The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> We ready to start?
Good afternoon, thanks everyone. We'll be starting in a few seconds. But so if everyone could take their seat who is coming to the session. That would be great.
Thanks again for coming to our session today on enhancing data governance in the public sector. I'm Judith Hellerstein. I'm going to be the moderator, along with my online moderator over here, Sarai.
And today's session is enhancing data governance in the public sector. We have representation from Luca Belli at the end. He is from the Latin American Caribbean and he's an expert data governance.
Next to him is Chelsea Horne. Professor of American university on data governance, as well as being the co‑president of the Washington, D.C. internet society chapter.
And then our host is Nancy Kanasa, with the government of Papua New Guinea who is also going to be talking about the use case of data governance in Papua New Guinea.
And then again, I'm Judith Hellerstein. And this is Sarai.
For those online, Sarai will be working to get your questions and answers to you, and also maybe to hopefully feature some of you. I will gather questions from the audience. And we have two mics on either side. So when we start the Q&A, we'll ask you to come up to the mic and give your name and what sector you are from.
Thank you so much. And let me turn it over to Luca who will be our first presenter. Thank you.
>> LUCA BELLI: Good morning, thank you very much Judith and friends for organising this panel. I think I will take off my headphones not to hear myself. I think you can hear me.
Yeah, my name is Luca Belli. I'm professor at Rio de Janeiro. Over the past few years have done quite a few research on several topics related to data governance. And in the public sector. Especially in two of our main areas of focus, which is Latin America and the BRICS grouping.
So Brazil, Russia, India China and South Africa.
The ideas I want to share are directly relates to the research we have conducted over the past years. And everything actually I'm mentioning is available in open access on the website of our centre. CTS.FGB.DR and on the dedicated we said of our cyber BRICS project that analyses and compares the digital policies of bricks grouping. CyberBRICS.info.
First thing, especially since the pandemics we have witnessed a great scramble to digital transformation in most countries. But not necessarily all countries organise it in very structured and coherent way. And even if we have heard of past 15 years that data is the most valuable asset or new asset class, there is this difference between the type of policies that are usually adopted, especially data protection policies that is essential for digital transformation.
But then what happens in practise in terms of leveraging data for digital transformation, especially of the public sector. And here some of the maps we have in the industry could be interesting.
Some examples come to mind, China, all BRICS grouping, groups members have adopted that data protection laws over the past years. But I will get into this in couple of minutes.
Before this I would like to mention also some interesting complementary initiatives that make the adoption of data protection more meaningful, especially for the public sector. First investments. And very well‑focused industrial policy in China is a very good examples example. But also investment innovation. And here I think that India comes to mind creating digital structures precisely to digitise public services through open software, interoperable software.
And Brazil also leading the path in terms of digitalisation of public services. There are now 4200, more than 4200, actually, services, public services that have been digitized in Brazil past 5 years, which is quite a record. Brazil is also investing in creation of data spaces to make the use of data, local use of data more easy. Particularly for the government.
And here we, our research on digital transformation encounters two other streams of our research. One on data protection and the other one on digital sovereignty. The one on digital sovereignty we have developed over the past 5 years is really about understanding to what extent countries have managed to understand, develop and regulate digital technologies, which is how we define it. Digital sovereignty. Understanding, developing, regulating digital technologies, Florida to exercise control, power, self‑determination over the technology.
And this actually makes it easy to connect it to data sovereignty, meaning being able to understand how data in terms of technology function, develop them effectually and regulate them effectively.
You take our protection rule one of the key presentations is informational self‑determination. So faculty fact that every individual must be able to control data, to know how data is used and by whom.
And we stress in our research on data sovereignty is that you can think about it also in a collective fashion. So not only the individual, being able to understand how data is used and control it. But also the nation itself. Being able to understand who is hoovering up data, how data are utilised and shared.
And this is something we have stressed and analysed deeply in our research. And also then coming back to my first point, the essential nature of data protection laws, which is something that all BRICS members have adopted over the past 10 years. Specially the past 5. And more than 50 ‑‑ 150 countries in the world have adopted most of global south countries have adopted the data protection law.
