digital ID systems in several countries, while outrage over data breaches deepens skepticism about data use. Calls for better data protection are getting louder. However, if policies focus only on maximizing privacy, rather than also enabling safe and beneficial data use, the potential for digital transformation and data-informed policy decisions will be limited. Robert Kirkpatrick of UN Global Pulse refers to the risk of “missed use” of data as important as the risk of “misuse.” Instead, a balanced data governance approach would optimize data protection as an enabler of data innovation and use.

This complex and rapidly evolving set of data policy issues reflects the second wave of the data revolution. At least for the global development community, the formal declaration of this second wave has come in the World Development Report 2021: Data for Better Lives. The report puts equal weight (150 pages over four chapters!) on data governance as on the value of data for advancing development objectives. The Global Partnership for Sustainable Development Data, initially established to harness the data revolution to advance the Sustainable Development Goals, now includes a major line of work on data governance through its Data Values Project. These examples reflect a significant shift in the tenor and substance of the data-for-development agenda, just a few years after the “data revolution” was initially declared.

Lesson 2: Embrace (and fund for) complexity

“Data Governance” encompasses a wide, complex, and rapidly evolving set of policy issues. Organizations and funders working on data governance describe their work in many ways — digital rights, cyber policy, artificial intelligence (AI) policy, data protection, responsible AI, data ethics, data markets, tech policy, and so on. Data governance is relevant across topics, ranging from digital economy and trade to surveillance and human rights. As a funder, this complexity can be paralyzing. Where should we focus? How do we put boundaries around our work? These tactical questions miss the broader point that governments are grappling with a complex and rapidly evolving set of policy and legal challenges. It doesn’t help them if we narrowly define data governance or invest in advancing just one corner of it.

I moved past paralysis when I stopped being afraid of this complexity and started embracing it. I have used two approaches to make decisions within this complexity:

• Support institutions. Given the urgent and complex nature of data governance policy issues, Africa (where our grantmaking is focused) would benefit from more research and advocacy institutions that pursue the data governance issues most relevant to their specific contexts and adapt as new priorities emerge. So, rather than figuring out whether to invest in better regulatory frameworks for digital ID or cross-border data flows, I’ve worked to figure out which institutions could be enduring leaders as data governance priorities evolve. This has led to new grants to African institutions such as Africa Digital Rights Hub, African Economic Research Consortium, Amnesty International Kenya, Centre for the Study of the Economies of Africa, Centre for Intellectual Property and Information Technology Law, Collaboration on International ICT Policy for East and Southern Africa, Open Institute, and Pulse Lab Kampala. We’ve also supported institutions outside of Africa — like Center for Global Development, Global Partnership for Sustainable Development Data, and UN Global Pulse — that draw lessons across countries, develop frameworks adaptable to multiple contexts, and increase the influence of African scholars and practices in global data governance deliberations. Supporting institutions, rather than focusing on specific topics, can make it harder to track progress in terms of discrete policy wins. But it makes it more likely that smart scholars and advocates will be available to advise on pressing policy issues as they evolve.
• Support the field. We can have a more enduring impact if we help strengthen the field of organizations to navigate well within it, together. Why focus on a “field,” not just individual institutions? In “Strength in numbers: Taking a field-level view,” Ruth Levine, writes, “Taking that field-level view, program staff know that no one organization, no matter how impressive, will be able to make big change happen and stick. A whole constellation of organizations, both ones that are peers and ones that have different roles, are needed.” This includes sharing learning with each other, developing a shared body of knowledge, increasing policy influence through collective voice, and connecting expertise across domains including law, economics, technology, and human rights. These field-level activities are too important to be left to chance, but funders don’t know best what a field needs to thrive. So we’ve tried to base our plans on what members of the emerging field say they need, and test our assumptions about what would be most useful.

Lesson 3: Address the missing middle of data governance

Data governance happens at many levels — global standards, national policy frameworks, regulatory authorities, legal agreements, privacy-preserving technology, as well as societal norms. Many of our grantee partners are focused on the top, framing layers of data governance like global standards, regional frameworks, and national policies. Some of our grantee partners and the tech community are focused on the bottom, operational layers of data governance, such as legal agreements for data sharing and technical solutions like differential privacy. But few are attending to what I call the “missing middle” of data governance: multistakeholder governance structures or co-created codes of conduct that enable ongoing, collaborative, operational decision making about data use.

Here’s one example: In 2018 the Ghana Statistical Service (GSS) formed an agreement with telecom provider Vodafone Ghana and Swedish nonprofit Flowminder Foundation to use cell phone data to complement official statistics. The team spent a long time hashing out the top-level policy and regulatory frameworks, balancing the demands of the Ghana Data Protection Commission and the new European GDPR. They labored over the bottom-level legal agreements and technical approaches to protect Vodafone’s data and the privacy of its users. Once they got into implementation, they realized they were missing the middle layer.

When COVID-19 hit in early 2020, the partnership proved well positioned to inform the pandemic response, including by identifying changes in mobility patterns associated with lockdowns. This analysis got the attention of Ghana Health Service, but also of unexpected groups like a European university, a major U.S. foundation, and a multilateral organization. Each requested access to the data and analysis for its own purposes. Yet there was no structure in place to make decisions about who else could access the data beyond the government of Ghana. The project team had to create one.

GSS created a new multistakeholder governance body. The Call Detail Records Steering Committee is composed of senior representatives from GSS, Vodafone, Flowminder, the Ministry of Planning, the National Communications Authority, and the National Development Planning Commission. It includes nongovernmental actors, such as representatives from the Telecoms Chamber and the Africa Digital Rights Hub. Together, the steering committee established and used criteria to guide their decisions, including that new use cases generate value for the Ghanaian people, build capacity within GSS, and comply with project legal agreements and data protection protocols. This collaborative decision-making structure has proven to be a critical complement to global standards, national laws, and legal agreements to govern data use.

For other examples that aim to address the missing middle of data governance, see New York City’s Data Assembly, “a public deliberation on the re-use of data” during the COVID pandemic, and the OPAL project’s governance and ethics committees. The Global Partnership for Sustainable Development Data has four recommendations for building trust in multistakeholder governance of the data economy, and the Ada Lovelace Institute offers a guide to participatory data stewardship. Addressing the missing middle is important for managing day-to-day decisions about how data are used, by whom, and to what end. If done well, it is a critical layer to enable transparent, inclusive deliberation, giving advocates and communities a say in how data are used.

These lessons show that “balanced data governance” is not just an outcome or state of affairs. It is an ongoing process of deliberation within governments and with nongovernmental scholars, advocates, and citizens, such that tradeoffs among competing priorities are openly debated and collectively and equitably decided. Balanced data governance is a society-wide endeavor that requires iteration, learning, and adaptation in the context of rapidly evolving data, technology, and policy priorities. And it is central to making the data revolution deliver on its promise to improve people’s lives.

[1] For discussion of the shortcomings of data governance frameworks primarily related to personal privacy rather than broader societal harms, see “Democratic Data: A Relational Theory For Data Governance,” by Salome Viljoen, and “The Data Delusion,” by Martin Tisné and Marietje Schaake.