IGF 2022 Day 1 Launch / Award Event #45 Digital Data: Polycentric Governance Perspectives

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MODERATOR: To welcome you all to the very interesting session we have this morning.  The session is the name of the book to make sure everybody is in the right session.  The session is the title of the book, it is about to be launched.  It is Digital Data, Polycentric Governance Perspectives, and it is co‑edited by Carolina Aguerre, Malcolm Verduyn, and Jan Aart Scholte.  I think some are online.  It is three or something for Carolina Aguerre in Argentina.  Thanks for those not in the time zone for joining this really interesting session.  Hopefully interesting session, because the book squarely addresses the issues of data governance and privacy as it specifically relates to data governance in different sectors and the themes.  It is how the literature understands data governance differently across academic and policy fields including scholarship and policy around Internet Governance.  No book has yet linked the varying approaches to data governance.  Polycentrism provides a perspective for the variety of actors, issue areas and process says at the subnational, national, regional, global levels that are crucial to cooperation and data governance.  It is really very exciting to have the chapters of the book speaking today. 

What we'll do is instead of running through them now as people speak, we'll introduce them so you can link them to their chapters and books.

     Just before we hand over, just to return to the issue of very interesting application of polycentrism to data governance and to privacy, I think as the book suggests, there is a lot of interest for a long period of time in polycentrism.  We have seen a considerable literature in the area of the commons.  Drawing on Armstrong's work particularly with regard to regulation of natural resources.  We have seen an interesting extension of Ostrom's work and in the area of spectrum regulation.  And recently, Internet.  There hasn't been a stronger emphasis on the global dimensions now of governing essentially global digital goods and the enormous challenges. 

     The application that is done is firstly not been that much to recently see Internet, but it is still looking at basically national governance systems and not really addressing the enormous challenge we now have of global governance.  Polycentrism, because it is looking at managing complex systems and in this case of data and of the Internet, and of global systems, the complex adaptive systems so you need very agile institutions that can adjust to the fast‑changing environments.  You need to have coordination at a global level that presents an entirely new challenge for us.  The book is very timely in this sense.  And really looking forward to having hopefully a fruitful discussion on this.  So let me move straight into the discussion.  Not only the discussion, but into the presentation by Jan and Carolina.  We'll take it from there.  Jan is in the room and will be presenting.  Carolina is online. 

>> Malcolm Verduyn: I am Malcolm Verduyn, it is only 7:00 a.m. for me.  I will give background on the book and hand it over to Jan.  First, start off to say thank you to everyone for being here at various times of the day and thank you to Alison for kindly agreeing to moderate this and for the kind introductory words.  This is more of a prelaunch of a book that is going to be coming out, open access, as it says on the screen.  Next year, we're happy to share advanced copies of the manuscript.  Please just get in touch.  Maybe we can go to the next slide, Jan, if that is okay.  I think you are in control.

That is great.  The short pitch about this book, as Alison said ‑‑

>> MODERATOR: Malcolm, we couldn't see the screen.  But it is now on the screen.  Carry on. 

>> Malcolm Verduyn: It is an effort to open the lenses for data governance and how it is reaching around the world in the multifaceted ways, not respecting national boundaries or even disciplinary boundaries, which is why Carolina, Jan and I brought together a great international and interdisciplinary set of contributors. 

>> At the risk of waking your dear little ones, can you talk a little louder?  We're at maximum volume in the room here, it is a little bit quiet. 

>> Malcolm Verduyn: They're awake now, but I will talk louder.  Go to the next slide.  We had two great workshops online due to the pandemic that were hosted in Germany.  It is an amazing hub for Internet research, if you don't know it already.  Maybe also to make a plug to another very relevant timely publication that just came out about unity and diversity in Internet Governance that came out yesterday, actually.  Maybe we can put a link in the chat for that.  Not to distract from the current book project.

This was put together that broadly considered two sets of relations.  I think that is on the next slide, please, Jan.