But then wonder why people are not developing enormous quantity of data‑driven innovation if there is all such legislation. Well because data protection law is essential, is necessary but not sufficient. So if you don't also articulate it with investment and with multistakeholder cooperation. And here speaking about multistakeholder governance. Tot to pay lip service to multistakeholder thinking or philosophy. But to really think about the government working with private sector, working with academics, civil society actors to identify how data could be used. By whom. To direct investment and finding. Because this innovative research that can be elaborated by research then translates into products and services.
And to keep it in so regulated that those who maintain the control on the data are the individual users. But also those who reap the benefit of it is the local community. And not necessarily let's say a handful of global corporations that are at this moment Hoovering all data from global south and let's say giving back not a lot. At least in physical terms. So yeah, my initial provocations on this issue, stressing that this, all the elements I've shared are freely available online. And yes, I think that we have to be, if I can give also a provocation and suggestion here. We have to be more critical on how retranslate the nice policies and regulation we spend lot of time developing into concrete action.
I think for this both investments and multistakeholder governance are critical.
>> JUDITH HELLERSTEIN: Thank you so much Luca for your presentation.
We'll next move over to Chelsea. And she's also going to talk about some of the biggest challenges that countries face when trying to get started with data governance in the public sector. So I'll move over to Chelsea.
>> CHELSEA HORNE: Thank you Judith. Hello is good afternoon. I'm Chelsea Horne and senior lecturer at an American University in Washington, D.C.. Thank you for having me and in particular to Judith and Nancy our organisers. It is an honour to be part of this important discussion.
Today my remarks will be more at a higher level. I want to give overview of major concerns we should be thinking about when we talk data governance.
When we talk about data governance, it might sound like something that is massive and has lot of complexities. Because it does. But fundamentally, at its core, it is something very simple. It is just thinking about how we collectively manage and how we use people's information. And it is hopefully with the aim of improving the lives and bettering our communities. So that is the ideal version of data governance.
So thinking about a quick overview. Or what are some of the major questions when we think about data governance? Is to think about five things.
First, who is responsible for what data?
So thinking about data ownership and stewardship. Do we have data stewards? Who is taking control of it? Is there somebody in charge? Are there multiple compartments? But thinking about who is responsible for what data?
Secondly, what actions can be taken with specific data? Thinking about control, settings, usage policies, what can be done with the data that's being collected?
Third, when and under what circumstances data can be used?
Fourth, how data is collected, stored, processed and secured?
So thinking about ‑‑ that as very big one. I say it very quickly but there is a massive part of data governance. Making sure the collection storage processing and security of these data is very well‑thought out.
And finally, 5thly, having metrics for measuring the data quality and compliance. So making sure there are cheques in place to make sure the data governance frameworks are being applied correctly, accurately and ethically.
A strong data governance framework in a public sector is designed to optimise the value of data while mitigating the risks, ensuring compliance, and building public trust. Effective data governance is not just a bureaucratic exercise. It is a foundation for delivering essential public services more efficiently.
It is about safeguarding privacy. Fostering trust in institutions. And making sure that the power of data is harnessed ethically and inclusively for everyone's benefit.
So a few key points and I'm sure we'll expand on this in our conversations. First, a solid plan for data governance is crucial. As it ensures information is managed wisely. And I enables governments and the public sector to make better decisions and deliver more effective strategies.
Second, to make sure we're fostering broad collaboration. That we're braking down data silos within the government as well as making sure we actively engage in the multi stakeholder model. Thinking about civil society. The private sector. And as an academic, I'm thinking about academia in particular.
And third and finally, to think about how we are going to be building trust and ensuring ethical use by establishing these robust data governance frameworks that make sure they protect privacy, prevent misuse and they ensure the data is handled in ethical and meaningful fashion. So I'll finish my remarks there.
>> JUDITH HELLERSTEIN: Thank you so much for setting the scene there.
