IGF 2022 Open Forum #38 Data as new gold: how to avoid ‘gold rush’ and create value for all

Time
Friday, 2nd December, 2022 (12:00 UTC) - Friday, 2nd December, 2022 (13:00 UTC)
Room
CR3

Panel - Auditorium - 60 Min

Description

Focus and approach of the session: Data as new gold: how to avoid ‘gold rush’ and create value for all

The focus of the session is on the use of data to benefit the society and the economy. What and how shall we do to create value for all. How to avoid mistakes (goldrush) thanks to the human-centric approach to data economy, mitigate related risks and close digital gaps. Digital policy has now become one of the key areas shaping global future. We all agree that digitalisation is necessary to transform the economy and achieve climate neutrality. Digital Single Market initiatives date back to 2014 in the EU. Since then, it has been a history of successes and mistakes which have allowed us to learn important lessons and a track record. Successful work on abolishment of roaming charges when travelling within the EU, better access to online subscriptions, consumer protection rules, the end of unjustified geo-blocking, the action plan to step up efforts to counter disinformation are only few examples of what we have accomplished.

On the African side, most of the efforts on harmonising data and privacy protection standards have been championed by Regional Economic Communities ('RECs'). More recent harmonisation efforts draw inspiration from the ‘Agenda 2063’ - the master plan for 'an integrated, prosperous and peaceful Africa, driven by its own citizens and representing a dynamic force in the global arena.' In 2014, the African Union (AU) adopted the AU Convention on Cyber Security and Personal Data Protection, an instrument that represented a first concrete attempt at data privacy standards harmonisation on the continent. Unfortunately, eight years after its adoption, not a sufficient number of countries have ratified the AU Convention and the instrument is yet to come into force -  it requires ratification by at least 15 member states. Additionally, an AU Commission Continental Data Framework is currently in the final stages of development.

 

Panellist will be asked also to reflect on global and regional efforts to develop data economies and partnerships to promote a human centric digital agenda around the globe.  Through the Digital Compass, the EU has set its own digital priorities by 2030, but the EU is also developing digital partnerships to promote a human centric digital agenda around the globe. The Digital Global Gateway is a key instrument in this regard. It contributes to promote efficient data governance on the global scene. One of the main focuses of EU action is Africa.

The session will be organised to ensure a good gender, geographic and multistakeholder balance of panellists. To make the session more dynamic, we aim at bringing to the panel speakers from academia, public and private sector and from civil society. We aim at discussing the challenges and lessons learned in different geographic regions, highlight EU best practises and illustrate partnership initiatives with a particular focus on the EU-AU data flagship and the Digital Global Gateway. We will also ask speakers to reflect on data policy in developing countries and countries providing foreign aid in the digital sector.

All panellists will start with their general views on the topic (up to 5 minutes) and then proceed with two rounds of Q/A posed by the moderators (see key questions for panellists). 20 minutes will be left for the questions from the audience. Duration of the session – is 60 minutes.  We will have both on-site and online moderators and panellist (hybrid option).

 

Key questions for panellists:

  • How to build a data governance model which benefit both the economy and the society?
  • Human-centric approach – the role of the governments?
  • Digital transition and data economy – how ensure no one is left behind?
  • How to strike the right balance between making available more data for reuse and guaranteeing  privacy and data protection?
  • Regulation versus enforcement: margins for improvement. The perspective of the academia, CSO, private and public sectors.
  • Key challenges on regional level – how to act efficiently to closing digital gaps.
  • Role of data to bridge digital divide, ensure strong data protection and inclusive economic growth - case study of EU-AU Data Flagship and the Digital Global Gateway.

Issues, challenges and opportunities are related to the selected theme.

Issues – digital divide is growing around the globe. Can efficient and fair data policies help bridging this divide? What worked so far, what hasn’t? Which is the data governance model that helps to boost the economy?