Yeah, first of the kind of relations between governing data and data governing, you can say.  In other words, the kind of connections between disbursed forms of formal and informal governing that really orders and reorders data production, data circulation, data uses.  And then a second and kind of related set of relations, if I may, the book is tracing are those that are unfolding in and across areas of activity, across sectors, across scales, really quickly and often in unexpected ways as we also saw with the pandemic, data being made and processed for one purpose and being reprocessed and repurposed for another purpose.  In finance or elsewhere.

     The book is really exploring the two broad sets of relations that are underpinning data governance.  And we're using this polycentric set of lenses to understand data governance through a focus of multiple sites, multiple processes, and multiple sets of actors. 

So yeah, big‑picture argument.  You know, polycentric perspectives are enabling us to make sense of the competing and overlapping issues that are merging and reemerging so quickly at multiple sites. 

So at the risk of going on longer, I will pass it over to Jan.  Or Carolina to expand on the next slide, which elaborates on polycentrism.  Thank you. 

>> Jan Aart Scholte: I think it will be me to prevent her from have to think too much early in the morning.  There is the fragmentation in the governances of the Internet.  It is technical layer, data, content aspect.  As you probably found when you use this term, fragmentation, it is often quite difficult to figure out what is being meant, what is said, and it often turns out to not be an analytical discussion, it becomes more loose and so on.  This concept of polycentrism in a way to bring in academic ideas of how governing works and hopefully to bring some greater clarity and precision to the way we talk about governing Internet issues and in this case, data.  The argument is in a way, it is not a question about unity or fragmentation, but actually it is a mix of the two.  You see that in this concept, polycentrism, poly, multiple centers, and places where rules about data are made.  Centrism, it is not all total out of order.  There is cohesion, and at the level of the actors it is a messy situation.  The chapters that are discussed here are going to talk about different substantive areas, different issue areas, and applying this general notion that we have many centers that are doing the governing of data, but at the same time, they're ordered in some way.  Then I'll come back at the very end after you heard the different sessions, the different cases and try to tie it together a little bit more at the end.  Hopefully then the initial comments make even more sense or less nonsense than they have at the moment.  Carolina, is that okay for a start?  Would you like to add anything else from your side. 

>> Carolina Aguerre: I think it is a great start.  Let's not get too theoretical for everyone at this time of the morning as well.  As you were mentioning and Alison at the beginning as well.  We are bringing in many dimensions and literature strands around polycentricity and also very different thematic concerns about the attributes are manifested.  It is important for us to be at IGF discussing this, because partly this is all triggered by the Internet.

We wouldn't have these huge issues with in addressing the complexity of digital data governance, if it wouldn't have the expansion of the Internet into so many fields and being conceptualized across so many disciplines. 

>> MODERATOR: Thank you very much, Carolina.  I think that is going to provide a wonderful basis for the discussion of the next chapters that we're going to be looking at.  And I think just from that discussion, besides the sort of multiple centers of decision‑making, the challenge of governance is that there needs to be some levels of coordination between the competition and the collaboration.  You know, what are the forms of governance that actually hold that together is kind of the critical question that faces us. 

Wonderful position to start for the chapter that is done by Wenlong Li on strengthening data protection and enforcement, is European Europe protection abroad, and the end of polycentric governance and the authorities or a new beginning. 

>> Carolina Aguerre: Alison, Wenlong Li is having problems logging in. 

>> MODERATOR: We'll come back to that.  We will move to Dmitry Epstein who will speak about polycentric privacy governance.  I think he is joining us from Israel.  So Dmitry Epstein, good morning, please, go ahead. 

>> Dmitry Epstein: (Silence).

>> MODERATOR: Can you check your sound?  We'll check sound on
this side. 

>> Dmitry Epstein: Sorry about that.  I don't know what happened.  I was saying it is both of us here together, Rotem Medzini is the lead author on the chapter.

>> MODERATOR: I'm sorry to do this to you as well.  You don't have muted tones, but we can't hear you loudly.  We can hear you but not very loudly.  Apparently the system is on the maximum here, if I can ask you to speak up, thank you.