And next we'll talk about, move over to Nancy Kanasa, who is really talking about a use case in our country in Papua New Guinea where data governance is pretty new concept and idea. And also where they just passed last year a data protection data piracy policy. And they are working on creating a data governance law. Data protection law. Which is where all very new concepts for people in Papua New Guinea who haven't really had that much experience on piracy issues and data governance.
>> NANCY KANASA: Thank you Judith. Good afternoon everyone. I lead data governance and protection with the department of ICT with Papua New Guinea government. It is a privilege to share our journey towards building a all of government approach to managing data responsibly and securely.
In Papua New Guinea data governance is still a very new concept for us, for the government. The agenda is also new. But it's one that is rapidly gaining traction recently, due to digital transformation reforms.
Most government departments prioritise data protection over data governance. And when I "data protection" it is the technical part of data protection.
As the department responsible for ITC policy and coordination across government the department of ICT plays central role in shaping data is managed, shared and protected. The department also very newly established. In 2020 the department started implementing the need for digital transformation reform across all of government.
One of these reforms came to be data governance and data protection. All government departments face fragmented, inconsistent siloed data across government agencies, just like data is siloed, all government departments is also siloed, including the systems and people. And that is from real‑use case.
In 2024 our first ever national data governance and data protection policy was approved and came into effect in September.
The national data governance and data protection policy is for all of government department and any actors that come to make business with government departments. In regard to data.
The policy established clear principles for data handling, including transparency, purpose and data minimization. Which are core tenants of the European GDPR.
We're also exploring adoption of the global cross‑border privacy rules footwork, which we believe will help us align with global best practises and secure data across border, class critical step towards Papua New Guinea's participation in the global digital economy.
Why are we leading this work in data governance?
Additional for the department challenges we're facing as third world country. Fragmented data ecosystem, inconsistent practise across agencies and limited use of data for informed decision making.
With proper data governance, digital transformation fallen short. That is why we're moving I now to improve transparency, public trust and more strategic national planning. Our current implementation is the policy framework. We're looking at a centralized oversight initiative governance currently in progress to provide high level coordination and input from government, civil society and all actors. Secure interoperability.
Our secured data actions platform was launched in 2024. It is now been pilot across ministries. For instance, citizens can already access policy clearance online and that is the only government service online across all of government that has been pilot and is currently working.
Key challenges that we have like any other countries:
We have gaps in digital transformation, legal alignment and workforce skills. And we also need deeper engagement from communities. Academics and private sector to fully realise our goals. From the government, working from the government I can truly say that the government, most of the policies that are drafted within the government from my country, we don't have much input from the civil society that we really need. So when policy is grafted, when it is approved and we come to realise that the civil society kind of had no say in the policy.
So they kind of ‑‑ we see that they are kind of left out from what has already been established.
So like I said, like many other developed nation, Papua New Guinea faces infrastructure limitation gaps between policy and departmental and practise. Financial and human resource constraints. And public ominous. We need a lot of public in regard to data and need for framework, government framework. Multistakeholder collaborations.
To conclude I want to thank my fellow speakers. And our moderators. Thank you.
>> JUDITH HELLERSTEIN: Thank you so much, Nancy.
We were supposed to have another speaker, Lillian Nalwoga. But her plane got delayed and she only just landed. So she's not going to be able to give her part. But it does mean we have a lot more time for questions and answers from you.
And I just want also to make sure that people line up on either side. And also that we have any questions from our online audience. I'll first turn to online. Do we have any questions?
>> SARAI TEVITA: Not yet.
>> JUDITH HELLERSTEIN: Okay. I have other questions right now until we get questions from the audience. But we'd love to hear your questions and comments. But first I'll ask Luca. What lessons can be learned from digital transformation and data governance in the BRICS countries you have mentioned. And in you can elaborate more on that.
>> LUCA BELLI: I think one of the main points that can be learned is that adopting data protection law by itself is essential but really not enough to be able to foster sustainable digital transformation.