Challenges and opportunities – how to enable digital innovation ecosystem? What would be the role of global partnerships? Reflections on Digital Global Gateway, Team Europe approach and initiatives, flagships  (such as EU-AU data flagship (initiated by EU Member States (France, Belgium, and Germany) and African Union Commission, European Commission, Smart Africa, Germany initiatives to support the development of an EU/AU joint and non-binding data framework based on shared values and principles and with the objectives of protecting citizens’ rights, assuring data sovereignty and supporting the creation of the African Single Digital Market and IDEA (planned future action by the European Commission and Germany and implemented by Smart Africa, Betterplace.Lab, Enabel, Expertise France and GIZ to enable civil society organisations and academia to take up a role in promoting digital rights by strengthening their capacities and facilitating their active participation to multi-stakeholder dialogues).

Organizers

European Commission DG INTPA
European Commision, DG INTPA Grazvydas JAKUBAUSKAS, DG INTPA, F5 and Francesko VINCI, DG INPA, A1.

Speakers

Speakers

 

PhD Marek HAVRDA, Deputy Minister for European Affairs, CZ presidency.

Mrs. Bridget Andere, Access Now, Africa Policy Analyst.

Mr.  Johannes WANDER Policy advisor on digital development & innovation at GIZ to AUC.

Mrs. Chloe TEEVAN, Head of Digital Economy and Governance at ECDPM.

Mr. Alberto Felice, Director for Infrastructure, Privacy and Security, DIGITALEUROPE (Online). 

Mrs. Maria-Rosaria CODUTI, Policy Officer for  Data Policy and Innovation, EC DG CNECT (Online).

Onsite Moderator

Grazvydas Jakubauskas, European Commission, DG INTPA, F5, Policy Officer, Data Governance

Online Moderator

Vinci Francesco, DG INTPA, A1, Policy Officer Strategic Partnerships with Africa and ACP

Onsite Moderator

Grazvydas JAKUBAUSKAS

Online Moderator

Francesko VINCI

Rapporteur

Grazvydas JAKUBAUSKAS and Francesco VINCI

SDGs

3. Good Health and Well-Being

Targets: 3. Good Health and Well-Being Data policy is a very important element for better access to health services (digital health). This will be reflected in the discussion. 4. Quality Education Data policy is a very important element for better access to health services (digital education, digital skills). This will be reflected in the discussion. 5. Gender equality Data policy helps to reduce digital gender divide. This will be reflected in the discussion. 8. Decent Work and Economic Growth We believe that the promotion fostering an effective Data economy in Africa and the EU to be essential to the promotion of sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all. 9. Industry, Innovation and Infrastructure We believe that the uptake of an effective Data economy in Africa and the EU goes hand in hand with investments in innovation and sustainable infrastructures. 10. Reduced Inequalities Data policy helps to reduce inequalities by ensuring access to services, education, health, job, etc. 16. Peace, Justice and Strong Institutions Data policy and privacy strengthen the institutions via vast array of new possibilities for cooperation, digital governmental services provision (e.Gov). 17. Partnerships for the Goals We believe that the work being conducted in the context of the Global gateway will help revitalizing the global partnership for sustainable development.

Key Takeaways (* deadline 2 hours after session)

1. Enforcement of the data policy regulation should be adequately addressed and ensured. Enforcement is crucial, but common understanding and harmonised approach across the globe are important too. 2. Civil society organisations play very important role to make sure human rights are defended. Multistakeholder engagement throughout the process is crucial. Human centric approach and human rights should be embedded in the legislation.

Call to Action (* deadline 2 hours after session)

Participants of the session called for models that benefit society starting from the principle that the most vulnerable should be protected. If they are – the whole society (is protected) too.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

Governance Forum’ brought together six leading EU and Africa’s experts representing private sector, academia/think tank, civil society and public sector/government.