>> Dmitry Epstein: Is that better?  I will share slides, Rotem Medzini and I would like to do it jointly to present our chapter.  I will move the slides and Rotem Medzini will start.  Do the first minute and a half.  I will do the second minute and I half.  Can you see the slides?  Okay, Rotem Medzini, take it away. 

>> Rotem Medzini: Okay.  Yeah, we don't talk about our paper today, dealing with polycentric privacy governance.  Perfect.  Usually when we think about regulation, it is usually kind of a form of bidirectional form of relationship between two types of actors.  The actors that set the rules and enforce them the regulators and those that are the target.  Those that we address as a regulated organization. 

     So the first group of parties very usually powerful, has resources, has an authority to set guidance, to set rules.  And then modify the behavior of that second group of actors involving in that formal relationship that we call regulation.

     But in fact, along the years, the theory as Jan has also written extensively about, relationships are actually much more complex.  This is going forward with the idea of polycentric governance.  It is that we start addressing the actors that exist in the regulatory regimes and understand relationships are much more complex than this.  We start first to talk about the group of actors that benefit from the existence of regulation.  Usually the citizens or consumers.  And we study their relationship in that regime, usually through concept like trust or legitimacy.  And then, research and regulation theory started addressing third group of actors, which are usually are third parties to the relationship between regulated organization and regulators, which sometimes are called regulatory intermediaries.  If we look at classic or leading examples, usually auditors, certification bodies, auditors that work in the regime and certify other certifiers.  And what usually we look at them as some actors that has some capacities, resources, expertise, or responsibilities in the regulatory process that are ‑‑ what is more important about them is the fact that they're not themselves regulators and not themselves a regulated organization.  It is important to say the organization exists in that relationship.

We still focus many about the classic form of regulation, which is between the regulators and the organization.  We understand it to be more complex and more rich with relationships that we are going to address when you study polycentric governance.  So when we understand the regulation to be a multifaceted interactive process, dealing with plurality of actors involved in the regimes, we decided as the book itself kind of addressed, the idea of how it is being pronounced in the digital realm.  And more specifically how it is addressed in the institution and noninstitution perspective in privacy governance.  Next slide, please.

So the first case that we looked at was data protection officer.  It is more formal arrangement.  And what is interesting, one of the interesting things about it is that in the European Union, it is a process, a very long process of ‑‑ that started in the 1980s.  Even a little bit before that, in Germany and through the years, it evolved into a regime that required the assignment of data protection officers in the European Union.  But most of the time, during the Director, there were actually ‑‑ the European data protection that is.  There were 33 regimes that each and every one of them required the assignment of data protection officers in different capacities.  Some of them didn't do that at all.  Most of them didn't do that at all, in fact.  And there were very weak data protection officers assigned to those regimes.  Where Germany was actually the leading example of the required of assignment of data protection officers.  What this chapter among others does, it tracks how the European Union most of the Commission pushed forward the idea that data protection officers need to be assigned in every public body, in every organization that systematically and monitored data subjects on a large scale.  And any organization that process special categories of data on a large scale. 

So through the years, up until 2016, 2018, it depends on when do you consider the GDPR to be approved and then entering the force.  The European Union decided to assign data protection officers, mostly to many of the organizations existing in the realm of data protection, it is also did so through other legislations that are neighboring to the GDPR.  So this is one thing that was very interesting in the chapters offered.  But also, if I can have the next slide, the other thing that it does with the GDPR is the idea that it changes the role of the data protection officer.  So if under the European data protection, there is variance in how national legislation understood the role of data protection officers.  And mostly considered them as the eyes and ears ‑‑ sorry ‑‑ of the data protection authority dealing with mostly the national provisions of the ‑‑ of the European data protection directive.  Under the GDPR, there is a mandatory requirement set by GDPR must have compliance on four levels of regulation. 

That is the European level, it must monitor the compliance on the national level and also with organizational policies as well as more specific audits.  It also has to raise the awareness in the organization provide advice, train the staff.  They must advise and monitor the process of data protection impact assessment.  And last, it has to have a contact point for different actors, again, working in that regime.  For beneficiaries, for the regulators and document and make sure to keep records. 