To have the operation of the policy making, to be of high quality must be as inclusive as possible. And here I think that something again one has to mention, to praise multistakeholder approach. Not only for the sake of multistakeholder reason. Because if it is organised in an effective and efficient way, multi stakeholder participation really increases a lot to the quality level of the output of the process, of the regulation that will be adopted.
But then is also very important to use this to leverage this in the implementation. And it has a cost to implement a policy. Of course. And this is why, for instance, if we take the example of data protection we have seen over the past 10 years at least, sometimes very intense criticism. Because it increases costs. But then it increases the cost if you consider compliance with it as a cost and not as an opportunity to have a (?). We have actually new types of businesses of products and services that can be created to comply with the law. And actually that is very interesting. This is precisely what happens in India. Where they are leveraging DPIs to implement the law.
And sometimes it is very interesting to study developing countries precisely because they don't have the same level of institutional maturity and same type of resources as highly developed country. They have to find different strategies to be effective. Right? And I think the Indian strategy of ‑‑ so there is, everyone knows about the Adar, which is the digital identity. But few people know about the digital data empowerment and protection architecture, which is a softer manager that allows people, data subjects to manage the concept of personal data. And that is in use in at least 8 years in the financial sector. It is going to be widen up to all type of data. Now with the entering force of the digital persona the protection act, 2023.
So that is a very interesting I think case study to understand that if you are in the developing world and you know that your citizenry does not maybe have the skills to understand very well the law, you know that is not easy to implement the law. Copying and pasting from Europe is not necessarily the best option.
First, because as any good academic, I'll tell you you should not copy and paste. You should study. Study what others have done and reasons they may have succeeded or failed.
So example to leverage the DPIs and software skills they have to help implement this is very interesting. The Chinese example put in billions to construct new product services that can already bake devalues their law, the person information protection law embeds into legislation is also something very interesting.
I think that Brazil is very unique in terms of multi stakeholder governance. But I am also a bit critical because the Brazilian approach is very good for policy suggestions. To gather stakeholder input, to shape, to elaborate the policy. But also quite limited in multi stakeholder implementation which is what I think Indians very good at. So lot to be learned and study the developing world, if you can use this term, approaches to data governance. And maybe not only focusing on the most developed countries.
>> JUDITH HELLERSTEIN: Thank you so much for that very elucidative answer.
My me the question to Chelsea.
How can public sector bodies effectively partner with civil society organisations? Nancy touched on it a bit but a bit that is very difficult sometimes to partner with governance to partners of civil society or academia or private sector. How can they do that and strengthen, build public trust which sometimes is not very strong with government and others?
And I'll let you answer that.
>> CHELSEA HORNE: Thank you, Judith. You touched upon it in your question itself. But one of the questions why having a multistakeholder approach and talking and working for the government to talk and work with civil society, academia, NGOs and other types of outsider government agencies is exactly to build that public trust.
Sometimes there can be suspicions of why government is collecting data. Even if there is the government is putting forward information saying that this is how we're using your data, why we're using it, what we need it for and how we're going to protect it. There still might be some type of suspicion or worry about governments owning and using ‑‑ sorry, not owning. Using and collecting that type of data.
So what the civil society and other members of the multi stakeholder group can offer is, in theory and hopefully in practise, an impartial view and opportunity to research and transparently provide information about how and what the government is doing with that data. So those partnerships are absolutely crucial in making sure that we're ensuring transparency. But not just to say that we're doing transparency. But making sure that it is credible, rigorous and informative for the general public.
So the trust element and how the multistakeholder approach can offer that trust this an empirical manner is really, really critical in why those partnerships are very important.
>> JUDITH HELLERSTEIN: Thanks so much.
We do have an online question. And I'll give it to Sarai to represent who the online question is from.
>> SARAI TEVITA: Thank you Judith. Good afternoon. This is a question from rapid from Cambodia. Do you have a report on data governance that I can download?
And question two. Are there any matrix for platform or applications to ensure data sovereignty?
Job quite a few reports. Open access website. CyberBRICS.info. You can find dozens of reports including on data sovereignty.
And again let me also stress.