The speakers of the session - Marek Havrda, PhD (Deputy Minister for European Affairs, CZ Presidency), Bridget Andere (Access Now, Africa Policy Analyst), Alberto Di Felice (Director for Infrastructure, Privacy and Security, DIGITALEUROPE), Maria Rosaria Coduti (DG CNECT, Policy Officer for Data Policy and Innovation), Chloe Teevan (Head of Digital Economy and Governance ECDPM), Johannes Wander (Policy advisor on digital development & innovation at GIZ to AUC) shared  their views on the forum topic.

 

Human centric approach – role of the governments and how to strike the right balance between making available more data for reuse and guaranteeing  privacy and data protection

 

Dr. Marek HAVRDA informed that CZ presidency presented a Joint policy statement - Human-centric approach at the core of the standardisation and connectivity, at ITU Plenipotentiary Conference (Sept. 2022) on behalf of EU27, signed by 57 countries. He states that in a modern world we are dealing with trade-offs, privacy is one of the criteria, understanding and being aware of the use of technology, respect for the individual autonomy are other important criteria. And finally there is the overall impact on human well-being at large. There are much larger risks and we need better checks and balances, combining different types of data, especially criteria of privacy. On digital divide: having a human centric approach should also help to bridge digital divide. We need to know what data is out there and how it is used in the communities.

 

Mrs. Maria-Rosaria CODUTI expressed opinion that data protection and access sharing & use should not be treated as contradicting elements, these are two elements of the same face. EC is putting in place data protection in legislation when drafting, and complement already existing legislation. You can't just protect data and impede the use of data. We create a trustful environment, a trustful ecosystem, data subjects, data users, etc. the basis of our data governance model is a human centric approach. We have put this into the legislation, into the Data Act for example. This empowers users, ie. of IoT objects, that by individuals, by interacting, by using IoT objects they produce valuable data and they need to have a say on the data. We need investing in technologies that includes privacy by default.

 

Digital transition and data economy – how ensure no one is left behind?

Alberto di FELICE noted that companies in Europe - big or small  - do not have monopolies in the market. These are all central points of the EC. And their data strategy has been centred around sovereignty and how data can protect the economy. In the EU we are in the middle of several proposals around data, such as AI act. And respect safety and fundamental rights, data sharing across sectors and players in the economy (Data Act), vertical proposals such as the EU health data space. It is a complex environment because there are lot of proposals and also lots of regulations in place (e.g.GDPR). ‘Gold is great but it's also heavy’, so we need to know the amount of regulation particularly if we have more of it, can also facilitate data sharing. We're also in the middle of a global crisis (pandemic, war in Europe). One aspect underlying data discussions is a connectivity. We're building partnerships worldwide, e.g. US: TTC strengthening joint initiatives built on the global gateway.

 

How to build a data governance model which benefit both the economy and the society? Regulation versus enforcement: margins for improvement.

 

Bridget ANDERE – expresses opinion, that  human being is central. We need always pick society if having to choose between society and the economy. Importing laws and infrastructure from other places without looking at consequences in own country are detrimental. So we need to build models that benefit society, what impact will it have on the end-user. Human rights diligence is very important. Look at the people whose data will be collected and who is at most risk, make sure they're protected and you don’t have to go back and fix it in retrospective. We need to engage in public participation in these processes. Regulation vs enforcement is not just a problem in Africa. We have lots of regulatory frameworks that are amazing and have policies and regulations that are supposed to go with them, these laws are often existing in vacuums. No absolute rights protection, opt-in/opt-out mechanisms, just use national security as a reason. Limitations on laws are very broadly formulated and not clear, creates lots of gaps. When it comes to operability we have principles but we find ourselves with really good laws but bad implementation. We need mechanisms that allow people to complain about infringement of their rights. 