So what we wanted to show kind of in this first beginning is how this process of entering and adopting the idea to use regulatory intermediations through data protection officers has become mandatory and formal arrangement of compliance and a reliance on intermediation. 

>> MODERATOR: I will have to ask you Dmitry Epstein to speak quickly.

>> Dmitry Epstein: We have two arrangements, formal and informal.  Spring 2020, everybody discovered COVID and teaching and learning from home.  Over a billion school kids, 2 hundred million college students learning from the homes.  I'm sure everybody here experienced teaching from homes. 

In this moment, what we were interested in was this example is basically how privacy was treated in decision making about adopting remote learning technology.  We kind of could trace this process through the three stages of the Scott theory.  Moment of turbulence, moment of negotiation and temporary closure, also in terms of rules and practices that governor our data.  Being collected and stored.

At the beginning, right, there was a mess.  And everybody was scrambled to get their head above the water, playing with different tools.  Some of which were available.  Some were not.  Schools, teachers, everybody had to figure out how to continue the learning process.

We entered this moment empirically looking at two cases.  Germany and Israel.  And we looked at one of the ‑‑ like in this particular study, we looked at schools, elementary and middle schools and how they went about adopting remote learning technologies.  And in the process, we kind of figured that we could observe how over the course of that year, right?  They kind of settled on different sets of solutions.  In Germany the decisions went into the adopted practices.  Narrowed on a localized locally governed, locally hosted solutions, like show Cloud, which people from Germany may be familiar with and blue button.  And in others they were going off the shelf, big tech products.

What we were trying to focus on is the role of the teachers and school administrators in making the decisions as kind of where to guide technology adoption.  And the rules around the use of the said technology.  The question of whether to turn or not to turn the cameras on.

What we could see there is that a school administrator and especially teachers that are not the traditional type of regulator that you expect to see had a tremendous decision on how to use it in the classroom.  Although they worked under sometimes messy and contradictory rules given to them from the administration, they had a various ways of interpreting and enacting those rules.  And constantly experimenting and learning from the networks, oftentimes, it was a single person within the school who would be basically setting the practices ‑‑

>> MODERATOR: Dmitry Epstein ‑‑

>> Dmitry Epstein: To summarize ‑‑

>> MODERATOR: I'm afraid we don't have time to summarize.  Please, the other presentations if we can keep it to just the five minutes, please. 

>> Dmitry Epstein: Sorry. 

>> MODERATOR: We'll come back if we have time to discuss. 

>> Dmitry Epstein: Thank you.  Sorry.

>> MODERATOR: Can we go back to Wenlong Li to see if he can connect.

>> Carolina Aguerre: His Zoom account is blocked.  So I don't know if he can connect at all. 

>> MODERATOR: If we can go over to the presentation from Clara Iglesias Keller and Bruna Martins.  We'll do the presentation while she sets it up.  The challenges of disinformation and dataification. 

>> Bruna Martins: It is a pleasure to be part of this work.  Clara asked me to tell you she was looking forward to being here but couldn't because of other work commitments.  Our chapter goes on about disinformation and data regulation.  The main goal of that issue, to explore the intersection between data governance and Digital Transformation or digital disinformation as we refer to as disinformation.  And the goal is to also demonstrate how the approaches to disinformation and data governance itself can allow for regulatory assessments on regulatory strategies that were proposed recently on the topic of halting or fighting disinformation.

We use here ‑‑ we elaborate about the versatility of data and how it is represented throughout the debates.  We do trust that disinformation is a polycentric issue that originates and shaped by different centers of information prediction and decision making.  But also we are also ‑‑ we are meaning to highlight the versatility of regulations themselves.  Because we understand it can go both ways.  And when we talk about both ways, we focus on what we said, what we spoke about on the trackers and chasers.  When we talk about the trackers themselves, we're talking about the regulation of traceability.  So basically finding means of tracing content back to the ‑‑ through the expansion of personal data collection mandates or any tools in that sense.  And here, in this part, like we highlighted both of the cases of Brazil and India, who recently have discussed or deployed traceability measures regarding messaging apps itself.  Brazil was debating the fake news draft bill in the past three years, it was very heavy on the measures.