Flirt with very much utilitarianism and protectionism. But there are also others very much based into promoting national development, national competition and empowering people through technology. And we have a book. Digital sovereignty in the BRICS. And you find it freely on available on Cambridge University press and on our website. And illustrates some of the examples of how this has happened in the BRICS countries.
However, here I think one ‑‑ that is my word of caution. And I think that one should really make a difference between the policy and the decorations and then what happens in practise. That is why I think leveraging multistakeholder governance in implementation and policy is key here.
Because to translate the policies in concrete actions, you need to have this kind of coordination, communication. And ideally, cooperation. And it also costs money obviously. It costs money. So that is why investments are critical. But if you have a well‑focused industrial policy, then your investment really triggers a new area of product and services that are developed at the domestic level.
In China and India are very good examples of this. To some extent South Africa as well. In Brazil there is paradoxes in Brazil. And if I can just add a very interesting example of one of those paradox.
As mentioning, Brazil has more than 4200 public serves, which is a stellar record. Data protection law since 2018 and entering force in 2020 that manage data security. And data protection authority. Seven or eight sectors from banking sector to telecom. So you might say Brazil is heaven of data governance right? Well it is not. And there is actually, ransomware and cyber incidents are booming. Brazilian. At the same time climbing the ranking of the most cyber secure country but it has adopted lot of interesting and very good policies but also in top 5 of most attacked and vulnerable countries.
Why? Because it is cyber data governance and data security and cybersecurity still perceived as cost and not as an opportunity to make. At this moment more than 700,000 cybersecurity professionals needed in the count. So it would be 700,000 jobs you would have created immediately if you were to invest in capacity building, for instance.
So I think that if you start considering data governance, not as a cost of compliance that everybody hates. But as an opportunity to make money. That I think is the secret ingredients to make successful digital transformation. Yes lit cost money in training and capacity building and infrastructure development. Yes. Of course.
But after some years you will have an enormous return on investment.
>> JUDITH HELLERSTEIN: Thank you so much. Do we have another online question yet?
Okay. So I'll have another question. This is for Nancy. And the question is how can Pacific island nations develop resilient and inclusive data governance frameworks that not only look towards building trust within the government and the data. But also uphold data sovereignty and support and sustainable development.
>> NANCY KANASA: Thank you, Judith. In the Pacific, I speak for Pacific because Papua New Guinea is in Pacific. We have a lot of our context is quite different. I mean every country is different.
And we, the data governance initiative is very new for us. And I think we have to look at our context and issues that are currently within our country. And not for law. Just like Luca said just copy or cut and paste from a developed country and put it in because it would not work for us.
And that was some of the work we were doing. And we've came up with a policy and lot we worked with in regard to why did you put data governance and data protection and not data protection and data governance?
So looking back at that we have use cases with other government departments. And we've realised that data protection is not going solve our problem. Our problem is governance. Governance in all the government departments. So I think that also goes with other Pacific islands. We have to have data governance framework within.
And after that we could have protection, data protection to come in place. Because in PNG, when you talk about data protection in Papua New Guinea, sorry, they think it is to do with the infrastructure. So they put more effort in the infrastructure and not the governance framework. And this is one of the issues that we faced in my country and the Pacific.
Thank you.
>> JUDITH HELLERSTEIN: Thank you so much. Do we have a question online? Yes, could you go to the mic?...
Thank you so much. And introduce yourself too.
>> Thank you to the panelist. My game is Guy Berger. Working with the G20 on data governance in the public sector. Two questions quickly.
For Luca, question of procurement of systems in the public service. As we know AI agents are going to be using incredible volumes of data. In their autonomous and hard to trace ways. And they will also likely feed data back to the vendor.
So the question is, as this technology becomes integrated in the public service, does it make a mockery of effective data governance possibility?
My second question goes to Chelsea. Data protection like said is especially important. Think we've seen in the US with centralisation and abuse of data and the DOGE. But I want to ask you about the other side of data governance. Because while upholding data security and data protection, there is also governance that promotes data sharing inside the public's service. And open data for the outside, which of course can help with accountability, local AI development, et cetera.