 

Chloe TEEVAN argued that GDPR, one of most established European regulations, was based on multistakehokder consultation (incl civil society), but it is also not without its faults. It has become a model around the world but is not necessarily either adhered to in other contexts/countries. Ireland hosting many tech companies, this has an impact not only at EU data protection but also globally as other countries have to go through the Irish Data Commissioner. And if there are improvements it is because of civil society putting pressure. Data Commissioners across the EU have been discussing how to improve enforcement and also invited civil society to the table. Multistakeholderism is important element, and if enforcement improves it is because civil society constantly holds government accountable. Active CSO participation is really essential and also means adapting to the context you're in and bring the voices in. In certain contexts there aren’t even data commissioners in place to enforce such regulation or they don't have the resources and independence they need. Also questions whether big tech - even in EU- takes government seriously, they pushing limits in EU. Even more difficult for smaller African countries. These are just a few issues with enforcement, also when talking about GDPR as a gold standard.

 

Key challenges on regional level (focus on Africa)– how to act efficiently to closing digital gaps. Role of data to bridge digital divide, ensure strong data protection and inclusive economic growth - case study of EU-AU Data Flagship and the Digital Global Gateway.

 

Johannes WANDER presented a perspective is from the work with the African Union. Lots of countries in Africa are interested in more localisation which then tends to very much a locked-in approach and you can not leverage the benefits for the economy and society. AU developed Data Policy Framework and endorsed it this year, the EU is supporting this. AUC is in a leading role in formulating such policies at a continental level. EU should support this endeavour, also as part of the global gateway. But of course harmonisation is an issue, AU has double as many members as the EU, but we all know how many years it took for the EU to reach a consensus. Enforcement is also an issue. This is something we will work through the next three years, plan is to align existing stakeholders to bring this framework alive. We need to find solutions at national and community level. How do we ensure a just data governance? How can the African continent manage and use the data for itself, without localising more than 50 countries. Certainly the data is a new gold or oil, but the main question is how to make use of that.  Some countries have legislation in place and second step should be enforcement to ensure the economic growth.

 

 

Question/ Answers round.

 


·      

Tony Blair institute: how can we simplify protection evaluation to actually make data transfer possible across borders in case of GDPR?

Maria Rosario CODUTI answered the question by addressing international provisions of Data Governance Act, between EU and third countries. Provisions to ensure sensitive publicly held non personal data so it will not be subject to unlawful access. We have a regime abased on intervening acts for non-personal data that we think will create a bottleneck. We extend the provision in data governance act to cloud service providers and customers. These rules are similar to Schrems II. We don’t create data localisation but encourage data sharing.

 

Chloe TTEVAN mentioned South African example -  it took a certain amount of time to develop the Protection of Personal Information Act (POPIA) and by that time the EU has moved to GDPR and South Africa was not granted adequacy. So this is a really big question.

 


·      

Question (Government representative): knowing data is gold, how to manage our data if there is no standard framework internationally?

 

Bridget ANDERE. There is no one standard framework working for everyone. So how do we ensure adequate data protection? Take the person that is most at risk and then you have adequate data protection frameworks that will work more widely

Johannes WANDER added that in case of the AU data framework, its principles that can be interpreted at a national level and see what works for them

 


·      

Question: (representative of Ministry of Technology, Ethiopia): which values can be incorporated at national levels in African countries?

 

Johannes WANDER replied that in EU there is a law interpretation focused very much on the individual. In some countries in Africa the communal aspect tends to be more important or higher priority than the individual. For example, health data is very private and should not be at communal standard. But societies really vary across the continent.

 

Dr. Marek HAVRDA added that  there is a need for new methods to monitor enforcement. Especially on privacy rules that differ between countries.

Key takeaways from the forum:
-Enforcement of the data policy regulation should be adequately addressed and ensured. Enforcement is crucial, but common understanding and harmonised approach across the globe are important too.
-Civil society organisations play very important role to make sure human rights are defended.
-Multistakeholder engagement throughout the process is crucial.
-Human centric approach and human rights should be embedded in the legislation.
-A clear need for models that benefit society starting from the principle that the most vulnerable should be protected. If they are – the whole society (is protected) too.