But we also shine a light on the DSA, the Digital Services Act as it did bring in a little bit of discussion on traders, traceability.  The idea was to expand on the data collection of traders, whenever a platform could allow consumers to conclude distance contracts with them.  So it is basically like centering the kind of the ‑‑ how anybody could buy in or announce or anything like that. 

When we go to the chasers, the second part of our debate, we are also talking about the regulation of political microtargets ‑‑ (echo).

(?)

As one of the breaking points for what we are calling nowadays the regulation of political microtargeting.  Or even establishing a connection between these practices and the dissemination of disinformation.  This connection is rather important.

And also because the data that informs political microtargeting is likely to include sensitive data.  Ideologies, religious and other beliefs.  All of this information is data upon which users could be discriminated and information that can be sensitive in many jurisdictions, not just the Brazilian one.  Last but not least, we do understand that this can be a subject that can fall upon this intersection between intellectual system says and intellectual regulation and disinformation.  But we also talk about that database political advertisement has been at the core of the disinformation strategies in different national context and does raise a lot of concerns and helps highlight the concerns about citizens data protection and privacy and just to bring in another example, I think, Brazil in the recent years has been a good place where these practices have been at least developed or attempted to be developed throughout social media platforms and throughout a lot of other spaces.

And this is pretty much it from us.  We do talk about this regulatory target, data as a regulatory target for the information.  And contemplate the aspects of trackers and tracers. 

>> MODERATOR: That is interesting.  I hope we get more discussion there.  We need to go to Malcolm Verduyn to tell us about the distribution of distributed governance, power, instability, and complexity in polycentric data. 

>> Carolina Aguerre: Alison, for the record, Wenlong Li finally managed to get in the room.

     >> Malcolm Verduyn: I will be loud and quick.  This is a chapter that is discussing the distributed data governance that is exemplified by Bitcoin and wider, seemingly ever‑growing set of experiments with the underlying so‑called distributed ledger technology.  This includes all of the efforts to distribute data on crypto currency transactions and also users.  And all of this is kind of important for the underlying technologies growing application as I mentioned for everything from digital art to sports with fan tokens, that we're seeing in the World Cup traded right now.  And broadly as the so‑called Web3.  So yeah, the question here is about how can we understand and assess claims to the novelty and effectiveness that are arising.  This is 2000 for data governance, this is Bitcoin and experimentation around it, within the longer lineages and contexts that I argue help to contest the so‑called novelty around the efforts to distribute data governance.

In the sec related step, I show how the efforts are reproducing rather than resolving problems of instability, power concentration and complexity and data governance more generally.  I get to the arguments by focusing on three structures of polycentric data ordering that I will let others expand on in a moment.  The headline take away is all of the features of polycentric theorizing can help us better make sense of what I call the chaos or what seems to be the chaos of crypto currency in other experiments of distributed data governance through the three structures.  And that, yeah, we can get a better understanding of basically how polycentrism provides a useful lens more generally for understanding data governance in motion.  How the evolving projects that are trying to do different things, in this case distribute data governance, that it can be hard to make sense.  While polycentrism offers a big‑picture view of the novelty and efforts and what they mean beyond hot air.  It is interesting hot air, but a lot is still hot air.  I will end there.  Thank you for the time and go to Wenlong Li, if that is possible.

>> MODERATOR: Thank you so much for that, Malcolm, it was nice and brief.  I hope to get back to the discussions and hopefully they'll be picked up by Carolina and Jan who are now going to come back on their chapter of polycentric attributes in the global digital ‑‑ oh, yes, sorry.  We managed to get Wenlong Li back on.  I think we will do that first.  Because the final chapter is also the framing chapter for the book.  So we'll come back to that.  Wenlong Li, please go ahead.  I'm so glad you could join us. 