Shouldn't one give equal attention to that side of data governance, not only to the data protection side?
Thank you.
>> LUCA BELLI: Yeah. Yes. I think in your question there was already a sort of answer. I would hint to. Which is the reason why I'm really keen on stressing that adopting data protection law is essential. But far from being sufficient to being sure that these values and obligations and rights are de facto, correspond to reality of how data are processed. Right?
And I think you raise a very good point, which is the fact that pretty much everyone in the world out of China and Russia depends on a cloud infrastructure that is provided by three corporations, AWS, Microsoft azure and Google cloud. And the Chinese have their own and they are exporting it globally as well. And Russia depends on China. So we're not really sovereign in this.
But here is the point. If you spend a lot of time crafting the best possible data protection law and also lavish efforts into defining a very good institutional framework that can work well. But at the end of the day, the way in which data is processed is defined by the architectures of a specific service. And the way in which data is Hoovered is defined by a few very dominant players. It is really useless.
Let me give you a very concrete example that I have been providing for the past 10 years I think. And very few countries except India have understood this. In most of the global south people do not have access for meaningful connectivity. They are connected to Meta family of apps. Social media. Without entering into what this means for competition and democracy. Let's focus on the data.
This means that most people in the globally south. In Brazil, 78% of population does not have connectivity, very good report by last year. These people are connected to social media of one enterprise. So they are giving, even if you have the best possible law, then the way in which their data are Hoovered and processed is not defined by the law. It is defined by the very same corporation.
And let me give you an explicit example about in and why there is difference between Brazil and India, for instance.
In 2021, right in the middle of the pandemic, Meta announced that all data, meta data of WhatsApp would be merged at the time Meta does not exist yet. But with Facebook.
And in the middle of pandemic, social distancing in the global south, WhatsApp was the only way to communicate. If I had to book a covid test. My market only accepted through WhatsApp. There was a business network. It was simply not possible for the global south to have meaningful choice that was given in Europe. Do you want to accept these terms or refuse them.
So pretty much everyone in the global south accepted between January and May 2021 that all their data are Hoovered by WhatsApp. And then transferred to Facebook and now Meta. Same thing with Meta AI. It has been automatically downloaded in all smart phones of everyone in the global ‑‑ in the world. So what does it mean that we are now ‑‑ everyone now is contributing data and trading for for 3 Meta AI and probably as we had reports 2015, the people in several global south countries, including Brazil thought that WhatsApp, that Facebook was the internet. I would bet in six months, maybe even a year, if we do same kind of survey people would think Meta AI is AI. Because they understand very well. You relate technology not only by the law but also by the code. By architecture.
And they are doing it very well. And that is what I think most countries in the world, except maybe China and India have not understood yet. Brazil is doing lot of effort to try to design its own solution. But huge problem is that, well, usually government start to work well after 2 years, 3 1/2. And then they have six months to work and then elections. So it is very difficult to have sustainable change in these conditions.
>> JUDITH HELLERSTEIN: Thank you so much. Chelsea?
>> CHELSEA HORNE: Yes. Thank you for the question. I think it is a very important question. Just to remind everyone. It is more or less that we need to have data protection, data governance frameworks that are securing information, but also isn't is there something to be said about having more open frameworks too.
Certainly but more data doesn't necessarily mean better results. I can see many compels cases especially when it comes to health and research that having access to more data and more information can create quicker and more innovative solutions. That's a very compelling reason. And we also see that ‑‑ we hear that quite often from the platforms that. The reason they need so much data about us is because they can offer us better services. They can offer more personalized recommendations. There are different stakes involved with when the government has information and they are sharing information, especially between different departments and how it is collected versus how the private sector has it.
So those are little bit apples and oranges to comparison.
But to think about ‑‑ there's many use cases. I'm trying to imagine is something like facial recognition 23. We have biologic information about a missing child's face, we could very likely find them within minutes. And that is a wonderful ‑‑ I mean ‑‑ I'm promising lot of things from technology. But we see that also even in fiction shows. Where they are trying to imagine these things, where the data allows for very positive use cases.