>> Wenlong Li: Thank you very much.  My sincere apologies for not showing up on time.  I was locked out of the room for not giving the correct credentials.  (Audio skipping).  It is essentially the interplay between an action and authorities in the EU in the context of data protection.  It is a kind of what I call a polycentric structure of data protection enforcement. 

There are recent developments by the European data protection Board that may have made changes to the current layout.  There is something happening or shifting in the spectrum that is on display between the fully centralized model from 20 years ago, when there was no GDPR, in the directive, towards something different.  I think no one has articulated what it is.  But it is something that is going on.

I think it is important to characterize the protection enforcement in European, it is shifting over the years from a fully decentralized position back in 1990s towards something that the European data protection supervisor would call an EU approach to data protection. In between what we currently have, a polycentric model of data protection.

So maybe I don't have time to go through the detailed layout, but this is a visualization of how this polycentric model is designed and implemented by the EU institutions.  We can see the one stop data protection that has received criticism.  And there is a mechanism called joint investigations, where multiple authorities might intervene simultaneously.  And there is another that I don't have time to unpack, for instance, the mechanism, urgency procedure and mutual assistance that are all prescribed under the chapter 7 of the GDPR.

I will conclude with probably three observations.  The first is that the one stop shop is pretty prioritized by the EU but has been broken.  There has to be a fix to.  Maybe I think as a trained ‑‑ the entire structure of data protection enforcement may be more polycentric in the way that more authorities can give the autonomy and authority to intervene rather than just, you know, putting all of the eggs into one basket.

At the same time, somewhat paradoxically, the enforcement in the EU is less polycentric as well.  In the sense that the EDPB acts not just as a coordinator, but also an automated adjudicator and powerful agent in the center.  If you look at the recent get lines, you will see that although the terms are quite carefully drafted, it seems towards a more centralized model which has significant ramifications for data protection formant in EU. 

So I will probably just stop right here. 

>> MODERATOR: Thank you so much Wenlong Li.  If we can go straight, quickly to Carolina and Jan.

>> Jan Aart Scholte: Thanks, very much.  I will try to talk while I go to ‑‑ there we go.  What you have heard from the different chapters is looking at different areas of data governance.  We have heard about disinformation and data protection and a couple of the contributions and blockchain and all different aspects of data governance.  If you listened to the different presentations, you will hear common threads.  Each case there were multiple actors involved in the governing.  It wasn't one governing, but multiple. 

So we heard about trans‑Governmental networks of data protection officers, together with the European Union and together with national governance and school administrators in the first paper.  Lots of rules from lots of different places.

On the disinformation we heard about the chasers as well as trackers.  Some Government, and some not Government, very decentered.

With blockchain, the peer‑to‑peer networks and the notion that it is going off in lots of different directions, but States and Governments are trying to get into the crypto regulation game as well.  We are seeing multiple actors coming across and both are in the Public Sector and the private non‑Governmental area. 

In each case, it looks quite messy.  It is not a neat, pyramid with a nice authority at the top.  Yesterday, I heard a presentation on data governance and they were looking for have a place ‑‑ a centralized place in international organizations where we can negotiate all of this.  But if you heard what you have heard here today, there are literally tens of thousands of actors involved in the data governance.  The idea that there is one place that everyone will come together and sort out all the problems is not going to happen.

So then the question is how are we going to live with this?  We can either hope for the ideas of digital sovereignty, which somehow have the illusion of all of the control, or no ‑‑ I seem to have lost ‑‑ it is screen sharing but not showing for you.  Okay. 

>> MODERATOR: Carry on. 

>> Jan Aart Scholte: Any case, what we can identify in all of the cases, the polycentric governing, seven features.  One it operates across different scales.  Local actors, national, regional, global actors.  The polycentrism works across different scales of regulation.

It also operates secondly across different sectors.  You have public, private, hybrid public‑private actors.  Going across sectors.  It is diffuse, scattered, all over the place.  Not centered in one place but scattered.  You have situations of fluidity, every moment the regulations are changing and apparatus of regulation is changing.  It is hard to keep track of it all.  And many actors have overlapping mandates.  They all say they should deal with this.  There is not neat division of labor.  It is not clear who is ordering who around a lot of the times.  This came out in Wenlong Li's presentation.  The national Governments on the one hand.  European Union on the other.  They're interacting, but it is not clear who is ordering who around.