My personal take on it is I think that's wonderful. I think we see more harms though. And I have more concerns about the way those protections are being guaranteed and offered to us. So it is a bit of push and pull. But we do need ‑‑ like I think without having protection, having open shared data is a concern and a worry to have. But so there needs to be some sort of framework that's protecting that. That's protecting citizens. So it's a balancing act. But I would say I'm... it is easier to say open. And it is harder to put in the frameworks. I think that is why there is such emphasis on data protection.
I would even say in your remarks Nancy, mentioned about data governance, prioritising that over data protection. But in good data governance framework, where you are outline hearing, implicitly data protection is a part of that. So not necessarily like the primary driving force. But it is already being built in there from what you described. So it is definitely a component.
>> JUDITH HELLERSTEIN: Thank you so much.
Do we have other questions from the audience?
Okay. Well think about some questions and then we'll get back to you.
I was going to ask Chelsea, or Luca, whichever you think. What are the practical low cost options for public sector to take that they can improve data quality?
And also, try how are we going to break down some data silos. As you all know in each department, many of the public sectors are silo‑based. And they don't ‑‑ and they don't want to step inside other peoples or departments toes and or do other things. But often times the goal is how are we going to help the citizens. We want the citizens to be able to do one‑stop shopping and not have to hear the same refrain from many other places. That, oh, I wish that I only had to fill out the form once. Instead of 5,000 times.
But how do we do that and share data between agencies when most of the countries don't have any data‑sharing laws?
Whoever wants to go first.
>> LUCA BELLI: That is a one billion dollar question. So if one had a very good answer, I think the problem would already be solved.
I think that my first suggestion coming back to my previous comments would be to not to copy and paste what has been done in Estonia or Norway because it will likely not work in Ecuador or Zimbabwe. Because you have to think about local realities, first.
And then ‑‑ and that is why I think it is very interesting to study what emerging, developing economies do. Not because I think that they are better or worse than others. But because they know very the limits of the policies in their countries. So the fact that if you have ‑‑ and I can witness this firsthand.
In Brazil, data protection law was introduced in 2018. And it simply means that before that, pretty much no one. There was no specialists of data protection.
So how can you think that the law, by magic, would regulate the sector, the economy T society, the democracy even? Right? Because the digital, data intensive technologies are nowadays essential for the democratic process. So if you do not have, if you do not embed data protection in that, meaning being a very transparent in which kind of purposes, for which kind of purposes you use the data and which kind of consequences that might have. That has enormous consequence not only society and economy but also democracy.
Now the fact that you bet on alternative strategies, regulatory strategies to tackle this, I might be more successful. And again you have to leverage what you know to do well. And that is the Indian case of the DPI. They have a very large population of highly‑skilled information engineers and information data scientists that they have leveraged to do DPIs, to do software. So directly translate normative comment into architecture.
That is what China has done. They are industrial powerhouse and they lavished billions literally to use the technology they want to have. And results after 20 years, they are not dependant on any other country. And even if you sanction them, that actually is productive for them. Because they coordinate internal market to be, to outcompete you.
So that is the kind of thinking I think global south countries should have. Of course this does not happen overnight. And actually last year we did a study on data protection, data security and open data in public sector in Brazil. Altogether with the UN (?). And we mapped the regulation that already exists in Brazil.
And then we wanted to go further. So we did ‑‑ it was the moment everyone was speaking about GPTs. So we did a chat bot that could help local municipalities or public servants to draft their own policies. But then we ended up realising what everyone ends up realising when you can want to do something that is related to AI. That the code is something that doesn't cost too much to do. But having it running on something costs you a lot. So if you do not have computing infrastructure that is cheap and available and you all depend from the same enterprises, then you end up losing what we call digital sovereignty.
So being able to understand the technology, develop it and regulate it.
>> JUDITH HELLERSTEIN: Thank you so much, Luca.
Chelsea do you have any comments?