And in that situation, again, no final arbiter.  No final President of global data governance.  And it will not happen.

You might say it looks really messy.  You could say it has positive aspects.  It has possibilities of creativity, and possibilities of innovation and possibilities of adaptation, flexibility.  There is a lot of possibilities.  And yeah, people get worried about the coordination.  But maybe messy governance isn't always a bad thing.  I mean, life is messy.  Why shouldn't we expect data governing to be messy as well.  Out of that, maybe we do get some varied solutions.  We have to learn to live with the chaos.  And we will see that the chaos does have various ordering principles and in the book we go through the kinds of overarching norms and structures that give a bit of order to the mess and emergent norms and practices and underlying structures may give us more order than we think.  But for the rest, EH ... relax. 

>> MODERATOR: Thanks, Jan.  Carolina, please don't relax too much.  We have to finish this session quite quickly.  If we can please have your input.  I hope you are still awake at the early hours of the morning in Argentina.

>> Carolina Aguerre: Thank you, Alison.  Jan has summarized neatly.  It is based on a previous conceptualization that Jan elaborated in 2017 addressing polycentric attributed and Internet Governance.  Here we're bringing in the data governance Jan mentioned very much into the Internet infrastructure.  So we work along these dimensions.  It is one of the first chapters of the book.

I want to say the book has a contribution ‑‑ has 11 chapters as part of the final layout.  We hope to have this book launched in the early months of 2023.  Thank you all for being here.  As remote moderator, as well, I'm encouraging anyone online to send their questions and comments.

>> MODERATOR: Thanks, Carolina.  I'm actually not going to do any summing up.  We had such a nice discussion and earlier framing discussion that was very useful.

I do want to pose one question as we ask questions so it can be gathered up.  I think yes, indeed, Jan it is messy and there is potential for self‑organization, I just want to flag, you are kind of suggesting that there may be some kind of normative coherence coming out of this.  I want to suggest that I don't see any order to coherence.  I see enormous regional blocks and these kinds of things, you know, are you suggesting something else? 

But I think you really highlighted, you know, really polycentric complexity to data protection governance on its own.  A lot of that is contemplated with data governance.  We see how much more there is to data governance and data protection.  This raises the big issues of global governance.  Not just coordination, but governance.  How to address them.  If we can't have anything else other than messy, what you are likely to see is the dominant interests prevailing under those circumstances.  My question is really what does that mean for developing countries?  We are already marginalized from global standard making, et cetera.  It does create opportunities for developing countries to coordinate activities or do something in the international global system or more likely actually be the subjects, again, of various processes.  Not only formal global governance processes but from those they're completely invisible.

Can we go from there to a quick round of questions in the room?  Yes, please. 

>> AUDIENCE: Thank you very much for giving the chance regarding the issues of the policy approach.  Ideally, I greatly appreciate this approach.  Because looking at the general ecosystem nature.  As a complexity is increasing and we need two dimensions regarding this one.  The first is how the trust model can be attained in this approach.  And second is capability.  As something is more complex, there is high capability of monitoring.  Countries and others have different capabilities.  How it can be entertained? 

>> MODERATOR: Thank you very much.  Any more questions from the floor here? 

One more question and then you can take over with the online questions.

>> ATTENDEE: I'm here from Brazil and studying polycentric governance.  As a researcher from the Global South, I have a question that is really similar to what you, the moderator has pointed out.  And then complementing it is more how could these countries in this messy decentralized ecosystem deal with the asymmetry of resources and of information? 

     If we consider that as Professor Jan pointed out, that this messy environment can be beneficial somehow for a global governance.  Thank you. 

>> MODERATOR: Thank you so much.  Let's move to you, Carolina. 

>> Carolina Aguerre: Alison, no questions in the Zoom.

>> MODERATOR: Great.  Because we don't have much time.  Let me ask the panelists to start in the room.  Bruna Martins? 

>> Bruna Martins: Yeah, more like a Meta comment on this as well.  Brazil has started the discuss of data protection governance.  We started in 2018.  Like you were saying the mainstreamed or even like very Eurocentric approach to data protection is still present in our regulation knowledge whenever somebody is trying to discuss new regulatory regimes such as DMA and DSA nowadays, you see them talking about the tropicalization of this as well.

There is a question about how much of these regulatory frameworks are we actually like analyzing and willing to adapt in spite of the different structures, different judicial systems and things like that.  This idea is they can sound really interesting and especially if you look at the GDPR, this is definitely a very user based and interesting approach to regulation itself.  But I also think that beyond just interesting ideas, it also talks about a lot on us willing to adapt to our local relates, context and not just reproducing, regardless of what can happen.  I share the same doubts and concerns and speaking as somebody from the Global South.

As some would like to say the majority of the world things like that.  Thank you.

>> MODERATOR: Thank you.  I will quickly go online.  Because I think they may cut off our link.  We'll come back to the room.  Carolina, let's just start with Dmitry Epstein and Rotem Medzini.  Do you want a quick response? 

>> Dmitry Epstein: Sure.  I have a lot of thoughts provoked by this conversation.  I kind of want to pick on this point that Jan made about kind of adopting the messiness, right? 

It is not ‑‑ can you hear me? 

>> MODERATOR: Yes, we can.

>> Dmitry Epstein: Oh, okay.  I think it is a fundamental shift in thinking.  When we talk about governance or global governance, there is an assumption where there is a single governance framework, right?  And I think the argument here is kind of push ‑‑ to push against it.  I wonder whether we especially as researchers should perhaps focus more attention on like studying the norms and practices and underlying structures.  Because whereas there may be not a single set of norms, kind of globally that we can converge around, right?  It is like in our research, we see very strong impact of this implicitly practiced normed when, you know, street level bureaucrats as mediators, regulatory mediators enacting privacy in our case.

I think perhaps understanding what norms are being enacted is a step towards kind of understanding a little bit of orderness in this mess.  I will stop here. 

>> MODERATOR: Thatch Dmitry Epstein.  Can we ask Malcolm if he has a few parting words? 

>> Malcolm Verduyn: Thank you.  Hopefully you can hear me.  I will pick up on the points about how polycentrism allows us to see the sameness between the three features.  In crypto, you have the useful norms of provide little privacy and the democratization of finance and you have the colonial practices and underlying orders of very extreme libertarian capitalism at the same time, right.

So what this lens allows us to see is how they go hand in hand.  Sure there is opportunity but also massive risks, right, for the Global South and other countries, et cetera, right?  You need to understand these how they go together.  That is what this lens you could say provides through the chaos of crypto, in that case.  I will stop there.

>> MODERATOR: Thanks, Malcolm.  Wenlong Li.  Afraid, that is what I suspected.  Sorry to those online.  Jan, they're going to clear the room.  If you want to talk while people move in and out, go ahead. 

>> Jan Aart Scholte: One general comment, two broad concerns that come out again and again with relation to the polycentric governing.  When I said relax, it is about coherence, coordination, and control.  When people say we want one neat framework to have exact predictability and regularity about governors’ data.  That is not available and we need to learn about that.

The other concern is about the power concern.  The contention that because it is polycentric that it is not hierarchical.  That there are not dominant and subordinate powers and there are major problems about accountability in these arrangements.  That there are major problems about special interest capture.  This is clearly so.  And that there are major problems of subtle structural powers, not only north, south, race, other aspects.  This is clearly the case.  We want to say look at structured polycentrism and look at the structures of polycentrism.  Look at the norms, practices, underlying structures.  You will find more coherence.  It is not in the sense of neat, consistent policies.  It is consistent in the power hierarchies.  Those need to be exposed and struggled against. 

>> MODERATOR: Thank you, Jan.  Please extend our regrets to colleagues that came online.  We will move out of here.  Thank you all.  And thank you for the really interesting inputs.  Thank you.