>> CHELSEA HORNE: Shoe. So I believe your first was what are some low‑cost ways? Comparatively low cost would be to go back to the question of "who is managing what data and how?" To create a structured framework within the government or whatever department or agency would be responsible for the data.
So thinking about just a structured format. And to formalize that in a standardized way. Similarly, thinking about how you can, whoever is in charge of that can standards the ways they are understanding data. So a word like a term "location." It can mean many things.
Thinking about a general location, a specific location. Down to a house. Large. Where are we at?
So standardizing what you mean by what data is being collected is a very simple way of starting to think about who and what data. And lit improve the data quality.
Along similar line, thinking about investing, again, comparatively low cost. In training and workshops across whoever will be managing the types of data. There is a certain organisations. Like the ITU has a online course on data governance. And so other organisations do too. And having that type of standardized training and workshops across whoever will be managing and however that structure response is a relatively low‑cost way of approaching these issues.
>> JUDITH HELLERSTEIN: Thank you so much.
I think the question is also, from what I understand, especially in lot of global, but global south countries and developing countries. It is silos but it is also the culture. Many countries or citizens are loathe to change processes or government agencies. They don't want to change the process because why? Its been working for us for a long time. And you can't get as many of these work done without that.
So you could have the best systems and you could have the best policies and data governance and data... but if it is not implemented by the different agencies, how are we going to go forward? And how do we go about changing the culture? Of the society, to get to that change that we needed?
Maybe I'll ask Nancy first. And then...
>> NANCY KANASA: Okay. Firstly, I would say that that question kind of really goes well with what is happening in my country with the government. So we, people are feeling not content with the changes coming in in regards to sharing their personal data or government departments opening up to another government department to have interoperability with systems.
So they feel that what has been working for them is not going to work if something new is added on. So they use a lot of excuses. Like, for example department of health would say, oh, my act or the way we're mandated under our act does not allow us to share data. But then the very same data is also required by the Department of Education.
And so the changes are not really accepted with each government department because they probably fear the technological change. And I think we need more with the public in regard to educating public for the data. And input of data. And coming from the government, we're doing that. And we also face challenges in financial side. And also challenges in educating our citizens.
Because this is some of the new approaches that we're taking. So yeah that is from my end.
Thank you.
>> JUDITH HELLERSTEIN: Thank you so much. We have like 2 minutes left for our panel. But I just want to get, and maybe Luca might have since he's worked with a lot of developing countries. Might have some idea on how to get around this cultural change, which seems to be a big problem in lot of small countries.
>> LUCA BELLI: I think it is more than a cultural change, which is very difficult to trigger. There is a reason why people all use social media or several apps that are very common. Is that they are cheap and easy.
So the way I think that the successful ingredients to trigger this cultural change, if you want, is to make this cheap and easy. And that is the reason why if you analyse the implementation of data protection law is maybe not as effective as we would like. Because it is perceived as extremely difficult. Even Byzantine to implement, to understand. And not cheap but costly, you have to hire a specialist that will do it for you.
Now there are already solutions that are even in open source. The IT who has been working for years on the gulf stack, which is a certain set of building blocks for digital public infrastructure. There are a lot of examples that can already be adopted.
So yeah, I think that if you want to translate to policy into actions and cultural change, you need investments. And you need training. And so I think that if you use already what we have for training, maybe you will not need so much in terms of investment.
But you need a little bit for both if you want to trigger change.
>> JUDITH HELLERSTEIN: Thanks so much. We, I'm just going turn to the panel for any closing thoughts in the last 45 seconds that we have. Inform Luca, do you have any closing thoughts?
Chelsea, any closing thoughts for you?
Nancy?
Okay. Otherwise I wanted to thank the panel so much for the topics and discussions here. We could talk a long time about this because, you know he mentioned the gov stack and the ITU. And yes it may be open source but then you need to be implementing them with engineers and other things. Which other countries don't have. So it is a like a cash cow. So we could be talk for a long time about this. But I want to thank you everyone for coming and staying to the end. And thanks so much for being our panelists.
I hope you enjoyed it.
